The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Fax Compose Form component in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Fax Compose Form component in Windows operating systems is related to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Input validation

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon...

ITOP Cross-Site Scripting Vulnerability (CNVD-2022-58397)

ITOP is a platform that provides all the resources needed to optimize iTop. A cross-site scripting vulnerability exists in ITOP version 3.0.1, which stems from a lack of checksum filtering of user-supplied and output data on the /itop/webservices/export-v2.php page. An attacker can exploit this...

Input validation

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability...

LibreNMS Cross-Site Scripting Vulnerability (CNVD-2022-66503)

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS v22.3.0 version contains a cross-site scripting vulnerability that originates from the...

Jfinal CMS Cross-Site Scripting Vulnerability (CNVD-2022-66500)

Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as the web framework, template engine with beetl, database with mysql, and front-end bootstrap framework. cross-site scripting vulnerability exists in Jfinal CMS v5.1.0. The vulnerabili...

OFCMS Cross-Site Scripting Vulnerability

OFCMS is a content management system CMS developed by China Zhongtian Network Technology Company using Java language. v1.1.4 of OFCMS has a cross-site scripting vulnerability, which originates from the component /admin/comn/service/update.json lack of data validation filtering for user-supplied...

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, related to insufficient validation of input data, allows attackers to exploit this to increase their privileges.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to enhance their privileges through a...

LibreNMS 跨站脚本漏洞

LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS v22.3.0 version contains a cross-site scripting vulnerability that originates from the...

DHIS2 SQL Injection Vulnerability

DHIS2 is an information system for data capture, management, validation, analysis, and visualization. DHIS2 is vulnerable to SQL injection, which can be exploited by attackers to read, edit, and delete data in the DHIS2 instance database...

The vulnerability of the DirectShow component in Windows operating systems, related to insufficient input data validation, allows attackers to execute arbitrary code.

The vulnerability of the DirectShow component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2022-24848

DHIS2 SQL Injection (CVE-2022-24848) affects the API endpoint /api/programs/orgUnits?programs= for DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The vulnerability requires the attacker to be logged in as a DHIS2 user and could allow reading, editing, or deleting data in the instance’s database....

WordPress User Meta Manager plugin path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A path traversal vulnerability exists in versions of the WordPress User Meta Manager plugin prior to...

Creativeitem Academy-LMS Cross-Site Scripting Vulnerability

Creativeitem Academy-LMS, an online learning platform from Creativeitem, Inc. A cross-site scripting vulnerability exists in Creativeitem Academy-LMS v4.3, which stems from a lack of data validation filtering of user-supplied data and output in the SEO panel. An attacker could exploit this...

KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Spring Framework. The issue results from the lack of prop...

Covid-19 Travel Pass Management System Cross-Site Scripting Vulnerability

Covid-19 Travel Pass Management System is a Covid-19 travel pass management system. The Covid-19 Travel Pass Management System v1.0 version contains a cross-site scripting vulnerability that originates in /ctpms/classes/Users.php?f=save and lacks data validation filters for user-supplied data and...

Home Clean Services Management System Cross-Site Scripting Vulnerability

Home Clean Services Management System is a home cleaning service system. version 1.0 of Home Clean Services Management System is vulnerable to a cross-site scripting vulnerability that originates in register.php?link=registerand lacks checksum filtering of user-supplied data and a lack of data...

The vulnerability of the Windows Graphics component in Microsoft Windows operating systems arises from insufficient input data validation, allowing attackers to execute arbitrary code.

The vulnerability of the Windows Graphics component in Microsoft Windows systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

The vulnerability of the Microsoft.NET Framework software, related to insufficient validation of input data, allows a perpetrator to cause service failures.

The vulnerability of the Microsoft.NET Framework is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...