Unknown · CVSS Not scored
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
Published Sep 26, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
Published Sep 25, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
Published Sep 26, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
Published Sep 26, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
Published Sep 25, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.1
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
Published Sep 25, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
Published Sep 19, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.
Published Sep 18, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
Published Sep 27, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
Published Sep 27, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
Published Sep 27, 2023 · Updated Jul 9, 2026
High · CVSS 8.8
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
Published Sep 28, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
Published Sep 27, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
Published Sep 27, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.1
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
Published Sep 28, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.1
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
Published Sep 28, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
Published Sep 27, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
Published Sep 12, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.
Published Sep 5, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
Published Sep 15, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
Published Sep 15, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
Published Sep 15, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
Published Sep 15, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
Published Sep 15, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.
Published Sep 19, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
Published Sep 19, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
Published Sep 19, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
Published Sep 19, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.
Published Sep 12, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Published Sep 18, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Published Sep 18, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Published Sep 18, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Published Sep 18, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Published Sep 18, 2023 · Updated Jul 9, 2026
Medium · CVSS 6.5
An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Published Sep 18, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
Published Sep 18, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
Published Sep 20, 2023 · Updated Jul 9, 2026
High · CVSS 8.8
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
Published Sep 20, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
Published Sep 20, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
Published Sep 7, 2023 · Updated Jul 9, 2026
Critical · CVSS 9.8
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
Published Sep 5, 2023 · Updated Jul 9, 2026
Unknown · CVSS Not scored
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.
Published Sep 1, 2023 · Updated Jul 9, 2026
High · CVSS 8.8
An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.
Published Sep 18, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.4
A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.
Published Sep 23, 2024 · Updated Jul 5, 2026
High · CVSS 7.8
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Published Sep 2, 2023 · Updated Jun 23, 2026
Medium · CVSS 4.8
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
Published Sep 2, 2023 · Updated Jun 23, 2026
High · CVSS 7.8
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Published Sep 2, 2023 · Updated Jun 23, 2026
High · CVSS 7.3
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
Published Sep 4, 2023 · Updated Jun 23, 2026
Medium · CVSS 4.8
**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains
that target AArch64 allows an attacker to exploit an existing buffer
overflow in dynamically-sized local variables in your application
without this being detected. This stack-protector failure only applies
to C99-style dynamically-sized local variables or those created using
alloca(). The stack-protector operates as intended for statically-sized
local variables.
The default behavior when the stack-protector
detects an overflow is to terminate your application, resulting in
controlled loss of availability. An attacker who can exploit a buffer
overflow without triggering the stack-protector might be able to change
program flow control to cause an uncontrolled loss of availability or to
go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.
Published Sep 13, 2023 · Updated Jun 23, 2026
Medium · CVSS 5.5
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
Published Sep 14, 2023 · Updated Jun 23, 2026