MyTube has Mass Assignment via Settings Management

franklioxygen MyTube

MyTube Allows Unauthorized Database Export by Guest Users

franklioxygen MyTube

Dioxus Components has JavaScript injection via user-supplied IDs

DioxusLabs components

Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API

saleor saleor saleor saleor +1个

XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages

xwiki xwiki-platform xwiki xwiki-platform +1个

Typemill has Reflected XSS via login error view template

typemill typemill

Arbitrary Host File Overwrite via Symlink in Firecracker Jailer

AWS Firecracker

All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion

plugins360 All-in-One Video Gallery

SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API

SmarterTools SmarterMail

BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting

BloofoxCMS BloofoxCMS

MyBB Delete Account Plugin 1.4 - Cross-Site Scripting

vintagedaddyo MyBB Delete Account Plugin

PhreeBooks 5.2.3 - Remote Code Execution

Phreesoft PhreeBooks

LiteSpeed Web Server Enterprise 5.4.11 - Command Injection

LiteSpeed Technologies Inc LiteSpeed Web Server Enterprise

YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

Mfscripts YetiShare File Hosting Script

Epson USB Display 1.6.0.0 Unquoted Service Path Vulnerability

Epson America, Inc. Epson USB Display

PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting

PEEL eCommerce PEEL Shopping

PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path

PDF Complete, Inc. PDFCOMPLETE Corporate Edition

Nsauditor 3.2.2.0 - 'Event Description' Denial of Service

Nsauditor Nsauditor

Managed Switch Port Mapping Tool 2.85.2 - Denial of Service

Northwest Performance Software, Inc. Managed Switch Port Mapping Tool

AgataSoft PingMaster Pro 2.1 - Denial of Service

Agatasoft AgataSoft PingMaster Pro