| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2.
|
| A vulnerability classified as critical was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This vulnerability affects unknown code of the component Application Protocol Data Unit. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263890 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
| FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password. |
| VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF) |
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
| Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. |
| Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
| Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2. |
| Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
| Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
|
| Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.
|
| Tiki Wiki CMS – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer. |
| Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2.
|
| Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
|
| Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
