Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".

eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder.

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files.

eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file.

SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.

eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files.

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and …

GDidees CMS <= v3.9.1 has a file upload vulnerability.

An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function.