A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Authentication decisions may be made via PHP loose-equality comparisons if a specific MD5 value is present in the credential store. NOTE: this is disputed by the Supplier beca…

The ns_backup extension through 13.0.0 for TYPO3 allows command injection.

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.

The cs_seo extension through 9.2.0 for TYPO3 allows XSS.

Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.

The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.

The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.

A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name.

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.