In “SuiteCRMâ€� application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id,…

“Shuupâ€� application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injectionâ€� vulnerability. A customer can inject payloads in the name input field in…

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution…

In “SuiteCRMâ€� application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injectionâ€� vulnerability (Formula Injection). A low privileged attacker can use accounts…

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate…

Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). Devamını Oku

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access…

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods. Devamını…

Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php. Devamını Oku

Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in attachmentadminindex.php. Devamını Oku