| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List. |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List. |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. |
| In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. |
| In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access. |
| Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. |
| A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. |
| OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. |
| Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server. |
| The Automox Agent before 40 on Windows incorrectly sets permissions on key files. |
| VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. |
| Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect allows Cross Site Request Forgery. This issue affects EasyMe Connect: from n/a through 3.0.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Chris Clark LessButtons Social Sharing and Statistics allows Cross Site Request Forgery. This issue affects LessButtons Social Sharing and Statistics: from n/a through 1.6.1. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider allows Code Injection. This issue affects GS Testimonial Slider: from n/a through 3.2.9. |
| Server-Side Request Forgery (SSRF) vulnerability in Iulia Cazan Easy Replace Image allows Server Side Request Forgery. This issue affects Easy Replace Image: from n/a through 3.5.0. |
| libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Mollie Forms allows Stored XSS. This issue affects Mollie Forms: from n/a through 2.7.12. |
| libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. |
