FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.

Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.

A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload. The attack can be i…

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within …