There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. Date published : 2022-04-25 https://github.com/verf1sh/Poc/blob/master/asan_report_giflib.png https://github.com/verf1sh/Poc/blob/master/giflib_poc
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the...
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. Date published : 2022-04-25 http://scbs.com https://github.com/wkeyi0x1/vul-report/blob/main/SCBS%20online%20sports%20venue%20reservation%20system/SCBS%20online%20sports%20venue%20reservation%20system%20v1.0%20-%20Self-XSS.md
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. Date published : 2022-04-25 http://scbs.com https://github.com/wkeyi0x1/vul-report/blob/main/SCBS%20online%20sports%20venue%20reservation%20system/SCBS%20online%20sports%20venue%20reservation%20system%20v1.0%20-%20File%20Inclusion.md
Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Date published : 2022-04-25 https://github.com/typemill/typemill/issues/325
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html. Date published : 2022-04-25 https://github.com/Cherry-toto/jizhicms/issues/67
A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. Date published : 2022-04-25 https://github.com/bensonarts/GalleryCMS/issues/20
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. Date published : 2022-04-25 https://github.com/tianhui999/myCVE/blob/main/AX12/AX12-2.md
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. Date published : 2022-04-25 https://github.com/tianhui999/myCVE/blob/main/AX12/AX12.md
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. Date published : 2022-04-25 https://github.com/amro/gibbon/pull/321
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a...
element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. Date published : 2022-04-25 https://github.com/asjdf/element-table-xss-test/ https://github.com/asjdf/element-table-xss-test/issues/1
Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or...
Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before...