Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9.

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0.

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.

Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, ...

Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through 2.21.3...

A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2....

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitr...

A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attack...

A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to a...

In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefo...

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.

Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.

Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow a...

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/nav/delete.

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/nav/update.