SourceCodester Microfinance Management System 跨站脚本漏洞

SourceCodester Microfinance Management System is an application of SourceCodester, Inc. A cross-site scripting vulnerability exists in SourceCodester Microfinance Management System version 1.0, which stems from The program lacks data validation filters for user-supplied data and output, which can...

WordPress Simple Ajax Chat plugin跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Ajax Chat plugin version 20220115 and earlier versions have a cross-site scripting vulnerability that stem...

Maccms Cross-Site Scripting Vulnerability (CNVD-2022-30794)

Maccms is a PHP-based film and television content management system CMS. v10 version of Maccms contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in the select and input parameters in...

Design/Logic Flaw

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...

CVE-2021-44462

CVE-2021-44462 affects Horner Automation Cscape EnvisionRV (v4.50.3.1 and prior). The vulnerability stems from improper input validation (CWE-20), allowing reads/writes past the end of allocated data structures when parsing maliciously crafted project files. Exploitation requires user interaction...

WordPress plugin Simple Ajax Chat 跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Simple Ajax Chat plugin version 20220115 and earlier versions have a cross-site scripting vulnerability that stem...

Tenda AC10-1200 Buffer Overflow Vulnerability

Tenda AC10-1200 is a wireless router from Tenda, China. tenda AC10-1200 suffers from a buffer error vulnerability that stems from the list parameter in the fromSetIpMacBind function that does not properly validate data boundaries when performing operations on memory. An attacker could exploit thi...

Linux Kernel Buffer Overflow Vulnerability (CNVD-2022-79427)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer overflow vulnerability that originates from not properly validating data boundaries when net/ipv4/esp4.c and net/ipv6/esp6.c perform...

ASUS AC68U Buffer Overflow Vulnerability

The ASUS AC68U is a router from the Chinese company ASUS. A buffer overflow vulnerability exists in ASUS AC68U 3.0.0.4.385.20852 and prior versions, which stems from a failure to properly validate data boundaries when performing an operation in memory in blocking.cgi, which can be exploited by an...

Money Transfer Management System Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Money Transfer Management System version 1.0, a money transfer management system. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27434)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27437)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A SQL injection...

Siemens syngo fastView BMP File Parsing Write-what-where Condition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens syngo fastView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

The vulnerability of the software platform for developing and managing online stores Magento Commerce arises from insufficient validation of input data. This allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

MISP Cross-Site Scripting Vulnerability (CNVD-2022-83622)

MISP is a software solution. The product is used to collect, store, distribute, and share network security metrics, and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerabilities exist in versions of MISP prior to 2.4.156, which stem fro...

CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

Naver Whale Browser Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in versions prior to 3.12.129.18 of Naver Whale Browser, a web browser from Naver Korea that supports user-defined interfaces, due to a lack of data validation filtering of user-supplied and output data. An attacker could exploit this to allow extension...

Online Project Time Management System Cross-Site Scripting Vulnerability

Online Project Time Management System is a web-based online project time management system that provides an online platform for a company's employees to report/record their assigned time or the time each project is resubmitted. online project time management system A cross-site scripting...

Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Braintree sanitize-url cross-site scripting vulnerability

Braintree sanitize-url is an open source URL cleanup from Braintree, Inc. A cross-site scripting vulnerability exists in versions prior to Braintree sanitize-url 6.0.0, which stems from a lack of user-supplied data and output data validation filtering in the sanitizeUrl function. An attacker coul...