HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3...

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user...

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the includ...

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component.

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.

An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.

SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate.

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code.

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export.

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List.

Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated att...

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands v...

Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through 4.3.0.

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a through 2.2.4.

Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.This issue affects Prevent Landscape Rotation: from n/a through 2.0.