| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an already authenticated user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. |
| Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead. |
| An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0. |
| Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38. |
| Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0. |
| : Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0. |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7. |
| SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. |
