|
541
|
7.5 |
HIGH
Network
|
-
|
-
|
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payl…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47969
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
7.5 |
HIGH
Network
|
-
|
-
|
Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47970
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
7.5 |
HIGH
Network
|
-
|
-
|
My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a pa…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47971
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
7.5 |
HIGH
Network
|
-
|
-
|
Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can p…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47972
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
7.5 |
HIGH
Network
|
-
|
-
|
Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can gener…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2021-47973
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
7.2 |
HIGH
Network
|
-
|
-
|
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the fieldtitle parameter. Attackers can submit PO…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47975
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
6.2 |
MEDIUM
Local
|
-
|
-
|
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send req…
Update
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2021-47978
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but…
New
|
CWE-352
Origin Validation Error
|
CVE-2018-25334
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
549
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit th…
New
|
CWE-89
SQL Injection
|
CVE-2018-25338
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
8.2 |
HIGH
Network
|
-
|
-
|
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the…
New
|
CWE-89
SQL Injection
|
CVE-2018-25339
|
2026-05-19 02:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
