Search Vulnerabilities

mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API

FreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML Sanitization

FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1

Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix

ChurchCRM: Stored XSS in UserEditor.php via Login Name Field

ChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment Field

zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

Stirling-PDF: Reflected XSS through crafted filename in file upload functionality

ApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST...

EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field

Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters

Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters

Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Tomcat: Incomplete escaping of JSON access logs

ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection