Generator Security Vulnerabilities
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...
6.2CVSS
5.5AI Score
0.001EPSS
Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...
9.3CVSS
6.8AI Score
0.0005EPSS
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...
4CVSS
3.9AI Score
0.0004EPSS
ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library...
7.5CVSS
7.7AI Score
0.003EPSS
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the...
6.1CVSS
5.7AI Score
0.007EPSS
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF...
8.2CVSS
8.1AI Score
0.001EPSS
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem.....
5.3CVSS
5.2AI Score
0.002EPSS
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX...
8.8CVSS
8.7AI Score
0.001EPSS
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored...
8.8CVSS
8.7AI Score
0.001EPSS
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and.....
7CVSS
6.6AI Score
0.0004EPSS
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API...
7.5CVSS
7.4AI Score
0.001EPSS
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory...
9.8CVSS
9.4AI Score
0.003EPSS
8.8CVSS
8.7AI Score
0.001EPSS
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved...
8.1CVSS
7.4AI Score
0.003EPSS
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the...
7.8CVSS
7.6AI Score
0.001EPSS
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory...
6.1CVSS
5.9AI Score
0.005EPSS
Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to...
9.8CVSS
9.7AI Score
0.003EPSS
The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any...
7.5CVSS
8.8AI Score
0.002EPSS
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP....
9.8CVSS
9.5AI Score
0.003EPSS
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which...
6.1CVSS
6.6AI Score
0.001EPSS
The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and...
9.8CVSS
8.1AI Score
0.002EPSS
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...
4.8CVSS
5.3AI Score
0.001EPSS
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to...
9.8CVSS
9.2AI Score
0.002EPSS
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the...
7.5CVSS
7.4AI Score
0.001EPSS
kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified...
7.8AI Score
0.008EPSS
The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown...
6.8AI Score
0.003EPSS
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2...
8.7AI Score
0.001EPSS
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably...
8.7AI Score
0.001EPSS
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid...
8.7AI Score
0.001EPSS
admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified...
6.5AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid...
5.9AI Score
0.002EPSS
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change...
7AI Score
0.002EPSS
core/admin/delete.php in Podcast Generator 1.1 and earlier does not properly restrict access to administrative functions, which allows remote attackers to delete arbitrary files via the file...
7AI Score
0.005EPSS
PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path...
7.8AI Score
0.253EPSS
Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to...
8.8AI Score
0.004EPSS
Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3)...
6.9AI Score
0.023EPSS
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified...
6.5AI Score
0.002EPSS
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified...
6.1AI Score
0.001EPSS
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test...
6.5AI Score
0.003EPSS
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log...
7.2AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in set_permissions.php in Podcast Generator 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the scriptlang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
5.6AI Score
0.001EPSS
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party...
7.7AI Score
0.446EPSS
Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is...
5.3AI Score
0.003EPSS
Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5)...
7.6AI Score
0.004EPSS
Multiple directory traversal vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) theme_path parameter to core/themes.php and the (2) filename parameter to...
6.9AI Score
0.004EPSS
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad...
7.5AI Score
0.153EPSS
PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley...
7.9AI Score
0.046EPSS
SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order...
8.8AI Score
0.006EPSS
Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in...
7.5AI Score
0.005EPSS
Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view...
5.7AI Score
0.009EPSS