Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2.

Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.

Cross-Site Scripting in exceljs

Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.

Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.

Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/oramipp_lpr.

In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request.

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by first entering input within the web-based management interface and then persuading a user of the interface to view the crafted input within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.

LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

Stored cross site scripting on saved presets

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17.

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.