TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-sub...

Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queri...

daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability ...

A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based ...

YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add

There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php.

BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).

BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.

Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary...

In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.

A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service...

Windows Event Tracing Remote Code Execution Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Dynamics GP Remote Code Execution Vulnerability

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Microsoft Dynamics GP Elevation Of Privilege Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability