Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File

Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy

Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may…

Stored cross-site scripting vulnerability exists in EC-CUBE Web API Plugin. When there are multiple users using OAuth Management feature and one of them inputs some crafted value on the OAuth Management page, an arbitrary script may be executed on the web browser of the other user who accessed the …

Matrix Tafnit v8 -  CWE-552: Files or Directories Accessible to External Parties

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executab…

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site scrip…

Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects…