Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.

P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.

Edimax EW-7438RPn suffers from a cross site request forgery vulnerability.

Complaint Management System version 4.2 suffers from a cross site request forgery vulnerability.

Maian Support Helpdesk version 4.3 suffers from a cross site request forgery vulnerability.

Apache OFBiz version 17.12.03 suffers from a cross site request forgery vulnerability.

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.

Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities.

This Metasploit module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint() function does not effectively check the validity of the tagPOPUPMENU objects it processes before passing them on to MNGetpItemFromIndex(), where the NULL pointer dereference will occur. This module has been tested against Windows 7 x86 SP0 and SP1. Offsets within the solution may need to be adjusted to work with other versions of Windows, such as Windows Server 2008.

PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.

Proof of concept exploit for a Microsoft VSCode python extension code execution vulnerability.

Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.846 suffers from a reflective cross site scripting vulnerability.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a persistent cross site scripting vulnerability.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a cross site request forgery vulnerability.

Django version 3.0 suffers from a cross site request forgery token bypass vulnerability.

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

User Management System version 2.0 suffers from a persistent cross site scripting vulnerability.

Complaint Management System version 4.2 suffers from a persistent cross site scripting vulnerability.

jQuery versions prior to 3.5 suffer from an html() cross site scripting vulnerability.

Open-AudIT version 3.3.0 suffers from a cross site scripting vulnerability.

Geeklog version 2.2.1 suffers from a cross site scripting vulnerability.

POS PHP version 17.5 suffers from a persistent cross site scripting vulnerability.