| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused |
| BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary directories. This affects apps/readfile/main.c and ports/posix/bacfile-posix.c. This vulnerability is fixed in 1.5.0.rc3. |
| A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. |
| A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.
This issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionĀ 1.12.0.
Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue. |
| A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. |
| aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php. |
| SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field. |
| OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10. |
