CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the...

CVE-2024-8622

The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amchartsjavascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This mak...

Carriage Return Line Feed(CRLF) Injection

Refit is vulnerable to Carriage Return Line FeedCRLF Injection. The vulnerability is due to lack of validation for CRLF characters in HTTP header values in the Refit library. Specifically, the HttpHeaders.TryAddWithoutValidation method used by Refit does not sanitize or check for CRLF sequences,...

File Deletion

@saltcorn/server is vulnerable to a file deletion vulnerability. The vulnerability is due to the lack of validation and sanitization of the dirname POST parameter, which allows a logged-in user to construct requests that delete arbitrary files on the filesystem through the sync/cleansyncdir...

HTML Injection - real Aptabase emails

Description Due to lack of validation Name field during registration, bad actor can send emails with HTML injected code to the victims. Proof of Concept Payload example: Jameees Repro steps: Go to https://eu.aptabase.com/auth/register and for field 'Name' use payload with HTML. Open email from...

Buffer overflow

Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile...

CSCMS Music Portal System SQL Injection Vulnerability (CNVD-2022-45401)

CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter in /admin.php/singer/admin/singer/hy...

Open Redirection

apostrophe is vulnerable to open redirection. A lack of validation in the URL allows a remote attacker to redirect requests to a malicious site using trailing / appended at the end of the URL...

Directory Traversal

servey is vulnerable to directory traversal. A lack of validation of the URL allows a remote attacker to retrieve system files by using the ../ characters...

Remote Code Execution (RCE)

thinkcmf/thinkcmf is vulnerable to remote code execution. A lack of validation and mishandling of the alias parameter from portal/admincategory/addpost.html allows a remote attacker to execute arbitrary PHP code and OS commands...

Path traversal

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path...

CVE-2018-7933

Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into...