| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. |
| Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp. |
| A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. |
| A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. |
| The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arbitrary content. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details. |
| The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details. |
| pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. |
| QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product. |
| calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. |
| MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid. |
| An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779). |
| An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. |
| An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key. |
| lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. |
| luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. |
| luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. |
| Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists. |
| An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. |
| BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD before firmware v3.9.2 allows authenticated attackers to read SIP account passwords via a crafted GET request. |
