A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter when creating a new password in the "My Passwor…

hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.

yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.

A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request.

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter.

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

Wondershare filmora 9.2.11 is affected by Trojan Dll hijacking leading to privilege escalation.

A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.