CVSS:9.8(Critical)
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a S...
CVSS:9.8(Critical)
Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.
CVSS:9.8(Critical)
Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.
CVSS:9.8(Critical)
Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.
CVSS:9.8(Critical)
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).
CVSS:9.8(Critical)
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setUplinkInfo.
CVSS:9.8(Critical)
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setDiagnoseInfo.
CVSS:9.8(Critical)
Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.
CVSS:9.8(Critical)
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/setSnmpInfo.
CVSS:9.8(Critical)
Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.
CVSS:9.8(Critical)
SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file.
CVSS:9.8(Critical)
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.
CVSS:9.8(Critical)
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.
CVSS:9.8(Critical)
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
CVSS:9.8(Critical)
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVSS:9.8(Critical)
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVSS:9.8(Critical)
AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.
CVSS:9.8(Critical)
In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.
CVSS:9.8(Critical)
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, ...
CVSS:9.8(Critical)
ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).
CVSS:9.8(Critical)
TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.
CVSS:9.8(Critical)
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
CVSS:9.8(Critical)
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
CVSS:9.8(Critical)
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.