An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation.

Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value

In FOXCMS <=1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The url_prefix, domain, and my_website POST parameters are directly concatenated into SQL statements without filtering.

In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.

Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run.

An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.