MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into ...

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter.

A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. Th...

An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption.

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/passw...

A vulnerability classified as critical was found in Xiongmai AHB7804R-MH-V2, AHB8004T-GL, AHB8008T-GL, AHB7004T-GS-V3, AHB7004T-MHV2, AHB8032F-LME and XM530_R80X30-PQ_8M. Affected by this vulnerabilit...

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg.

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.

Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6.

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.

Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1.

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active ...

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12...

Microsoft SQL Server Elevation of Privilege Vulnerability

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This m...

Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Paid Memberships Pro: from n/a...

An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38.

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.