| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. |
| The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. |
| An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename. |
| The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff. |
| A Username Enumeration via Error Message issue was discovered in NiceHash Miner before 2.0.3.0 because an "EMAIL DOES NOT EXIST" error message occurs whenever a submitted email address is incorrect, but there is a different error message for invalid credentials with a correct email address. |
| An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information. |
| An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 (Username Enumeration) an adversary can enumerate a large number of valid users' Email addresses. |
| The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function. |
| In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. |
| An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code. |
| Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI. |
| A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). |
| Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. |
| a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. |
| Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader. |
| Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
