Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page.

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.

A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.

Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.

Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.

Lexmark products through 2022-02-10 have Incorrect Access Control.

novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible

In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible

In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed

In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible

In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient