Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak...

Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak...

Design/Logic Flaw

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0...

Type confusion

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service...

Cross site scripting

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input " leads to cross site scripting. It is possible to initiate the...

Out-of-bounds

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. T...

Design/Logic Flaw

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak...

Type confusion

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak...

Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

Type confusion

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak...

Input validation

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows attackers to obtain sensitive information via the User Name field...

Type confusion

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak...

Type confusion

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak...

Code injection

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution...

Information disclosure

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak...

Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

Input validation

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the Delivery Name field...

Information disclosure

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak...

Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

Information disclosure

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak...

Improper access control

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option...

Code injection

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 i...

Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

Information disclosure

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure...

Privilege escalation

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

Cross site scripting

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

Code injection

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file...

Code injection

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file...

Information disclosure

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak...

Code injection

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file...

Code injection

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file...

Authentication flaw

An issue was discovered in Sesami Cash Point & Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack...

Cross site scripting

Stored Cross Site Scripting XSS Vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log...

Sql injection

A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been...

Sql injection

A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection...

Code injection

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file...

Sql injection

A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been...

Cross site scripting

A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be...

Sql injection

A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be...

Sql injection

A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to th...

Use after free

Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local...

Privilege escalation

ZZCMS 2023 has a file upload vulnerability in 3/Ebak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code...

Design/Logic Flaw

Winter is a free, open-source content management system. Prior to 1.2.4, users with the media.managemedia permission can upload files to the Media Manager and rename them after uploading. Previously, media manager files were only sanitized on upload, not on renaming, which could have allowed a...

Design/Logic Flaw

Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unescaped in the backend form, potentially allowing for a stored XSS attack. This issue has been patche...

Out-of-bounds

mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation...

Sql injection

A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP POST Request Handler. The manipulation of the argument fname/lname/email/contact leads to sql...

Sql injection

A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be...

Code injection

In ActiveAdmin aka Active Admin before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data that belongs to another user by making CSV export requests at certain specific times...