CVE-2020-8892

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests...

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...

CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation JMX RMI service enabled allowing unauthorized code execution to local users...

CVE-2020-35175

Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API...

CVE-2020-15568

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...

CVE-2020-35239

A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, t...

CVE-2020-21653

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sj method...

CVE-2020-35888

An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::newfromtemplate...

CVE-2020-27379

Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...

CVE-2020-21652

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the addqq method...

CVE-2020-21651

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\point.php, which can be exploited via the add method...

CVE-2020-21649

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sql method...

CVE-2014-9022

The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form...

CVE-2025-3943 Use of GET Request Method With sensitive Query Strings

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11;...

CVE-2025-3943 Use of GET Request Method With sensitive Query Strings

Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11;...

CVE-2025-3943

CVE-2025-3943 affects Tridium Niagara Framework and Tridium Niagara Enterprise Security. The issue is use of GET with sensitive query strings allowing parameter injection, with affected versions before 4.14.2, before 4.15.1, and before 4.10.11 (Framework) and before 4.14.2, before 4.15.1, and bef...

CVE-2010-2217

Adobe Flash Media Server FMS before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability."...

CVE-2013-5578

Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument...

CVE-2019-16751

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

CVE-2019-1303

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...