16916 matches found
CVE-2024-39284
Uncontrolled search path for some IntelR Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-40173
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords...
CVE-2021-27475
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code...
CVE-2021-33010
An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition...
CVE-2021-31883
A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor options, leading to Denial-of-Service...
CVE-2021-31559
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders...
CVE-2021-22127
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious...
CVE-2021-22640
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks...
CVE-2021-22646
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution...
CVE-2021-22209
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed...
CVE-2025-23786
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DuoGeek Email to Download email-to-download allows Reflected XSS.This issue affects Email to Download: from n/a through = 3.1.0...
CVE-2025-23885
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in anildhiman MJ Contact us mj-contact-us allows Reflected XSS.This issue affects MJ Contact us: from n/a through = 5.2.3...
CVE-2025-23984
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through = 1.0...
CVE-2025-23687
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in simonhunter Woo Store Mode woo-store-mode allows Reflected XSS.This issue affects Woo Store Mode: from n/a through = 1.0.1...
CVE-2025-23690
Cross-Site Request Forgery CSRF vulnerability in ArtkanMedia Book a Place book-a-place allows Stored XSS.This issue affects Book a Place: from n/a through = 0.7.1...
CVE-2025-23498
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ContentLocalized Translation.Pro translation-pro allows Reflected XSS.This issue affects Translation.Pro: from n/a through = 1.0.0...
CVE-2025-23618
Cross-Site Request Forgery CSRF vulnerability in starise Twitter Shortcode twitter-shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through = 0.9...
CVE-2025-23672
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tenteeglobal Instant Appointment instant-appointment allows Reflected XSS.This issue affects Instant Appointment: from n/a through = 1.2...
CVE-2025-23753
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in digireturn DN Sitemap Control dn-sitemap-control allows Reflected XSS.This issue affects DN Sitemap Control: from n/a through = 1.0.6...
CVE-2025-23438
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vincent Mimoun-Prat WP PT-Viewer wp-ptviewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through = 2.0.2...