| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Italtel Embrace 1.6.4. The web server fails to sanitize input data, allowing remote unauthenticated attackers to read arbitrary files on the filesystem. |
| An issue was discovered in Italtel Embrace 1.6.4. The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication. |
| An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System. |
| Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function. |
| Online Leave Management System v1.0 is vulnerable to SQL Injection via /leave_system/classes/Master.php?f=delete_application. |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php. |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/delete_beneficiary.php. |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the cust_id parameter at /net-banking/edit_customer.php. |
| Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) |
| ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices. |
| Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware. |
| tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request. |
| Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . |
| A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. |
| Portainer before 2.20.0 allows redirects when the target is not index.yaml. |
| Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. |
