Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...

CVE-2023-40816

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field...

CVE-2023-40813

OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation...

CVE-2023-40812

CVE-2023-40812 affects OpenCRX 5.2.0 and is caused by insufficient input sanitization in the Accounts Group Name Field , enabling HTML injection . Multiple connected sources corroborate the vulnerability and its impact; exploit details are not provided in the documents. The CVSS v3.1 base score i...

CVE-2023-40816

OpenCRX 5.2.0 is vulnerable to HTML injection via the Activity Milestone Name Field, with reports indicating Cross‑Site Scripting potential (malicious script injection). Root cause: inadequate input sanitization/validation for that field. Exploitation details are not provided in the documents; no...

CVE-2023-40810

OpenCRX is affected by CVE-2023-40810: OpenCRX version 5.2.0 is vulnerable to HTML injection (XSS) via the Product Name field. The vulnerability is described across multiple sources as an HTML injection/XSS flaw in the product name input, which can lead to HTML content being injected into the app...

CVE-2021-43442

A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 Ax46, V5.0.9 build 151106 Ax68, and V5.0.9 build 150615 Ax78 due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PU...

CVE-2020-18327

Cross Site Scripting XSS vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2...

CVE-2021-22888

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...

CVE-2021-22888

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...

Cross site scripting

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...

Cross site scripting

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...

CVE-2021-22889

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...

CVE-2021-22888

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...

Integer overflow

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in Do...

CVE-2021-20203

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in Do...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Enterprise Content Management System Monitor

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM Enterprise Content Management System Monitor. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: A...

CVE-2019-4420

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738...

CVE-2019-4419

CVE-2019-4419 affects IBM Intelligent Operations Center (IOC) versions 5.1.0 through 5.2.0. The vulnerability is an XML External Entity (XXE) injection that can occur while processing XML data, allowing a remote attacker to expose sensitive information or consume memory resources. Mitigation prov...