WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. Devamını Oku

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. Devamını Oku

A SQL injection vulnerability in the 4.edu.phpconnfunction.php component of S-CMS v1.0 allows attackers to access sensitive database information. Devamını Oku

YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_image() function. Devamını Oku

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1…

Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. Devamını Oku

Amazon Kindle e-reader prior to and including version 5.13.4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function CJBig2Image::expand() and results…

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the…

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID:…

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…