Common Vulnerabilities and Exposures

Overview : Multiple issues was discovered in CA Unified Infrastructure Management Affected Product(s) : UIM product versions 9.20 and below

Overview : Multiple SQL injection vulnerabilities in D-Link DSR Routers Affected Product(s) : D-Link DSR-150 (Firmware < v1.08B44) D-Link DSR-150N

Overview : Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code

Overview : A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of

Overview : Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers

Overview : HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities Affected Product(s) : This vulnerability

Overview : A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to

Overview : The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These

Overview : An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE)

Overview : CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1

Overview : D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin

Overview : PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2 has an Arbitrary File Upload Vulnerability Affected Product(s) :

Overview : Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability Affected Product(s) : Prizm Content Connect 5.1 Vulnerability

Overview : An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript

Overview : Multiple security vulnerabilities have been fixed and delivered in IBM products. Affected Product(s) : IBM QRadar SIEM 7.3.0

Overview : Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input

Overview : A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in

Overview : SO Planning is an open source online planning tool completely free, designed to easily plan projects / tasks

Overview : RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious

Summary Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker

Overview : Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote

Overview : D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Affected

Overview : In the 3.1.12 Pro version of the Craft CMS web application, the XSS vulnerability has been discovered in

Overview : In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project