Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in The Wikimedia Foundation Mediawiki – LanguageSelector Extension allows Code Injection.This issue affects Mediawiki – LanguageSelector Extension: from master before...
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter More information : https://github.com/slims/slims9_bulian/issues/299
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE,...
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify)...
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – LastModified Extension allows Stored XSS.This issue affects Mediawiki – LastModified Extension: from master before 1.39....
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – ExternalGuidance allows Stored XSS.This issue affects Mediawiki – ExternalGuidance: from master before 1.39. More information...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki – MultiBoilerplate Extensionmaste: from master before 1.39....
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet,...
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. More information : https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution-47901
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5. More information : https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-sql-command-injection-47902
An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some conditions. This issue affects MongoDB Server...
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through 1.4.1.12. More information : https://search.abb.com/library/Download.aspx?DocumentID=3KXG200000R4801&LanguageCode=en&DocumentPartId=&Action=Launch
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. More information : https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/timeprovider-4100-grandmaster-remote-command-execution