WordPress SVG Icons Plugin Arbitrary File Upload (CVE-2022-0863)

An arbitrary file upload vulnerability exists in WordPress SVG Icons plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

GitLab Community and Enterprise Edition Cross-Site Scripting (CVE-2021-22242)

A stored cross-site scripting vulnerability exists in the Community edition and Enterprise edition of GitLab. The vulnerability is due to improper input validation...

Tenda AC15 Command Injection (CVE-2022-28557)

A command injection vulnerability exists in Tenda AC15. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Ahsay Cloud Backup Solutions Command Injection (CVE-2022-37027)

A command injection vulnerability exists in Ahsay Cloud Backup Solutions. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Tenda AC10 Command Injection (CVE-2022-32054)

A command injection vulnerability exists in Tenda AC10 router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

WSO2 Identity Server Cross Site Scripting (CVE-2018-8716)

A cross-site scripting vulnerability exists in WSO2 Identity Server. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Oracle E-Business Cross-Site Scripting (CVE-2021-2198)

A stored cross-site scripting vulnerability exists in the Knowledge Management component of Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input...

D-Link DIR-818LW Command Injection (CVE-2022-35620)

A command injection vulnerability exists in D-Link DIR-818LW. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Schneider Electric IGSS Buffer Overflow (CVE-2021-22802)

A buffer overflow exists in Schneider Electric IGSS. This vulnerability is due to insufficient input validation...

TOTOLINK X5000R Command Injection (CVE-2022-26213)

A command injection vulnerability exists in TOTOLINK X5000R. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Belkin Wemo UPnP API OS Command Injection (CVE-2019-12780)

A command injection vulnerability exists in Belkin Wemo. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Oracle MySQL Cluster Remote Code Execution (CVE-2022-21490)

A remote code execution vulnerability exists in Oracle MySQL Cluster. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Advantech iView UserServlet SQL Injection (CVE-2021-22658)

A SQL injection vulnerability exists in the Advantech iView. The vulnerability is due to improper validation of user-supplied input when processing the request in UserServlet Java class...

WordPress Booking Calendar Plugin SQL Injection (CVE-2018-20556)

A command execution vulnerability exists in WordPress Plugin Booking Calendar . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Kamailio SIP Server Out of Bounds Read (CVE-2018-14767)

An out-of-bounds read vulnerability exists in Kamailio . Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

Schneider Electric IGSS Arbitrary File Deletion (CVE-2021-22823)

An arbitrary file deletion vulnerability exists in Schneider Electric IGSS. This vulnerability is due to insufficient input validation...

Super Flexible Software Syncovery Cross-site Scripting (CVE-2022-36533)

A cross-site scripting vulnerability exists in Super Flexible Software Syncovery. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

D-Link GO-RT-AC750 Command Injection (CVE-2022-37057)

A command injection vulnerability exists in D-Link GO-RT-AC750. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Packagist Microweber Arbitrary File Upload (CVE-2022-0557)

An arbitrary file upload vulnerability exists in Packagist Microweber. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Acrontum Filesystem-Template Package Command Injection (CVE-2022-21186)

A command injection vulnerability exists in Acrontum Filesystem-Template package. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Grafana Cross-Site Scripting (CVE-2022-31097)

A cross-site scripting vulnerability exists in Grafana. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

D-Link DIR810LA1 Command Injection (CVE-2022-34974)

A command injection vulnerability exists in D-Link DIR810LA1. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Oracle E-Business Suite Sales Offline Denial of Service (CVE-2021-2190)

A denial of service vulnerability exists in the Sales Offline component of Oracle E-Business Suite. The vulnerability is due to improper handling of requests by the authentication component of Sales Offline...

WaimairenCMS Remote Code Execution (CVE-2022-30450)

A remote code execution vulnerability exists in WaimairenCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Marval MSM Remote Code Execution (CVE-2022-31885)

A remote code execution vulnerability exists in Marval MSM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Open Web Analytics Information Disclosure (CVE-2022-24637)

A command execution vulnerability exists in Open Web Analytics. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

FUDforum Arbitrary File Upload (CVE-2022-30860)

An arbitrary file upload vulnerability exists in FUDforum. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Barangay Management System Arbitrary File Upload (CVE-2022-34120)

An arbitrary file upload vulnerability exists in Barangay Management System. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

PHP Authentication Bypass (CVE-2022-31629)

An authentication bypass vulnerability exists in PHP. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the system...

Jenkins Generic Webhook Trigger Plugin External Entity Injection (CVE-2021-21669)

An XXE vulnerability exists in Jenkins Generic Webhook Trigger Plugin. The vulnerability is due to insufficient validation of input parameters. Successful exploitation could lead to the disclosure of file contents for any file readable by Jenkins...

Jenkins Scriptler Plugin Cross-Site Scripting (CVE-2021-21667)

A stored cross-site scripting vulnerability exists in Jenkins Scriptler Plugin. This vulnerability is due to insufficient escaping of parameter names shown in job configuration forms...

Jenkins Dashboard View Plugin Cross-Site Scripting (CVE-2021-21649)

A stored cross-site scripting vulnerability exists in Jenkins Dashboard View Plugin. This vulnerability is due to insufficient validation of user-controlled information...

Foxit Reader Out-of-Bounds Read (CVE-2018-17686)

An out-of-bounds read vulnerability exists in Foxit Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21616)

A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of input values...

GE MDS PulseNET XML External Entity Expansion (CVE-2018-10613)

An XML external entity expansion vulnerability exists in GE MDS PulseNET. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

Advantech R-SeeNet SQL Injection (CVE-2021-21924)

An SQL injection vulnerability exists in Advantech R-SeeNet. The vulnerability is due to improper input. A successful attack may result in arbitrary SQL command execution against the database on the target server...

Airspan AirSpot 5410 Command Injection (CVE-2022-36267)

A command injection vulnerability exists in Airspan AirSpot 5410. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Pimcore Cross Site Scripting (CVE-2022-0831; CVE-2022-0832)

A cross site scripting vulnerability exists in Pimcore. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary script into the affected system...

SmartRG Routers Command Injection (CVE-2022-37661)

A command injection vulnerability exists in SmartRG routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

F5 Big-IP Cross-Site Request Forgery (CVE-2022-41622)

A cross-site request forgery vulnerability exists in F5 Big-IP. Successful exploitation of this vulnerability could result in code execution on the affected system...

D-Link DIR-816 Command Injection (CVE-2022-37130)

A command injection vulnerability exists in D-Link DIR-816. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

PHP Archive_Tar Directory Traversal (CVE-2020-36193)

A directory traversal vulnerability exists in PHP AchiveTar. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...

Home Owners Collection Management System Arbitrary File Upload (CVE-2022-25094)

An arbitrary file upload vulnerability exists in Home Owners Collection Management System. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

Doufox Arbitrary File Upload (CVE-2022-38621)

An arbitrary file upload vulnerability exists in Doufox. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

Exam Reviewer Management System Arbitrary File Upload (CVE-2022-40878)

An arbitrary file upload vulnerability exists in Exam Reviewer Management System. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

F5 Big-IP Command Injection (CVE-2022-41800)

A command injection vulnerability exists in F5 Big-IP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

GitLab Hardcoded Credentials (CVE-2022-1162)

A hardcoded credentials vulnerability exists in GitLab. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

OpenCart Remote Code Execution (CVE-2022-24108)

A remote code execution vulnerability exists in Skyoftech So Listing Tabs module for OpenCart. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

TP-Link TL-WR840N Command Injection (CVE-2022-25061)

A command injection vulnerability exists in TP-Link TL-WR840N. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Netgear R6200v2 Command Injection (CVE-2022-30079)

A command injection vulnerability exists in Netgear R6200v2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...