| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier |
| OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. |
| Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor <= 1.0.6 versions. |
| Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions. |
| Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions. |
| Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions. |
| Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions. |
| The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6. |
| Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions. |
| Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions. |
| Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions. |
| Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header. This can result in host header injection. This issue has been patched in version 2.2.0. |
| Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. |
| Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions. |
| A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure. |
| Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0. |
