CVE-2021-24641
Summary: The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative...
exploit
CVE-2021-24644
Summary: The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it...
CVE-2017-11509
Summary: An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a...
CVE-2021-26795
Summary: A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to...
CVE-2021-20119
Summary: The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user...
CVE-2021-43339
Summary: In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in...
CVE-2021-24537
Summary: The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened...
CVE-2021-24575
Summary: The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before...
CVE-2021-24791
Summary: The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request...
CVE-2016-3976
Summary: Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via...
CVE-2016-3976
Summary: Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via...
CVE-2021-41212
Summary: TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can...
CVE-2020-28702
Summary: A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. Reference Links(if available):...
CVE-2019-7548
Summary: SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Reference Links(if available): https://github.com/no-security/sqlalchemy_test https://github.com/sqlalchemy/sqlalchemy/issues/4481#issuecomment-461204518 https://lists.debian.org/debian-lts-announce/2019/03/msg00020.html https://access.redhat.com/errata/RHSA-2019:0984...
CVE-2020-18263
Summary: PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This...
CVE-2021-43266
Summary: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via...
CVE-2015-20067
Summary: The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download...
CVE-2018-25019
Summary: The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be...
CVE-2020-18438
Summary: Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php....
CVE-2020-24986
Summary: Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file...
CVE-2019-14493
Summary: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at...
CVE-2021-28021
Summary: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Reference Links(if available):...
CVE-2021-28021
Summary: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Reference Links(if available):...
CVE-2017-2888
Summary: An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file...
