Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag.

Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory...

pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode.

An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.

A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server.

Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.

An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /in...

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete ...

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete info...

Improper Restriction of Excessive Authentication Attempts in GitHub repository usememos/memos prior to 0.9.1.

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the...

The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other products, allows remote attackers to execute arbitrary code via a large UDP packet that causes a buffe...

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit ...

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has bee...

AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary ...

Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote).

Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.