| CVE | Date | Description | Severity | Third Party Advisory |
|---|---|---|---|---|
| CVE-2024-10425 | Oct. 27, 2024 | A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown f... | 9.8 CRITICAL | https://vuldb.com/?ctiid.281966 |
| CVE-2024-10424 | Oct. 27, 2024 | A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is a... | 9.8 CRITICAL | https://vuldb.com/?ctiid.281965 |
| CVE-2024-10418 | Oct. 27, 2024 | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an un... | 9.8 CRITICAL | https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11 |
| CVE-2024-10419 | Oct. 27, 2024 | A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown ... | 6.1 MEDIUM | https://gist.github.com/higordiego/62ad5208270c67834d02818d6ba44126 |
| CVE-2024-10420 | Oct. 27, 2024 | A vulnerability classified as critical has been found in SourceCodester Attendance and Payroll System 1.0. This affects the function upload of the fil... | 9.8 CRITICAL | https://vuldb.com/?ctiid.281961 |
| CVE-2024-10421 | Oct. 27, 2024 | A vulnerability classified as critical was found in SourceCodester Attendance and Payroll System 1.0. This vulnerability affects unknown code of the f... | 9.8 CRITICAL | https://vuldb.com/?ctiid.281962 |
| CVE-2024-10422 | Oct. 27, 2024 | A vulnerability, which was classified as critical, has been found in SourceCodester Attendance and Payroll System 1.0. This issue affects some unknown... | 9.8 CRITICAL | https://vuldb.com/?ctiid.281963 |
| CVE-2024-10423 | Oct. 27, 2024 | A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function ... | 8.8 HIGH | https://vuldb.com/?ctiid.281964 |
| CVE-2024-10002 | Oct. 22, 2024 | The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient va... | 8.8 HIGH | https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/rover-social-common.php#L148 |
| CVE-2024-8852 | Oct. 22, 2024 | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86... | 5.3 MEDIUM | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168605%40all-in-one-wp-migration&new=3168605%40all-in-one-wp-migration&sfp_email=&sfph_mail= |
| CVE-2024-9627 | Oct. 22, 2024 | The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the '... | 7.3 HIGH | https://www.wordfence.com/threat-intel/vulnerabilities/id/091dadcb-71ac-4321-b3aa-72b5fbbd9163?source=cve |
| CVE-2024-10003 | Oct. 22, 2024 | The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple ... | 6.3 MEDIUM | https://plugins.trac.wordpress.org/browser/rover-idx/tags/3.0.0.2903/admin/rover-panel-setup.php#L152 |
| CVE-2024-9541 | Oct. 22, 2024 | The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the... | 4.3 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/ffc5408c-ca31-4cb6-8cb5-063acbbad01e?source=cve |
| CVE-2024-9588 | Oct. 22, 2024 | The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This i... | 5.4 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/2dc9c744-6ffb-4d7a-94ce-ba576d7b6d47?source=cve |
| CVE-2024-49208 | Oct. 22, 2024 | Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote ... | 3.1 LOW | https://www.archerirm.community/t5/platform-announcements/tkb-p/product-advisories-tkb |
| CVE-2024-49209 | Oct. 22, 2024 | Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A rem... | 4.3 MEDIUM | https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631 |
| CVE-2024-49869 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Star... | 7.8 HIGH | https://git.kernel.org/stable/c/96c6ca71572a3556ed0c37237305657ff47174b7 |
| CVE-2024-49874 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due t... | 7.0 HIGH | https://git.kernel.org/stable/c/4318998892bf8fe99f97bea18c37ae7b685af75a |
| CVE-2024-49873 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemap_get_folios_contig THP panic Patch series "memfd-pin huge... | 5.5 MEDIUM | https://git.kernel.org/stable/c/c225c4f6056b46a8a5bf2ed35abf17a2d6887691 |
| CVE-2024-49871 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to ... | 5.5 MEDIUM | https://git.kernel.org/stable/c/34e304cc53ae5d3c8e3f08b41dd11e0d4f3e01ed |
| CVE-2024-49875 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG thr... | 5.5 MEDIUM | https://git.kernel.org/stable/c/340e61e44c1d2a15c42ec72ade9195ad525fd048 |
| CVE-2022-48961 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There ... | 5.5 MEDIUM | https://git.kernel.org/stable/c/a5c6de1a6656b8cc6bce7cb3d9874dd7df4968c3 |
| CVE-2022-48958 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_... | 5.5 MEDIUM | https://git.kernel.org/stable/c/223654e2e2c8d05347cd8e300f8d1ec6023103dd |
| CVE-2022-48956 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock... | 7.8 HIGH | https://git.kernel.org/stable/c/7390c70bd431cbfa6951477e2c80a301643e284b |
| CVE-2024-49879 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: omapdrm: Add missing check for alloc_ordered_workqueue As it may return NUL... | 5.5 MEDIUM | https://git.kernel.org/stable/c/2bda89735199683b03f55b807bd1e31a3857520b |
| CVE-2024-49877 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate When doing clean... | 5.5 MEDIUM | https://git.kernel.org/stable/c/33b525cef4cff49e216e4133cc48452e11c0391e |
| CVE-2022-48955 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed... | 5.5 MEDIUM | https://git.kernel.org/stable/c/ed14e5903638f6eb868e3e2b4e610985e6a6c876 |
| CVE-2022-48954 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/qeth: fix use-after-free in hsci KASAN found that addr was dereferenced aft... | 7.8 HIGH | https://git.kernel.org/stable/c/db6343a5b0d9661f2dd76f653c6d274d38234d2b |
| CVE-2024-49876 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the ... | 7.8 HIGH | https://git.kernel.org/stable/c/2d2be279f1ca9e7288282d4214f16eea8a727cdb |
| CVE-2024-50034 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPRO... | 5.5 MEDIUM | https://git.kernel.org/stable/c/6fd27ea183c208e478129a85e11d880fc70040f2 |
| CVE-2024-50033 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found th... | 7.1 HIGH | https://git.kernel.org/stable/c/36b054324d18e51cf466134e13b6fbe3c91f52af |
| CVE-2024-50035 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async... | 7.1 HIGH | https://git.kernel.org/stable/c/40dddd4b8bd08a69471efd96107a4e1c73fabefc |
| CVE-2022-48967 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTI... | 7.1 HIGH | https://git.kernel.org/stable/c/6778434706940b8fad7ef35f410d2b9929f256d2 |
| CVE-2022-48968 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential memory leak in otx2_init_tc() In otx2_init_tc(), if ... | 5.5 MEDIUM | https://git.kernel.org/stable/c/eefd8953a74822cb72006632b9ee9dd95f92c146 |
| CVE-2022-48969 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Fix NULL sring after live migration A NAPI is setup for each netwo... | 5.5 MEDIUM | https://git.kernel.org/stable/c/d50b7914fae04d840ce36491d22133070b18cca9 |
| CVE-2024-49969 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This comm... | 7.8 HIGH | https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036 |
| CVE-2024-50017 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/mm/ident_map: Use gbpages only where full GB page should be mapped. When ide... | 5.5 MEDIUM | https://git.kernel.org/stable/c/24141df5a8615790950deedd926a44ddf1dfd6d8 |
| CVE-2024-49975 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uniniti... | 5.5 MEDIUM | https://git.kernel.org/stable/c/5e753b743d3b38a3e10be666c32c5434423d0093 |
| CVE-2024-50018 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: napi: Prevent overflow of napi_defer_hard_irqs In commit 6f8b12d661d0 ("net... | 5.5 MEDIUM | https://git.kernel.org/stable/c/a4a05ceffe8fad68b45de38fe2311bda619e76e2 |
| CVE-2024-49976 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interface_lock in stop_kthread() stop_kthread() is the of... | 5.5 MEDIUM | https://git.kernel.org/stable/c/1a075f4a549481ce6e8518d8379f193ccec6b746 |
| CVE-2022-48946 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation... | 5.5 MEDIUM | https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e |
| CVE-2022-48947 | Oct. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->... | 5.5 MEDIUM | https://git.kernel.org/stable/c/3e9c395ef2d52975b2c2894d2da09d6db2958bc6 |
| CVE-2024-45461 | Oct. 16, 2024 | The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. I... | 6.3 MEDIUM | https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo |
| CVE-2024-9969 | Oct. 15, 2024 | NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific param... | 5.4 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve |
| CVE-2024-48911 | Oct. 14, 2024 | OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is... | 7.8 HIGH | https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo |
| CVE-2024-9687 | Oct. 14, 2024 | The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficien... | 8.8 HIGH | https://plugins.trac.wordpress.org/browser/clover-online-orders/trunk/moo_OnlineOrders.php#L171 |
| CVE-2024-6757 | Oct. 14, 2024 | The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, ... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3115837%40woocommerce%2Ftrunk&old=3106873%40woocommerce%2Ftrunk&sfp_email=&sfph_mail= |
| CVE-2024-30117 | Oct. 14, 2024 | A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... | 5.3 MEDIUM | https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html |
| CVE-2024-9953 | Oct. 14, 2024 | A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inje... | 4.9 MEDIUM | https://issues.chromium.org/issues/361711121 |
| CVE-2024-9820 | Oct. 14, 2024 | The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to ... | 7.5 HIGH | https://issues.chromium.org/issues/40091076 |
| CVE-2024-9968 | Oct. 14, 2024 | WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, mod... | 8.8 HIGH | https://www.ibm.com/support/pages/node/7160300 |
| CVE-2024-9917 | Oct. 13, 2024 | A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/ad... | 4.9 MEDIUM | https://www.twcert.org.tw/tw/cp-132-8132-160bb-1.html |
| CVE-2024-9918 | Oct. 13, 2024 | A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules... | 7.2 HIGH | https://www.ibm.com/support/pages/node/7160433 |
| CVE-2024-43609 | Oct. 8, 2024 | Microsoft Office Spoofing Vulnerability... | 6.5 MEDIUM | https://github.com/thinkst/opencanary/releases/tag/v0.9.4 |
| CVE-2024-43497 | Oct. 8, 2024 | DeepSpeed Remote Code Execution Vulnerability... | 7.8 HIGH | https://www.wordfence.com/threat-intel/vulnerabilities/id/13b5292f-4484-498b-b6b7-2895871ab794?source=cve |
| CVE-2024-43480 | Oct. 8, 2024 | Azure Service Fabric for Linux Remote Code Execution Vulnerability... | 6.6 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/96fa9ed7-6c13-4356-8a25-8a309be2b0e9?source=cve |
| CVE-2024-43501 | Oct. 8, 2024 | Windows Common Log File System Driver Elevation of Privilege Vulnerability... | 7.8 HIGH | https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 |
| CVE-2024-43500 | Oct. 8, 2024 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability... | 5.5 MEDIUM | https://www.twcert.org.tw/tw/cp-132-8136-4d5b4-1.html |
| CVE-2024-43502 | Oct. 8, 2024 | Windows Kernel Elevation of Privilege Vulnerability... | 7.1 HIGH | https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo |
| CVE-2024-45231 | Oct. 8, 2024 | An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing... | 5.3 MEDIUM | https://vuldb.com/?ctiid.280245 |
| CVE-2024-45230 | Oct. 8, 2024 | An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subje... | 7.5 HIGH | https://vuldb.com/?ctiid.280246 |
| CVE-2024-45330 | Oct. 8, 2024 | A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate i... | 7.2 HIGH | https://www.ibm.com/support/pages/node/7160390 |
| CVE-2024-43789 | Oct. 7, 2024 | Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once.... | 4.3 MEDIUM | https://github.com/discourse/discourse/security/advisories/GHSA-67mh-xhmf-c56h |
| CVE-2024-45051 | Oct. 7, 2024 | Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based rest... | 8.2 HIGH | https://groups.google.com/forum/#%21forum/django-announce |
| CVE-2024-45297 | Oct. 7, 2024 | Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This is... | 4.3 MEDIUM | https://groups.google.com/forum/#%21forum/django-announce |
| CVE-2024-47772 | Oct. 7, 2024 | Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciousl... | 6.1 MEDIUM | https://www.twcert.org.tw/tw/cp-132-8134-c476d-1.html |
| CVE-2024-8520 | Oct. 4, 2024 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable ... | 4.3 MEDIUM | https://github.com/ultimatemember/ultimatemember/blob/7b8a7a7c039bde4539c07e049b19036192f1c133/includes/admin/class-admin.php#L1945 |
| CVE-2024-8802 | Oct. 4, 2024 | The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the... | 6.1 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/10fcfddf-0ed7-471d-86bf-c38e7021c6a4?source=cve |
| CVE-2024-42415 | Oct. 3, 2024 | An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library... | 7.8 HIGH | https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30 |
| CVE-2024-36474 | Oct. 3, 2024 | An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) ve... | 7.8 HIGH | https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a |
| CVE-2024-20513 | Oct. 2, 2024 | A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthentica... | 5.3 MEDIUM | https://hackerone.com/reports/2466205 |
| CVE-2024-20470 | Oct. 2, 2024 | A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allo... | 7.2 HIGH | https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f |
| CVE-2024-8752 | Sept. 16, 2024 | The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.... | 7.5 HIGH | https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8 |
| CVE-2024-8875 | Sept. 15, 2024 | A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /w... | 9.1 CRITICAL | https://github.com/DamienHarper/auditor-bundle/commit/e7deb377fa89677d44973b486d26d6a7374233ae |
| CVE-2024-45103 | Sept. 13, 2024 | A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.... | 4.3 MEDIUM | https://github.com/samwbs/kortexcve/blob/main/xss_register_case/XSS_register_case.md |
| CVE-2024-45607 | Sept. 12, 2024 | whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI... | 5.3 MEDIUM | https://github.com/Secreto31126/whatsapp-api-js/pull/371 |
| CVE-2024-8533 | Sept. 12, 2024 | A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permis... | 8.8 HIGH | https://vuldb.com/?ctiid.277433 |
| CVE-2024-7960 | Sept. 12, 2024 | The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vu... | 9.1 CRITICAL | https://github.com/opentibiabr/myaac/pull/122 |
| CVE-2024-7961 | Sept. 12, 2024 | A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the... | 9.8 CRITICAL | https://github.com/bytium/vulnerability-research/blob/main/Advisory%20for%20Time-Based%20Blind%20SQL%20Injection%20in%20QDocs%20Smart%20School.md |
| CVE-2024-8762 | Sept. 12, 2024 | A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /up... | 9.8 CRITICAL | https://github.com/Kangsiyuan/1/issues/1 |
| CVE-2024-8754 | Sept. 12, 2024 | An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An im... | 8.1 HIGH | https://hackerone.com/reports/2687770 |
| CVE-2024-8640 | Sept. 12, 2024 | An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior t... | 8.8 HIGH | https://hackerone.com/reports/2478469 |
| CVE-2024-8635 | Sept. 12, 2024 | A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.... | 6.5 MEDIUM | https://hackerone.com/reports/2634880 |
| CVE-2024-8631 | Sept. 12, 2024 | A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, an... | 7.2 HIGH | https://hackerone.com/reports/2573481 |
| CVE-2024-8124 | Sept. 12, 2024 | An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 1... | 7.5 HIGH | https://hackerone.com/reports/2573397 |
| CVE-2024-6446 | Sept. 12, 2024 | An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted U... | 3.5 LOW | https://hackerone.com/reports/2520722 |
| CVE-2024-6389 | Sept. 12, 2024 | An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attack... | 4.3 MEDIUM | https://hackerone.com/reports/2480126 |
| CVE-2024-5435 | Sept. 12, 2024 | An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 befo... | 6.5 MEDIUM | https://hackerone.com/reports/2479857 |
| CVE-2024-4660 | Sept. 12, 2024 | An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all ... | 7.5 HIGH | https://hackerone.com/reports/2411756 |
| CVE-2024-4612 | Sept. 12, 2024 | An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under c... | 6.1 MEDIUM | https://vuldb.com/?id.275114 |
| CVE-2024-20381 | Sept. 11, 2024 | A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management ... | 8.8 HIGH | https://huntr.com/bounties/416c4a8b-36ba-4bbc-850a-a2f978b0fac8 |
| CVE-2024-8604 | Sept. 9, 2024 | A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file i... | 6.1 MEDIUM | https://github.com/LYaoBoL/IOTsec/blob/main/D-Link/DI-8300A1/DI-8300A1.md |
| CVE-2024-8120 | Aug. 23, 2024 | The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14... | 4.3 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/a06bba7f-0259-4b87-b3fe-6ad8318fda7d?source=cve |
| CVE-2024-8078 | Aug. 22, 2024 | A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been declared as critical. This vulnerability affects the function setTr... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275559 |
| CVE-2024-8079 | Aug. 22, 2024 | A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been rated as critical. This issue affects the function exportOvpn. The ... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275558 |
| CVE-2024-8077 | Aug. 22, 2024 | A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. It has been classified as critical. This affects the function setTracerouteCfg.... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275557 |
| CVE-2024-7651 | Aug. 21, 2024 | The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-sear... | 7.5 HIGH | https://vuldb.com/?ctiid.269948 |
| CVE-2024-7934 | Aug. 19, 2024 | A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is a... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275119 |
| CVE-2024-7933 | Aug. 19, 2024 | A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been classified as critical. Affected is an unknown function o... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275118 |
| CVE-2024-7935 | Aug. 19, 2024 | A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been rated as critical. Affected by this issue is some unknown... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275120 |
| CVE-2024-43324 | Aug. 18, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor al... | 4.8 MEDIUM | http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html |
| CVE-2024-43276 | Aug. 18, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Child Theme Cre... | 6.1 MEDIUM | https://access.redhat.com/errata/RHSA-2023:5454 |
| CVE-2024-43329 | Aug. 18, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Chill Allegiant allegiant allows Store... | 5.4 MEDIUM | https://vuldb.com/?ctiid.269801 |
| CVE-2024-43330 | Aug. 18, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack for Beaver Bu... | 6.1 MEDIUM | https://vuldb.com/?ctiid.269802 |
| CVE-2024-43238 | Aug. 18, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This i... | 6.1 MEDIUM | https://vuldb.com/?ctiid.276840 |
| CVE-2024-7917 | Aug. 18, 2024 | A vulnerability, which was classified as critical, has been found in DouPHP 1.7 Release 20220822. Affected by this issue is some unknown functionality... | 7.2 HIGH | https://git.kernel.org/stable/c/c180311c0a520692e2d0e9ca44dcd6c2ff1b41c4 |
| CVE-2024-7916 | Aug. 18, 2024 | A vulnerability classified as problematic was found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this vulnerability is an ... | 5.4 MEDIUM | https://vuldb.com/?id.274909 |
| CVE-2023-50314 | Aug. 14, 2024 | IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An... | 7.5 HIGH | https://www.ibm.com/support/pages/node/7165502 |
| CVE-2024-31882 | Aug. 14, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, a... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/7165338 |
| CVE-2024-35136 | Aug. 14, 2024 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a spec... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/7165341 |
| CVE-2024-35152 | Aug. 14, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/7165342 |
| CVE-2024-37529 | Aug. 14, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a ... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/7165342 |
| CVE-2024-24580 | Aug. 14, 2024 | Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial ... | 5.5 MEDIUM | https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html |
| CVE-2024-25562 | Aug. 14, 2024 | Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially ena... | 6.6 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/b43371a6-bcb5-4418-b5a5-85879775010c?source=cve |
| CVE-2024-24973 | Aug. 14, 2024 | Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enabl... | 3.3 LOW | https://plugins.trac.wordpress.org/browser/clover-online-orders/trunk/moo_OnlineOrders.php#L183 |
| CVE-2024-23495 | Aug. 14, 2024 | Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially en... | 7.8 HIGH | https://plugins.trac.wordpress.org/browser/clover-online-orders/trunk/public/moo-OnlineOrders-public.php |
| CVE-2024-23491 | Aug. 14, 2024 | Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable ... | 7.3 HIGH | https://vuldb.com/?ctiid.269947 |
| CVE-2024-41976 | Aug. 13, 2024 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4... | 8.8 HIGH | https://csirt.divd.nl/DIVD-2024-00011 |
| CVE-2024-41977 | Aug. 13, 2024 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4... | 8.0 HIGH | https://csirt.divd.nl/DIVD-2024-00011 |
| CVE-2024-39338 | Aug. 12, 2024 | axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.... | 7.5 HIGH | https://csirt.divd.nl/DIVD-2024-00011 |
| CVE-2024-6989 | Aug. 6, 2024 | Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p... | 8.8 HIGH | https://issues.chromium.org/issues/339877158 |
| CVE-2024-6994 | Aug. 6, 2024 | Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted ... | 8.8 HIGH | https://issues.chromium.org/issues/333708039 |
| CVE-2024-6991 | Aug. 6, 2024 | Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag... | 8.8 HIGH | https://issues.chromium.org/issues/340893685 |
| CVE-2024-7000 | Aug. 6, 2024 | Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to pote... | 8.8 HIGH | https://issues.chromium.org/issues/347509736 |
| CVE-2024-6996 | Aug. 6, 2024 | Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI ... | 3.1 LOW | https://issues.chromium.org/issues/40063014 |
| CVE-2024-6999 | Aug. 6, 2024 | Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI ... | 4.3 MEDIUM | https://vuldb.com/?ctiid.273697 |
| CVE-2024-7444 | Aug. 3, 2024 | A vulnerability classified as critical was found in itsourcecode Ticket Reservation System 1.0. Affected by this vulnerability is an unknown functiona... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275030 |
| CVE-2024-6331 | Aug. 3, 2024 | stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The int... | 6.5 MEDIUM | https://vuldb.com/?ctiid.275029 |
| CVE-2024-7449 | Aug. 3, 2024 | A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the f... | 9.8 CRITICAL | https://vuldb.com/?id.274910 |
| CVE-2024-38877 | Aug. 2, 2024 | A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Om... | 8.8 HIGH | https://seclists.org/fulldisclosure/2024/Jun/6 |
| CVE-2024-38879 | Aug. 2, 2024 | A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R... | 9.8 CRITICAL | https://vuldb.com/?ctiid.272063 |
| CVE-2024-42225 | July 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitia... | 7.5 HIGH | https://git.kernel.org/stable/c/64f86337ccfe77fe3be5a9356b0dabde23fbb074 |
| CVE-2024-42227 | July 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mo... | 4.7 MEDIUM | https://git.kernel.org/stable/c/f1fd8a0a54e6d23a6d16ee29159f247862460fd1 |
| CVE-2024-42228 | July 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Ini... | 7.0 HIGH | https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 |
| CVE-2024-42226 | July 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events wit... | 4.6 MEDIUM | https://git.kernel.org/stable/c/66cb618bf0bb82859875b00eeffaf223557cb416 |
| CVE-2024-42229 | July 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 spec... | 4.1 MEDIUM | https://git.kernel.org/stable/c/28c8d274848feba552e95c5c2a7e3cfe8f15c534 |
| CVE-2024-42230 | July 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables ... | 4.4 MEDIUM | https://git.kernel.org/stable/c/8c6506616386ce37e59b2745fc481c6713fae4f3 |
| CVE-2024-42231 | July 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix calc_available_free_space() for zoned mode calc_available_free... | 5.5 MEDIUM | https://git.kernel.org/stable/c/8548903b1999bba02a2b894ad750ab8eb1f40307 |
| CVE-2024-42082 | July 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __x... | 5.5 MEDIUM | https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c |
| CVE-2024-42083 | July 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic due to multi-buffer handling Currently, the ionic_run_xd... | 5.5 MEDIUM | https://git.kernel.org/stable/c/e3f02f32a05009a688a87f5799e049ed6b55bab5 |
| CVE-2024-42064 | July 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip pipe if the pipe idx not set properly [why] Driver crashes... | 5.5 MEDIUM | https://git.kernel.org/stable/c/af114efe8d24b5711cfbedf7180f2ac1a296c24b |
| CVE-2024-42065 | July 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Add an explicit check to ensu... | 5.5 MEDIUM | https://git.kernel.org/stable/c/cc796a77985d6af75c9362cb2e73dce4ae3f97cd |
| CVE-2024-42066 | July 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix potential integer overflow in page size calculation Explicitly cast ... | 5.5 MEDIUM | https://git.kernel.org/stable/c/79d54ddf0e292b810887994bb04709c5ac0e1531 |
| CVE-2024-42067 | July 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()... | 5.5 MEDIUM | https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7 |
| CVE-2024-42068 | July 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() set_m... | 5.5 MEDIUM | https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8 |
| CVE-2024-7202 | July 29, 2024 | The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attac... | 9.8 CRITICAL | https://www.twcert.org.tw/tw/cp-132-7962-dd216-1.html |
| CVE-2024-7201 | July 28, 2024 | The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attac... | 9.8 CRITICAL | https://www.twcert.org.tw/tw/cp-132-7960-0ee18-1.html |
| CVE-2024-7163 | July 28, 2024 | A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/in... | 6.1 MEDIUM | https://vuldb.com/?ctiid.272577 |
| CVE-2024-41705 | July 25, 2024 | A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this t... | 5.4 MEDIUM | https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/739717 |
| CVE-2024-41706 | July 25, 2024 | A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit ... | 5.4 MEDIUM | https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/739717 |
| CVE-2024-41707 | July 25, 2024 | An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious ... | 5.4 MEDIUM | https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/739717 |
| CVE-2024-41473 | July 25, 2024 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac... | 9.8 CRITICAL | https://git.ghostscript.com/?p=ghostpdl.git%3Bh=77dc7f699beba606937b7ea23b50cf5974fa64b1 |
| CVE-2024-40767 | July 24, 2024 | In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a... | 6.5 MEDIUM | https://security.openstack.org |
| CVE-2024-3246 | July 24, 2024 | The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to mis... | 5.4 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/8036bd83-9af5-4b71-8974-9b0690ea6769?source=cve |
| CVE-2024-6911 | July 22, 2024 | Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This is... | 7.5 HIGH | https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ |
| CVE-2024-6122 | July 22, 2024 | An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosur... | 5.5 MEDIUM | https://vuldb.com/?ctiid.271987 |
| CVE-2024-6941 | July 21, 2024 | A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/sy... | 5.4 MEDIUM | https://vuldb.com/?ctiid.272066 |
| CVE-2024-6942 | July 21, 2024 | A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti... | 5.4 MEDIUM | https://vuldb.com/?ctiid.277507 |
| CVE-2024-6939 | July 21, 2024 | A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public... | 6.1 MEDIUM | https://github.com/nextcloud/desktop/issues/6863 |
| CVE-2024-6943 | July 21, 2024 | A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadI... | 8.8 HIGH | https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8 |
| CVE-2024-6944 | July 21, 2024 | A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of th... | 7.5 HIGH | https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493 |
| CVE-2024-38437 | July 21, 2024 | D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275560 |
| CVE-2024-38438 | July 21, 2024 | D-Link - CWE-294: Authentication Bypass by Capture-replay... | 9.8 CRITICAL | https://vuldb.com/?ctiid.275561 |
| CVE-2024-6940 | July 21, 2024 | A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. ... | 7.2 HIGH | https://vuldb.com/?ctiid.271923 |
| CVE-2024-6932 | July 20, 2024 | A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file... | 5.4 MEDIUM | https://vuldb.com/?ctiid.271989 |
| CVE-2024-6934 | July 20, 2024 | A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/... | 4.8 MEDIUM | https://vuldb.com/?ctiid.271990 |
| CVE-2024-6935 | July 20, 2024 | A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clie... | 4.8 MEDIUM | https://vuldb.com/?ctiid.271995 |
| CVE-2024-6338 | July 19, 2024 | The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and i... | 8.8 HIGH | https://vuldb.com/?ctiid.271926 |
| CVE-2024-6205 | July 19, 2024 | The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a W... | 9.8 CRITICAL | https://vuldb.com/?ctiid.271925 |
| CVE-2024-32007 | July 19, 2024 | An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of ... | 7.5 HIGH | https://vuldb.com/?ctiid.271928 |
| CVE-2024-6901 | July 19, 2024 | A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0. Affected is an unknown function of the file entr... | 8.8 HIGH | https://vuldb.com/?ctiid.271927 |
| CVE-2024-6900 | July 19, 2024 | A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of... | 8.8 HIGH | https://huntr.com/bounties/a749e696-b398-4260-b2d0-b0054b9fffa7 |
| CVE-2024-6898 | July 19, 2024 | A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file... | 9.8 CRITICAL | https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5 |
| CVE-2024-40629 | July 18, 2024 | JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, K... | 9.8 CRITICAL | https://git.kernel.org/stable/c/36fdc5319c4d0ec8b8938ec4769764098a246bfb |
| CVE-2024-40628 | July 18, 2024 | JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, K... | 9.1 CRITICAL | https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430 |
| CVE-2023-42010 | July 17, 2024 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP resp... | 3.7 LOW | https://www.ibm.com/support/pages/node/7160471 |
| CVE-2020-36765 | July 16, 2024 | Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/7160579 |
| CVE-2024-2691 | July 16, 2024 | The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting... | 5.4 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/01a6dcf2-6f0b-494b-a18c-04bd9c44e0ce?source=cve |
| CVE-2024-5852 | July 16, 2024 | The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' ... | 4.3 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/39bb69e0-fb18-4737-9eb7-bda2b5bc16a2?source=cve |
| CVE-2024-6621 | July 16, 2024 | The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data du... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/browser/wp-rss-aggregator/trunk/includes/feed-states.php#L28 |
| CVE-2024-40414 | July 15, 2024 | A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.... | 9.8 CRITICAL | https://issues.chromium.org/issues/349342289 |
| CVE-2024-40415 | July 15, 2024 | A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.... | 9.8 CRITICAL | https://issues.chromium.org/issues/339686368 |
| CVE-2024-40416 | July 15, 2024 | A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.... | 9.8 CRITICAL | https://issues.chromium.org/issues/346618785 |
| CVE-2024-5664 | July 10, 2024 | The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' a... | 5.4 MEDIUM | https://plugins.trac.wordpress.org/changeset/3115110/mp3-music-player-by-sonaar/trunk/includes/class-sonaar-music-widget.php |
| CVE-2024-37988 | July 9, 2024 | Secure Boot Security Feature Bypass Vulnerability... | 8.0 HIGH | https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b |
| CVE-2024-37986 | July 9, 2024 | Secure Boot Security Feature Bypass Vulnerability... | 8.0 HIGH | https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq |
| CVE-2024-38011 | July 9, 2024 | Secure Boot Security Feature Bypass Vulnerability... | 8.0 HIGH | https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2 |
| CVE-2024-38010 | July 9, 2024 | Secure Boot Security Feature Bypass Vulnerability... | 8.0 HIGH | https://redmine.openinfosecfoundation.org/issues/7029 |
| CVE-2024-37873 | July 9, 2024 | SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers ... | 9.8 CRITICAL | https://www.ibm.com/support/pages/node/7159770 |
| CVE-2024-37830 | July 9, 2024 | An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.... | 6.1 MEDIUM | https://www.ibm.com/support/pages/node/7159770 |
| CVE-2024-34140 | July 9, 2024 | Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory... | 5.5 MEDIUM | https://git.ghostscript.com/?p=ghostpdl.git%3Bh=917b3a71fb20748965254631199ad98210d6c2fb |
| CVE-2024-34139 | July 9, 2024 | Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code e... | 7.8 HIGH | https://git.ghostscript.com/?p=ghostpdl.git%3Bh=ff1013a0ab485b66783b70145e342a82c670906a |
| CVE-2023-32467 | July 9, 2024 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileg... | 8.2 HIGH | https://vuldb.com/?id.276831 |
| CVE-2024-6368 | June 27, 2024 | A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantag... | 5.4 MEDIUM | https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html |
| CVE-2024-6369 | June 27, 2024 | A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=p... | 5.4 MEDIUM | https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html |
| CVE-2024-6370 | June 27, 2024 | A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /l... | 5.4 MEDIUM | https://vuldb.com/?ctiid.269800 |
| CVE-2024-5885 | June 27, 2024 | stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls whe... | 8.6 HIGH | https://vuldb.com/?ctiid.273529 |
| CVE-2024-37111 | June 24, 2024 | Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.... | 7.5 HIGH | https://vuldb.com/?ctiid.273540 |
| CVE-2024-37089 | June 24, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP... | 9.8 CRITICAL | https://vuldb.com/?id.275042 |
| CVE-2024-37092 | June 24, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP... | 8.8 HIGH | https://vuldb.com/?id.275041 |
| CVE-2024-37107 | June 24, 2024 | Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X:... | 8.8 HIGH | https://vuldb.com/?ctiid.275031 |
| CVE-2024-3593 | June 22, 2024 | The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or i... | 5.4 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/621ef583-bf99-4b81-ae9c-b4f1c86b86aa?source=cve |
| CVE-2024-6185 | June 20, 2024 | A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function get_ip_addr_details of ... | 8.8 HIGH | https://vuldb.com/?ctiid.269156 |
| CVE-2024-6183 | June 20, 2024 | A vulnerability classified as problematic has been found in EZ-Suite EZ-Partner 5. Affected is an unknown function of the component Forgot Password Ha... | 6.1 MEDIUM | https://vuldb.com/?id.269154 |
| CVE-2023-36684 | June 19, 2024 | Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5.... | 9.8 CRITICAL | https://vuldb.com/?ctiid.271994 |
| CVE-2023-36676 | June 19, 2024 | Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.... | 8.8 HIGH | https://vuldb.com/?ctiid.272065 |
| CVE-2024-6128 | June 18, 2024 | A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /c... | 5.3 MEDIUM | https://vuldb.com/?ctiid.272064 |
| CVE-2024-37619 | June 17, 2024 | StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.ph... | 6.1 MEDIUM | https://www.strongshop.cn/ |
| CVE-2024-37624 | June 17, 2024 | Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.... | 6.1 MEDIUM | https://github.com/zhimengzhe/iBarn/issues/20 |
| CVE-2024-37625 | June 17, 2024 | zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php.... | 6.1 MEDIUM | https://gitlab.com/gitlab-org/gitlab/-/issues/441807 |
| CVE-2024-5984 | June 13, 2024 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of... | 9.8 CRITICAL | https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201&languageCode=en&Preview=true |
| CVE-2024-2762 | June 13, 2024 | The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery set... | 5.4 MEDIUM | https://plugins.trac.wordpress.org/browser/cowidgets-elementor-addons/trunk/inc/widgets-manager/widgets/content/class-ce-post-navigation.php#L257 |
| CVE-2023-51680 | June 12, 2024 | Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1.... | 6.3 MEDIUM | https://gitlab.com/gitlab-org/gitlab/-/issues/442695 |
| CVE-2023-52117 | June 12, 2024 | Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.... | 6.3 MEDIUM | https://gitlab.com/gitlab-org/gitlab/-/issues/443577 |
| CVE-2023-52177 | June 12, 2024 | Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3.... | 6.3 MEDIUM | https://gitlab.com/gitlab-org/gitlab/-/issues/458229 |
| CVE-2024-1495 | June 12, 2024 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and sta... | 6.5 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/d9de41de-f2f7-4b16-8ec9-d30bbd3d8786?source=cve |
| CVE-2024-1736 | June 12, 2024 | An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 pri... | 6.5 MEDIUM | https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf |
| CVE-2024-0865 | June 12, 2024 | CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.... | 7.8 HIGH | https://plugins.trac.wordpress.org/changeset/3121532/ |
| CVE-2024-28020 | June 11, 2024 | A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user could use the pass... | 9.9 CRITICAL | https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069 |
| CVE-2024-30467 | June 9, 2024 | Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through ... | 8.8 HIGH | https://hackerone.com/reports/2014157 |
| CVE-2023-23639 | June 9, 2024 | Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.... | 8.8 HIGH | https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068 |
| CVE-2024-31098 | June 9, 2024 | Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from... | 8.8 HIGH | https://wpscan.com/vulnerability/dd19189b-de04-44b6-8ac9-0c32399a8976/ |
| CVE-2024-5640 | June 7, 2024 | The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Sit... | 5.4 MEDIUM | https://plugins.trac.wordpress.org/changeset/3097891/#file372 |
| CVE-2024-1881 | June 6, 2024 | AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Comma... | 9.8 CRITICAL | https://www.ibm.com/support/pages/node/7156492 |
| CVE-2023-45192 | June 6, 2024 | IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML ... | 8.2 HIGH | https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf |
| CVE-2024-5206 | June 6, 2024 | A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, whi... | 4.7 MEDIUM | https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c |
| CVE-2024-5179 | June 5, 2024 | The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_... | 8.8 HIGH | https://huntr.com/bounties/39889ce1-298d-4568-aecd-7ae40c2ca58e |
| CVE-2024-35649 | June 4, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd a... | 5.4 MEDIUM | https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4 |
| CVE-2024-24919 | May 28, 2024 | Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote A... | 8.6 HIGH | https://www.javs.com/downloads/ |
| CVE-2024-5274 | May 28, 2024 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML ... | 8.8 HIGH | https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks |
| CVE-2024-4978 | May 22, 2024 | Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A rem... | 8.4 HIGH | https://unit42.paloaltonetworks.com/cve-2024-3400/ |
| CVE-2024-20360 | May 22, 2024 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacke... | 8.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-23-1430/ |
| CVE-2024-34905 | May 16, 2024 | FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause ... | 7.5 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-23-1429/ |
| CVE-2024-34913 | May 15, 2024 | An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file... | 5.4 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-23-1428/ |
| CVE-2024-34909 | May 15, 2024 | An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.... | 5.4 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-23-1427/ |
| CVE-2024-34906 | May 15, 2024 | An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.... | 5.4 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-23-1426/ |
| CVE-2024-4671 | May 14, 2024 | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially p... | 9.6 CRITICAL | https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ |
| CVE-2024-4761 | May 14, 2024 | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HT... | 8.8 HIGH | http://www.ivizsecurity.com/security-advisory-iviz-sr-08014.html |
| CVE-2024-32002 | May 14, 2024 | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be cr... | 9.0 CRITICAL | https://www.zerodayinitiative.com/advisories/ZDI-23-1425/ |
| CVE-2023-42097 | May 2, 2024 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o... | 7.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-23-1424/ |
| CVE-2023-42096 | May 2, 2024 | Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary ... | 7.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-23-1423/ |
| CVE-2023-42095 | May 2, 2024 | Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive in... | 3.3 LOW | https://www.zerodayinitiative.com/advisories/ZDI-23-1422/ |
| CVE-2023-42094 | May 2, 2024 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code o... | 7.8 HIGH | https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e |
| CVE-2022-48656 | April 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We s... | 5.5 MEDIUM | https://git.kernel.org/stable/c/904f881b57360cf85de962d84d8614d94431f60e |
| CVE-2022-48657 | April 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_fre... | 7.8 HIGH | https://issues.chromium.org/issues/339266700 |
| CVE-2022-48655 | April 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains... | 7.8 HIGH | https://git.kernel.org/stable/c/69bef19d6b9700e96285f4b4e28691cda3dcd0d1 |
| CVE-2022-48658 | April 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit... | 7.8 HIGH | https://git.kernel.org/stable/c/41f857033c44442a27f591fda8d986e7c9e42872 |
| CVE-2022-48659 | April 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(,... | 5.5 MEDIUM | https://git.kernel.org/stable/c/d119888b09bd567e07c6b93a07f175df88857e02 |
| CVE-2024-4071 | April 23, 2024 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown pro... | 8.8 HIGH | https://vuldb.com/?ctiid.261798 |
| CVE-2024-4072 | April 23, 2024 | A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown ... | 5.4 MEDIUM | https://www.ibm.com/support/pages/node/6832928 |
| CVE-2024-4040 | April 22, 2024 | A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote att... | 10.0 CRITICAL | https://unit42.paloaltonetworks.com/cve-2024-3400/ |
| CVE-2024-31497 | April 15, 2024 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack ... | 5.9 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2275183 |
| CVE-2024-3400 | April 12, 2024 | A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specif... | 10.0 CRITICAL | https://plugins.trac.wordpress.org/changeset/3066649/ |
| CVE-2024-3167 | April 9, 2024 | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and includin... | 6.4 MEDIUM | https://issues.chromium.org/issues/330760873 |
| CVE-2024-29988 | April 9, 2024 | SmartScreen Prompt Security Feature Bypass Vulnerability... | 8.8 HIGH | https://vuldb.com/?ctiid.261797 |
| CVE-2024-3159 | April 6, 2024 | Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTM... | 8.8 HIGH | https://issues.chromium.org/issues/329965696 |
| CVE-2024-3158 | April 6, 2024 | Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HT... | 8.8 HIGH | https://issues.chromium.org/issues/329130358 |
| CVE-2024-3156 | April 6, 2024 | Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory acce... | 8.8 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2275183 |
| CVE-2024-2856 | March 24, 2024 | A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSe... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257778 |
| CVE-2024-2855 | March 24, 2024 | A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSe... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257777 |
| CVE-2024-2854 | March 24, 2024 | A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsamb... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257776 |
| CVE-2024-2853 | March 24, 2024 | A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of t... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257775 |
| CVE-2024-2852 | March 24, 2024 | A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInf... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257774 |
| CVE-2024-2851 | March 23, 2024 | A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of ... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257672 |
| CVE-2024-2850 | March 23, 2024 | A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the fi... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257670 |
| CVE-2024-29057 | March 22, 2024 | Microsoft Edge (Chromium-based) Spoofing Vulnerability... | 4.3 MEDIUM | https://vuldb.com/?ctiid.257780 |
| CVE-2024-26247 | March 22, 2024 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability... | 4.7 MEDIUM | https://vuldb.com/?ctiid.257779 |
| CVE-2024-2817 | March 22, 2024 | A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRest... | 6.5 MEDIUM | https://vuldb.com/?ctiid.257671 |
| CVE-2024-2815 | March 22, 2024 | A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257669 |
| CVE-2024-2816 | March 22, 2024 | A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the... | 6.5 MEDIUM | https://vuldb.com/?ctiid.257668 |
| CVE-2024-2814 | March 22, 2024 | A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file ... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257667 |
| CVE-2024-2813 | March 22, 2024 | A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wi... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257666 |
| CVE-2024-2812 | March 22, 2024 | A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of t... | 8.8 HIGH | https://vuldb.com/?ctiid.257665 |
| CVE-2024-2811 | March 22, 2024 | A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257664 |
| CVE-2024-2810 | March 22, 2024 | A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function for... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257663 |
| CVE-2024-2809 | March 22, 2024 | A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of ... | 9.8 CRITICAL | https://vuldb.com/?ctiid.257662 |
| CVE-2024-29472 | March 20, 2024 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.... | 5.4 MEDIUM | https://www.ibm.com/support/pages/node/6832814 |
| CVE-2024-29471 | March 20, 2024 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.... | 5.4 MEDIUM | https://github.com/zalify/easy-email/issues/373 |
| CVE-2023-47699 | March 15, 2024 | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in... | 6.1 MEDIUM | https://www.ibm.com/support/pages/node/7142038 |
| CVE-2023-47147 | March 15, 2024 | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598.... | 5.3 MEDIUM | https://www.ibm.com/support/pages/node/6832964 |
| CVE-2023-46181 | March 15, 2024 | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 269... | 3.3 LOW | https://www.ibm.com/support/pages/node/7142038 |
| CVE-2021-38938 | March 15, 2024 | IBM Host Access Transformation Services (HATS) 9.6 through 9.6.1.4 and 9.7 through 9.7.0.3 stores user credentials in plain clear text which can be re... | 5.5 MEDIUM | https://www.ibm.com/support/pages/node/7142038 |
| CVE-2023-47162 | March 15, 2024 | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in... | 6.1 MEDIUM | https://www.ibm.com/support/pages/node/7142038 |
| CVE-2023-46182 | March 15, 2024 | IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in... | 5.4 MEDIUM | https://www.ibm.com/support/pages/node/7141270 |
| CVE-2024-24693 | March 13, 2024 | Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial o... | 5.5 MEDIUM | https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg |
| CVE-2024-24692 | March 13, 2024 | Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service... | 4.7 MEDIUM | https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.3...protobufjs-v7.2.4 |
| CVE-2023-36554 | March 12, 2024 | A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4... | 9.8 CRITICAL | https://git.kernel.org/stable/c/17a8519cb359c3b483fb5c7367efa9a8a508bdea |
| CVE-2023-42789 | March 12, 2024 | A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, ... | 9.8 CRITICAL | https://git.kernel.org/stable/c/6c53e8547687d9c767c139cd4b50af566f58c29a |
| CVE-2023-42790 | March 12, 2024 | A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through ... | 8.1 HIGH | https://git.kernel.org/stable/c/8ad4d580e8aff8de2a4d57c5930fcc29f1ffd4a6 |
| CVE-2023-47534 | March 12, 2024 | A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 throug... | 8.8 HIGH | https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f |
| CVE-2023-48788 | March 12, 2024 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiCl... | 9.8 CRITICAL | https://git.kernel.org/stable/c/536bb492d39bb6c080c92f31e8a55fe9934f452b |
| CVE-2024-23112 | March 12, 2024 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through... | 4.3 MEDIUM | https://git.kernel.org/stable/c/4b081ce0d830b684fdf967abc3696d1261387254 |
| CVE-2024-21408 | March 12, 2024 | Windows Hyper-V Denial of Service Vulnerability... | 5.5 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2258836 |
| CVE-2024-21407 | March 12, 2024 | Windows Hyper-V Remote Code Execution Vulnerability... | 8.1 HIGH | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
| CVE-2024-21390 | March 12, 2024 | Microsoft Authenticator Elevation of Privilege Vulnerability... | 7.1 HIGH | http://seclists.org/fulldisclosure/2020/May/0 |
| CVE-2024-21761 | March 12, 2024 | An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download othe... | 4.3 MEDIUM | http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html |
| CVE-2024-23277 | March 7, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network ... | 5.9 MEDIUM | https://support.apple.com/en-us/HT214081 |
| CVE-2024-23276 | March 7, 2024 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be... | 7.8 HIGH | http://seclists.org/fulldisclosure/2024/Mar/22 |
| CVE-2024-23275 | March 7, 2024 | A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An a... | 4.7 MEDIUM | http://seclists.org/fulldisclosure/2024/Mar/22 |
| CVE-2023-52455 | Feb. 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu: Don't reserve 0-length IOVA region When the bootloader/firmware doesn't s... | 7.8 HIGH | https://git.kernel.org/stable/c/b719a9c15d52d4f56bdea8241a5d90fd9197ce99 |
| CVE-2023-52456 | Feb. 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: imx: fix tx statemachine deadlock When using the serial port as RS485 po... | 5.5 MEDIUM | https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e |
| CVE-2023-52457 | Feb. 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() fa... | 7.8 HIGH | https://git.kernel.org/stable/c/df6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a |
| CVE-2023-52460 | Feb. 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequ... | 5.5 MEDIUM | https://git.kernel.org/stable/c/02bcd951aa3c2cea95fb241c20802e9501940296 |
| CVE-2023-52443 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed... | 5.5 MEDIUM | https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf |
| CVE-2023-52445 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a ... | 7.8 HIGH | https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e |
| CVE-2023-52444 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid dirent corruption As Al reported in link[1]: f2fs_rename() .... | 7.8 HIGH | https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862 |
| CVE-2023-52448 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has report... | 5.5 MEDIUM | https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529 |
| CVE-2023-52449 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko a... | 5.5 MEDIUM | https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15 |
| CVE-2023-52450 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() ... | 5.5 MEDIUM | https://git.kernel.org/stable/c/c5068e442eed063d2f1658e6b6d3c1c6fcf1e588 |
| CVE-2023-52451 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_... | 7.8 HIGH | https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5 |
| CVE-2023-52452 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be a... | 7.8 HIGH | https://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed |
| CVE-2024-26586 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added t... | 7.8 HIGH | https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0 |
| CVE-2024-26587 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_ini... | 5.5 MEDIUM | https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9 |
| CVE-2024-26588 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers a... | 7.8 HIGH | https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894 |
| CVE-2024-26589 | Feb. 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_... | 7.8 HIGH | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/ |
| CVE-2024-26585 | Feb. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous ... | 4.7 MEDIUM | https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb |
| CVE-2024-26584 | Feb. 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_T... | 5.5 MEDIUM | https://git.kernel.org/stable/c/887a558d0298d36297daea039954c39940228d9b |
| CVE-2023-52434 | Feb. 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and le... | 8.0 HIGH | https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01 |
| CVE-2023-52439 | Feb. 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ---------------------------... | 7.8 HIGH | https://support.apple.com/en-us/HT214081 |
| CVE-2023-52435 | Feb. 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash th... | 5.5 MEDIUM | http://seclists.org/fulldisclosure/2024/Mar/22 |
| CVE-2023-52438 | Feb. 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: binder: fix use-after-free in shinker's callback The mmap read lock is used duri... | 7.8 HIGH | http://seclists.org/fulldisclosure/2024/Mar/22 |
| CVE-2024-20978 | Feb. 16, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior a... | 4.9 MEDIUM | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1901 |
| CVE-2024-20976 | Feb. 16, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior a... | 4.9 MEDIUM | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1906 |
| CVE-2024-20974 | Feb. 16, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior a... | 4.9 MEDIUM | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1890 |
| CVE-2024-20972 | Feb. 16, 2024 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior a... | 4.9 MEDIUM | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 |
| CVE-2024-20748 | Feb. 15, 2024 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of se... | 5.5 MEDIUM | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1909 |
| CVE-2024-20747 | Feb. 15, 2024 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of se... | 5.5 MEDIUM | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1908 |
| CVE-2024-20749 | Feb. 15, 2024 | Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of se... | 5.5 MEDIUM | https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1910 |
| CVE-2023-44253 | Feb. 15, 2024 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before ... | 5.0 MEDIUM | https://https://www.ibm.com/support/pages/node/7116046 |
| CVE-2023-45581 | Feb. 15, 2024 | An improper privilege management vulnerability [CWE-269] in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site admin... | 7.2 HIGH | http://seclists.org/fulldisclosure/2024/Feb/7 |
| CVE-2024-23478 | Feb. 15, 2024 | SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows a... | 8.0 HIGH | https://github.com/getsentry/sentry/pull/64882 |
| CVE-2023-40057 | Feb. 15, 2024 | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an ... | 9.0 CRITICAL | https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j |
| CVE-2024-23476 | Feb. 15, 2024 | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, thi... | 9.6 CRITICAL | https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h |
| CVE-2024-23477 | Feb. 15, 2024 | The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, thi... | 9.6 CRITICAL | https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3 |
| CVE-2023-26206 | Feb. 15, 2024 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1... | 6.1 MEDIUM | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 |
| CVE-2023-32647 | Feb. 14, 2024 | Improper access control in some Intel(R) XTU software before version 7.12.0.29 may allow an authenticated user to potentially enable escalation of pri... | 7.8 HIGH | https://www.archerirm.community/t5/platform-announcements/tkb-p/product-advisories-tkb |
| CVE-2024-1359 | Feb. 13, 2024 | A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to... | 9.1 CRITICAL | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 |
| CVE-2024-21354 | Feb. 13, 2024 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability... | 7.8 HIGH | https://www.ibm.com/support/pages/node/7124058 |
| CVE-2024-21355 | Feb. 13, 2024 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability... | 7.0 HIGH | https://www.ibm.com/support/pages/node/7124058 |
| CVE-2024-21347 | Feb. 13, 2024 | Microsoft ODBC Driver Remote Code Execution Vulnerability... | 7.5 HIGH | https://www.ibm.com/support/pages/node/7124058 |
| CVE-2024-21362 | Feb. 13, 2024 | Windows Kernel Security Feature Bypass Vulnerability... | 5.5 MEDIUM | http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html |
| CVE-2024-21348 | Feb. 13, 2024 | Internet Connection Sharing (ICS) Denial of Service Vulnerability... | 7.5 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2247283 |
| CVE-2024-21338 | Feb. 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability... | 7.8 HIGH | https://access.redhat.com/errata/RHSA-2024:0138 |
| CVE-2024-21340 | Feb. 13, 2024 | Windows Kernel Information Disclosure Vulnerability... | 4.6 MEDIUM | https://www.buffalo.jp/news/detail/20231225-01.html |
| CVE-2024-21371 | Feb. 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability... | 7.0 HIGH | https://ghostscript.com/ |
| CVE-2024-21372 | Feb. 13, 2024 | Windows OLE Remote Code Execution Vulnerability... | 8.8 HIGH | https://logicaltrust.net/blog/2023/08/opnsense.html |
| CVE-2024-21401 | Feb. 13, 2024 | Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability... | 9.8 CRITICAL | https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ |
| CVE-2024-21413 | Feb. 13, 2024 | Microsoft Outlook Remote Code Execution Vulnerability... | 9.8 CRITICAL | https://access.redhat.com/security/cve/CVE-2023-4535 |
| CVE-2024-21346 | Feb. 13, 2024 | Win32k Elevation of Privilege Vulnerability... | 7.8 HIGH | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ |
| CVE-2024-20679 | Feb. 13, 2024 | Azure Stack Hub Spoofing Vulnerability... | 6.5 MEDIUM | https://www.spinics.net/lists/kernel/msg5074816.html |
| CVE-2024-20684 | Feb. 13, 2024 | Windows Hyper-V Denial of Service Vulnerability... | 6.5 MEDIUM | https://support.apple.com/en-us/HT214056 |
| CVE-2024-20695 | Feb. 13, 2024 | Skype for Business Information Disclosure Vulnerability... | 5.7 MEDIUM | https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ |
| CVE-2024-21345 | Feb. 13, 2024 | Windows Kernel Elevation of Privilege Vulnerability... | 8.8 HIGH | https://access.redhat.com/security/cve/CVE-2023-4535 |
| CVE-2024-21353 | Feb. 13, 2024 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability... | 8.8 HIGH | https://fluidattacks.com/advisories/holiday/ |
| CVE-2024-21344 | Feb. 13, 2024 | Windows Network Address Translation (NAT) Denial of Service Vulnerability... | 5.9 MEDIUM | http://www.openwall.com/lists/oss-security/2024/02/11/1 |
| CVE-2024-24932 | Feb. 12, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This is... | 6.1 MEDIUM | https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75 |
| CVE-2022-34311 | Feb. 12, 2024 | IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insuffic... | 4.3 MEDIUM | https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3 |
| CVE-2022-34309 | Feb. 12, 2024 | IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inf... | 7.5 HIGH | https://git.kernel.org/stable/c/98b8a550da83cc392a14298c4b3eaaf0332ae6ad |
| CVE-2023-52429 | Feb. 11, 2024 | dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and cra... | 5.5 MEDIUM | https://ubuntu.com/security/CVE-2020-11935 |
| CVE-2024-25715 | Feb. 10, 2024 | Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.... | 6.1 MEDIUM | https://vuldb.com/?ctiid.253382 |
| CVE-2024-1431 | Feb. 10, 2024 | A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of ... | 6.5 MEDIUM | https://vuldb.com/?ctiid.253381 |
| CVE-2024-1430 | Feb. 10, 2024 | A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functi... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/7116431 |
| CVE-2024-22361 | Feb. 10, 2024 | IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic... | 7.5 HIGH | https://vuldb.com/?ctiid.253330 |
| CVE-2024-1406 | Feb. 10, 2024 | A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInf... | 4.3 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve |
| CVE-2024-0596 | Feb. 10, 2024 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabilit... | 5.3 MEDIUM | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= |
| CVE-2024-0595 | Feb. 10, 2024 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check ... | 4.3 MEDIUM | https://github.com/Icinga/icingaweb2-module-incubator/security/advisories/GHSA-p8vv-9pqq-rm8p |
| CVE-2023-50349 | Feb. 9, 2024 | Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to ... | 8.8 HIGH | https://lists.apache.org/thread/o96ct5t7kj5cgrmmfc6756m931t08nky |
| CVE-2024-25302 | Feb. 9, 2024 | Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter.... | 9.8 CRITICAL | http://packetstormsecurity.com/files/158647/Cisco-Adaptive-Security-Appliance-Software-9.11-Local-File-Inclusion.html |
| CVE-2023-45716 | Feb. 9, 2024 | Sametime is impacted by sensitive information passed in URL. ... | 4.1 MEDIUM | https://security.netapp.com/advisory/ntap-20220429-0006/ |
| CVE-2023-39683 | Feb. 9, 2024 | Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input paramet... | 6.1 MEDIUM | https://git.kernel.org/stable/c/6e04a9d30509fb53ba6df5d655ed61d607a7cfda |
| CVE-2023-42282 | Feb. 8, 2024 | The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable vi... | 9.8 CRITICAL | https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894 |
| CVE-2023-6515 | Feb. 8, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: ... | 8.8 HIGH | https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37 |
| CVE-2023-6517 | Feb. 8, 2024 | Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.T... | 7.5 HIGH | https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745 |
| CVE-2023-6518 | Feb. 8, 2024 | Plaintext Storage of a Password vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A... | 7.5 HIGH | https://git.kernel.org/stable/c/3d6f4a78b104c65e4256c3776c9949f49a1b459e |
| CVE-2023-6519 | Feb. 8, 2024 | Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue a... | 7.5 HIGH | https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc |
| CVE-2024-22332 | Feb. 8, 2024 | The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: ... | 6.5 MEDIUM | https://https://www.ibm.com/support/pages/node/7116046 |
| CVE-2024-22318 | Feb. 8, 2024 | IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attac... | 5.5 MEDIUM | http://seclists.org/fulldisclosure/2024/Feb/7 |
| CVE-2024-24829 | Feb. 8, 2024 | Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with S... | 5.3 MEDIUM | https://github.com/getsentry/sentry/pull/64882 |
| CVE-2024-24825 | Feb. 8, 2024 | DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may exp... | 7.5 HIGH | https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j |
| CVE-2024-24821 | Feb. 8, 2024 | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the i... | 7.8 HIGH | https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h |
| CVE-2024-24820 | Feb. 8, 2024 | Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate t... | 8.3 HIGH | https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3 |
| CVE-2024-24496 | Feb. 8, 2024 | An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tr... | 9.8 CRITICAL | https://github.com/wildfly-security/wildfly-openssl-natives/pull/4/files |
| CVE-2024-24495 | Feb. 8, 2024 | SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET requ... | 9.8 CRITICAL | https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j |
| CVE-2023-38995 | Feb. 7, 2024 | An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.... | 9.8 CRITICAL | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 |
| CVE-2023-5665 | Feb. 7, 2024 | The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, an... | 5.4 MEDIUM | https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 |
| CVE-2024-24806 | Feb. 7, 2024 | libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows... | 7.3 HIGH | https://huntr.com/bounties/21d2ff0c-d43a-4afd-bb4d-049ee8da5b5c |
| CVE-2023-6953 | Feb. 5, 2024 | The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF bod... | 5.4 MEDIUM | https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R |
| CVE-2024-24397 | Feb. 5, 2024 | Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via... | 5.4 MEDIUM | https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b |
| CVE-2020-36773 | Feb. 4, 2024 | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character... | 9.8 CRITICAL | https://bugzilla.opensuse.org/show_bug.cgi?id=1177922 |
| CVE-2024-1141 | Feb. 1, 2024 | A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level ... | 5.5 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2258836 |
| CVE-2023-6780 | Jan. 31, 2024 | An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. Th... | 5.3 MEDIUM | http://seclists.org/fulldisclosure/2024/Feb/3 |
| CVE-2023-40548 | Jan. 29, 2024 | A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed f... | 7.4 HIGH | https://plugins.trac.wordpress.org/browser/payment-forms-for-paystack/tags/3.4.1/public/class-paystack-forms-public-for-old-themes.php#L1054 |
| CVE-2024-24135 | Jan. 29, 2024 | Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.... | 6.1 MEDIUM | https://vuldb.com/?ctiid.246443 |
| CVE-2024-24134 | Jan. 29, 2024 | Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu sectio... | 4.8 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=1905945 |
| CVE-2023-52355 | Jan. 25, 2024 | An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw all... | 7.5 HIGH | http://wiki.rpath.com/Advisories:rPSA-2009-0040 |
| CVE-2024-23223 | Jan. 22, 2024 | A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS ... | 6.2 MEDIUM | http://seclists.org/fulldisclosure/2024/Jan/36 |
| CVE-2024-23224 | Jan. 22, 2024 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive u... | 5.5 MEDIUM | http://seclists.org/fulldisclosure/2024/Jan/37 |
| CVE-2022-45845 | Jan. 19, 2024 | Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. ... | 8.8 HIGH | https://vuldb.com/?ctiid.251542 |
| CVE-2022-47160 | Jan. 19, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp So... | 6.5 MEDIUM | http://www.securityfocus.com/bid/36198 |
| CVE-2024-0716 | Jan. 19, 2024 | A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of ... | 5.3 MEDIUM | https://exchange.xforce.ibmcloud.com/vulnerabilities/51676 |
| CVE-2024-22563 | Jan. 19, 2024 | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.... | 7.5 HIGH | http://securitytracker.com/id?1014085 |
| CVE-2024-0717 | Jan. 19, 2024 | A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR... | 5.3 MEDIUM | https://vuldb.com/?id.210714 |
| CVE-2024-22418 | Jan. 18, 2024 | Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism o... | 5.4 MEDIUM | https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp |
| CVE-2023-50614 | Jan. 18, 2024 | An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.... | 7.5 HIGH | https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-xmj6-g32r-fc5q |
| CVE-2024-22422 | Jan. 18, 2024 | AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. ... | 7.5 HIGH | https://vuldb.com/?ctiid.251541 |
| CVE-2011-10005 | Jan. 16, 2024 | A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler.... | 8.8 HIGH | http://stackideas.com |
| CVE-2022-0402 | Jan. 16, 2024 | The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter befor... | 6.1 MEDIUM | https://wpscan.com/vulnerability/d8da539d-0a1b-46ef-b48d-710c59cf68e1/ |
| CVE-2023-0224 | Jan. 16, 2024 | The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers... | 9.8 CRITICAL | https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf |
| CVE-2023-3647 | Jan. 16, 2024 | The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such a... | 4.8 MEDIUM | https://vuldb.com/?ctiid.250717 |
| CVE-2023-3372 | Jan. 16, 2024 | The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/... | 5.4 MEDIUM | https://vuldb.com/?ctiid.250718 |
| CVE-2024-0565 | Jan. 15, 2024 | An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kern... | 7.4 HIGH | http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html |
| CVE-2023-6457 | Jan. 15, 2024 | Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read ... | 7.1 HIGH | https://vuldb.com/?id.250716 |
| CVE-2023-43449 | Jan. 15, 2024 | An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/Li... | 8.8 HIGH | https://wpscan.com/vulnerability/2e2e2478-2488-4c91-8af8-69b07783854f/ |
| CVE-2023-51810 | Jan. 15, 2024 | SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a cra... | 7.5 HIGH | https://vuldb.com/?ctiid.250713 |
| CVE-2024-0543 | Jan. 15, 2024 | A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file p... | 7.5 HIGH | https://jvn.jp/en/jp/JVN96240417/ |
| CVE-2023-51059 | Jan. 15, 2024 | An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session managem... | 8.8 HIGH | https://wpscan.com/vulnerability/19138092-50d3-4d63-97c5-aa8e1ce39456/ |
| CVE-2020-36770 | Jan. 15, 2024 | pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem.... | 9.8 CRITICAL | https://github.com/E1tex/CVE-2023-48104 |
| CVE-2024-0547 | Jan. 15, 2024 | A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of... | 7.5 HIGH | https://vuldb.com/?ctiid.250715 |
| CVE-2024-0548 | Jan. 15, 2024 | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the compo... | 7.5 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2254982 |
| CVE-2024-0503 | Jan. 13, 2024 | A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file regi... | 6.1 MEDIUM | https://cert.pl/posts/2024/01/CVE-2023-49253/ |
| CVE-2023-6735 | Jan. 12, 2024 | Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges... | 7.8 HIGH | https://cert.pl/posts/2024/01/CVE-2023-49253/ |
| CVE-2023-6740 | Jan. 12, 2024 | Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges... | 7.8 HIGH | https://cert.pl/posts/2024/01/CVE-2023-49253/ |
| CVE-2023-49255 | Jan. 12, 2024 | The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, ... | 9.8 CRITICAL | https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach |
| CVE-2023-49262 | Jan. 12, 2024 | The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.... | 9.8 CRITICAL | http://www.live555.com/liveMedia/public/changelog.txt |
| CVE-2023-50920 | Jan. 12, 2024 | An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share s... | 5.5 MEDIUM | https://vuldb.com/?ctiid.250611 |
| CVE-2023-50919 | Jan. 12, 2024 | An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects... | 9.8 CRITICAL | https://hackerone.com/reports/1929929 |
| CVE-2023-40362 | Jan. 12, 2024 | An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to ... | 4.3 MEDIUM | https://hackerone.com/reports/2115574 |
| CVE-2023-31211 | Jan. 12, 2024 | Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials... | 6.5 MEDIUM | https://hackerone.com/reports/2188868 |
| CVE-2023-37117 | Jan. 12, 2024 | A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.... | 9.8 CRITICAL | https://gitlab.com/gitlab-org/gitlab/-/issues/436084 |
| CVE-2023-51063 | Jan. 12, 2024 | QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability w... | 8.8 HIGH | https://cert.pl/posts/2024/01/CVE-2023-49253/ |
| CVE-2023-0437 | Jan. 12, 2024 | When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affec... | 7.5 HIGH | https://cert.pl/posts/2024/01/CVE-2023-49253/ |
| CVE-2024-0056 | Jan. 9, 2024 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability... | 8.7 HIGH | https://security.netapp.com/advisory/ntap-20240208-0007/ |
| CVE-2024-0057 | Jan. 9, 2024 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability... | 9.8 CRITICAL | https://www.zerodayinitiative.com/advisories/ZDI-22-1296/ |
| CVE-2023-50930 | Jan. 9, 2024 | An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify... | 7.1 HIGH | https://security.netapp.com/advisory/ntap-20240208-0007/ |
| CVE-2023-41784 | Jan. 4, 2024 | Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro ... | 5.5 MEDIUM | http://www.openwall.com/lists/oss-security/2024/02/11/1 |
| CVE-2023-49551 | Jan. 2, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.... | 7.5 HIGH | https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ |
| CVE-2023-49550 | Jan. 2, 2024 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.... | 7.5 HIGH | https://pho3n1x-web.github.io/2023/09/18/CVE-2023-41543%28JeecgBoot_sql%29/ |
| CVE-2023-6693 | Jan. 2, 2024 | A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if gu... | 5.3 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2254580 |
| CVE-2023-7186 | Dec. 31, 2023 | A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the ... | 8.8 HIGH | https://vuldb.com/?ctiid.249392 |
| CVE-2023-7185 | Dec. 31, 2023 | A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop... | 8.8 HIGH | https://vuldb.com/?ctiid.249391 |
| CVE-2023-7184 | Dec. 31, 2023 | A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality o... | 8.8 HIGH | https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/ |
| CVE-2023-52269 | Dec. 30, 2023 | MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attac... | 4.8 MEDIUM | https://vuldb.com/?ctiid.249393 |
| CVE-2023-7155 | Dec. 29, 2023 | A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an u... | 8.8 HIGH | https://vuldb.com/?ctiid.249177 |
| CVE-2023-4468 | Dec. 29, 2023 | A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Le... | 7.6 HIGH | https://github.com/OpenXiangShan/XiangShan/issues/2534 |
| CVE-2023-51663 | Dec. 29, 2023 | Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail re... | 5.3 MEDIUM | https://mdaemon.com/pages/security-gateway |
| CVE-2023-41543 | Dec. 29, 2023 | SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /s... | 9.8 CRITICAL | https://vuldb.com/?ctiid.249388 |
| CVE-2023-41542 | Dec. 29, 2023 | SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmrep... | 9.8 CRITICAL | https://vuldb.com/?ctiid.249387 |
| CVE-2023-50559 | Dec. 29, 2023 | An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.... | 5.5 MEDIUM | https://vuldb.com/?ctiid.249386 |
| CVE-2023-50069 | Dec. 29, 2023 | WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can... | 6.1 MEDIUM | https://vuldb.com/?ctiid.249385 |
| CVE-2023-7134 | Dec. 28, 2023 | A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. T... | 9.8 CRITICAL | https://vuldb.com/?ctiid.249137 |
| CVE-2023-7135 | Dec. 28, 2023 | A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /m... | 5.4 MEDIUM | https://vuldb.com/?ctiid.249138 |
| CVE-2023-7136 | Dec. 28, 2023 | A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functi... | 5.4 MEDIUM | https://vuldb.com/?ctiid.249139 |
| CVE-2023-7137 | Dec. 28, 2023 | A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown f... | 8.8 HIGH | https://vuldb.com/?ctiid.249140 |
| CVE-2023-7138 | Dec. 28, 2023 | A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /adm... | 8.8 HIGH | https://vuldb.com/?ctiid.249141 |
| CVE-2023-7139 | Dec. 28, 2023 | A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of th... | 9.8 CRITICAL | https://vuldb.com/?ctiid.249142 |
| CVE-2023-7140 | Dec. 28, 2023 | A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the ... | 9.8 CRITICAL | https://vuldb.com/?ctiid.249143 |
| CVE-2023-7141 | Dec. 28, 2023 | A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the fi... | 9.8 CRITICAL | https://vuldb.com/?ctiid.249144 |
| CVE-2023-7142 | Dec. 28, 2023 | A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknow... | 9.8 CRITICAL | https://vuldb.com/?ctiid.249145 |
| CVE-2023-7143 | Dec. 28, 2023 | A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functio... | 4.8 MEDIUM | https://vuldb.com/?ctiid.249146 |
| CVE-2023-7149 | Dec. 28, 2023 | A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /dow... | 6.1 MEDIUM | https://vuldb.com/?ctiid.249153 |
| CVE-2023-50858 | Dec. 28, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker ... | 8.8 HIGH | http://www.securityfocus.com/bid/26146 |
| CVE-2023-51102 | Dec. 26, 2023 | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet.... | 9.8 CRITICAL | https://vuldb.com/?ctiid.248938 |
| CVE-2023-50727 | Dec. 22, 2023 | Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Reflected XSS issue oc... | 6.1 MEDIUM | https://github.com/resque/resque/pull/1865 |
| CVE-2023-50725 | Dec. 22, 2023 | Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. The following paths in... | 6.1 MEDIUM | https://github.com/resque/resque/pull/1790 |
| CVE-2023-51034 | Dec. 22, 2023 | TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface.... | 9.8 CRITICAL | https://github.com/dfir-iris/iris-web/security/advisories/GHSA-593r-747g-p92p |
| CVE-2023-51035 | Dec. 22, 2023 | TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.... | 9.8 CRITICAL | https://github.com/thirtybees/thirtybees/compare/1.4.0...1.5.0 |
| CVE-2023-50712 | Dec. 22, 2023 | Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting... | 5.4 MEDIUM | https://github.com/wasmerio/wasmer/issues/4267 |
| CVE-2023-45957 | Dec. 22, 2023 | A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to... | 5.4 MEDIUM | https://github.com/appneta/tcpreplay/issues/813 |
| CVE-2023-32242 | Dec. 21, 2023 | Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooComm... | 9.8 CRITICAL | https://projectworlds.in/ |
| CVE-2023-49778 | Dec. 21, 2023 | Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. ... | 9.8 CRITICAL | https://projectworlds.in/ |
| CVE-2023-28421 | Dec. 21, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin – WP Email Capture.This issu... | 7.5 HIGH | https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50473.md |
| CVE-2023-2487 | Dec. 21, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.This issue... | 7.5 HIGH | https://projectworlds.in/ |
| CVE-2023-48288 | Dec. 21, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue af... | 7.5 HIGH | https://projectworlds.in/ |
| CVE-2023-49162 | Dec. 21, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For W... | 7.5 HIGH | https://projectworlds.in/ |
| CVE-2023-49826 | Dec. 21, 2023 | Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affect... | 9.8 CRITICAL | https://projectworlds.in/ |
| CVE-2023-50828 | Dec. 21, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard – Custom WordP... | 4.8 MEDIUM | https://projectworlds.in/ |
| CVE-2023-50824 | Dec. 21, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content in... | 5.4 MEDIUM | https://projectworlds.in/ |
| CVE-2023-50823 | Dec. 21, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows St... | 5.4 MEDIUM | https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50473.md |
| CVE-2023-7040 | Dec. 21, 2023 | A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functional... | 6.5 MEDIUM | https://vuldb.com/?ctiid.248689 |
| CVE-2023-50834 | Dec. 21, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allow... | 5.4 MEDIUM | https://vuldb.com/?ctiid.249006 |
| CVE-2023-49765 | Dec. 21, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating ... | 6.5 MEDIUM | https://vuldb.com/?ctiid.248949 |
| CVE-2023-47191 | Dec. 21, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership ... | 6.5 MEDIUM | https://vuldb.com/?ctiid.248948 |
| CVE-2023-49270 | Dec. 20, 2023 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the res... | 5.4 MEDIUM | https://www.kashipara.com/ |
| CVE-2023-49271 | Dec. 20, 2023 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the re... | 5.4 MEDIUM | https://www.kashipara.com/ |
| CVE-2023-49272 | Dec. 20, 2023 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservat... | 6.1 MEDIUM | https://www.kashipara.com/ |
| CVE-2023-33209 | Dec. 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor – Track Website C... | 8.1 HIGH | https://www.kashipara.com/ |
| CVE-2023-33330 | Dec. 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects Autom... | 8.1 HIGH | https://www.kashipara.com/ |
| CVE-2023-49825 | Dec. 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, B... | 8.1 HIGH | https://www.kashipara.com/ |
| CVE-2023-5007 | Dec. 20, 2023 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource do... | 9.8 CRITICAL | https://vuldb.com/?ctiid.230153 |
| CVE-2023-5010 | Dec. 20, 2023 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php res... | 9.8 CRITICAL | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=443d61d1fa9faa60ef925513d83742902390100f |
| CVE-2023-5011 | Dec. 20, 2023 | Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php res... | 9.8 CRITICAL | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9 |
| CVE-2023-30495 | Dec. 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.This... | 8.1 HIGH | https://github.com/vova07/yii2-fileapi-widget/releases/tag/0.1.9 |
| CVE-2023-30750 | Dec. 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordP... | 8.1 HIGH | https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18 |
| CVE-2023-50835 | Dec. 19, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.This issue affects Advanced Category Template: from n/a ... | 8.8 HIGH | https://security.netapp.com/advisory/ntap-20231020-0003/ |
| CVE-2023-49004 | Dec. 19, 2023 | An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker to execute arbitrary code via a crafted script to the en parameter.... | 9.8 CRITICAL | https://github.com/redpanda-data/redpanda/compare/v23.2.17...v23.2.18 |
| CVE-2023-48766 | Dec. 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator – Add Animated SVG Easily.This issue affects SVGator – Add Animated SVG Easily: fro... | 8.8 HIGH | https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 |
| CVE-2023-48762 | Dec. 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through... | 8.8 HIGH | https://github.com/kalcaddle/kodbox/releases/tag/1.48.04 |
| CVE-2023-46617 | Dec. 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSens... | 8.8 HIGH | https://github.com/kalcaddle/kodbox/releases/tag/1.48.04 |
| CVE-2023-49760 | Dec. 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.This issue affects WPsoonOnlinePage: from n/a through 1.9. ... | 8.8 HIGH | https://plugins.trac.wordpress.org/browser/e2pdf/trunk/classes/controller/e2pdf-templates.php?rev=2993824#L753 |
| CVE-2023-49759 | Dec. 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments:... | 8.8 HIGH | https://plugins.trac.wordpress.org/changeset/3009780/essential-real-estate |
| CVE-2023-49761 | Dec. 18, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.This issue affects Product Enquiry for WooCommerce: ... | 8.8 HIGH | https://lists.apache.org/thread/wb2df2whkdnbgp54nnqn0m94rllx8f77 |
| CVE-2023-32726 | Dec. 18, 2023 | The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.... | 8.1 HIGH | https://security.netapp.com/advisory/ntap-20231116-0008/ |
| CVE-2023-49824 | Dec. 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by Pixe... | 8.8 HIGH | https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 |
| CVE-2023-24380 | Dec. 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1. ... | 8.8 HIGH | https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 |
| CVE-2023-49751 | Dec. 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through ... | 8.8 HIGH | https://www.wordfence.com/threat-intel/vulnerabilities/id/412d555c-9bbd-42f5-8020-ccfc18755a79?source=cve |
| CVE-2023-49769 | Dec. 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4. ... | 8.8 HIGH | https://vuldb.com/?ctiid.248245 |
| CVE-2023-49775 | Dec. 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8. ... | 8.8 HIGH | https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01 |
| CVE-2023-50976 | Dec. 17, 2023 | Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API.... | 9.8 CRITICAL | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/ |
| CVE-2023-6852 | Dec. 16, 2023 | A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webo... | 9.8 CRITICAL | https://vuldb.com/?id.248255 |
| CVE-2023-6853 | Dec. 16, 2023 | A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the f... | 9.8 CRITICAL | https://vuldb.com/?ctiid.248256 |
| CVE-2023-6559 | Dec. 16, 2023 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin no... | 9.8 CRITICAL | https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850 |
| CVE-2023-6837 | Dec. 15, 2023 | Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to hav... | 8.2 HIGH | https://git.kernel.org/stable/c/aa11dae059a439af82bae541b134f8f53ac177b5 |
| CVE-2023-6572 | Dec. 14, 2023 | Command Injection in GitHub repository gradio-app/gradio prior to main.... | 8.1 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-22-1296/ |
| CVE-2023-47063 | Dec. 13, 2023 | Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitra... | 7.8 HIGH | https://www.gl-inet.com/ |
| CVE-2023-47074 | Dec. 13, 2023 | Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, ... | 7.8 HIGH | https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html |
| CVE-2023-47075 | Dec. 13, 2023 | Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary cod... | 7.8 HIGH | https://github.com/ArjunSharda/Searchor/pull/130 |
| CVE-2023-47076 | Dec. 13, 2023 | Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attac... | 5.5 MEDIUM | https://www.electronics.jtekt.co.jp/en/topics/202312116562/ |
| CVE-2023-6762 | Dec. 13, 2023 | A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArtic... | 4.3 MEDIUM | https://vuldb.com/?ctiid.247890 |
| CVE-2023-6761 | Dec. 13, 2023 | A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the ... | 8.8 HIGH | https://vuldb.com/?ctiid.247889 |
| CVE-2023-6758 | Dec. 13, 2023 | A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ad... | 4.3 MEDIUM | https://vuldb.com/?ctiid.247886 |
| CVE-2023-49290 | Dec. 4, 2023 | lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in J... | 5.3 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2258518 |
| CVE-2023-6440 | Nov. 30, 2023 | A vulnerability was found in SourceCodester Book Borrower System 1.0 and classified as problematic. This issue affects some unknown processing of the ... | 5.4 MEDIUM | https://github.com/deislabs/oras/releases/tag/v0.9.0 |
| CVE-2023-44330 | Nov. 16, 2023 | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitra... | 7.8 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2134331 |
| CVE-2023-46613 | Nov. 8, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions.... | 5.4 MEDIUM | https://github.com/xxy1126/Vuln/blob/main/gpac/3 |
| CVE-2023-4535 | Nov. 6, 2023 | An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw ... | 3.8 LOW | https://security.netapp.com/advisory/ntap-20220429-0006/ |
| CVE-2023-3164 | Nov. 2, 2023 | A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allo... | 5.5 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2213531 |
| CVE-2023-36022 | Nov. 2, 2023 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... | 6.6 MEDIUM | https://security.friendsofpresta.org/modules/2023/10/31/facebookconversiontrackingplus.html |
| CVE-2023-36029 | Nov. 2, 2023 | Microsoft Edge (Chromium-based) Spoofing Vulnerability... | 4.3 MEDIUM | https://github.com/Submitty/Submitty/pull/8032 |
| CVE-2023-36034 | Nov. 2, 2023 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... | 7.3 HIGH | https://www.insyde.com/security-pledge/SA-2023055 |
| CVE-2023-42644 | Nov. 1, 2023 | In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges n... | 5.5 MEDIUM | https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md |
| CVE-2023-42654 | Nov. 1, 2023 | In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges n... | 5.5 MEDIUM | https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md |
| CVE-2023-42646 | Nov. 1, 2023 | In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges... | 5.5 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7RNFPWOSFII2JE2KDRHPLJANZC3YATW/ |
| CVE-2023-42643 | Nov. 1, 2023 | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privile... | 5.5 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7RNFPWOSFII2JE2KDRHPLJANZC3YATW/ |
| CVE-2022-4573 | Oct. 30, 2023 | An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to exec... | 6.7 MEDIUM | https://github.com/flusity/flusity-CMS/issues/2 |
| CVE-2023-46468 | Oct. 27, 2023 | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.... | 7.8 HIGH | https://abstracted-howler-727.notion.site/Vulnerability-Description-ccc2e6489a0d43859c61a7982e649da1 |
| CVE-2023-43322 | Oct. 27, 2023 | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was... | 8.8 HIGH | https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 |
| CVE-2023-5810 | Oct. 26, 2023 | A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/... | 4.8 MEDIUM | https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 |
| CVE-2023-45868 | Oct. 26, 2023 | The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal at... | 8.1 HIGH | https://rehmeinfosec.de/labor/cve-2023-45867 |
| CVE-2023-4693 | Oct. 25, 2023 | An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially craf... | 4.6 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2238343 |
| CVE-2023-4692 | Oct. 25, 2023 | An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesyst... | 7.8 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2236613 |
| CVE-2023-44794 | Oct. 25, 2023 | An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.... | 9.8 CRITICAL | https://github.com/peccc/double-stb |
| CVE-2023-41721 | Oct. 25, 2023 | Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adopt... | 5.3 MEDIUM | https://github.com/geoserver/geoserver/releases/tag/2.23.2 |
| CVE-2023-43281 | Oct. 25, 2023 | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/7056429 |
| CVE-2023-41339 | Oct. 25, 2023 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sl... | 5.3 MEDIUM | https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 |
| CVE-2023-42031 | Oct. 25, 2023 | IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of... | 4.9 MEDIUM | https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f |
| CVE-2023-37911 | Oct. 25, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to ver... | 6.5 MEDIUM | https://github.com/teomantuncer/node-email-check/blob/main/main.js, |
| CVE-2023-39619 | Oct. 25, 2023 | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.... | 7.5 HIGH | https://github.com/golang/go/issues/61460 |
| CVE-2023-37910 | Oct. 25, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment ... | 8.1 HIGH | https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx |
| CVE-2023-37909 | Oct. 25, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to ver... | 8.8 HIGH | https://www.insyde.com/security-pledge/SA-2023045 |
| CVE-2023-5717 | Oct. 25, 2023 | A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local priv... | 7.8 HIGH | https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 |
| CVE-2023-5682 | Oct. 20, 2023 | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/r... | 9.8 CRITICAL | https://vuldb.com/?ctiid.243058 |
| CVE-2022-25333 | Oct. 19, 2023 | The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a mod... | 8.8 HIGH | https://www.pingidentity.com/en/resources/downloads/pingid.html |
| CVE-2022-25334 | Oct. 19, 2023 | The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD ... | 8.8 HIGH | https://liff.line.me/1657409177-MkPLqO5D |
| CVE-2023-26300 | Oct. 18, 2023 | A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is ... | 7.8 HIGH | https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5 |
| CVE-2023-22129 | Oct. 17, 2023 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable ... | 5.5 MEDIUM | https://abstracted-howler-727.notion.site/Vulnerability-Description-ccc2e6489a0d43859c61a7982e649da1 |
| CVE-2023-44824 | Oct. 17, 2023 | An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component... | 7.8 HIGH | https://github.com/MISP/MISP/compare/v2.4.171...v2.4.172 |
| CVE-2023-22102 | Oct. 17, 2023 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Dif... | 8.3 HIGH | https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29 |
| CVE-2023-4811 | Oct. 16, 2023 | The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users suc... | 5.4 MEDIUM | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2023-45645 | Oct. 16, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions.... | 8.8 HIGH | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2023-44987 | Oct. 16, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions.... | 4.8 MEDIUM | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2023-4800 | Oct. 16, 2023 | The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged user... | 6.5 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-45572 | Oct. 16, 2023 | Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23... | 9.8 CRITICAL | http://www.openwall.com/lists/oss-security/2024/02/16/3 |
| CVE-2023-40374 | Oct. 16, 2023 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. I... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20231116-0007/ |
| CVE-2023-38719 | Oct. 16, 2023 | IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 2616... | 4.4 MEDIUM | https://security.netapp.com/advisory/ntap-20231116-0006/ |
| CVE-2023-40372 | Oct. 16, 2023 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20231116-0005/ |
| CVE-2023-40373 | Oct. 16, 2023 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common ... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20231116-0006/ |
| CVE-2023-38720 | Oct. 16, 2023 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABL... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20231116-0007/ |
| CVE-2023-38728 | Oct. 16, 2023 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20231116-0006/ |
| CVE-2023-5589 | Oct. 15, 2023 | A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code o... | 9.8 CRITICAL | https://vuldb.com/?ctiid.242188 |
| CVE-2023-5587 | Oct. 15, 2023 | A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue... | 9.8 CRITICAL | https://vuldb.com/?ctiid.242186 |
| CVE-2023-45269 | Oct. 13, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions.... | 5.4 MEDIUM | http://www.ciac.org/ciac/bulletins/o-114.shtml |
| CVE-2023-36839 | Oct. 12, 2023 | An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and ... | 6.5 MEDIUM | https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 |
| CVE-2023-5556 | Oct. 12, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.... | 6.1 MEDIUM | https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 |
| CVE-2023-5555 | Oct. 12, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.... | 6.1 MEDIUM | https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883 |
| CVE-2023-23581 | Oct. 12, 2023 | A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially craf... | 7.5 HIGH | https://github.com/wargio/naxsi/pull/103 |
| CVE-2023-22308 | Oct. 12, 2023 | An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted netwo... | 7.5 HIGH | https://github.com/vantage6/vantage6/pull/711 |
| CVE-2023-4562 | Oct. 12, 2023 | Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obta... | 9.1 CRITICAL | https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-13 |
| CVE-2023-44119 | Oct. 11, 2023 | Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.... | 7.5 HIGH | https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 |
| CVE-2023-44118 | Oct. 11, 2023 | Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentialit... | 9.1 CRITICAL | https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540 |
| CVE-2023-44962 | Oct. 11, 2023 | File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl ... | 5.3 MEDIUM | https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea |
| CVE-2023-44961 | Oct. 11, 2023 | SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cg... | 7.5 HIGH | https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217 |
| CVE-2023-45132 | Oct. 11, 2023 | NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows... | 9.8 CRITICAL | https://github.com/vantage6/vantage6/pull/748 |
| CVE-2023-41882 | Oct. 11, 2023 | vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certai... | 4.3 MEDIUM | https://vulncheck.com/advisories/qbittorrent-default-creds |
| CVE-2023-41881 | Oct. 11, 2023 | vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that colla... | 4.3 MEDIUM | https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p |
| CVE-2023-43746 | Oct. 10, 2023 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BI... | 8.7 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2239843 |
| CVE-2023-30801 | Oct. 10, 2023 | All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced t... | 9.8 CRITICAL | https://shinsei.e-gov.go.jp/contents/news/2023-03-12t1022040900_1318.html |
| CVE-2023-44399 | Oct. 10, 2023 | ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames... | 5.3 MEDIUM | https://github.com/zitadel/zitadel/releases/tag/v2.38.0 |
| CVE-2023-5495 | Oct. 10, 2023 | A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterReco... | 9.8 CRITICAL | https://vuldb.com/?ctiid.241647 |
| CVE-2023-36417 | Oct. 10, 2023 | Microsoft SQL OLE DB Remote Code Execution Vulnerability... | 7.8 HIGH | https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408 |
| CVE-2023-41732 | Oct. 6, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.... | 8.8 HIGH | https://github.com/9Bakabaka/CVE-2023-36123 |
| CVE-2023-32972 | Oct. 6, 2023 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulne... | 7.2 HIGH | https://www.ibm.com/support/pages/node/7046995 |
| CVE-2023-41801 | Oct. 6, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.... | 8.8 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44146 | Oct. 6, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions.... | 8.8 HIGH | https://github.com/charmbracelet/soft-serve/issues/389 |
| CVE-2023-36123 | Oct. 6, 2023 | Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain ... | 7.8 HIGH | https://www.dcnetworks.com.cn/goods/61.html |
| CVE-2023-3725 | Oct. 6, 2023 | Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem... | 9.8 CRITICAL | https://webkitgtk.org/security/WSA-2023-0009.html |
| CVE-2022-34355 | Oct. 6, 2023 | IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a use... | 5.5 MEDIUM | https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8 |
| CVE-2023-42755 | Oct. 5, 2023 | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of th... | 5.5 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2239847 |
| CVE-2023-5423 | Oct. 5, 2023 | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code ... | 9.8 CRITICAL | https://vuldb.com/?id.241384 |
| CVE-2023-32485 | Oct. 5, 2023 | Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exp... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44830 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerab... | 7.5 HIGH | https://crbug.com/1485829 |
| CVE-2023-5346 | Oct. 5, 2023 | Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page... | 8.8 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44834 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulner... | 7.5 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44835 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerabilit... | 7.5 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44833 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerab... | 7.5 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44831 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerabilit... | 7.5 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44832 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerabilit... | 7.5 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44829 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulner... | 7.5 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-44828 | Oct. 5, 2023 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vu... | 7.5 HIGH | https://support.apple.com/en-us/HT213961 |
| CVE-2023-4586 | Oct. 4, 2023 | A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, ... | 7.4 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2235564 |
| CVE-2023-30692 | Oct. 4, 2023 | Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.... | 7.8 HIGH | https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9 |
| CVE-2023-30727 | Oct. 4, 2023 | Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi with... | 7.5 HIGH | https://vuldb.com/?ctiid.241255 |
| CVE-2023-30731 | Oct. 4, 2023 | Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has d... | 4.6 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f?source=cve |
| CVE-2023-30732 | Oct. 4, 2023 | Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.... | 3.3 LOW | https://vuldb.com/?ctiid.241254 |
| CVE-2023-30738 | Oct. 4, 2023 | An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galax... | 7.8 HIGH | https://https://www.ibm.com/support/pages/node/7038019 |
| CVE-2023-30733 | Oct. 4, 2023 | Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.... | 9.8 CRITICAL | https://www.ibm.com/support/pages/node/7037230 |
| CVE-2023-43877 | Oct. 4, 2023 | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home ... | 4.8 MEDIUM | https://www.mdsec.co.uk/2023/09/the-not-so-pleasant-password-manager/ |
| CVE-2023-42824 | Oct. 4, 2023 | The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3. A local attacker may be able to elevate their privi... | 7.8 HIGH | https://plugins.trac.wordpress.org/changeset/2974261/blog-filter#file54 |
| CVE-2023-4911 | Oct. 3, 2023 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue coul... | 7.8 HIGH | http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html |
| CVE-2023-37605 | Oct. 2, 2023 | Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a cr... | 5.5 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LICYTADFJAFPZW3Y2MKNCJIUYODPAG4L/ |
| CVE-2023-43717 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEA... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43716 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43715 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTR... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43714 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43713 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "title" parameter, in ... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43712 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "acce... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43735 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "form... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43734 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43733 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "comp... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43732 | Sept. 30, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43711 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admi... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43710 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "conf... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43709 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "conf... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43708 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "conf... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43707 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "Cata... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43706 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "emai... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43705 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tran... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43704 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "titl... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43703 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "prod... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-43702 | Sept. 29, 2023 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "trac... | 5.4 MEDIUM | https://www.oscommerce.com/ |
| CVE-2023-42753 | Sept. 25, 2023 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->ne... | 7.8 HIGH | https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h |
| CVE-2023-4504 | Sept. 21, 2023 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffe... | 7.8 HIGH | https://huntr.dev/bounties/a3ee0f98-6898-41ae-b1bd-242a03a73d1b |
| CVE-2023-43637 | Sept. 21, 2023 | Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be... | 7.8 HIGH | https://huntr.dev/bounties/f6d688ee-b049-4f85-ac3e-f4d3e29e7b9f |
| CVE-2023-43633 | Sept. 21, 2023 | On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the e... | 8.8 HIGH | https://github.com/eclipse/jetty.project/pull/9660 |
| CVE-2023-43634 | Sept. 21, 2023 | When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the co... | 8.8 HIGH | https://github.com/eclipse/jetty.project/pull/9888 |
| CVE-2023-43242 | Sept. 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43241 | Sept. 21, 2023 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43240 | Sept. 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43239 | Sept. 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43238 | Sept. 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43237 | Sept. 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43236 | Sept. 21, 2023 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43235 | Sept. 21, 2023 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-43309 | Sept. 21, 2023 | There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers ... | 4.8 MEDIUM | https://github.com/jerryscript-project/jerryscript/issues/5080 |
| CVE-2023-43274 | Sept. 21, 2023 | Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.... | 7.5 HIGH | https://github.com/Num-Nine/CVE/issues/4 |
| CVE-2023-43495 | Sept. 20, 2023 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', result... | 5.4 MEDIUM | https://www.icmsdev.com/ |
| CVE-2023-43496 | Sept. 20, 2023 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly c... | 8.8 HIGH | https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397 |
| CVE-2023-42454 | Sept. 18, 2023 | SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database conn... | 9.1 CRITICAL | https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39046.md |
| CVE-2023-39046 | Sept. 18, 2023 | An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.... | 6.5 MEDIUM | https://access.redhat.com/security/cve/CVE-2023-0923 |
| CVE-2023-41443 | Sept. 18, 2023 | SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sy... | 7.2 HIGH | https://access.redhat.com/errata/RHSA-2023:1185 |
| CVE-2021-26837 | Sept. 18, 2023 | SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute ... | 9.8 CRITICAL | https://medium.com/@ray.999/idoit-pro-v25-and-below-weak-password-add-on-upload-to-rce-cve-2023-37756-fa1b18433ca3 |
| CVE-2023-35851 | Sept. 17, 2023 | SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands t... | 7.5 HIGH | https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in |
| CVE-2023-35850 | Sept. 17, 2023 | SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator pri... | 7.2 HIGH | https://access.redhat.com/security/cve/CVE-2023-0813 |
| CVE-2023-42336 | Sept. 15, 2023 | An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password p... | 9.8 CRITICAL | https://github.com/lovasoa/SQLpage/releases/tag/v0.11.1 |
| CVE-2023-0923 | Sept. 15, 2023 | A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making r... | 9.8 CRITICAL | https://www.rfc-editor.org/rfc/rfc9110#section-8.6 |
| CVE-2023-0813 | Sept. 15, 2023 | A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentica... | 7.5 HIGH | https://vuldb.com/?ctiid.239750 |
| CVE-2023-40167 | Sept. 15, 2023 | Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceedin... | 5.3 MEDIUM | https://vuldb.com/?id.239799 |
| CVE-2023-1108 | Sept. 14, 2023 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, whe... | 7.5 HIGH | https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a |
| CVE-2023-37756 | Sept. 14, 2023 | I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easil... | 9.8 CRITICAL | https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9r |
| CVE-2023-42503 | Sept. 14, 2023 | Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons... | 5.5 MEDIUM | http://www.iss.net/security_center/static/9869.php |
| CVE-2023-3301 | Sept. 13, 2023 | A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci fro... | 5.6 MEDIUM | https://kcm.trellix.com/corporate/index?page=content&id=SB10406 |
| CVE-2023-20236 | Sept. 13, 2023 | A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software imag... | 7.8 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2238588 |
| CVE-2023-4400 | Sept. 13, 2023 | A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled ... | 6.5 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2218486 |
| CVE-2023-39201 | Sept. 12, 2023 | Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access.... | 6.7 MEDIUM | https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-h7cm-mrvq-wcfr |
| CVE-2023-41885 | Sept. 12, 2023 | Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough informa... | 5.3 MEDIUM | https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-chv2-7hxj-2j86 |
| CVE-2023-41331 | Sept. 12, 2023 | SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker... | 9.8 CRITICAL | https://bugzilla.redhat.com/show_bug.cgi?id=2215784 |
| CVE-2023-4580 | Sept. 11, 2023 | Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulne... | 6.5 MEDIUM | https://www.mozilla.org/security/advisories/mfsa2023-34/ |
| CVE-2023-4578 | Sept. 11, 2023 | When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the func... | 6.5 MEDIUM | https://www.mozilla.org/security/advisories/mfsa2023-34/ |
| CVE-2023-4579 | Sept. 11, 2023 | Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. Th... | 3.1 LOW | https://www.mozilla.org/security/advisories/mfsa2023-34/ |
| CVE-2023-4581 | Sept. 11, 2023 | Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of ... | 4.3 MEDIUM | https://www.mozilla.org/security/advisories/mfsa2023-34/ |
| CVE-2023-4582 | Sept. 11, 2023 | Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shade... | 8.8 HIGH | https://www.mozilla.org/security/advisories/mfsa2023-34/ |
| CVE-2023-4583 | Sept. 11, 2023 | When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already... | 7.5 HIGH | https://www.mozilla.org/security/advisories/mfsa2023-34/ |
| CVE-2023-4584 | Sept. 11, 2023 | Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed... | 8.8 HIGH | https://www.mozilla.org/security/advisories/mfsa2023-35/ |
| CVE-2023-4585 | Sept. 11, 2023 | Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we pr... | 8.8 HIGH | https://www.mozilla.org/security/advisories/mfsa2023-36/ |
| CVE-2019-16470 | Sept. 11, 2023 | Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary co... | 7.3 HIGH | https://access.redhat.com/security/cve/CVE-2022-1415 |
| CVE-2023-30058 | Sept. 11, 2023 | novel-plus 3.6.2 is vulnerable to SQL Injection.... | 9.8 CRITICAL | https://github.com/Rabb1tQ/HillstoneCVEs/blob/main/CVE-2023-30058/CVE-2023-30058.md |
| CVE-2023-4875 | Sept. 9, 2023 | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12... | 5.7 MEDIUM | https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch |
| CVE-2023-4874 | Sept. 9, 2023 | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12... | 6.5 MEDIUM | https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch |
| CVE-2023-41915 | Sept. 9, 2023 | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of lib... | 8.1 HIGH | https://zigrin.com/advisories/misp-reflected-xss-in-uploadfile-action-of-the-templates-controllermisp/ |
| CVE-2023-39319 | Sept. 8, 2023 | The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script>... | 6.1 MEDIUM | https://go.dev/issue/62197 |
| CVE-2023-39318 | Sept. 8, 2023 | The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause... | 6.1 MEDIUM | https://go.dev/issue/62196 |
| CVE-2023-40953 | Sept. 7, 2023 | icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).... | 8.8 HIGH | https://www.icmsdev.com/ |
| CVE-2023-40353 | Sept. 7, 2023 | An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services... | 3.3 LOW | https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html |
| CVE-2023-39620 | Sept. 7, 2023 | An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest ac... | 7.5 HIGH | https://www.sourcecodester.com/ |
| CVE-2023-37759 | Sept. 7, 2023 | Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an... | 9.8 CRITICAL | https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3235 |
| CVE-2023-30908 | Sept. 7, 2023 | Potential security vulnerability have been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be remotely exploited t... | 9.8 CRITICAL | https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3235 |
| CVE-2023-39711 | Sept. 7, 2023 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web... | 6.1 MEDIUM | https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233 |
| CVE-2023-39424 | Sept. 7, 2023 | A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such ... | 8.8 HIGH | http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html |
| CVE-2023-39423 | Sept. 7, 2023 | The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attac... | 9.1 CRITICAL | https://usn.ubuntu.com/3810-1/ |
| CVE-2023-39422 | Sept. 7, 2023 | The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however expos... | 9.8 CRITICAL | https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233 |
| CVE-2023-39421 | Sept. 7, 2023 | The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twili... | 7.7 HIGH | https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3065 |
| CVE-2021-40723 | Sept. 7, 2023 | Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an out... | 5.5 MEDIUM | https://github.com/xxy1126/Vuln/blob/main/gpac/2 |
| CVE-2023-4622 | Sept. 6, 2023 | A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpa... | 7.0 HIGH | https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c |
| CVE-2023-4244 | Sept. 6, 2023 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a ... | 7.0 HIGH | https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 |
| CVE-2023-41933 | Sept. 6, 2023 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attack... | 8.8 HIGH | https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082 |
| CVE-2023-41932 | Sept. 6, 2023 | Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowin... | 6.5 MEDIUM | https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082 |
| CVE-2023-40397 | Sept. 6, 2023 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript c... | 9.8 CRITICAL | https://support.apple.com/en-us/HT213843 |
| CVE-2023-41909 | Sept. 5, 2023 | An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, ... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20231116-0007/ |
| CVE-2023-32370 | Sept. 5, 2023 | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcar... | 5.3 MEDIUM | https://support.apple.com/en-us/HT213670 |
| CVE-2023-41359 | Aug. 29, 2023 | An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no che... | 9.1 CRITICAL | https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html |
| CVE-2023-41360 | Aug. 29, 2023 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.... | 9.1 CRITICAL | https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html |
| CVE-2023-41358 | Aug. 29, 2023 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.... | 7.5 HIGH | https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html |
| CVE-2023-38802 | Aug. 29, 2023 | FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted... | 7.5 HIGH | https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html |
| CVE-2020-19189 | Aug. 22, 2023 | Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of ... | 6.5 MEDIUM | https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html |
| CVE-2020-19190 | Aug. 22, 2023 | Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafte... | 6.5 MEDIUM | https://security.netapp.com/advisory/ntap-20231006-0005/ |
| CVE-2020-19188 | Aug. 22, 2023 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via... | 6.5 MEDIUM | https://security.netapp.com/advisory/ntap-20231006-0005/ |
| CVE-2020-19187 | Aug. 22, 2023 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via... | 6.5 MEDIUM | https://security.netapp.com/advisory/ntap-20231006-0005/ |
| CVE-2020-19186 | Aug. 22, 2023 | Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service v... | 6.5 MEDIUM | https://security.netapp.com/advisory/ntap-20231006-0005/ |
| CVE-2020-19185 | Aug. 22, 2023 | Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of servi... | 6.5 MEDIUM | https://security.netapp.com/advisory/ntap-20231006-0005/ |
| CVE-2022-44730 | Aug. 22, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik:... | 4.4 MEDIUM | http://www.openwall.com/lists/oss-security/2023/08/22/5 |
| CVE-2022-44729 | Aug. 22, 2023 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik:... | 7.1 HIGH | http://www.openwall.com/lists/oss-security/2023/08/22/4 |
| CVE-2022-48541 | Aug. 22, 2023 | A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.... | 7.1 HIGH | https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa |
| CVE-2021-32292 | Aug. 22, 2023 | An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sam... | 9.8 CRITICAL | https://www.debian.org/security/2023/dsa-5486 |
| CVE-2023-28198 | Aug. 14, 2023 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing ... | 8.8 HIGH | https://support.apple.com/en-us/HT213670 |
| CVE-2023-39533 | Aug. 8, 2023 | go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys ... | 7.5 HIGH | https://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h |
| CVE-2023-4147 | Aug. 7, 2023 | A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local use... | 7.8 HIGH | https://access.redhat.com/errata/RHSA-2023:5091 |
| CVE-2023-36054 | Aug. 7, 2023 | lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated us... | 6.5 MEDIUM | https://github.com/christian-bromann/rgb2hex/releases/tag/v0.1.6 |
| CVE-2023-38559 | Aug. 1, 2023 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a deni... | 5.5 MEDIUM | https://access.redhat.com/errata/RHSA-2023:7053 |
| CVE-2023-31429 | Aug. 1, 2023 | Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”... | 5.5 MEDIUM | https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 |
| CVE-2023-31425 | Aug. 1, 2023 | A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local a... | 7.8 HIGH | https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 |
| CVE-2023-39018 | July 28, 2023 | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerabi... | 9.8 CRITICAL | https://go.dev/issue/54385 |
| CVE-2023-3773 | July 25, 2023 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMI... | 4.4 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2218944 |
| CVE-2023-3772 | July 25, 2023 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMI... | 4.4 MEDIUM | http://www.openwall.com/lists/oss-security/2023/08/10/3 |
| CVE-2023-34798 | July 25, 2023 | An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.... | 9.8 CRITICAL | https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html |
| CVE-2022-46901 | July 25, 2023 | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vo... | 7.5 HIGH | https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html |
| CVE-2022-46900 | July 25, 2023 | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report... | 6.5 MEDIUM | https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305 |
| CVE-2022-46899 | July 25, 2023 | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each ... | 7.5 HIGH | https://www.ibm.com/support/pages/node/7007421 |
| CVE-2022-46898 | July 25, 2023 | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Voc... | 9.8 CRITICAL | https://github.com/HeidiSecurities/CVEs/blob/main/Trialworks.md |
| CVE-2023-3019 | July 24, 2023 | A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest... | 6.5 MEDIUM | https://access.redhat.com/errata/RHSA-2024:0404 |
| CVE-2023-37903 | July 21, 2023 | vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to esca... | 9.8 CRITICAL | https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html |
| CVE-2023-25838 | July 19, 2023 | There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute... | 7.5 HIGH | https://issues.chromium.org/issues/339458194 |
| CVE-2023-38429 | July 17, 2023 | An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmb... | 9.8 CRITICAL | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/ksmbd?id=443d61d1fa9faa60ef925513d83742902390100f |
| CVE-2023-38430 | July 17, 2023 | An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.... | 9.1 CRITICAL | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9 |
| CVE-2023-36936 | July 10, 2023 | Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitr... | 6.1 MEDIUM | https://packetstormsecurity.com |
| CVE-2023-36665 | July 5, 2023 | "protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-contro... | 9.8 CRITICAL | https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.3...protobufjs-v7.2.4 |
| CVE-2023-37307 | June 30, 2023 | In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts.... | 5.4 MEDIUM | https://zigrin.com/advisories/cerebrate-blind-sql-injection/ |
| CVE-2023-33580 | June 26, 2023 | Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.... | 4.8 MEDIUM | https://packetstormsecurity.com |
| CVE-2023-26115 | June 22, 2023 | All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expressio... | 7.5 HIGH | https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4 |
| CVE-2023-2083 | June 9, 2023 | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2 |
| CVE-2023-2084 | June 9, 2023 | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in ... | 4.3 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=cve |
| CVE-2023-2085 | June 9, 2023 | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates functi... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2 |
| CVE-2023-2086 | June 9, 2023 | The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count f... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2 |
| CVE-2023-3141 | June 9, 2023 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker ... | 7.1 HIGH | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7 |
| CVE-2023-0993 | June 9, 2023 | The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and includin... | 4.3 MEDIUM | https://wordpress.org/plugins/wp-simple-firewall/ |
| CVE-2023-1016 | June 9, 2023 | The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escap... | 7.2 HIGH | https://www.wordfence.com/threat-intel/vulnerabilities/id/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=cve |
| CVE-2023-0292 | June 9, 2023 | The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to mi... | 8.1 HIGH | https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next |
| CVE-2023-0688 | June 9, 2023 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, an... | 6.5 MEDIUM | https://plugins.trac.wordpress.org/changeset/2910040/ |
| CVE-2023-0691 | June 9, 2023 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, a... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset/2910040/ |
| CVE-2023-0693 | June 9, 2023 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up ... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset/2910040/ |
| CVE-2023-1169 | June 9, 2023 | The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset/2888622/ooohboi-steroids-for-elementor/tags/2.1.5/inc/exopite-simple-options/upload-class.php?old=2874981&old_path=ooohboi-steroids-for-elementor%2Ftags%2F2.1.4%2Finc%2Fexopite-simple-options%2Fupload-class.php |
| CVE-2023-0694 | June 9, 2023 | The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and includi... | 4.3 MEDIUM | https://plugins.trac.wordpress.org/changeset/2910040/ |
| CVE-2023-2541 | June 7, 2023 | The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versio... | 5.3 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=cve |
| CVE-2023-33864 | June 7, 2023 | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2).... | 9.8 CRITICAL | https://plugins.trac.wordpress.org/changeset/2910040/ |
| CVE-2023-33863 | June 7, 2023 | RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).... | 9.8 CRITICAL | https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail= |
| CVE-2023-34969 | June 7, 2023 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.... | 6.5 MEDIUM | https://github.com/contao/contao/commit/c98585d36baa25fda69c062421e7e7eadc53c82b |
| CVE-2023-33533 | June 6, 2023 | Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Vers... | 8.8 HIGH | https://www.netgear.com/about/security/ |
| CVE-2023-32551 | June 6, 2023 | Landscape allowed URLs which caused open redirection.... | 6.1 MEDIUM | http://seclists.org/fulldisclosure/2023/Jun/2 |
| CVE-2023-30948 | June 6, 2023 | A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization... | 6.5 MEDIUM | http://seclists.org/fulldisclosure/2023/Jun/2 |
| CVE-2023-3111 | June 5, 2023 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be trigg... | 7.8 HIGH | https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html |
| CVE-2023-3028 | June 1, 2023 | Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of ve... | 9.8 CRITICAL | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 |
| CVE-2023-3017 | May 31, 2023 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part... | 5.4 MEDIUM | https://vuldb.com/?ctiid.230361 |
| CVE-2023-3018 | May 31, 2023 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknow... | 8.8 HIGH | https://vuldb.com/?ctiid.230358 |
| CVE-2023-34229 | May 31, 2023 | In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible... | 5.4 MEDIUM | https://vuldb.com/?ctiid.230154 |
| CVE-2023-33735 | May 31, 2023 | D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNA... | 9.8 CRITICAL | https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 |
| CVE-2023-3014 | May 31, 2023 | A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/a... | 6.1 MEDIUM | https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29738/CVE%20detail.md |
| CVE-2023-3012 | May 31, 2023 | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.... | 7.8 HIGH | https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29739/CVE%20detail.md |
| CVE-2023-0329 | May 30, 2023 | The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module befor... | 7.2 HIGH | https://vuldb.com/?ctiid.230079 |
| CVE-2023-32699 | May 30, 2023 | MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The `checkUserPassword` metho... | 6.5 MEDIUM | https://github.com/metersphere/metersphere/security/advisories/GHSA-qffq-8gf8-mhq7 |
| CVE-2021-31233 | May 30, 2023 | SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_bree... | 7.5 HIGH | https://www.sourcecodester.com/php/12824/fighting-cock-information-system.html |
| CVE-2023-33181 | May 30, 2023 | Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called ... | 5.3 MEDIUM | https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m |
| CVE-2023-33180 | May 30, 2023 | Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `... | 6.5 MEDIUM | https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7ww5-x9rm-qm89 |
| CVE-2023-33177 | May 30, 2023 | Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded ... | 8.8 HIGH | https://github.com/xibosignage/xibo-cms/commit/1cbba380fa751a00756e70d7b08b5c6646092658 |
| CVE-2023-33179 | May 30, 2023 | Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `... | 6.5 MEDIUM | https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-jmx8-cgm4-7mf5 |
| CVE-2023-33178 | May 30, 2023 | Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting... | 6.5 MEDIUM | https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-g9x2-757j-hmhh |
| CVE-2023-32696 | May 30, 2023 | CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent... | 8.8 HIGH | https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg |
| CVE-2023-20884 | May 30, 2023 | VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to ... | 6.1 MEDIUM | https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191 |
| CVE-2023-33245 | May 30, 2023 | Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that ... | 8.8 HIGH | https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j |
| CVE-2023-2984 | May 30, 2023 | Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.... | 8.8 HIGH | https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1 |
| CVE-2023-33183 | May 30, 2023 | Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP... | 4.3 MEDIUM | https://vuldb.com/?ctiid.230213 |
| CVE-2023-2983 | May 30, 2023 | Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.... | 8.8 HIGH | https://vuldb.com/?ctiid.230212 |
| CVE-2023-2981 | May 30, 2023 | A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the ... | 6.1 MEDIUM | https://vuldb.com/?ctiid.230211 |
| CVE-2023-2980 | May 30, 2023 | A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation... | 9.8 CRITICAL | https://vuldb.com/?ctiid.230210 |
| CVE-2023-2979 | May 30, 2023 | A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handl... | 9.8 CRITICAL | https://gitee.com/mindspore/mindspore/issues/I73DOS |
| CVE-2023-2978 | May 30, 2023 | A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the... | 9.8 CRITICAL | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b |
| CVE-2023-29728 | May 30, 2023 | The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege atta... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-29726 | May 30, 2023 | The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into t... | 7.5 HIGH | https://play.google.com/store/apps/details?id=com.cuiet.blockCalls |
| CVE-2023-29727 | May 30, 2023 | The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that i... | 9.8 CRITICAL | https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073 |
| CVE-2022-45853 | May 30, 2023 | The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could ... | 6.7 MEDIUM | https://github.com/jstachio/jstachio/issues/157 |
| CVE-2012-10015 | May 30, 2023 | A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr... | 8.8 HIGH | https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29740/CVE%20detail.md |
| CVE-2015-10107 | May 30, 2023 | A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unk... | 6.1 MEDIUM | https://vuldb.com/?ctiid.230153 |
| CVE-2023-23699 | May 29, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions.... | 5.4 MEDIUM | https://lists.qt-project.org/pipermail/announce/2023-May/000413.html |
| CVE-2023-27613 | May 29, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions.... | 6.1 MEDIUM | https://github.com/autolab/Autolab/security/advisories/GHSA-h8g5-vhm4-wx6g |
| CVE-2023-33291 | May 28, 2023 | In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address ... | 7.4 HIGH | https://www.ebankit.com/digital-banking-platform |
| CVE-2023-30570 | May 28, 2023 | pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packe... | 7.5 HIGH | https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m |
| CVE-2023-31874 | May 28, 2023 | Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').... | 8.8 HIGH | https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 |
| CVE-2023-32763 | May 28, 2023 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rende... | 7.5 HIGH | https://github.com/PostHog/posthog-js/security/advisories/GHSA-8775-5hwv-wr6v |
| CVE-2023-2927 | May 27, 2023 | A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. Th... | 9.8 CRITICAL | https://vuldb.com/?ctiid.230082 |
| CVE-2023-2925 | May 27, 2023 | A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/o... | 5.4 MEDIUM | https://vuldb.com/?ctiid.230077 |
| CVE-2023-28322 | May 26, 2023 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT... | 3.7 LOW | http://seclists.org/fulldisclosure/2023/Jul/48 |
| CVE-2023-2671 | May 12, 2023 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown p... | 6.1 MEDIUM | https://vuldb.com/?id.228887 |
| CVE-2023-2670 | May 12, 2023 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknow... | 9.8 CRITICAL | https://vuldb.com/?id.228886 |
| CVE-2023-2667 | May 12, 2023 | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability i... | 6.1 MEDIUM | https://vuldb.com/?id.228883 |
| CVE-2023-2668 | May 12, 2023 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function m... | 9.8 CRITICAL | https://vuldb.com/?id.228884 |
| CVE-2023-2669 | May 12, 2023 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of... | 9.8 CRITICAL | https://vuldb.com/?id.228885 |
| CVE-2023-2672 | May 12, 2023 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the ... | 9.8 CRITICAL | https://vuldb.com/?id.228888 |
| CVE-2023-30763 | May 12, 2023 | Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privile... | 6.7 MEDIUM | https://packetstormsecurity.com/files/172276/Optoma-1080PSTX-Firmware-C02-Authentication-Bypass.html |
| CVE-2023-29242 | May 12, 2023 | Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of... | 7.8 HIGH | https://vuldb.com/?id.228911 |
| CVE-2023-31922 | May 12, 2023 | QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.... | 7.5 HIGH | https://seq.team/en/blog/reflected-cross-site-scripting-xss-in-vinteo-vcc/ |
| CVE-2023-27823 | May 12, 2023 | An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.... | 9.8 CRITICAL | https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954 |
| CVE-2023-2663 | May 11, 2023 | In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. ... | 5.5 MEDIUM | https://www.gl-inet.com |
| CVE-2023-2664 | May 11, 2023 | In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. ... | 5.5 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/ |
| CVE-2023-32668 | May 11, 2023 | LuaTeX before 1.17.0 enables the socket library by default.... | 9.8 CRITICAL | https://github.com/ipfs/boxo/commit/9cb5cb54d40b57084d1221ba83b9e6bb3fcc3197 |
| CVE-2023-2645 | May 11, 2023 | A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management P... | 9.8 CRITICAL | https://vuldb.com/?ctiid.228774 |
| CVE-2023-0851 | May 11, 2023 | Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on... | 9.8 CRITICAL | https://psirt.canon/advisory-information/cp2023-001/ |
| CVE-2023-0852 | May 11, 2023 | Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an... | 9.8 CRITICAL | https://psirt.canon/advisory-information/cp2023-001/ |
| CVE-2023-0853 | May 11, 2023 | Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attac... | 9.8 CRITICAL | https://psirt.canon/advisory-information/cp2023-001/ |
| CVE-2023-0854 | May 11, 2023 | Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may... | 9.8 CRITICAL | https://psirt.canon/advisory-information/cp2023-001/ |
| CVE-2023-0855 | May 11, 2023 | Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker o... | 9.8 CRITICAL | https://psirt.canon/advisory-information/cp2023-001/ |
| CVE-2023-0856 | May 11, 2023 | Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on th... | 9.8 CRITICAL | https://vuldb.com/?ctiid.228778 |
| CVE-2023-2649 | May 11, 2023 | A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate... | 8.8 HIGH | http://weblab.com |
| CVE-2023-29863 | May 11, 2023 | Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WS... | 9.8 CRITICAL | https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-30394 |
| CVE-2023-2443 | May 11, 2023 | Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor coul... | 7.5 HIGH | http://rollout-ui.com |
| CVE-2023-2444 | May 11, 2023 | A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways.... | 8.8 HIGH | https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw |
| CVE-2023-30394 | May 11, 2023 | MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.... | 6.1 MEDIUM | https://www.github.com |
| CVE-2023-25309 | May 11, 2023 | Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete... | 6.1 MEDIUM | https://www.ibm.com/support/pages/node/6965812 |
| CVE-2021-34076 | May 11, 2023 | File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.... | 8.8 HIGH | https://crbug.com/1430692 |
| CVE-2023-23789 | May 10, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.... | 4.8 MEDIUM | https://github.com/pay-rails/pay/security/advisories/GHSA-cqf3-vpx7-rxhw |
| CVE-2023-31907 | May 10, 2023 | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-ut... | 7.8 HIGH | https://security.netapp.com/advisory/ntap-20200717-0004/ |
| CVE-2023-31906 | May 10, 2023 | Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/... | 7.8 HIGH | https://security.netapp.com/advisory/ntap-20200717-0004/ |
| CVE-2023-25776 | May 10, 2023 | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure ... | 4.4 MEDIUM | https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0 |
| CVE-2023-25771 | May 10, 2023 | Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.... | 5.5 MEDIUM | https://psirt.canon/advisory-information/cp2023-001/ |
| CVE-2023-31472 | May 9, 2023 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesy... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20200717-0004/ |
| CVE-2023-31137 | May 9, 2023 | MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow ... | 7.5 HIGH | https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58 |
| CVE-2022-45065 | May 8, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.... | 6.1 MEDIUM | https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d |
| CVE-2023-32113 | May 8, 2023 | SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into click... | 9.3 CRITICAL | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
| CVE-2023-2468 | May 2, 2023 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer pr... | 4.3 MEDIUM | https://crbug.com/1416380 |
| CVE-2023-2467 | May 2, 2023 | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restriction... | 4.3 MEDIUM | https://crbug.com/1413586 |
| CVE-2023-2466 | May 2, 2023 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via... | 4.3 MEDIUM | https://crbug.com/1385714 |
| CVE-2023-2464 | May 2, 2023 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicio... | 4.3 MEDIUM | https://crbug.com/1418549 |
| CVE-2023-2463 | May 2, 2023 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of ... | 4.3 MEDIUM | https://crbug.com/1406120 |
| CVE-2023-2461 | May 2, 2023 | Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI... | 8.8 HIGH | https://crbug.com/1350561 |
| CVE-2023-28471 | April 28, 2023 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.... | 5.4 MEDIUM | https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv |
| CVE-2023-28384 | April 27, 2023 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.... | 8.8 HIGH | https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2 |
| CVE-2023-28400 | April 27, 2023 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ... | 8.8 HIGH | https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d |
| CVE-2023-26286 | April 26, 2023 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute ... | 7.8 HIGH | https://https://www.ibm.com/support/pages/node/6983236 |
| CVE-2023-29011 | April 25, 2023 | Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e... | 7.8 HIGH | https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20 |
| CVE-2023-29012 | April 25, 2023 | Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted ... | 7.8 HIGH | https://www.ibm.com/support/pages/node/6985679 |
| CVE-2023-25314 | April 25, 2023 | Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the su... | 6.1 MEDIUM | https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4 |
| CVE-2023-25652 | April 25, 2023 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by fee... | 7.5 HIGH | https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902 |
| CVE-2023-25815 | April 25, 2023 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize m... | 2.2 LOW | https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack |
| CVE-2023-28084 | April 25, 2023 | HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens... | 5.5 MEDIUM | https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us |
| CVE-2023-20871 | April 25, 2023 | VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate p... | 7.8 HIGH | https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23839 |
| CVE-2023-20872 | April 25, 2023 | VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.... | 8.8 HIGH | https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4 |
| CVE-2023-23839 | April 25, 2023 | The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCom... | 6.5 MEDIUM | https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm |
| CVE-2023-29007 | April 25, 2023 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a spec... | 7.8 HIGH | https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g |
| CVE-2023-29570 | April 24, 2023 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Se... | 5.5 MEDIUM | https://github.com/z1r00/fuzz_vuln/blob/main/mjs/SEGV/mjs_fii2/readme.md |
| CVE-2023-28484 | April 24, 2023 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xm... | 6.5 MEDIUM | https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf |
| CVE-2023-2258 | April 24, 2023 | Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.... | 8.8 HIGH | https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff |
| CVE-2023-2259 | April 24, 2023 | Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.... | 7.2 HIGH | https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf |
| CVE-2023-2260 | April 24, 2023 | Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.... | 8.8 HIGH | https://github.com/rona-dinihari/dawnsparks-node-tesseract |
| CVE-2023-29566 | April 24, 2023 | huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the chi... | 9.8 CRITICAL | https://community.mybb.com/mods.php?action=view&pid=1336 |
| CVE-2022-28354 | April 24, 2023 | In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.... | 6.1 MEDIUM | https://github.com/TheThingsNetwork/lorawan-stack/blob/ecdef730f176c02f7c9afce98b0457ae64de5bfc/pkg/webui/account/views/token-login/index.js#L74-L74 |
| CVE-2023-0276 | April 24, 2023 | The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them bac... | 5.4 MEDIUM | https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/ |
| CVE-2023-0388 | April 24, 2023 | The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL ... | 8.8 HIGH | https://www.npmjs.com/package/rails-routes-to-json |
| CVE-2023-0199 | April 21, 2023 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to de... | 6.1 MEDIUM | https://security.gentoo.org/glsa/202310-02 |
| CVE-2023-1767 | April 20, 2023 | The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display t... | 5.4 MEDIUM | https://iotaa.cn/articles/62 |
| CVE-2023-22309 | April 20, 2023 | Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.... | 6.1 MEDIUM | https://huntr.dev/bounties/edeff16b-fc71-4e26-8d2d-dfe7bb5e7868 |
| CVE-2023-27652 | April 20, 2023 | An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field ... | 5.5 MEDIUM | https://vuldb.com/?ctiid.227229 |
| CVE-2023-29926 | April 20, 2023 | PowerJob V4.3.2 has unauthorized interface that causes remote code execution.... | 9.8 CRITICAL | https://vuldb.com/?ctiid.227236 |
| CVE-2023-2177 | April 20, 2023 | A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed,... | 5.5 MEDIUM | https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61 |
| CVE-2022-29606 | April 20, 2023 | An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper... | 9.8 CRITICAL | https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6eafb8f |
| CVE-2022-29607 | April 20, 2023 | An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without an... | 7.5 HIGH | https://huntr.dev/bounties/649badc8-c935-4a84-8aa8-d3269ac54377 |
| CVE-2023-1382 | April 19, 2023 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference wh... | 4.7 MEDIUM | https://piwigo.com |
| CVE-2023-29196 | April 18, 2023 | Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom fea... | 6.1 MEDIUM | https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a |
| CVE-2023-30538 | April 18, 2023 | Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaSc... | 5.4 MEDIUM | https://weizman.github.io/2023/04/10/snyk-xss/ |
| CVE-2023-30606 | April 18, 2023 | Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on th... | 4.9 MEDIUM | https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download |
| CVE-2023-30608 | April 18, 2023 | sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReD... | 7.5 HIGH | https://github.com/torvalds/linux/commit/92fbb6d1296f |
| CVE-2021-28254 | April 18, 2023 | A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.... | 9.8 CRITICAL | https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x |
| CVE-2023-25413 | April 11, 2023 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.... | 7.5 HIGH | https://friends-of-presta.github.io/security-advisories/modules/2023/04/04/lgbudget.html |
| CVE-2023-25415 | April 11, 2023 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration.... | 5.3 MEDIUM | https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt |
| CVE-2023-25407 | April 11, 2023 | Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.... | 7.2 HIGH | https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5 |
| CVE-2023-25414 | April 11, 2023 | Aten PE8108 2.4.232 is vulnerable to denial of service (DOS).... | 5.3 MEDIUM | https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p |
| CVE-2023-1963 | April 9, 2023 | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing o... | 9.8 CRITICAL | https://vuldb.com/?ctiid.225359 |
| CVE-2023-1964 | April 9, 2023 | A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file rec... | 9.1 CRITICAL | https://vuldb.com/?ctiid.225360 |
| CVE-2023-1948 | April 8, 2023 | A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknow... | 6.1 MEDIUM | https://vuldb.com/?ctiid.225335 |
| CVE-2023-1950 | April 8, 2023 | A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unkn... | 9.8 CRITICAL | https://vuldb.com/?ctiid.225337 |
| CVE-2023-1949 | April 8, 2023 | A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the... | 9.8 CRITICAL | https://vuldb.com/?ctiid.225336 |
| CVE-2023-1909 | April 7, 2023 | A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the... | 6.5 MEDIUM | https://vuldb.com/?ctiid.225318 |
| CVE-2020-11935 | April 6, 2023 | It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability... | 5.5 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2167467 |
| CVE-2023-20141 | April 5, 2023 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could all... | 6.1 MEDIUM | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail= |
| CVE-2023-20137 | April 5, 2023 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could all... | 6.1 MEDIUM | https://www.wordfence.com/threat-intel/vulnerabilities/id/0870de2d-bca5-4d57-a07f-877a416ce0d5?source=cve |
| CVE-2023-20122 | April 5, 2023 | Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco... | 7.8 HIGH | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail= |
| CVE-2023-20121 | April 5, 2023 | Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco... | 6.7 MEDIUM | https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%401.15.1 |
| CVE-2023-20103 | April 5, 2023 | A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affecte... | 7.2 HIGH | https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2 |
| CVE-2023-20102 | April 5, 2023 | A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbit... | 8.8 HIGH | https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1 |
| CVE-2022-4940 | April 5, 2023 | The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to... | 6.5 MEDIUM | https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a |
| CVE-2023-1823 | April 4, 2023 | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafte... | 6.5 MEDIUM | https://crbug.com/1406900 |
| CVE-2023-1822 | April 4, 2023 | Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML pa... | 6.5 MEDIUM | https://crbug.com/1066555 |
| CVE-2023-1821 | April 4, 2023 | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omn... | 6.5 MEDIUM | https://crbug.com/1413618 |
| CVE-2023-1820 | April 4, 2023 | Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific U... | 8.8 HIGH | https://crbug.com/1408120 |
| CVE-2023-1819 | April 4, 2023 | Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a cr... | 6.5 MEDIUM | https://crbug.com/1406588 |
| CVE-2023-23677 | March 30, 2023 | Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.... | 6.1 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1500/ |
| CVE-2023-23681 | March 30, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versio... | 5.4 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1499/ |
| CVE-2023-24399 | March 30, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.... | 5.4 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1498/ |
| CVE-2023-25040 | March 30, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.... | 5.4 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1504/ |
| CVE-2022-36976 | March 29, 2023 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists... | 9.8 CRITICAL | https://www.zerodayinitiative.com/advisories/ZDI-22-781/ |
| CVE-2022-36975 | March 29, 2023 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists... | 9.8 CRITICAL | https://www.zerodayinitiative.com/advisories/ZDI-22-780/ |
| CVE-2022-36974 | March 29, 2023 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication... | 9.8 CRITICAL | https://www.zerodayinitiative.com/advisories/ZDI-22-779/ |
| CVE-2022-36973 | March 29, 2023 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication ... | 8.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-22-778/ |
| CVE-2022-43629 | March 29, 2023 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... | 6.8 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1502/ |
| CVE-2022-43628 | March 29, 2023 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... | 6.8 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1501/ |
| CVE-2022-43627 | March 29, 2023 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... | 6.8 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-777/ |
| CVE-2022-43632 | March 29, 2023 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... | 6.8 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1048/ |
| CVE-2022-43631 | March 29, 2023 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... | 6.8 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-1505/ |
| CVE-2022-43630 | March 29, 2023 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authenticati... | 8.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-22-776/ |
| CVE-2022-36972 | March 29, 2023 | This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists... | 9.8 CRITICAL | https://www.zerodayinitiative.com/advisories/ZDI-22-1124/ |
| CVE-2023-24838 | March 27, 2023 | HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the adminis... | 9.8 CRITICAL | https://vuln.ryotak.net/advisories/67 |
| CVE-2023-26958 | March 27, 2023 | Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.... | 4.8 MEDIUM | https://github.com/sudovivek/CVE/blob/main/CVE-2023-33580/CVE-2023-33580.txt |
| CVE-2023-28884 | March 26, 2023 | In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.... | 6.1 MEDIUM | https://zigrin.com/advisories/knime-business-hub-sensitive-information-disclosure/ |
| CVE-2023-1449 | March 17, 2023 | A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_r... | 7.8 HIGH | https://github.com/zenoss/ZenPacks.zenoss.Dashboard/pull/130 |
| CVE-2023-1448 | March 17, 2023 | A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt... | 7.8 HIGH | https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final |
| CVE-2022-47595 | March 14, 2023 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 ... | 6.5 MEDIUM | https://vuldb.com/?id.222860 |
| CVE-2022-47154 | March 14, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plu... | 8.8 HIGH | https://vuldb.com/?ctiid.222861 |
| CVE-2022-47422 | March 14, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions.... | 8.8 HIGH | https://vuldb.com/?ctiid.222862 |
| CVE-2023-24180 | March 14, 2023 | Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a... | 6.5 MEDIUM | https://vuldb.com/?ctiid.222870 |
| CVE-2023-1296 | March 14, 2023 | HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1... | 5.3 MEDIUM | https://vuldb.com/?ctiid.222871 |
| CVE-2023-1299 | March 14, 2023 | HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixe... | 8.8 HIGH | https://vuldb.com/?ctiid.222872 |
| CVE-2023-0978 | March 13, 2023 | A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary ... | 6.7 MEDIUM | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-24762 | March 13, 2023 | OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress par... | 9.8 CRITICAL | https://vuldb.com/?ctiid.222985 |
| CVE-2022-30564 | Feb. 9, 2023 | Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the v... | 5.3 MEDIUM | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-0751 | Feb. 8, 2023 | When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and su... | 6.5 MEDIUM | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-25150 | Feb. 8, 2023 | Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to p... | 5.7 MEDIUM | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-25151 | Feb. 8, 2023 | opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/h... | 7.5 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-25163 | Feb. 8, 2023 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization... | 6.5 MEDIUM | https://github.com/argoproj/argo-cd/issues/12309 |
| CVE-2023-25167 | Feb. 8, 2023 | Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefu... | 5.7 MEDIUM | https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w |
| CVE-2023-25164 | Feb. 8, 2023 | Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 wh... | 7.5 HIGH | https://github.com/tinacms/tinacms/security/advisories/GHSA-pc2q-jcxq-rjrr |
| CVE-2023-0401 | Feb. 8, 2023 | A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for ... | 7.5 HIGH | https://www.ibm.com/support/pages/node/6909427 |
| CVE-2023-0286 | Feb. 8, 2023 | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRIN... | 9.1 CRITICAL | https://www.ibm.com/support/pages/node/6890669 |
| CVE-2023-0217 | Feb. 8, 2023 | An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() f... | 7.5 HIGH | https://www.ibm.com/support/pages/node/6890663 |
| CVE-2022-43755 | Feb. 7, 2023 | A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after th... | 9.8 CRITICAL | https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159 |
| CVE-2022-21953 | Feb. 7, 2023 | A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local... | 8.8 HIGH | https://www.dlink.com/en/security-bulletin/ |
| CVE-2023-24198 | Feb. 6, 2023 | Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.... | 9.8 CRITICAL | https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html |
| CVE-2023-24197 | Feb. 6, 2023 | Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.... | 6.1 MEDIUM | https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html |
| CVE-2023-24195 | Feb. 6, 2023 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.... | 6.1 MEDIUM | https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html |
| CVE-2023-24194 | Feb. 6, 2023 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.... | 6.1 MEDIUM | https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html |
| CVE-2023-24202 | Feb. 6, 2023 | Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.... | 9.8 CRITICAL | https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html |
| CVE-2023-24201 | Feb. 6, 2023 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.... | 9.8 CRITICAL | https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html |
| CVE-2023-24192 | Feb. 6, 2023 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.... | 6.1 MEDIUM | https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html |
| CVE-2023-24191 | Feb. 6, 2023 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.... | 6.1 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/ |
| CVE-2023-24200 | Feb. 6, 2023 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.... | 9.8 CRITICAL | https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E |
| CVE-2023-24199 | Feb. 6, 2023 | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.... | 9.8 CRITICAL | https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h |
| CVE-2022-32595 | Feb. 6, 2023 | In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System exec... | 4.4 MEDIUM | http://seclists.org/fulldisclosure/2022/Dec/30 |
| CVE-2022-4677 | Feb. 6, 2023 | The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a ro... | 5.4 MEDIUM | https://github.com/joseconti/WangGuard/pull/14 |
| CVE-2022-4681 | Feb. 6, 2023 | The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action a... | 9.8 CRITICAL | https://github.com/tinymighty/wiki-seo/pull/21 |
| CVE-2022-4670 | Feb. 6, 2023 | The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/po... | 5.4 MEDIUM | https://github.com/OnShift/turbogears/pull/18 |
| CVE-2022-4626 | Feb. 6, 2023 | The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which co... | 5.4 MEDIUM | https://github.com/serbanghita/Mobile-Detect/pull/741 |
| CVE-2022-32655 | Feb. 6, 2023 | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System ... | 6.7 MEDIUM | https://github.com/segmentio/is-url/pull/18 |
| CVE-2014-125084 | Feb. 5, 2023 | A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigg... | 9.8 CRITICAL | https://github.com/gimmie/vbulletin-v4/tree/v1.3.0 |
| CVE-2014-125085 | Feb. 5, 2023 | A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.ph... | 9.8 CRITICAL | https://github.com/gimmie/vbulletin-v4/tree/v1.3.0 |
| CVE-2014-125086 | Feb. 5, 2023 | A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the fi... | 9.8 CRITICAL | https://github.com/gimmie/vbulletin-v4/tree/v1.3.0 |
| CVE-2017-20176 | Feb. 5, 2023 | A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_wind... | 6.1 MEDIUM | https://vuldb.com/?ctiid.220204 |
| CVE-2023-0673 | Feb. 4, 2023 | A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality... | 9.8 CRITICAL | https://vuldb.com/?id.220195 |
| CVE-2023-0675 | Feb. 4, 2023 | A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation... | 8.8 HIGH | https://vuldb.com/?id.220197 |
| CVE-2023-0676 | Feb. 4, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.... | 6.1 MEDIUM | https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b |
| CVE-2023-0677 | Feb. 4, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.... | 6.1 MEDIUM | https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0 |
| CVE-2022-45786 | Feb. 4, 2023 | There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreS... | 8.1 HIGH | https://github.com/codenameone/CodenameOne/issues/3583 |
| CVE-2023-23477 | Feb. 3, 2023 | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafte... | 9.8 CRITICAL | https://www.ibm.com/support/pages/node/6891111 |
| CVE-2021-36426 | Feb. 3, 2023 | File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.... | 8.8 HIGH | https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html |
| CVE-2021-36424 | Feb. 3, 2023 | An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.... | 9.8 CRITICAL | https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html |
| CVE-2021-36425 | Feb. 3, 2023 | Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method i... | 5.4 MEDIUM | https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html |
| CVE-2023-23082 | Feb. 3, 2023 | A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length ... | 4.6 MEDIUM | https://github.com/fritsch/xbmc/commit/54df944584fc9fecd4cd5d69c2289f0934de305b |
| CVE-2023-24029 | Feb. 3, 2023 | In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insu... | 7.2 HIGH | https://www.progress.com/ws_ftp |
| CVE-2013-10017 | Feb. 3, 2023 | A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save... | 9.8 CRITICAL | https://vuldb.com/?ctiid.220056 |
| CVE-2013-10018 | Feb. 3, 2023 | A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t... | 9.8 CRITICAL | https://vuldb.com/?ctiid.220057 |
| CVE-2015-10072 | Feb. 3, 2023 | A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Mes... | 6.1 MEDIUM | https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0 |
| CVE-2023-0637 | Feb. 2, 2023 | A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the ... | 6.5 MEDIUM | https://vuldb.com/?id.220017 |
| CVE-2023-24163 | Jan. 31, 2023 | SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine.... | 9.8 CRITICAL | https://gitee.com/dromara/hutool/issues/I6AJWJ#note_20057806_link |
| CVE-2023-0549 | Jan. 27, 2023 | A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /f... | 5.4 MEDIUM | https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html |
| CVE-2023-21739 | Jan. 10, 2023 | Windows Bluetooth Driver Elevation of Privilege Vulnerability... | 7.0 HIGH | https://support.broadcom.com/external/content/SecurityAdvisories/0/22407 |
| CVE-2022-4881 | Jan. 8, 2023 | A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pa... | 5.4 MEDIUM | https://github.com/CapsAdmin/pac3/pull/1210 |
| CVE-2022-4880 | Jan. 7, 2023 | A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.C... | 9.8 CRITICAL | https://github.com/stakira/OpenUtau/pull/544 |
| CVE-2022-4879 | Jan. 6, 2023 | A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functi... | 7.5 HIGH | https://github.com/FAForever/fa/pull/4398 |
| CVE-2022-4869 | Jan. 5, 2023 | A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file art... | 7.5 HIGH | https://vuldb.com/?ctiid.217438 |
| CVE-2022-4875 | Jan. 4, 2023 | A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument s... | 6.1 MEDIUM | https://github.com/fossology/fossology/pull/2356 |
| CVE-2022-4876 | Jan. 4, 2023 | A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file incl... | 6.1 MEDIUM | https://github.com/kaltura/mwEmbed/pull/4266 |
| CVE-2022-4871 | Jan. 3, 2023 | A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the f... | 7.2 HIGH | https://vuldb.com/?ctiid.217270 |
| CVE-2018-25063 | Jan. 1, 2023 | A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the... | 6.1 MEDIUM | https://groups.google.com/forum/#%21forum/django-announce |
| CVE-2017-20158 | Dec. 31, 2022 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by ... | 6.1 MEDIUM | https://github.com/vova07/yii2-fileapi-widget/releases/tag/0.1.9 |
| CVE-2022-4859 | Dec. 30, 2022 | A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wfl... | 6.1 MEDIUM | https://github.com/jogetworkflow/jw-community/releases/tag/7.0.34 |
| CVE-2022-4860 | Dec. 30, 2022 | A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cr... | 9.8 CRITICAL | https://github.com/kbase/metrics/pull/77 |
| CVE-2022-34674 | Dec. 30, 2022 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than w... | 6.1 MEDIUM | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 |
| CVE-2022-34673 | Dec. 30, 2022 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to den... | 7.3 HIGH | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-34670 | Dec. 30, 2022 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation... | 7.8 HIGH | https://nvidia.custhelp.com/app/answers/detail/a_id/5415 |
| CVE-2022-47928 | Dec. 22, 2022 | In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.... | 6.1 MEDIUM | https://zigrin.com/advisories/misp-dom-based-xss/ |
| CVE-2022-4564 | Dec. 16, 2022 | A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the... | 8.8 HIGH | https://github.com/ucfopen/Materia/pull/1371 |
| CVE-2022-4560 | Dec. 16, 2022 | A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wfl... | 6.1 MEDIUM | https://github.com/jogetworkflow/jw-community/releases/tag/7.0.32 |
| CVE-2022-4525 | Dec. 15, 2022 | A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerabil... | 6.1 MEDIUM | https://github.com/nsrr/sleepdata.org/releases/tag/59.0.0.rc |
| CVE-2022-4524 | Dec. 15, 2022 | A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the ... | 6.1 MEDIUM | https://github.com/roots/soil/pull/285 |
| CVE-2022-24439 | Dec. 6, 2022 | All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inje... | 9.8 CRITICAL | https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2315 |
| CVE-2022-45914 | Nov. 26, 2022 | The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does n... | 6.5 MEDIUM | https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj |
| CVE-2022-41946 | Nov. 23, 2022 | pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` ... | 5.5 MEDIUM | https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h |
| CVE-2020-23592 | Nov. 22, 2022 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to cond... | 8.8 HIGH | https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94 |
| CVE-2020-23591 | Nov. 22, 2022 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files throu... | 9.8 CRITICAL | https://www.dlink.com/en/security-bulletin/ |
| CVE-2020-23590 | Nov. 22, 2022 | A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to condu... | 6.5 MEDIUM | https://www.dlink.com/en/security-bulletin/ |
| CVE-2020-23589 | Nov. 22, 2022 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to cond... | 6.5 MEDIUM | https://www.dlink.com/en/security-bulletin/ |
| CVE-2020-23588 | Nov. 22, 2022 | A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to cond... | 4.3 MEDIUM | https://www.dlink.com/en/security-bulletin/ |
| CVE-2022-36227 | Nov. 21, 2022 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function... | 9.8 CRITICAL | https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215 |
| CVE-2022-34827 | Nov. 18, 2022 | Carel Boss Mini 1.5.0 has Improper Access Control.... | 9.9 CRITICAL | https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0040/MNDT-2022-0040.md |
| CVE-2022-38871 | Nov. 18, 2022 | In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.... | 7.5 HIGH | https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html |
| CVE-2022-34665 | Nov. 18, 2022 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can caus... | 6.5 MEDIUM | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-31615 | Nov. 18, 2022 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-poi... | 5.5 MEDIUM | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-31608 | Nov. 18, 2022 | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can i... | 7.8 HIGH | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-31607 | Nov. 18, 2022 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can caus... | 7.8 HIGH | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-34666 | Nov. 10, 2022 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can caus... | 5.5 MEDIUM | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-45061 | Nov. 9, 2022 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 34... | 7.5 HIGH | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/ |
| CVE-2022-42965 | Nov. 9, 2022 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able ... | 7.5 HIGH | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 |
| CVE-2022-43945 | Nov. 4, 2022 | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by ea... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20221215-0006/ |
| CVE-2022-3708 | Oct. 28, 2022 | The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validati... | 8.1 HIGH | https://github.com/blitz-js/superjson/security/advisories/GHSA-5888-ffcr-r425 |
| CVE-2022-3244 | Oct. 17, 2022 | The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to a... | 4.2 MEDIUM | https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f |
| CVE-2022-39282 | Oct. 12, 2022 | FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read ... | 7.5 HIGH | https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq |
| CVE-2022-3458 | Oct. 12, 2022 | A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an... | 9.8 CRITICAL | https://vuldb.com/?id.214775 |
| CVE-2022-36781 | Sept. 28, 2022 | ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate ra... | 5.3 MEDIUM | http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html |
| CVE-2022-40710 | Sept. 28, 2022 | A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to esc... | 7.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-22-1299/ |
| CVE-2022-40709 | Sept. 28, 2022 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker t... | 3.3 LOW | https://www.zerodayinitiative.com/advisories/ZDI-22-1298/ |
| CVE-2022-40708 | Sept. 28, 2022 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker t... | 3.3 LOW | https://www.zerodayinitiative.com/advisories/ZDI-22-1297/ |
| CVE-2022-40707 | Sept. 28, 2022 | An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker t... | 3.3 LOW | https://fluidattacks.com/advisories/fitzgerald/ |
| CVE-2022-38398 | Sept. 22, 2022 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue af... | 5.3 MEDIUM | https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html |
| CVE-2022-3211 | Sept. 15, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.... | 5.4 MEDIUM | https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7 |
| CVE-2022-29649 | Sept. 15, 2022 | Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.... | 6.1 MEDIUM | https://gist.github.com/arifseyda/bce00ed14562975d1a96d1d9a0660ec7 |
| CVE-2022-37207 | Sept. 15, 2022 | JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL co... | 8.8 HIGH | https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql10.md |
| CVE-2022-3221 | Sept. 15, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.... | 8.8 HIGH | https://huntr.dev/bounties/1fa1aac9-b16a-4a70-a7da-960b3908ae1d |
| CVE-2022-32190 | Sept. 13, 2022 | JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the UR... | 7.5 HIGH | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
| CVE-2022-34101 | Sept. 13, 2022 | A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain ... | 7.8 HIGH | https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf |
| CVE-2022-31324 | Sept. 13, 2022 | An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers ... | 6.5 MEDIUM | https://www.pentasecurity.com/product/wapples/ |
| CVE-2021-36568 | Sept. 13, 2022 | In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "... | 5.4 MEDIUM | https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing |
| CVE-2022-38496 | Sept. 13, 2022 | LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.... | 5.5 MEDIUM | https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845 |
| CVE-2022-38497 | Sept. 13, 2022 | LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.... | 5.5 MEDIUM | https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845 |
| CVE-2022-38495 | Sept. 13, 2022 | LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.... | 7.8 HIGH | https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845 |
| CVE-2022-38307 | Sept. 13, 2022 | LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCo... | 5.5 MEDIUM | https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845 |
| CVE-2022-25765 | Sept. 9, 2022 | The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.... | 9.8 CRITICAL | https://wordpress.org/plugins/woo-order-export-lite/ |
| CVE-2022-40305 | Sept. 9, 2022 | A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, an... | 9.8 CRITICAL | https://wordpress.org/plugins/getresponse-integration/ |
| CVE-2022-35275 | Sept. 9, 2022 | Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at... | 4.8 MEDIUM | https://wordpress.org/plugins/wp-forecast/#developers |
| CVE-2022-35277 | Sept. 9, 2022 | Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress.... | 8.8 HIGH | https://wordpress.org/plugins/culture-object/#developers |
| CVE-2022-35725 | Sept. 9, 2022 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.... | 4.8 MEDIUM | https://wordpress.org/plugins/wp-shop-original/ |
| CVE-2022-36356 | Sept. 9, 2022 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.... | 4.8 MEDIUM | https://wordpress.org/plugins/wp-postratings/#developers |
| CVE-2022-40299 | Sept. 8, 2022 | In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a ... | 7.8 HIGH | https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50 |
| CVE-2022-2541 | Sept. 6, 2022 | The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.... | 8.8 HIGH | https://plugins.trac.wordpress.org/browser/ucontext-for-amazon/trunk/app/sites/ajax/actions/keyword_save.php |
| CVE-2022-2943 | Sept. 6, 2022 | The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 du... | 4.9 MEDIUM | https://plugins.svn.wordpress.org/ajax-load-more/tags/5.5.4/README.txt |
| CVE-2022-2941 | Sept. 6, 2022 | The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due t... | 4.8 MEDIUM | https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt |
| CVE-2021-31566 | Aug. 23, 2022 | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file out... | 7.8 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2024237 |
| CVE-2022-36834 | Aug. 5, 2022 | Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interactio... | 5.0 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/ |
| CVE-2022-33734 | Aug. 5, 2022 | Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection infor... | 5.5 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html |
| CVE-2022-35737 | Aug. 3, 2022 | SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.... | 7.5 HIGH | https://kb.cert.org/vuls/id/720344 |
| CVE-2022-31471 | July 26, 2022 | untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity refer... | 7.5 HIGH | https://github.com/stchris/untangle/releases/tag/1.2.1 |
| CVE-2022-22999 | July 25, 2022 | Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges acces... | 4.8 MEDIUM | https://plugins.trac.wordpress.org/changeset/2648808 |
| CVE-2022-33969 | July 25, 2022 | Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.... | 7.2 HIGH | https://grimthereaperteam.medium.com/cve-2022-34965-open-source-social-network-6-3-3f61db82880 |
| CVE-2022-34965 | July 25, 2022 | OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/admin... | 7.2 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2106274 |
| CVE-2022-2131 | July 25, 2022 | OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags... | 9.8 CRITICAL | https://bugzilla.redhat.com/show_bug.cgi?id=2106273 |
| CVE-2022-35650 | July 25, 2022 | The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in ... | 7.5 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=2106276 |
| CVE-2022-35649 | July 25, 2022 | The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in... | 9.8 CRITICAL | https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp |
| CVE-2022-24083 | July 25, 2022 | Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.... | 9.8 CRITICAL | https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691 |
| CVE-2022-35652 | July 25, 2022 | An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can crea... | 6.1 MEDIUM | https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a |
| CVE-2022-31151 | July 21, 2022 | Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the ... | 6.5 MEDIUM | https://www.yrl.com/fwp_support/info/a1hrbt0000002037.html |
| CVE-2022-32457 | July 19, 2022 | Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network ... | 5.3 MEDIUM | https://github.com/Maheshkumar-Kakade/otp-generator/issues/12 |
| CVE-2022-34762 | July 13, 2022 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware i... | 7.5 HIGH | https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdf |
| CVE-2022-34761 | July 13, 2022 | A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affecte... | 7.5 HIGH | https://www.ibm.com/support/pages/node/6603131 |
| CVE-2022-34760 | July 13, 2022 | A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to im... | 7.5 HIGH | https://github.com/bytecodealliance/wasmtime/ |
| CVE-2022-31135 | July 7, 2022 | Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are s... | 7.5 HIGH | https://cwe.mitre.org/data/definitions/434.html |
| CVE-2022-32449 | July 7, 2022 | TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. ... | 9.8 CRITICAL | https://huntr.dev/bounties/3055b3f5-6b80-4d47-8e00-3500dfb458bc |
| CVE-2022-33098 | July 7, 2022 | Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows att... | 6.1 MEDIUM | https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796 |
| CVE-2022-28889 | July 7, 2022 | In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking us... | 4.3 MEDIUM | https://northern.tech |
| CVE-2022-32055 | July 7, 2022 | Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.... | 7.5 HIGH | https://github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1 |
| CVE-2022-32056 | July 7, 2022 | Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.... | 9.8 CRITICAL | https://www.exploit-db.com/exploits/49773 |
| CVE-2022-33737 | July 6, 2022 | The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generat... | 7.5 HIGH | https://github.com/AttorneyOnline/akashi/security/advisories/GHSA-vj86-vfmg-q68v |
| CVE-2022-34781 | June 30, 2022 | Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an atta... | 6.5 MEDIUM | https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904 |
| CVE-2021-30344 | June 14, 2022 | Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn... | 7.5 HIGH | /download-e/09vsft6_inf/Search.php |
| CVE-2021-30345 | June 14, 2022 | RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearab... | 5.5 MEDIUM | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
| CVE-2021-30346 | June 14, 2022 | RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearab... | 5.5 MEDIUM | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
| CVE-2021-30347 | June 14, 2022 | Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon... | 8.1 HIGH | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
| CVE-2021-30327 | June 14, 2022 | Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute,... | 6.8 MEDIUM | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
| CVE-2022-29522 | June 14, 2022 | Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an att... | 7.8 HIGH | https://github.com/l00neyhacker/CVE-2021-40650 |
| CVE-2022-32359 | June 14, 2022 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.... | 7.2 HIGH | https://huntr.dev/bounties/2615adf2-ff40-4623-97fb-2e4a3800202a |
| CVE-2022-1659 | June 13, 2022 | Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function... | 7.3 HIGH | https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0209 |
| CVE-2022-1658 | June 13, 2022 | Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber ro... | 5.4 MEDIUM | https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749 |
| CVE-2022-1657 | June 13, 2022 | Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path... | 8.8 HIGH | https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1969 |
| CVE-2022-1654 | June 13, 2022 | Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain... | 8.8 HIGH | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2725322%40rsvpmaker&new=2725322%40rsvpmaker&sfp_email=&sfph_mail= |
| CVE-2022-0209 | June 13, 2022 | The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficie... | 4.8 MEDIUM | https://www.exploit-db.com/exploits/47477 |
| CVE-2022-1750 | June 13, 2022 | The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, ... | 4.8 MEDIUM | https://www.ibm.com/support/pages/node/6589099 |
| CVE-2022-1749 | June 13, 2022 | The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ... | 8.8 HIGH | https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8 |
| CVE-2022-1969 | June 13, 2022 | The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due ... | 8.8 HIGH | http://caphyon.com |
| CVE-2022-1768 | June 13, 2022 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied d... | 7.5 HIGH | https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc |
| CVE-2022-30899 | June 8, 2022 | A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.... | 4.8 MEDIUM | https://github.com/mustgundogdu/Research/edit/main/Dolibar_12.0.5-ReflectedXSS/README.md |
| CVE-2022-31325 | June 8, 2022 | There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.... | 7.2 HIGH | https://github.com/sshnet/SSH.NET/commit/03c6d60736b8f7b42e44d6989a53f9b644a091fb |
| CVE-2022-30875 | June 8, 2022 | Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.... | 6.1 MEDIUM | https://github.com/ramank775/chat-server/releases/tag/v2.6.0 |
| CVE-2020-36532 | June 7, 2022 | A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The... | 6.5 MEDIUM | https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html |
| CVE-2020-36533 | June 7, 2022 | A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The ma... | 9.8 CRITICAL | https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html |
| CVE-2022-1467 | May 23, 2022 | Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will... | 9.9 CRITICAL | https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05 |
| CVE-2022-29376 | May 23, 2022 | Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary c... | 8.8 HIGH | https://github.com/nextauthjs/next-auth/security/advisories/GHSA-q2mx-j4x2-2h74 |
| CVE-2022-28999 | May 23, 2022 | Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary... | 8.8 HIGH | https://github.com/tensorflow/tensorflow/issues/55263 |
| CVE-2021-32958 | May 23, 2022 | Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local comman... | 5.5 MEDIUM | https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf |
| CVE-2022-28874 | May 23, 2022 | Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit fil... | 7.5 HIGH | https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6 |
| CVE-2022-29214 | May 20, 2022 | NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulne... | 6.1 MEDIUM | https://www.withsecure.com/en/support/security-advisories |
| CVE-2022-29213 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf... | 5.5 MEDIUM | https://github.com/mscdex/dicer/pull/22 |
| CVE-2022-29215 | May 20, 2022 | RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection... | 7.5 HIGH | https://www.koyoele.co.jp/en/topics/202205095016/ |
| CVE-2022-29181 | May 20, 2022 | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX p... | 8.2 HIGH | https://github.com/smarty-php/smarty/releases/tag/v3.1.45 |
| CVE-2022-24434 | May 20, 2022 | This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could s... | 7.5 HIGH | https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01 |
| CVE-2022-1796 | May 19, 2022 | Use After Free in GitHub repository vim/vim prior to 8.2.4979.... | 7.8 HIGH | http://www.iss.net/security_center/static/10362.php |
| CVE-2022-28184 | May 17, 2022 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an u... | 7.8 HIGH | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-30957 | May 17, 2022 | A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of crede... | 4.3 MEDIUM | https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478 |
| CVE-2022-30947 | May 17, 2022 | Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller... | 7.5 HIGH | https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2639 |
| CVE-2022-30949 | May 17, 2022 | Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controlle... | 5.3 MEDIUM | https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2478 |
| CVE-2022-30945 | May 17, 2022 | Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugin... | 8.5 HIGH | https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2273 |
| CVE-2022-28183 | May 17, 2022 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out... | 7.1 HIGH | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-28185 | May 17, 2022 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-boun... | 7.1 HIGH | https://security.gentoo.org/glsa/202310-02 |
| CVE-2022-1386 | May 16, 2022 | The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate ... | 9.8 CRITICAL | https://wpscan.com/vulnerability/bf7034ab-24c4-461f-a709-3f73988b536b |
| CVE-2022-28487 | May 4, 2022 | Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confide... | 7.5 HIGH | https://github.com/appneta/tcpreplay/pull/720 |
| CVE-2021-42528 | May 2, 2022 | XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated at... | 5.5 MEDIUM | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2022-1511 | April 28, 2022 | Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.... | 6.5 MEDIUM | http://www.securityfocus.com/bid/2576 |
| CVE-2022-21476 | April 19, 2022 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are a... | 7.5 HIGH | https://ubuntu.com/security/CVE-2020-11935 |
| CVE-2022-24859 | April 18, 2022 | PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.2... | 5.5 MEDIUM | https://github.com/py-pdf/PyPDF2/pull/740 |
| CVE-2022-20724 | April 15, 2022 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary comm... | 5.3 MEDIUM | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj |
| CVE-2022-20720 | April 15, 2022 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary comm... | 7.2 HIGH | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj |
| CVE-2022-29049 | April 12, 2022 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing a... | 5.4 MEDIUM | https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-359 |
| CVE-2022-29045 | April 12, 2022 | Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on... | 5.4 MEDIUM | https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2167 |
| CVE-2022-29047 | April 12, 2022 | Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 and earlier, except 2.21.3, allows attackers able to submit pull requests (or eq... | 5.3 MEDIUM | https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2096 |
| CVE-2022-29044 | April 12, 2022 | Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not escape the name and description of Node and Label parameters on views displaying p... | 5.4 MEDIUM | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36803 |
| CVE-2022-24780 | April 5, 2022 | Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the ... | 8.8 HIGH | https://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3 |
| CVE-2021-32503 | April 1, 2022 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker co... | 4.9 MEDIUM | http://smartbear.com |
| CVE-2022-28133 | March 29, 2022 | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored c... | 5.4 MEDIUM | https://github.com/GoogleForCreators/web-stories-wp/compare/v1.24.0...v1.25.0 |
| CVE-2022-1032 | March 29, 2022 | Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.... | 7.2 HIGH | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 |
| CVE-2022-1078 | March 29, 2022 | A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admi... | 9.8 CRITICAL | https://www.3cx.com/community/forums/posts-articles-news/ |
| CVE-2022-28135 | March 29, 2022 | Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Je... | 6.5 MEDIUM | https://vuldb.com/?id.213543 |
| CVE-2021-44581 | March 28, 2022 | An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.... | 7.5 HIGH | https://twitter.com/1ofThegutHakrs/status/1508455262885191682 |
| CVE-2022-25521 | March 28, 2022 | UNNO v03.11.00 was discovered to contain access control issue.... | 9.8 CRITICAL | https://medium.com/@dnyaneshgawande111/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-network-video-5490d107fa0 |
| CVE-2021-45865 | March 28, 2022 | A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.... | 9.8 CRITICAL | https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622 |
| CVE-2022-26642 | March 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.... | 7.2 HIGH | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 |
| CVE-2022-26641 | March 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.... | 7.2 HIGH | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 |
| CVE-2022-26640 | March 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.... | 9.8 CRITICAL | https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699 |
| CVE-2022-26639 | March 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.... | 9.8 CRITICAL | http://seclists.org/fulldisclosure/2022/Mar/45 |
| CVE-2022-27942 | March 26, 2022 | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.... | 7.8 HIGH | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/ |
| CVE-2022-27940 | March 26, 2022 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.... | 7.8 HIGH | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/ |
| CVE-2022-27939 | March 26, 2022 | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.... | 5.5 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/ |
| CVE-2022-27941 | March 26, 2022 | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.... | 7.8 HIGH | http://rhn.redhat.com/errata/RHSA-2015-1628.html |
| CVE-2021-25019 | March 21, 2022 | The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admi... | 6.1 MEDIUM | https://play.google.com/store/apps/details?id=com.cuiet.blockCalls |
| CVE-2020-25180 | March 18, 2022 | Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged comma... | 6.5 MEDIUM | https://github.com/CycloneDX/cyclonedx-bom-repo-server/releases/tag/v2.0.1 |
| CVE-2020-25178 | March 18, 2022 | ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides variou... | 8.8 HIGH | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329 |
| CVE-2020-25176 | March 18, 2022 | Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in th... | 9.8 CRITICAL | https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr |
| CVE-2020-25184 | March 18, 2022 | Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable fi... | 5.5 MEDIUM | https://www.xiongmaitech.com/en/index.php/service/notice_info/51/2 |
| CVE-2022-27206 | March 15, 2022 | Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins control... | 6.5 MEDIUM | https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1891 |
| CVE-2022-27207 | March 15, 2022 | Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulti... | 4.8 MEDIUM | https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-1886 |
| CVE-2022-27217 | March 15, 2022 | Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they ca... | 6.5 MEDIUM | https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2238 |
| CVE-2022-27212 | March 15, 2022 | Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a ... | 5.4 MEDIUM | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140 |
| CVE-2022-27208 | March 15, 2022 | Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins c... | 6.5 MEDIUM | https://vuldb.com/?id.213544 |
| CVE-2022-27218 | March 15, 2022 | Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can ... | 4.3 MEDIUM | https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a |
| CVE-2021-41657 | March 10, 2022 | SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking a... | 6.1 MEDIUM | https://github.com/stefanberger/libtpms/commit/2e6173c |
| CVE-2021-20269 | March 10, 2022 | A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel... | 5.5 MEDIUM | https://github.com/m1k1o/blog/commit/6f5e59f1401c4a3cf2e518aa85b231ea14e8a2ef |
| CVE-2021-32006 | March 10, 2022 | This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Sec... | 4.3 MEDIUM | https://www.network-olympus.com/monitoring/ |
| CVE-2022-25225 | March 10, 2022 | Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. ... | 7.2 HIGH | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 |
| CVE-2022-25368 | March 10, 2022 | Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branch... | 4.7 MEDIUM | https://www.tuv.com/content-media-files/master-content/global-landingpages/images/vulnerability-disclosure/tuv-rheinland-security-advisory-local-privilege-escalation-vulnerability-in-otris-update-manager.pdf |
| CVE-2022-25814 | March 10, 2022 | PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized act... | 7.8 HIGH | http://smartbear.com |
| CVE-2022-25815 | March 10, 2022 | PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action wit... | 7.8 HIGH | https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_addressbook_announce.html |
| CVE-2022-25816 | March 10, 2022 | Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authent... | 4.6 MEDIUM | https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver |
| CVE-2022-26521 | March 10, 2022 | Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Med... | 7.2 HIGH | https://advisories.nats.io/CVE/CVE-2022-26652.txt |
| CVE-2022-26311 | March 10, 2022 | Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernet... | 7.5 HIGH | https://launchpad.support.sap.com/#/notes/3144941 |
| CVE-2022-26652 | March 10, 2022 | NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-ser... | 6.5 MEDIUM | https://launchpad.support.sap.com/#/notes/3132360 |
| CVE-2022-26104 | March 10, 2022 | SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthori... | 5.3 MEDIUM | https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 |
| CVE-2022-26103 | March 10, 2022 | Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to i... | 5.3 MEDIUM | https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html |
| CVE-2022-20058 | March 10, 2022 | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an at... | 6.6 MEDIUM | https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html |
| CVE-2022-20059 | March 10, 2022 | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an at... | 6.6 MEDIUM | https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html |
| CVE-2022-20056 | March 10, 2022 | In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an at... | 6.6 MEDIUM | https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html |
| CVE-2022-20060 | March 10, 2022 | In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privile... | 6.6 MEDIUM | https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html |
| CVE-2022-22805 | March 9, 2022 | A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an ... | 9.8 CRITICAL | https://www.couchbase.com/alerts |
| CVE-2022-24713 | March 8, 2022 | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service at... | 7.5 HIGH | https://launchpad.support.sap.com/#/notes/3145997 |
| CVE-2022-24738 | March 7, 2022 | Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds... | 7.4 HIGH | http://lua-users.org/lists/lua-l/2020-07/msg00054.html |
| CVE-2022-25220 | March 3, 2022 | PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a produ... | 4.8 MEDIUM | https://github.com/1modm/petereport/issues/35 |
| CVE-2022-23710 | March 3, 2022 | A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow ... | 6.1 MEDIUM | https://github.com/michaelrsweet/htmldoc/issues/417 |
| CVE-2021-26948 | March 3, 2022 | Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted h... | 7.8 HIGH | https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563 |
| CVE-2021-26259 | March 3, 2022 | A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of se... | 7.8 HIGH | https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67f |
| CVE-2021-38578 | March 3, 2022 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.... | 9.8 CRITICAL | https://github.com/ArianeBlow/Axelor_Stored_XSS/blob/main/README.md |
| CVE-2022-0265 | March 3, 2022 | Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1.... | 9.8 CRITICAL | https://github.com/stefanberger/libtpms/commit/2e6173c |
| CVE-2021-38577 | March 3, 2022 | Heap Overflow in BaseBmpSupportLib.... | 9.8 CRITICAL | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10284 |
| CVE-2022-24723 | March 3, 2022 | URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs ... | 5.3 MEDIUM | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10284 |
| CVE-2022-25138 | March 3, 2022 | Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.... | 5.4 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html |
| CVE-2021-3623 | March 2, 2022 | A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-... | 8.2 HIGH | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html |
| CVE-2022-0360 | Feb. 28, 2022 | The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which coul... | 4.8 MEDIUM | https://play.google.com/store/apps/details?id=com.cuiet.blockCalls |
| CVE-2022-22794 | Feb. 24, 2022 | Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /ad... | 9.8 CRITICAL | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/ |
| CVE-2022-22793 | Feb. 24, 2022 | Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesy... | 7.5 HIGH | http://www.openwall.com/lists/oss-security/2021/08/17/3 |
| CVE-2022-20625 | Feb. 23, 2022 | A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attac... | 4.3 MEDIUM | http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html |
| CVE-2022-0729 | Feb. 23, 2022 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.... | 8.8 HIGH | https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea |
| CVE-2022-0685 | Feb. 20, 2022 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.... | 7.8 HIGH | https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782 |
| CVE-2022-25186 | Feb. 15, 2022 | Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the age... | 6.5 MEDIUM | https://github.com/YAFNET/YAFNET/commit/2237a9d552e258a43570bb478a92a5505e7c8797 |
| CVE-2022-25183 | Feb. 15, 2022 | Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories withou... | 8.8 HIGH | https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2161 |
| CVE-2022-0554 | Feb. 10, 2022 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.... | 7.8 HIGH | https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71 |
| CVE-2022-23631 | Feb. 9, 2022 | superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to ru... | 9.8 CRITICAL | https://github.com/openpmix/openpmix/releases/tag/v4.2.6 |
| CVE-2022-23626 | Feb. 8, 2022 | m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly... | 8.8 HIGH | http://www.openwall.com/lists/oss-security/2021/05/10/2 |
| CVE-2021-46228 | Feb. 3, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerabilit... | 9.8 CRITICAL | https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff |
| CVE-2021-46230 | Feb. 3, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability... | 9.8 CRITICAL | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10284 |
| CVE-2021-46227 | Feb. 3, 2022 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerabili... | 9.8 CRITICAL | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10287 |
| CVE-2022-0368 | Jan. 26, 2022 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.... | 7.8 HIGH | https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9 |
| CVE-2022-0361 | Jan. 26, 2022 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... | 7.8 HIGH | https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b |
| CVE-2022-0359 | Jan. 26, 2022 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... | 7.8 HIGH | https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def |
| CVE-2021-3850 | Jan. 25, 2022 | Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.... | 9.1 CRITICAL | https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c |
| CVE-2021-39031 | Jan. 25, 2022 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By usin... | 8.8 HIGH | https://www.ibm.com/support/pages/node/6550488 |
| CVE-2021-25013 | Jan. 24, 2022 | The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure ... | 6.5 MEDIUM | https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0 |
| CVE-2021-24989 | Jan. 24, 2022 | The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belon... | 6.5 MEDIUM | https://wpscan.com/vulnerability/f0a9e6cc-46cc-4ac2-927a-c006b8e8aa68 |
| CVE-2021-24976 | Jan. 24, 2022 | The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the ... | 6.1 MEDIUM | https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 |
| CVE-2021-24974 | Jan. 24, 2022 | The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing a... | 5.4 MEDIUM | https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc |
| CVE-2021-24968 | Jan. 24, 2022 | The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_p... | 5.7 MEDIUM | https://wpscan.com/vulnerability/2d0c4872-a341-4974-926c-10b094a5d13c |
| CVE-2021-24965 | Jan. 24, 2022 | The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX acti... | 5.4 MEDIUM | https://wpscan.com/vulnerability/50be0ebf-fe6d-41e5-8af9-0d74f33aeb57 |
| CVE-2021-30636 | Jan. 23, 2022 | In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCal... | 9.8 CRITICAL | https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01 |
| CVE-2022-23852 | Jan. 23, 2022 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.... | 9.8 CRITICAL | https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01 |
| CVE-2021-46313 | Jan. 21, 2022 | The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability c... | 5.5 MEDIUM | https://github.com/bpmn-io/min-dash/pull/21 |
| CVE-2021-46311 | Jan. 21, 2022 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability... | 5.5 MEDIUM | https://github.com/jerryscript-project/jerryscript/issues/4882 |
| CVE-2021-46240 | Jan. 21, 2022 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerabil... | 5.5 MEDIUM | https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html |
| CVE-2021-23460 | Jan. 21, 2022 | The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types.... | 7.5 HIGH | https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html |
| CVE-2022-0319 | Jan. 21, 2022 | Out-of-bounds Read in vim/vim prior to 8.2.... | 5.5 MEDIUM | https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b |
| CVE-2021-3866 | Jan. 20, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip prior to and including 4.8.... | 5.4 MEDIUM | https://huntr.dev/bounties/5f48dac5-e112-4b23-bbbf-cc00ba83bcf2 |
| CVE-2022-0278 | Jan. 20, 2022 | Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.... | 5.4 MEDIUM | https://huntr.dev/bounties/64495d0f-d5ec-4542-9693-32372c18d030 |
| CVE-2021-46061 | Jan. 20, 2022 | An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ ... | 9.8 CRITICAL | http://seclists.org/fulldisclosure/2022/Jan/73 |
| CVE-2022-21323 | Jan. 19, 2022 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7... | 2.9 LOW | https://www.oracle.com/security-alerts/cpujan2022.html |
| CVE-2022-21321 | Jan. 19, 2022 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7... | 2.9 LOW | https://www.oracle.com/security-alerts/cpujan2022.html |
| CVE-2022-21394 | Jan. 19, 2022 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.3... | 6.5 MEDIUM | https://www.zerodayinitiative.com/advisories/ZDI-22-128/ |
| CVE-2021-31821 | Jan. 19, 2022 | When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API k... | 5.5 MEDIUM | https://www.code42.com/r/support/CVE-2021-43269 |
| CVE-2021-43269 | Jan. 19, 2022 | In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file... | 8.8 HIGH | http://seclists.org/fulldisclosure/2022/Jan/39 |
| CVE-2022-23221 | Jan. 19, 2022 | H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FOR... | 9.8 CRITICAL | https://vul.wangan.com/a/CNVD-2021-49171 |
| CVE-2021-38787 | Jan. 19, 2022 | There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_... | 7.5 HIGH | https://vul.wangan.com/a/CNVD-2021-49173 |
| CVE-2021-38786 | Jan. 19, 2022 | There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of s... | 7.5 HIGH | https://vul.wangan.com/a/CNVD-2021-49168 |
| CVE-2022-22164 | Jan. 18, 2022 | An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not tak... | 5.3 MEDIUM | https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md |
| CVE-2021-41809 | Jan. 18, 2022 | SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with cer... | 4.3 MEDIUM | https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94 |
| CVE-2021-28501 | Jan. 14, 2022 | An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in... | 7.8 HIGH | http://seclists.org/fulldisclosure/2022/Jan/74 |
| CVE-2021-28500 | Jan. 14, 2022 | An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in... | 7.8 HIGH | https://packetstormsecurity.com/files/165272/Online-Thesis-Archiving-System-1.0-SQL-Injection-Cross-Site-Scripting.html |
| CVE-2022-0213 | Jan. 14, 2022 | vim is vulnerable to Heap-based Buffer Overflow... | 6.6 MEDIUM | https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 |
| CVE-2022-23105 | Jan. 12, 2022 | Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers... | 6.5 MEDIUM | https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-1389 |
| CVE-2022-23106 | Jan. 12, 2022 | Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing at... | 5.3 MEDIUM | https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2141 |
| CVE-2022-23107 | Jan. 12, 2022 | Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with It... | 8.1 HIGH | https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2090 |
| CVE-2022-23108 | Jan. 12, 2022 | Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a st... | 5.4 MEDIUM | https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2547 |
| CVE-2022-23109 | Jan. 12, 2022 | Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline... | 6.5 MEDIUM | https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2213 |
| CVE-2022-23110 | Jan. 12, 2022 | Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability e... | 4.8 MEDIUM | https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2287 |
| CVE-2021-45334 | Jan. 10, 2022 | Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin... | 9.8 CRITICAL | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/ |
| CVE-2021-36411 | Jan. 10, 2022 | An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength ... | 5.5 MEDIUM | https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html |
| CVE-2022-0158 | Jan. 10, 2022 | vim is vulnerable to Heap-based Buffer Overflow... | 3.3 LOW | http://www.openwall.com/lists/oss-security/2022/01/15/1 |
| CVE-2022-0156 | Jan. 10, 2022 | vim is vulnerable to Use After Free... | 5.5 MEDIUM | http://www.openwall.com/lists/oss-security/2022/01/15/1 |
| CVE-2021-46144 | Jan. 6, 2022 | Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.... | 6.1 MEDIUM | https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 |
| CVE-2021-46074 | Jan. 6, 2022 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login pan... | 4.8 MEDIUM | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1361.yaml |
| CVE-2021-46073 | Jan. 6, 2022 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login pa... | 4.8 MEDIUM | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1353.yaml |
| CVE-2022-0128 | Jan. 6, 2022 | vim is vulnerable to Out-of-bounds Read... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2022/01/15/1 |
| CVE-2022-21650 | Jan. 4, 2022 | Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file wit... | 5.4 MEDIUM | https://github.com/convos-chat/convos/commit/5c0a1ec9a2c147bc3b63fd5a48da5f32e18fe5df |
| CVE-2022-20019 | Jan. 4, 2022 | In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with ... | 5.5 MEDIUM | https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ |
| CVE-2021-45980 | Jan. 4, 2022 | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.... | 7.8 HIGH | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1188.yaml |
| CVE-2021-45979 | Jan. 4, 2022 | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.... | 7.8 HIGH | https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1 |
| CVE-2021-45978 | Jan. 4, 2022 | Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.... | 7.8 HIGH | https://huntr.dev/bounties/d66f90d6-1b5f-440d-8be6-cdffc9d4587e |
| CVE-2021-30273 | Jan. 3, 2022 | Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, S... | 7.5 HIGH | https://www.plsanu.com/vehicle-service-management-system-settings-stored-cross-site-scripting-xss |
| CVE-2021-41817 | Jan. 1, 2022 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1,... | 7.5 HIGH | https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss |
| CVE-2021-45939 | Dec. 31, 2021 | wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).... | 5.5 MEDIUM | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1349.yaml |
| CVE-2021-45938 | Dec. 31, 2021 | wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).... | 5.5 MEDIUM | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1348.yaml |
| CVE-2021-45937 | Dec. 31, 2021 | wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).... | 5.5 MEDIUM | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1204.yaml |
| CVE-2021-45936 | Dec. 31, 2021 | wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).... | 5.5 MEDIUM | https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-45980 |
| CVE-2021-45934 | Dec. 31, 2021 | wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).... | 5.5 MEDIUM | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1211.yaml |
| CVE-2021-45933 | Dec. 31, 2021 | wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket... | 5.5 MEDIUM | https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-45979 |
| CVE-2021-45932 | Dec. 31, 2021 | wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket... | 5.5 MEDIUM | https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-45978 |
| CVE-2021-4193 | Dec. 31, 2021 | vim is vulnerable to Out-of-bounds Read... | 5.5 MEDIUM | http://www.openwall.com/lists/oss-security/2022/01/15/1 |
| CVE-2021-3621 | Dec. 23, 2021 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This fla... | 8.8 HIGH | https://security.netapp.com/advisory/ntap-20231116-0002/ |
| CVE-2020-20595 | Dec. 22, 2021 | A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.... | 6.5 MEDIUM | https://github.com/Sea0o/vulnerability/issues/1 |
| CVE-2021-45263 | Dec. 22, 2021 | An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application c... | 5.5 MEDIUM | https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/ |
| CVE-2021-45267 | Dec. 22, 2021 | An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and applic... | 5.5 MEDIUM | https://support.apple.com/en-us/HT212979 |
| CVE-2021-45260 | Dec. 22, 2021 | A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application cras... | 5.5 MEDIUM | https://support.apple.com/en-us/HT212981 |
| CVE-2021-45262 | Dec. 22, 2021 | An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.... | 5.5 MEDIUM | https://support.apple.com/en-us/HT212976 |
| CVE-2021-45266 | Dec. 22, 2021 | A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and applicat... | 7.5 HIGH | https://wordpress.org/plugins/contact-form-cfdb7/#developers |
| CVE-2021-36886 | Dec. 22, 2021 | Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).... | 8.8 HIGH | https://www.openssl.org/news/secadv/20211214.txt |
| CVE-2021-21926 | Dec. 22, 2021 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This ca... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/6526488 |
| CVE-2021-38966 | Dec. 21, 2021 | IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W... | 5.4 MEDIUM | https://github.com/Sea0o/vulnerability/issues/2 |
| CVE-2021-26800 | Dec. 16, 2021 | Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows... | 6.5 MEDIUM | https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ |
| CVE-2020-35210 | Dec. 16, 2021 | A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest ... | 6.5 MEDIUM | https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh |
| CVE-2020-35209 | Dec. 16, 2021 | An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.... | 7.5 HIGH | https://excellium-services.com/cert-xlm-advisory/cve-2019-19614/ |
| CVE-2021-45097 | Dec. 16, 2021 | KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropria... | 5.5 MEDIUM | https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215 |
| CVE-2021-45096 | Dec. 16, 2021 | KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.... | 4.3 MEDIUM | https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240 |
| CVE-2021-43518 | Dec. 15, 2021 | Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading ... | 7.8 HIGH | https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0 |
| CVE-2021-43836 | Dec. 15, 2021 | Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files v... | 8.8 HIGH | https://www.knime.com/changelog-v45 |
| CVE-2021-45092 | Dec. 15, 2021 | Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.... | 9.8 CRITICAL | https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427 |
| CVE-2021-4044 | Dec. 14, 2021 | Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a nega... | 7.5 HIGH | https://wordpress.org/plugins/contact-form-cfdb7/#developers |
| CVE-2021-4092 | Dec. 11, 2021 | yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)... | 4.3 MEDIUM | https://huntr.dev/bounties/7b58c160-bb62-45fe-ad1f-38354378b89e |
| CVE-2021-3829 | Dec. 10, 2021 | openwhyd is vulnerable to URL Redirection to Untrusted Site... | 6.1 MEDIUM | https://huntr.dev/bounties/6b8acb0c-8b5d-461e-9b46-b1bfb5a8ccdf |
| CVE-2021-36911 | Dec. 10, 2021 | Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with ... | 5.4 MEDIUM | https://wordpress.org/plugins/comment-engine-pro/ |
| CVE-2021-20373 | Dec. 9, 2021 | IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the ... | 7.5 HIGH | https://www.ibm.com/support/pages/node/6523804 |
| CVE-2021-41246 | Dec. 9, 2021 | Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` ... | 8.8 HIGH | https://github.com/auth0/express-openid-connect/releases/tag/v2.5.2 |
| CVE-2021-21955 | Dec. 9, 2021 | An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.... | 7.5 HIGH | https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0002-OP-TEE_TrustZone_bypass_at_wakeup.txt |
| CVE-2021-21954 | Dec. 9, 2021 | A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. ... | 9.9 CRITICAL | http://tp-link.com |
| CVE-2021-40282 | Dec. 9, 2021 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.... | 8.8 HIGH | https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092 |
| CVE-2021-40281 | Dec. 9, 2021 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.... | 8.8 HIGH | https://www.mozilla.org/security/advisories/mfsa2021-48/ |
| CVE-2021-43535 | Dec. 8, 2021 | A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially ex... | 8.8 HIGH | https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/ |
| CVE-2021-43534 | Dec. 8, 2021 | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of... | 8.8 HIGH | https://github.com/ComparedArray/printix-CVE-2022-25090 |
| CVE-2021-37941 | Dec. 8, 2021 | A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application runni... | 7.8 HIGH | https://www.vmware.com/security/advisories/VMSA-2020-0006 |
| CVE-2021-41450 | Dec. 8, 2021 | An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a ... | 7.5 HIGH | https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675 |
| CVE-2021-44149 | Dec. 7, 2021 | An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security acces... | 7.8 HIGH | https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ |
| CVE-2021-4069 | Dec. 6, 2021 | vim is vulnerable to Use After Free... | 7.8 HIGH | https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 |
| CVE-2021-4019 | Dec. 1, 2021 | vim is vulnerable to Heap-based Buffer Overflow... | 7.8 HIGH | https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 |
| CVE-2021-3984 | Dec. 1, 2021 | vim is vulnerable to Heap-based Buffer Overflow... | 7.8 HIGH | https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 |
| CVE-2020-10627 | Dec. 1, 2021 | Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manuf... | 8.1 HIGH | https://www.myomnipod.com/security-bulletins |
| CVE-2021-43358 | Nov. 30, 2021 | Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authenti... | 7.5 HIGH | https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html |
| CVE-2021-40809 | Nov. 30, 2021 | An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that u... | 8.8 HIGH | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2021-24918 | Nov. 29, 2021 | The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As... | 5.4 MEDIUM | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386 |
| CVE-2021-24927 | Nov. 29, 2021 | The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any... | 5.4 MEDIUM | https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32 |
| CVE-2021-24908 | Nov. 29, 2021 | The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected ... | 6.1 MEDIUM | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386 |
| CVE-2021-26611 | Nov. 26, 2021 | HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, fac... | 9.8 CRITICAL | https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 |
| CVE-2021-21980 | Nov. 24, 2021 | The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on v... | 7.5 HIGH | https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35 |
| CVE-2021-32004 | Nov. 22, 2021 | This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker ... | 5.3 MEDIUM | https://github.com/matrix-org/synapse/pull/9393 |
| CVE-2021-44144 | Nov. 22, 2021 | Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.... | 9.1 CRITICAL | https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78 |
| CVE-2021-3974 | Nov. 19, 2021 | vim is vulnerable to Use After Free... | 7.8 HIGH | https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 |
| CVE-2021-3973 | Nov. 19, 2021 | vim is vulnerable to Heap-based Buffer Overflow... | 7.8 HIGH | https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 |
| CVE-2021-23146 | Nov. 18, 2021 | An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affe... | 7.5 HIGH | https://github.com/saltstack/salt/releases |
| CVE-2021-26444 | Nov. 9, 2021 | Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-42301, CVE-2021-42323.... | 5.5 MEDIUM | https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m |
| CVE-2021-29843 | Nov. 8, 2021 | IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force I... | 6.5 MEDIUM | https://wpscan.com/vulnerability/9841176d-1d37-4636-9144-0ca42b6f3605 |
| CVE-2021-24674 | Nov. 8, 2021 | The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logge... | 6.5 MEDIUM | https://www.ibm.com/support/pages/node/6514007 |
| CVE-2021-24669 | Nov. 8, 2021 | The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, whi... | 8.8 HIGH | https://stor2rrd.com/note730.php |
| CVE-2021-24664 | Nov. 8, 2021 | The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape the... | 4.8 MEDIUM | https://stor2rrd.com/note730.php |
| CVE-2021-24631 | Nov. 8, 2021 | The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to... | 8.8 HIGH | https://stor2rrd.com/note730.php |
| CVE-2021-29735 | Nov. 8, 2021 | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary... | 5.4 MEDIUM | https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634 |
| CVE-2021-24767 | Nov. 8, 2021 | The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could... | 6.5 MEDIUM | https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05 |
| CVE-2021-42662 | Nov. 5, 2021 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday re... | 5.4 MEDIUM | https://github.com/TheHackingRabbi/CVE-2021-42662 |
| CVE-2021-42664 | Nov. 5, 2021 | A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz descrip... | 5.4 MEDIUM | https://github.com/TheHackingRabbi/CVE-2021-42664 |
| CVE-2021-3927 | Nov. 5, 2021 | vim is vulnerable to Heap-based Buffer Overflow... | 7.8 HIGH | https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 |
| CVE-2021-3928 | Nov. 5, 2021 | vim is vulnerable to Stack-based Buffer Overflow... | 7.8 HIGH | https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd |
| CVE-2021-41312 | Nov. 3, 2021 | Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to en... | 7.5 HIGH | https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html |
| CVE-2021-39237 | Nov. 2, 2021 | Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.... | 4.6 MEDIUM | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKMUMLUH6ENNMLGTJ5AFRF6764ILEMYJ/ |
| CVE-2021-39238 | Nov. 2, 2021 | Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overfl... | 9.8 CRITICAL | https://www.mozilla.org/security/advisories/mfsa2021-37/ |
| CVE-2021-29991 | Nov. 2, 2021 | Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack agains... | 8.1 HIGH | https://www.mozilla.org/security/advisories/mfsa2021-38/ |
| CVE-2021-41232 | Nov. 2, 2021 | Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerabi... | 9.8 CRITICAL | https://www.debian.org/security/2021/dsa-4990 |
| CVE-2021-29993 | Nov. 2, 2021 | Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects F... | 8.1 HIGH | https://www.mozilla.org/security/advisories/mfsa2021-38/ |
| CVE-2021-38491 | Nov. 2, 2021 | Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.... | 6.5 MEDIUM | https://www.mozilla.org/security/advisories/mfsa2021-38/ |
| CVE-2021-38492 | Nov. 2, 2021 | When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scri... | 6.5 MEDIUM | https://www.mozilla.org/security/advisories/mfsa2021-40/ |
| CVE-2021-38493 | Nov. 2, 2021 | Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption an... | 8.8 HIGH | https://www.mozilla.org/security/advisories/mfsa2021-43/ |
| CVE-2021-38494 | Nov. 2, 2021 | Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with... | 8.8 HIGH | https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html |
| CVE-2021-38495 | Nov. 2, 2021 | Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume ... | 8.8 HIGH | https://www.mozilla.org/security/advisories/mfsa2021-43/ |
| CVE-2021-38496 | Nov. 2, 2021 | During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploit... | 8.8 HIGH | https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html |
| CVE-2021-38497 | Nov. 2, 2021 | Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible use... | 6.5 MEDIUM | https://www.mozilla.org/security/advisories/mfsa2021-43/ |
| CVE-2021-41728 | Oct. 28, 2021 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles.... | 6.1 MEDIUM | https://www.ibm.com/support/pages/node/6508583 |
| CVE-2020-25422 | Oct. 28, 2021 | A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted pay... | 5.4 MEDIUM | https://www.ibm.com/support/pages/node/6508583 |
| CVE-2021-22453 | Oct. 28, 2021 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process cra... | 3.3 LOW | https://www.ibm.com/support/pages/node/6507095 |
| CVE-2021-34794 | Oct. 27, 2021 | A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) S... | 5.3 MEDIUM | https://github.com/nameko/nameko/security/advisories/GHSA-6p52-jr3q-c94g |
| CVE-2021-34793 | Oct. 27, 2021 | A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in tra... | 8.6 HIGH | https://seclists.org/oss-sec/2011/q4/249 |
| CVE-2021-34792 | Oct. 27, 2021 | A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a... | 7.5 HIGH | http://seclists.org/fulldisclosure/2021/Oct/33 |
| CVE-2021-22101 | Oct. 27, 2021 | Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers t... | 7.5 HIGH | https://www.gestionaleopen.org/ |
| CVE-2020-24932 | Oct. 27, 2021 | An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.... | 9.8 CRITICAL | https://sourceforge.net/projects/open-clinic/files/latest/download |
| CVE-2021-29713 | Oct. 27, 2021 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... | 5.4 MEDIUM | https://www.cloudfoundry.org/blog/cve-2019-3801 |
| CVE-2021-29774 | Oct. 27, 2021 | IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.... | 7.5 HIGH | https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35344 |
| CVE-2021-20526 | Oct. 27, 2021 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote att... | 5.3 MEDIUM | https://access.redhat.com/errata/RHSA-2019:1571 |
| CVE-2021-3903 | Oct. 27, 2021 | vim is vulnerable to Heap-based Buffer Overflow... | 7.8 HIGH | https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 |
| CVE-2021-41078 | Oct. 26, 2021 | Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.... | 7.8 HIGH | https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e |
| CVE-2021-38450 | Oct. 26, 2021 | The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended co... | 8.8 HIGH | https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 |
| CVE-2021-41035 | Oct. 25, 2021 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.... | 9.8 CRITICAL | https://github.com/eclipse-openj9/openj9/pull/13740 |
| CVE-2021-21319 | Oct. 25, 2021 | Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can ... | 5.4 MEDIUM | https://wpscan.com/vulnerability/d0b312f8-8b16-45be-b5e5-bf9d4b3e9b1e |
| CVE-2021-24885 | Oct. 25, 2021 | The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cro... | 6.1 MEDIUM | https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6 |
| CVE-2020-20908 | Oct. 25, 2021 | Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts ... | 5.4 MEDIUM | https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm |
| CVE-2021-41145 | Oct. 25, 2021 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that... | 7.5 HIGH | https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 |
| CVE-2021-35230 | Oct. 22, 2021 | As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileg... | 6.7 MEDIUM | https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6 |
| CVE-2020-36490 | Oct. 22, 2021 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepa... | 5.4 MEDIUM | https://github.com/nothings/stb/issues/1225 |
| CVE-2021-40719 | Oct. 21, 2021 | Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation whe... | 9.8 CRITICAL | https://www.ibm.com/support/pages/node/6507077 |
| CVE-2021-36869 | Oct. 21, 2021 | Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.... | 6.1 MEDIUM | https://www.ibm.com/support/pages/node/6497111 |
| CVE-2021-41168 | Oct. 21, 2021 | Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found... | 6.5 MEDIUM | https://github.com/nothings/stb/pull/1223 |
| CVE-2021-34743 | Oct. 20, 2021 | A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an externa... | 7.1 HIGH | https://www.compass-security.com/fileadmin/Research/Advisories/2021-18_CSNC-2021-018-WPMailster_XSS_CSRF.txt |
| CVE-2021-2483 | Oct. 20, 2021 | Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Supported versions that are affected... | 8.1 HIGH | https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/ |
| CVE-2021-2484 | Oct. 20, 2021 | Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Supported versions th... | 8.1 HIGH | https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4 |
| CVE-2021-2485 | Oct. 20, 2021 | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-1... | 8.1 HIGH | https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch |
| CVE-2021-32663 | Oct. 19, 2021 | iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given ... | 7.5 HIGH | https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec |
| CVE-2021-32664 | Oct. 19, 2021 | Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged... | 4.8 MEDIUM | https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a |
| CVE-2021-41131 | Oct. 19, 2021 | python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path trav... | 8.7 HIGH | https://github.com/theupdateframework/python-tuf/issues/1527 |
| CVE-2021-41140 | Oct. 19, 2021 | Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given b... | 5.3 MEDIUM | https://github.com/discourse/discourse-reactions/security/advisories/GHSA-9358-hwg5-jrmh |
| CVE-2021-3746 | Oct. 19, 2021 | A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafte... | 6.5 MEDIUM | https://plugins.trac.wordpress.org/browser/indeed-job-importer/trunk/indeed-job-importer.php#L224 |
| CVE-2021-37136 | Oct. 19, 2021 | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size us... | 7.5 HIGH | https://plugins.trac.wordpress.org/browser/mpl-publisher/trunk/libs/PublisherController.php#L35 |
| CVE-2021-39355 | Oct. 19, 2021 | The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via severa... | 4.8 MEDIUM | https://plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165 |
| CVE-2021-39343 | Oct. 19, 2021 | The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several para... | 4.8 MEDIUM | https://wordpress.org/plugins/icegram/#developers |
| CVE-2021-39329 | Oct. 19, 2021 | The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several paramet... | 4.8 MEDIUM | https://support.apple.com/en-us/HT212805 |
| CVE-2021-37137 | Oct. 19, 2021 | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved ... | 7.5 HIGH | https://support.apple.com/en-us/HT212805 |
| CVE-2021-27001 | Oct. 19, 2021 | Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authentic... | 5.5 MEDIUM | https://www.ibm.com/support/pages/node/6505283 |
| CVE-2021-26589 | Oct. 19, 2021 | A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Sit... | 6.1 MEDIUM | https://github.com/contiki-ng/contiki-ng/pull/1355 |
| CVE-2021-36832 | Oct. 19, 2021 | WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) ... | 5.4 MEDIUM | https://www.ibm.com/support/pages/node/6505281 |
| CVE-2021-30830 | Oct. 19, 2021 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A... | 7.8 HIGH | https://support.apple.com/en-us/HT212805 |
| CVE-2021-31352 | Oct. 19, 2021 | An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, ... | 5.3 MEDIUM | https://success.trendmicro.com/solution/000289230 |
| CVE-2021-31356 | Oct. 19, 2021 | A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be ab... | 7.8 HIGH | https://bugs.launchpad.net/mailman/+bug/1947640 |
| CVE-2021-31357 | Oct. 19, 2021 | A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access ... | 7.8 HIGH | https://bugs.launchpad.net/mailman/+bug/1947639 |
| CVE-2021-31364 | Oct. 19, 2021 | An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Ju... | 5.9 MEDIUM | https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480 |
| CVE-2021-3872 | Oct. 19, 2021 | vim is vulnerable to Heap-based Buffer Overflow... | 7.8 HIGH | https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 |
| CVE-2021-29745 | Oct. 15, 2021 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which... | 8.8 HIGH | https://github.com/Dir0x/CVE-2021-43140 |
| CVE-2021-29679 | Oct. 15, 2021 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled inpu... | 8.8 HIGH | https://www.exploit-db.com/exploits/50158 |
| CVE-2020-4951 | Oct. 15, 2021 | IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.... | 3.3 LOW | https://www.zerodayinitiative.com/advisories/ZDI-21-909/ |
| CVE-2021-37726 | Oct. 12, 2021 | A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has... | 9.8 CRITICAL | https://www.ibm.com/support/pages/node/6513681 |
| CVE-2021-40462 | Oct. 12, 2021 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability... | 7.8 HIGH | https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba |
| CVE-2021-40464 | Oct. 12, 2021 | Windows Nearby Sharing Elevation of Privilege Vulnerability... | 8.0 HIGH | https://security.netapp.com/advisory/ntap-20211112-0005/ |
| CVE-2021-40465 | Oct. 12, 2021 | Windows Text Shaping Remote Code Execution Vulnerability... | 7.8 HIGH | https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-101321 |
| CVE-2021-29004 | Oct. 11, 2021 | rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not se... | 8.8 HIGH | https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt |
| CVE-2021-29006 | Oct. 11, 2021 | rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.... | 6.5 MEDIUM | https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py |
| CVE-2021-39317 | Oct. 11, 2021 | Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_ins... | 8.8 HIGH | https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php |
| CVE-2021-40886 | Oct. 11, 2021 | Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to by... | 6.5 MEDIUM | https://www.johnsoncontrols.com/cyber-solutions/security-advisories |
| CVE-2021-40884 | Oct. 11, 2021 | Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php an... | 8.1 HIGH | https://www.ibm.com/support/pages/node/6496777 |
| CVE-2021-27665 | Oct. 11, 2021 | An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and caus... | 7.5 HIGH | https://www.ibm.com/support/pages/node/6496781 |
| CVE-2021-40541 | Oct. 11, 2021 | PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated... | 6.1 MEDIUM | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832 |
| CVE-2021-35059 | Oct. 11, 2021 | OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.... | 6.1 MEDIUM | https://github.com/zulip/zulip/security/advisories/GHSA-4h36-mqfq-42jg |
| CVE-2021-24719 | Oct. 11, 2021 | The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions... | 6.1 MEDIUM | https://wpscan.com/vulnerability/a53e213f-6011-47f8-93e6-aa5ad30e857e |
| CVE-2021-20600 | Oct. 8, 2021 | Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a re... | 5.9 MEDIUM | https://jvn.jp/en/jp/JVN36340790/ |
| CVE-2021-35977 | Oct. 8, 2021 | An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. ... | 9.8 CRITICAL | https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603 |
| CVE-2021-41133 | Oct. 8, 2021 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak a... | 7.8 HIGH | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/ |
| CVE-2021-36767 | Oct. 8, 2021 | In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protec... | 9.8 CRITICAL | http://www.binaryworld.it/guidepoc.asp |
| CVE-2021-20489 | Oct. 7, 2021 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and u... | 8.8 HIGH | https://www.ibm.com/support/pages/node/6496785 |
| CVE-2021-20481 | Oct. 7, 2021 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript... | 6.1 MEDIUM | https://www.openwaygroup.com/way4-platform |
| CVE-2021-20473 | Oct. 7, 2021 | IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to i... | 6.5 MEDIUM | https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca |
| CVE-2021-41511 | Oct. 4, 2021 | The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass auth... | 9.8 CRITICAL | https://github.com/Ni7inSharma/CVE-2021-41511 |
| CVE-2021-41824 | Sept. 29, 2021 | Craft CMS before 3.7.14 allows CSV injection.... | 8.8 HIGH | https://github.com/craftcms/cms/security/advisories/GHSA-h7vq-5qgw-jwwq |
| CVE-2021-39821 | Sept. 29, 2021 | Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrar... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2021/06/10/5 |
| CVE-2021-3828 | Sept. 27, 2021 | nltk is vulnerable to Inefficient Regular Expression Complexity... | 7.5 HIGH | http://www.openwall.com/lists/oss-security/2021/08/30/1 |
| CVE-2021-41617 | Sept. 26, 2021 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups ... | 7.0 HIGH | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/ |
| CVE-2021-41381 | Sept. 23, 2021 | Payara Micro Community 5.2021.6 and below allows Directory Traversal.... | 7.5 HIGH | https://github.com/Net-hunter121/CVE-2021-41381/blob/main/CVE:%202021-41381-POC |
| CVE-2021-22005 | Sept. 23, 2021 | The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCen... | 9.8 CRITICAL | https://www.vmware.com/security/advisories/VMSA-2021-0020.html |
| CVE-2021-34699 | Sept. 22, 2021 | A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected d... | 7.7 HIGH | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert |
| CVE-2021-32276 | Sept. 20, 2021 | An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an atta... | 5.5 MEDIUM | https://www.mozilla.org/security/advisories/mfsa2021-43/ |
| CVE-2021-25741 | Sept. 20, 2021 | A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories ... | 8.1 HIGH | https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s |
| CVE-2021-39537 | Sept. 20, 2021 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.... | 8.8 HIGH | https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html |
| CVE-2021-32280 | Sept. 20, 2021 | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c.... | 5.5 MEDIUM | https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/ |
| CVE-2021-38177 | Sept. 14, 2021 | SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted mal... | 7.5 HIGH | https://www.kingjim.co.jp/download/security/#sr01 |
| CVE-2020-21050 | Sept. 14, 2021 | Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.... | 6.5 MEDIUM | https://cwe.mitre.org/data/definitions/121.html |
| CVE-2021-33285 | Sept. 7, 2021 | In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow ... | 7.8 HIGH | https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp |
| CVE-2021-39251 | Sept. 7, 2021 | A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2021/08/30/1 |
| CVE-2021-39252 | Sept. 7, 2021 | A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2021/08/30/1 |
| CVE-2021-39253 | Sept. 7, 2021 | A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2021/08/30/1 |
| CVE-2021-33289 | Sept. 7, 2021 | In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code... | 7.8 HIGH | http://tuxera.com |
| CVE-2021-35268 | Sept. 7, 2021 | In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur ... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2021/08/30/1 |
| CVE-2021-33286 | Sept. 7, 2021 | In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for c... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2021/08/30/1 |
| CVE-2021-35269 | Sept. 7, 2021 | NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overfl... | 7.8 HIGH | http://www.openwall.com/lists/oss-security/2016/12/01/2 |
| CVE-2020-19750 | Sept. 7, 2021 | An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.... | 7.5 HIGH | https://github.com/gpac/gpac/issues/1262 |
| CVE-2020-19751 | Sept. 7, 2021 | An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.... | 9.1 CRITICAL | https://github.com/gpac/gpac/issues/1272 |
| CVE-2021-40528 | Sept. 6, 2021 | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a cert... | 5.9 MEDIUM | https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp |
| CVE-2020-18048 | Sept. 2, 2021 | An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.... | 9.8 CRITICAL | https://github.com/bertanddip/CraigMS/issues/1 |
| CVE-2021-36055 | Sept. 1, 2021 | XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the cont... | 7.8 HIGH | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2021-36054 | Sept. 1, 2021 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of servi... | 3.3 LOW | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2021-36053 | Sept. 1, 2021 | XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. A... | 3.3 LOW | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2021-36052 | Sept. 1, 2021 | XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the co... | 7.8 HIGH | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2021-36050 | Sept. 1, 2021 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the c... | 7.8 HIGH | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2021-36045 | Sept. 1, 2021 | XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. A... | 3.3 LOW | https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html |
| CVE-2021-36048 | Sept. 1, 2021 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code executi... | 7.8 HIGH | https://www.oscommerce.com/ |
| CVE-2021-36047 | Sept. 1, 2021 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code executi... | 7.8 HIGH | https://www.oscommerce.com/ |
| CVE-2021-36046 | Sept. 1, 2021 | XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the co... | 7.8 HIGH | https://www.oscommerce.com/ |
| CVE-2021-34746 | Sept. 1, 2021 | A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) coul... | 9.8 CRITICAL | https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c |
| CVE-2021-36981 | Aug. 31, 2021 | In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.... | 8.8 HIGH | https://github.com/SerNet/verinice/compare/1.22.1...1.22.2 |
| CVE-2021-37712 | Aug. 31, 2021 | The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution v... | 8.6 HIGH | https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p |
| CVE-2020-19001 | Aug. 27, 2021 | Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/... | 9.8 CRITICAL | https://github.com/tankywoo/simiki/issues/123 |
| CVE-2021-30931 | Aug. 24, 2021 | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2, Security Update 2021-008 Cat... | 5.5 MEDIUM | https://medium.com/@mayhem7999/cve-2021-43441-2fcc857cb6bb |
| CVE-2021-24556 | Aug. 23, 2021 | The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the ... | 6.1 MEDIUM | https://www.ibm.com/support/pages/node/6482689 |
| CVE-2021-24555 | Aug. 23, 2021 | The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL sta... | 8.8 HIGH | https://x-stream.github.io/CVE-2021-39139.html |
| CVE-2021-29704 | Aug. 23, 2021 | IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... | 7.5 HIGH | https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d |
| CVE-2021-29802 | Aug. 23, 2021 | IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies... | 7.5 HIGH | https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76 |
| CVE-2021-39139 | Aug. 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load an... | 8.8 HIGH | https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7 |
| CVE-2021-3728 | Aug. 23, 2021 | firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... | 6.5 MEDIUM | https://www.netmodule.com |
| CVE-2021-39609 | Aug. 23, 2021 | Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.... | 5.4 MEDIUM | https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-39609 |
| CVE-2020-18775 | Aug. 23, 2021 | In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a... | 6.5 MEDIUM | https://cwe.mitre.org/data/definitions/126.html |
| CVE-2020-18778 | Aug. 23, 2021 | In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a... | 6.5 MEDIUM | https://cwe.mitre.org/data/definitions/126.html |
| CVE-2020-18771 | Aug. 23, 2021 | Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information l... | 8.1 HIGH | https://github.com/Exiv2/exiv2/issues/756 |
| CVE-2020-36477 | Aug. 22, 2021 | An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of m... | 5.9 MEDIUM | https://wpscan.com/vulnerability/f050aedc-f79f-4b27-acac-0cdb33b25af8 |
| CVE-2020-36476 | Aug. 22, 2021 | An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in ... | 7.5 HIGH | https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f |
| CVE-2020-36475 | Aug. 22, 2021 | An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are... | 7.5 HIGH | https://www.ibm.com/support/pages/node/6482585 |
| CVE-2021-22246 | Aug. 20, 2021 | A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service... | 6.5 MEDIUM | https://gitlab.com/gitlab-org/gitlab/-/issues/280633 |
| CVE-2021-22238 | Aug. 20, 2021 | An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in... | 5.4 MEDIUM | https://gitlab.com/gitlab-org/gitlab/-/issues/332420 |
| CVE-2021-21823 | Aug. 20, 2021 | An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted se... | 7.5 HIGH | https://www.kb.cert.org/vuls/id/608209 |
| CVE-2021-28641 | Aug. 20, 2021 | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-fr... | 7.8 HIGH | https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 |
| CVE-2021-28642 | Aug. 20, 2021 | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bound... | 7.8 HIGH | https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0 |
| CVE-2021-28643 | Aug. 20, 2021 | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusio... | 3.3 LOW | https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0 |
| CVE-2021-28640 | Aug. 20, 2021 | Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-fr... | 7.3 HIGH | https://www.kb.cert.org/vuls/id/608209 |
| CVE-2020-18885 | Aug. 20, 2021 | Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.p... | 7.2 HIGH | https://github.com/gaozhifeng/PHPMyWind/issues/4 |
| CVE-2021-31226 | Aug. 19, 2021 | An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due t... | 9.8 CRITICAL | https://wordfence.com/vulnerability-advisories/#CVE-2021-34645 |
| CVE-2021-34645 | Aug. 19, 2021 | The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ... | 8.8 HIGH | https://github.com/1N3/Sn1per/releases |
| CVE-2021-31868 | Aug. 19, 2021 | Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing featu... | 5.4 MEDIUM | https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E |
| CVE-2021-39273 | Aug. 19, 2021 | In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the... | 8.8 HIGH | https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r |
| CVE-2020-18899 | Aug. 19, 2021 | An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS)... | 6.5 MEDIUM | https://github.com/Exiv2/exiv2/issues/742 |
| CVE-2021-34745 | Aug. 18, 2021 | A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM priv... | 7.8 HIGH | https://jsoup.org/news/release-1.14.1 |
| CVE-2021-32588 | Aug. 18, 2021 | A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and ... | 9.8 CRITICAL | https://pivotal.io/security/cve-2015-5170-5173 |
| CVE-2021-38291 | Aug. 12, 2021 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.... | 7.5 HIGH | https://www.mozilla.org/security/advisories/mfsa2021-38/ |
| CVE-2021-0002 | Aug. 11, 2021 | Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to pote... | 7.1 HIGH | https://www.mozilla.org/security/advisories/mfsa2021-38/ |
| CVE-2021-33707 | Aug. 10, 2021 | SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a ... | 6.1 MEDIUM | https://github.com/adriankumpf/teslamate/compare/v1.25.0...v1.25.1 |
| CVE-2021-38198 | Aug. 8, 2021 | arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing g... | 5.5 MEDIUM | https://github.com/torvalds/linux/commit/b1bd5cba3306691c771d558e94baa73e8b0b96b7 |
| CVE-2021-22922 | Aug. 5, 2021 | When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The m... | 6.5 MEDIUM | https://hackerone.com/reports/1213175 |
| CVE-2021-38114 | Aug. 4, 2021 | libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.... | 5.5 MEDIUM | https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj |
| CVE-2021-35477 | Aug. 2, 2021 | In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass sid... | 5.5 MEDIUM | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c |
| CVE-2021-35942 | July 22, 2021 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called ... | 9.1 CRITICAL | https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c |
| CVE-2021-37159 | July 21, 2021 | hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED sta... | 6.4 MEDIUM | https://security.netapp.com/advisory/ntap-20210819-0003/ |
| CVE-2021-33910 | July 20, 2021 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and allo... | 5.5 MEDIUM | http://www.openwall.com/lists/oss-security/2021/08/04/2 |
| CVE-2021-36976 | July 20, 2021 | libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).... | 6.5 MEDIUM | http://seclists.org/fulldisclosure/2022/Mar/28 |
| CVE-2021-35043 | July 19, 2021 | OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a j... | 6.1 MEDIUM | http://www.openwall.com/lists/oss-security/2021/06/10/6 |
| CVE-2021-22318 | July 14, 2021 | A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial o... | 5.5 MEDIUM | https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html |
| CVE-2021-25953 | July 14, 2021 | Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote cod... | 9.8 CRITICAL | https://www.exploit-db.com/exploits/43225/ |
| CVE-2021-0441 | July 14, 2021 | In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege wi... | 7.3 HIGH | ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32 |
| CVE-2021-0486 | July 14, 2021 | In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead ... | 7.8 HIGH | http://www.iss.net/security_center/static/7494.php |
| CVE-2021-20781 | July 13, 2021 | Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.... | 8.8 HIGH | https://wp-filter.com/ |
| CVE-2021-20782 | July 13, 2021 | Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authenticati... | 8.8 HIGH | https://wordpress.org/plugins/software-license-manager/ |
| CVE-2021-20784 | July 13, 2021 | HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or al... | 6.1 MEDIUM | https://www.voidtools.com/ |
| CVE-2021-22440 | July 13, 2021 | There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a path... | 4.6 MEDIUM | http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH |
| CVE-2021-27038 | July 9, 2021 | A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A mali... | 7.8 HIGH | https://github.com/KDE/ark/commits/master |
| CVE-2021-21775 | July 7, 2021 | A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted ... | 8.8 HIGH | https://www.wordfence.com/blog/2021/06/cross-site-request-forgery-patched-in-wp-fluent-forms/ |
| CVE-2021-21807 | July 7, 2021 | An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed fi... | 8.8 HIGH | https://ru.wordpress.org/plugins/media-file-organizer/ |
| CVE-2021-34620 | July 7, 2021 | The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privi... | 8.8 HIGH | https://wordpress.org/plugins/import-xml-feed/#developers |
| CVE-2020-24142 | July 7, 2021 | Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests... | 9.8 CRITICAL | https://docs.pexip.com/admin/security_bulletins.htm#CVE-2020-25868 |
| CVE-2021-32538 | July 7, 2021 | ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files witho... | 9.8 CRITICAL | https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 |
| CVE-2021-24388 | July 6, 2021 | In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields tha... | 5.4 MEDIUM | https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg |
| CVE-2021-36086 | June 30, 2021 | The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list)... | 3.3 LOW | https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 |
| CVE-2021-36085 | June 30, 2021 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).... | 3.3 LOW | https://security.netapp.com/advisory/ntap-20211112-0005/ |
| CVE-2021-36084 | June 30, 2021 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper)... | 3.3 LOW | https://security.netapp.com/advisory/ntap-20211112-0005/ |
| CVE-2021-31721 | June 30, 2021 | Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.... | 6.1 MEDIUM | https://github.com/nahsra/antisamy/releases/tag/v1.6.4 |
| CVE-2021-31811 | June 12, 2021 | In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2... | 5.5 MEDIUM | https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff@%3Cnotifications.ofbiz.apache.org%3E |
| CVE-2021-31812 | June 12, 2021 | In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 an... | 5.5 MEDIUM | http://packetstormsecurity.com/files/164183/Cloudron-6.2-Cross-Site-Scripting.html |
| CVE-2021-22897 | June 11, 2021 | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcur... | 5.3 MEDIUM | https://curl.se/docs/CVE-2021-22897.html |
| CVE-2021-22898 | June 11, 2021 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used... | 3.1 LOW | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf |
| CVE-2021-22901 | June 11, 2021 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arri... | 8.1 HIGH | https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf |
| CVE-2021-26414 | June 8, 2021 | Windows DCOM Server Security Feature Bypass... | 6.5 MEDIUM | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh |
| CVE-2021-3520 | June 2, 2021 | There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to... | 9.8 CRITICAL | https://security.netapp.com/advisory/ntap-20211104-0005/ |
| CVE-2021-20267 | May 28, 2021 | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server insta... | 7.1 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=1939141 |
| CVE-2021-33558 | May 27, 2021 | ** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.... | 7.5 HIGH | https://github.com/mdanzaruddin/CVE-2021-33558./issues/1 |
| CVE-2020-10698 | May 27, 2021 | A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other o... | 3.3 LOW | https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 |
| CVE-2020-26555 | May 24, 2021 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_... | 5.4 MEDIUM | https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf |
| CVE-2018-25009 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().... | 9.1 CRITICAL | https://epson.com/Support/wa00936 |
| CVE-2021-23892 | May 12, 2021 | By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW... | 7.0 HIGH | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504 |
| CVE-2020-13529 | May 10, 2021 | An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP c... | 6.1 MEDIUM | https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ |
| CVE-2021-21551 | May 4, 2021 | Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or inf... | 7.8 HIGH | https://vuldb.com/?ctiid.269803 |
| CVE-2021-25664 | April 22, 2021 | A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Sourc... | 7.5 HIGH | https://us-cert.cisa.gov/ics/advisories/icsa-21-103-04 |
| CVE-2021-27393 | April 22, 2021 | A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All ver... | 5.3 MEDIUM | https://wpscan.com/vulnerability/84e83d52-f69a-4de2-80c8-7c1996b30a04 |
| CVE-2021-21393 | April 12, 2021 | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... | 6.5 MEDIUM | https://github.com/matrix-org/synapse/pull/9200 |
| CVE-2021-21392 | April 12, 2021 | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... | 6.3 MEDIUM | https://github.com/matrix-org/synapse/pull/9200 |
| CVE-2021-21394 | April 12, 2021 | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... | 6.5 MEDIUM | https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html |
| CVE-2021-22876 | April 1, 2021 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in t... | 5.3 MEDIUM | https://curl.se/docs/CVE-2021-22876.html |
| CVE-2021-22890 | April 1, 2021 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 ses... | 3.7 LOW | https://curl.se/docs/CVE-2021-22890.html |
| CVE-2021-21333 | March 26, 2021 | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... | 6.1 MEDIUM | https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html |
| CVE-2021-21332 | March 26, 2021 | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... | 8.2 HIGH | https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html |
| CVE-2020-7346 | March 23, 2021 | Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through... | 7.8 HIGH | https://access.redhat.com/errata/RHSA-2019:2713 |
| CVE-2021-28660 | March 17, 2021 | rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] arr... | 8.8 HIGH | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414 |
| CVE-2021-25281 | Feb. 27, 2021 | An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attack... | 9.8 CRITICAL | https://github.com/matrix-org/synapse/pull/9393 |
| CVE-2021-25283 | Feb. 27, 2021 | An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.... | 9.8 CRITICAL | https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html |
| CVE-2021-25284 | Feb. 27, 2021 | An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.... | 4.4 MEDIUM | https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html |
| CVE-2021-3144 | Feb. 27, 2021 | In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions... | 9.1 CRITICAL | https://github.com/saltstack/salt/releases |
| CVE-2021-3148 | Feb. 27, 2021 | An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command... | 9.8 CRITICAL | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ |
| CVE-2021-3197 | Feb. 27, 2021 | An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an ... | 9.8 CRITICAL | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/ |
| CVE-2021-25282 | Feb. 27, 2021 | An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.... | 9.1 CRITICAL | https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html |
| CVE-2020-35662 | Feb. 27, 2021 | In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.... | 7.4 HIGH | https://github.com/matrix-org/synapse/pull/8950 |
| CVE-2020-28972 | Feb. 27, 2021 | In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL... | 5.9 MEDIUM | https://github.com/matrix-org/synapse/pull/8821 |
| CVE-2020-35568 | Feb. 16, 2021 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An inc... | 4.3 MEDIUM | https://cert.vde.com/en/advisories/VDE-2022-039 |
| CVE-2020-35570 | Feb. 16, 2021 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated atta... | 5.3 MEDIUM | https://cert.vde.com/en/advisories/VDE-2022-039 |
| CVE-2020-35566 | Feb. 16, 2021 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An att... | 5.3 MEDIUM | https://cert.vde.com/en/advisories/VDE-2022-039 |
| CVE-2020-35561 | Feb. 16, 2021 | An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is ... | 5.3 MEDIUM | https://cert.vde.com/en/advisories/VDE-2022-039 |
| CVE-2020-35558 | Feb. 16, 2021 | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the... | 7.5 HIGH | https://cert.vde.com/en/advisories/VDE-2022-039 |
| CVE-2020-9453 | Feb. 5, 2021 | In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other imp... | 5.5 MEDIUM | http://seclists.org/fulldisclosure/2022/Dec/6 |
| CVE-2021-3116 | Jan. 11, 2021 | before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a... | 7.5 HIGH | https://access.redhat.com/errata/RHSA-2018:2927 |
| CVE-2020-8169 | Dec. 14, 2020 | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network ... | 7.5 HIGH | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf |
| CVE-2020-8177 | Dec. 14, 2020 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file whe... | 7.8 HIGH | https://curl.se/docs/CVE-2020-8177.html |
| CVE-2020-8231 | Dec. 14, 2020 | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.... | 7.5 HIGH | https://curl.haxx.se/docs/CVE-2020-8231.html |
| CVE-2020-8284 | Dec. 14, 2020 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way po... | 3.7 LOW | https://curl.se/docs/CVE-2020-8284.html |
| CVE-2020-8285 | Dec. 14, 2020 | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.... | 7.5 HIGH | https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf |
| CVE-2020-8286 | Dec. 14, 2020 | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.... | 7.5 HIGH | http://seclists.org/fulldisclosure/2021/Apr/51 |
| CVE-2020-27818 | Dec. 7, 2020 | A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cau... | 3.3 LOW | https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72 |
| CVE-2020-27158 | Oct. 27, 2020 | Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.... | 9.8 CRITICAL | https://www.westerndigital.com/support/productsecurity |
| CVE-2020-25765 | Oct. 27, 2020 | Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior... | 9.8 CRITICAL | https://www.westerndigital.com/support/productsecurity |
| CVE-2020-6648 | Oct. 21, 2020 | A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9... | 6.5 MEDIUM | https://www.fortiguard.com/psirt/FG-IR-20-236 |
| CVE-2020-27611 | Oct. 21, 2020 | BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.... | 7.3 HIGH | https://github.com/bigbluebutton/bigbluebutton/commit/d0bc77c3dbd858295004f15d7a57ec35e6b203d6 |
| CVE-2020-5791 | Oct. 20, 2020 | Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating sy... | 7.2 HIGH | http://packetstormsecurity.com/files/162235/Nagios-XI-5.7.3-Remote-Code-Execution.html |
| CVE-2020-3992 | Oct. 20, 2020 | OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-... | 9.8 CRITICAL | https://www.zerodayinitiative.com/advisories/ZDI-20-1377/ |
| CVE-2020-13778 | Oct. 19, 2020 | rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate... | 8.8 HIGH | https://github.com/theguly/exploits/blob/master/CVE-2020-13778.py |
| CVE-2020-25829 | Oct. 16, 2020 | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records... | 7.5 HIGH | https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html |
| CVE-2020-26682 | Oct. 16, 2020 | In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.... | 8.8 HIGH | https://github.com/libass/libass/issues/431 |
| CVE-2020-7591 | Oct. 15, 2020 | A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to im... | 8.8 HIGH | https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06 |
| CVE-2020-15792 | Oct. 15, 2020 | A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query paramete... | 4.3 MEDIUM | https://us-cert.cisa.gov/ics/advisories/icsa-20-287-05 |
| CVE-2020-2268 | Sept. 16, 2020 | A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any ar... | 8.8 HIGH | https://lists.debian.org/debian-lts-announce/2023/07/msg00024.html |
| CVE-2020-6343 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6342 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6341 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6340 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6339 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6338 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of t... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6337 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6336 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6335 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6334 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 |
| CVE-2020-6333 | Sept. 9, 2020 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of ... | 4.3 MEDIUM | https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff@%3Cnotifications.ofbiz.apache.org%3E |
| CVE-2020-24654 | Sept. 2, 2020 | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operatio... | 3.3 LOW | https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html |
| CVE-2020-15862 | Aug. 19, 2020 | Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as... | 7.8 HIGH | https://www.oracle.com/security-alerts/cpuoct2023.html |
| CVE-2020-16116 | Aug. 3, 2020 | In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.... | 3.3 LOW | https://bugzilla.suse.com/show_bug.cgi?id=1175857 |
| CVE-2020-14678 | July 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 a... | 7.2 HIGH | https://security.netapp.com/advisory/ntap-20200717-0004/ |
| CVE-2020-14680 | July 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. E... | 6.5 MEDIUM | https://github.com/tharsis/evmos/releases/tag/v2.0.1 |
| CVE-2020-14702 | July 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 a... | 4.9 MEDIUM | https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04 |
| CVE-2020-14575 | July 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily ... | 4.9 MEDIUM | https://www.robotemi.com/software-updates/ |
| CVE-2020-14697 | July 15, 2020 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 a... | 7.2 HIGH | https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md |
| CVE-2019-18256 | June 29, 2020 | BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with ph... | 4.6 MEDIUM | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info |
| CVE-2020-14472 | June 24, 2020 | On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.... | 9.8 CRITICAL | https://security.gradle.com/advisory/CVE-2020-15767 |
| CVE-2020-7667 | June 24, 2020 | In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived ... | 7.5 HIGH | https://github.com/torvalds/linux/commit/bcd0f93353326954817a4f9fa55ec57fb38acbb0 |
| CVE-2020-7664 | June 23, 2020 | In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include lea... | 7.5 HIGH | https://www.ibm.com/support/pages/node/6520420 |
| CVE-2020-14401 | June 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.... | 6.5 MEDIUM | https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff |
| CVE-2020-14402 | June 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.... | 5.4 MEDIUM | https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365 |
| CVE-2020-14403 | June 17, 2020 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.... | 5.4 MEDIUM | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10286 |
| CVE-2019-20838 | June 15, 2020 | libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related ... | 7.5 HIGH | http://seclists.org/fulldisclosure/2021/Feb/14 |
| CVE-2020-14155 | June 15, 2020 | libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.... | 5.3 MEDIUM | http://seclists.org/fulldisclosure/2021/Feb/14 |
| CVE-2020-9803 | June 9, 2020 | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari ... | 8.8 HIGH | https://support.apple.com/HT211171 |
| CVE-2020-9806 | June 9, 2020 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, S... | 8.8 HIGH | https://support.apple.com/HT211171 |
| CVE-2020-9807 | June 9, 2020 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, S... | 8.8 HIGH | https://support.apple.com/HT211171 |
| CVE-2020-13757 | June 1, 2020 | Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by hel... | 7.5 HIGH | https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667 |
| CVE-2020-13414 | May 22, 2020 | An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.... | 7.5 HIGH | https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/ |
| CVE-2020-13413 | May 22, 2020 | An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perf... | 5.3 MEDIUM | https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/ |
| CVE-2020-12770 | May 9, 2020 | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.... | 6.7 MEDIUM | https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html |
| CVE-2020-12762 | May 9, 2020 | json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.... | 7.8 HIGH | https://github.com/json-c/json-c/pull/592 |
| CVE-2020-12101 | April 30, 2020 | The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating... | 4.3 MEDIUM | http://seclists.org/fulldisclosure/2020/May/0 |
| CVE-2020-10951 | April 15, 2020 | Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.... | 4.7 MEDIUM | https://www.westerndigital.com/support/productsecurity/wdc-19012-my-cloud-home-and-ibi-portal-websites-clickjacking-vulnerability |
| CVE-2019-20636 | April 8, 2020 | In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, a... | 6.7 MEDIUM | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784 |
| CVE-2020-3900 | April 1, 2020 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari... | 8.8 HIGH | https://support.apple.com/HT211102 |
| CVE-2020-3899 | April 1, 2020 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safar... | 8.8 HIGH | https://support.apple.com/HT211102 |
| CVE-2020-3895 | April 1, 2020 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari... | 8.8 HIGH | https://support.apple.com/HT211102 |
| CVE-2020-1712 | March 31, 2020 | A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus ... | 7.8 HIGH | https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 |
| CVE-2020-6812 | March 25, 2020 | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera ... | 5.3 MEDIUM | https://usn.ubuntu.com/4328-1/ |
| CVE-2019-19614 | March 9, 2020 | An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the l... | 7.5 HIGH | https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-572804 |
| CVE-2019-20454 | Feb. 14, 2020 | An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF ... | 7.5 HIGH | https://bugs.php.net/bug.php?id=78338 |
| CVE-2020-8648 | Feb. 5, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.... | 7.1 HIGH | https://bugzilla.kernel.org/show_bug.cgi?id=206361 |
| CVE-2020-3939 | Feb. 4, 2020 | SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attacker... | 6.1 MEDIUM | https://security.gradle.com/advisory/CVE-2020-15771 |
| CVE-2020-6007 | Jan. 23, 2020 | Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during th... | 7.9 HIGH | https://www2.meethue.com/en-us/support/release-notes/bridge |
| CVE-2019-20386 | Jan. 21, 2020 | An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may o... | 2.4 LOW | https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad |
| CVE-2014-0048 | Jan. 2, 2020 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.... | 9.8 CRITICAL | http://www.openwall.com/lists/oss-security/2015/03/24/22 |
| CVE-2019-19774 | Dec. 13, 2019 | An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /e... | 8.8 HIGH | http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html |
| CVE-2019-18420 | Oct. 31, 2019 | An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall... | 6.5 MEDIUM | http://www.openwall.com/lists/oss-security/2019/10/31/1 |
| CVE-2019-11281 | Oct. 16, 2019 | Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.1... | 4.8 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html |
| CVE-2019-15021 | Oct. 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbo... | 5.3 MEDIUM | https://supportcontent.ibm.com/support/pages/node/886885 |
| CVE-2019-1584 | Oct. 9, 2019 | A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a mal... | 9.8 CRITICAL | https://www.exploit-db.com/exploits/42290/ |
| CVE-2019-15023 | Oct. 9, 2019 | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in ... | 7.5 HIGH | https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html |
| CVE-2019-15022 | Oct. 9, 2019 | A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.... | 7.5 HIGH | https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39 |
| CVE-2019-15020 | Oct. 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update... | 9.8 CRITICAL | http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html |
| CVE-2019-15019 | Oct. 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update... | 9.8 CRITICAL | http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html |
| CVE-2019-15018 | Oct. 9, 2019 | A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector i... | 7.5 HIGH | http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html |
| CVE-2019-13332 | Oct. 3, 2019 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is requir... | 7.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-19-855/ |
| CVE-2019-13331 | Oct. 3, 2019 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is requir... | 7.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-19-854/ |
| CVE-2019-13330 | Oct. 3, 2019 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is requir... | 7.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-19-853/ |
| CVE-2019-13329 | Oct. 3, 2019 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to ex... | 7.8 HIGH | https://www.zerodayinitiative.com/advisories/ZDI-19-852/ |
| CVE-2019-3729 | Sept. 30, 2019 | RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability wh... | 2.4 LOW | https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b |
| CVE-2019-4378 | Sept. 26, 2019 | IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable ... | 6.5 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html |
| CVE-2019-10424 | Sept. 25, 2019 | Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with a... | 5.5 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1561 |
| CVE-2019-10423 | Sept. 25, 2019 | Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with a... | 5.5 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1551 |
| CVE-2019-10422 | Sept. 25, 2019 | Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Ext... | 6.5 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1548 |
| CVE-2019-10421 | Sept. 25, 2019 | Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed b... | 4.3 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1544 |
| CVE-2019-10420 | Sept. 25, 2019 | Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with a... | 5.5 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1543 |
| CVE-2019-10419 | Sept. 25, 2019 | Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi... | 5.5 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURTIY-1541 |
| CVE-2019-10416 | Sept. 25, 2019 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they c... | 6.5 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1577 |
| CVE-2019-10415 | Sept. 25, 2019 | Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master whe... | 6.5 MEDIUM | https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1577 |
| CVE-2019-16712 | Sept. 23, 2019 | ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.... | 6.5 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html |
| CVE-2019-16709 | Sept. 23, 2019 | ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.... | 6.5 MEDIUM | https://www.npmjs.com/advisories/1095 |
| CVE-2019-15138 | Sept. 20, 2019 | The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.... | 7.5 HIGH | https://github.com/libav/libav/commits/master/libavcodec/srtdec.c |
| CVE-2019-9719 | Sept. 19, 2019 | ** DISPUTED ** A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in M... | 8.8 HIGH | https://www.us-cert.gov/ics/advisories/icsa-19-255-05 |
| CVE-2019-9009 | Sept. 17, 2019 | An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.... | 7.5 HIGH | https://jira.atlassian.com/browse/JRASERVER-69796 |
| CVE-2019-4342 | Sept. 17, 2019 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We... | 5.4 MEDIUM | https://security.netapp.com/advisory/ntap-20191009-0001/ |
| CVE-2019-4183 | Sept. 17, 2019 | IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that... | 7.5 HIGH | https://security.netapp.com/advisory/ntap-20191009-0001/ |
| CVE-2019-8449 | Sept. 11, 2019 | The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosur... | 5.3 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html |
| CVE-2019-16167 | Sept. 9, 2019 | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.... | 5.5 MEDIUM | http://www.openwall.com/lists/oss-security/2019/12/05/2 |
| CVE-2019-5473 | Sept. 9, 2019 | An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.... | 7.2 HIGH | https://hackerone.com/reports/565883 |
| CVE-2019-5467 | Sept. 9, 2019 | An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulne... | 5.4 MEDIUM | https://hackerone.com/reports/526325 |
| CVE-2019-5463 | Sept. 9, 2019 | An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerab... | 5.3 MEDIUM | https://hackerone.com/reports/477222 |
| CVE-2019-9461 | Sept. 6, 2019 | In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent netwo... | 6.5 MEDIUM | https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf |
| CVE-2019-15954 | Sept. 5, 2019 | An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on th... | 9.9 CRITICAL | https://www.ibm.com/support/docview.wss?uid=ibm10958193 |
| CVE-2017-18559 | Aug. 21, 2019 | The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.... | 6.1 MEDIUM | https://wpvulndb.com/vulnerabilities/9727 |
| CVE-2014-10377 | Aug. 21, 2019 | The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.... | 6.1 MEDIUM | https://wpvulndb.com/vulnerabilities/9812 |
| CVE-2019-4402 | Aug. 20, 2019 | IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X... | 7.5 HIGH | https://www.ibm.com/support/docview.wss?uid=ibm10870490 |
| CVE-2019-4049 | Aug. 20, 2019 | IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the under... | 5.5 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html |
| CVE-2019-11145 | Aug. 19, 2019 | Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of p... | 7.8 HIGH | http://seclists.org/fulldisclosure/2019/Aug/25 |
| CVE-2019-15150 | Aug. 19, 2019 | In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callba... | 8.8 HIGH | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/ |
| CVE-2019-15237 | Aug. 19, 2019 | Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.... | 7.4 HIGH | https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes |
| CVE-2019-12854 | Aug. 15, 2019 | Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this... | 7.5 HIGH | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYWBJHSBBLAHKMRWDWH2XXQDYAGDHB5I/ |
| CVE-2019-9010 | Aug. 15, 2019 | An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All v... | 9.8 CRITICAL | https://www.us-cert.gov/ics/advisories/icsa-19-213-03 |
| CVE-2019-13516 | Aug. 15, 2019 | In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has... | 8.8 HIGH | https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes |
| CVE-2016-10884 | Aug. 14, 2019 | The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.... | 8.8 HIGH | https://wpvulndb.com/vulnerabilities/9744 |
| CVE-2015-9309 | Aug. 14, 2019 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.... | 8.8 HIGH | https://wpvulndb.com/vulnerabilities/9766 |
| CVE-2015-9308 | Aug. 14, 2019 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.... | 8.8 HIGH | https://wpvulndb.com/vulnerabilities/9766 |
| CVE-2015-9307 | Aug. 14, 2019 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.... | 8.8 HIGH | https://wpvulndb.com/vulnerabilities/9766 |
| CVE-2016-10867 | Aug. 13, 2019 | The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.... | 6.1 MEDIUM | https://wpvulndb.com/vulnerabilities/9736 |
| CVE-2015-9302 | Aug. 13, 2019 | The simple-fields plugin before 1.4.11 for WordPress has XSS.... | 6.1 MEDIUM | https://wpvulndb.com/vulnerabilities/8342 |
| CVE-2015-9298 | Aug. 13, 2019 | The events-manager plugin before 5.6 for WordPress has code injection.... | 9.8 CRITICAL | https://wpvulndb.com/vulnerabilities/9761 |
| CVE-2015-9297 | Aug. 13, 2019 | The events-manager plugin before 5.6 for WordPress has XSS.... | 6.1 MEDIUM | https://wpvulndb.com/vulnerabilities/9761 |
| CVE-2019-1946 | Aug. 8, 2019 | A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote a... | 6.5 MEDIUM | https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4 |
| CVE-2019-1949 | Aug. 8, 2019 | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a ... | 4.8 MEDIUM | https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes |
| CVE-2019-1926 | Aug. 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... | 7.8 HIGH | https://github.com/FRRouting/frr/commit/6d58272b4cf96f0daa846210dd2104877900f921 |
| CVE-2019-1927 | Aug. 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... | 7.8 HIGH | https://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud |
| CVE-2019-1928 | Aug. 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... | 7.8 HIGH | https://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud |
| CVE-2019-1929 | Aug. 7, 2019 | Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... | 7.8 HIGH | https://github.com/dataease/dataease/security/advisories/GHSA-xj3h-3wmw-j5vf |
| CVE-2019-14664 | Aug. 5, 2019 | In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted pa... | 6.5 MEDIUM | https://www.ibm.com/support/docview.wss?uid=ibm10886887 |
| CVE-2019-4261 | Aug. 5, 2019 | IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by spec... | 6.5 MEDIUM | https://exchange.xforce.ibmcloud.com/vulnerabilities/158698 |
| CVE-2019-4165 | July 31, 2019 | IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-F... | 7.5 HIGH | https://www.ibm.com/support/docview.wss?uid=ibm10884064 |
| CVE-2019-4285 | July 30, 2019 | IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a vic... | 5.4 MEDIUM | https://www.ibm.com/support/docview.wss?uid=ibm10957121 |
| CVE-2019-14213 | July 21, 2019 | An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during ... | 7.5 HIGH | https://www.foxitsoftware.com/support/security-bulletins.php |
| CVE-2019-4131 | July 11, 2019 | IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS looku... | 5.3 MEDIUM | http://www.securityfocus.com/bid/108686 |
| CVE-2019-6633 | July 3, 2019 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mod... | 4.4 MEDIUM | https://support.f5.com/csp/article/K73522927 |
| CVE-2019-6639 | July 3, 2019 | On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages f... | 4.8 MEDIUM | https://support.f5.com/csp/article/K61002104 |
| CVE-2019-6635 | July 3, 2019 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for... | 4.4 MEDIUM | https://support.f5.com/csp/article/K11330536 |
| CVE-2019-6631 | July 3, 2019 | On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual ... | 7.5 HIGH | https://support.f5.com/csp/article/K19501795 |
| CVE-2019-6629 | July 3, 2019 | On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Cli... | 7.5 HIGH | https://support.f5.com/csp/article/K95434410?utm_source=f5support&utm_medium=RSS |
| CVE-2019-6623 | July 2, 2019 | On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause t... | 7.5 HIGH | https://support.f5.com/csp/article/K72335002 |
| CVE-2019-10271 | June 24, 2019 | An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possibl... | 4.3 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2241782 |
| CVE-2019-3802 | June 3, 2019 | This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, Ex... | 5.3 MEDIUM | https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E |
| CVE-2019-6619 | May 3, 2019 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/... | 7.5 HIGH | https://support.f5.com/csp/article/K94563344 |
| CVE-2019-6616 | May 3, 2019 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite cri... | 7.2 HIGH | https://support.f5.com/csp/article/K82814400 |
| CVE-2019-6617 | May 3, 2019 | On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to ... | 6.5 MEDIUM | https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2019-6617.txt |
| CVE-2019-9017 | May 2, 2019 | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.... | 7.5 HIGH | https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 |
| CVE-2019-1757 | March 27, 2019 | A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthor... | 5.9 MEDIUM | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-isdn |
| CVE-2019-1752 | March 27, 2019 | A vulnerability in the ISDN functions of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the dev... | 7.5 HIGH | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-pnp-cert |
| CVE-2019-1748 | March 27, 2019 | A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote ... | 7.4 HIGH | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar |
| CVE-2019-1739 | March 27, 2019 | A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthentic... | 7.5 HIGH | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar |
| CVE-2019-1738 | March 27, 2019 | A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthentic... | 7.5 HIGH | http://www.securitytracker.com/id/1039289 |
| CVE-2019-6600 | March 13, 2019 | In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrati... | 6.1 MEDIUM | https://support.f5.com/csp/article/K23734425 |
| CVE-2019-0030 | Jan. 15, 2019 | Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juni... | 7.2 HIGH | https://wordpress.org/plugins/add-search-to-menu/#developers |
| CVE-2018-20169 | Dec. 17, 2018 | An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related... | 6.8 MEDIUM | https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf |
| CVE-2018-3912 | Aug. 23, 2018 | On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" t... | 7.8 HIGH | https://bugzilla.redhat.com/show_bug.cgi?id=1956917 |
| CVE-2017-15100 | Nov. 27, 2017 | An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "char... | 6.1 MEDIUM | https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d |
| CVE-2017-16527 | Nov. 3, 2017 | sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system... | 6.6 MEDIUM | https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ |
| CVE-2017-16528 | Nov. 3, 2017 | sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and... | 6.6 MEDIUM | https://groups.google.com/d/msg/syzkaller/kuZzDHGkQu8/5du20rZEAAAJ |
| CVE-2017-16529 | Nov. 3, 2017 | The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-boun... | 6.6 MEDIUM | https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991 |
| CVE-2017-16530 | Nov. 3, 2017 | The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly hav... | 6.6 MEDIUM | https://groups.google.com/d/msg/syzkaller/pCswO77gRlM/VHuPOftgAwAJ |
| CVE-2017-16532 | Nov. 3, 2017 | The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL poi... | 6.6 MEDIUM | https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ |
| CVE-2017-6627 | Sept. 7, 2017 | A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attac... | 7.5 HIGH | http://www.securitytracker.com/id/1038998 |
| CVE-2017-10661 | Aug. 19, 2017 | Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption ... | 7.0 HIGH | http://www.debian.org/security/2017/dsa-3981 |
| CVE-2017-3085 | Aug. 11, 2017 | Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redir... | 7.5 HIGH | http://www.securitytracker.com/id/1039088 |
| CVE-2017-6665 | Aug. 7, 2017 | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker ... | 6.5 MEDIUM | http://www.securitytracker.com/id/1038999 |
| CVE-2017-6663 | Aug. 7, 2017 | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker ... | 6.5 MEDIUM | https://access.redhat.com/errata/RHSA-2019:3309 |
| CVE-2017-9833 | June 23, 2017 | ** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root... | 7.5 HIGH | http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html |
| CVE-2016-2143 | April 27, 2016 | The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to ca... | 7.8 HIGH | http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html |
| CVE-2015-5157 | Aug. 31, 2015 | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during users... | 7.2 HIGH | http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html |
| CVE-2015-2666 | May 27, 2015 | Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0... | 6.9 MEDIUM | http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html |
| CVE-2014-9529 | Jan. 9, 2015 | Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of ser... | 6.9 MEDIUM | http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html |
| CVE-2014-3185 | Sept. 28, 2014 | Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux... | 6.9 MEDIUM | http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html |
| CVE-2013-6370 | April 22, 2014 | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.... | 5.0 MEDIUM | http://www.mandriva.com/security/advisories?name=MDVSA-2014:079 |
| CVE-2013-6371 | April 22, 2014 | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, ... | 5.0 MEDIUM | http://www.mandriva.com/security/advisories?name=MDVSA-2014:079 |
| CVE-2013-2094 | May 14, 2013 | The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users ... | 7.2 HIGH | https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html |
| CVE-2012-2143 | July 5, 2012 | The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the co... | 4.3 MEDIUM | http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 |
| CVE-2011-5011 | Dec. 24, 2011 | Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authen... | 6.8 MEDIUM | http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html |
| CVE-2011-0213 | June 24, 2011 | Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (applicati... | 6.8 MEDIUM | http://www.securityfocus.com/archive/1/496583/100/0/threaded |
| CVE-2010-3640 | Nov. 7, 2010 | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 o... | 9.3 HIGH | http://jvn.jp/en/jp/JVN48425028/index.html |
| CVE-2010-3636 | Nov. 7, 2010 | Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly ... | 9.3 HIGH | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html |
| CVE-2010-3639 | Nov. 7, 2010 | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 o... | 9.3 HIGH | http://www.kb.cert.org/vuls/id/173009 |
| CVE-2010-2594 | July 2, 2010 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Sola... | 6.8 MEDIUM | http://www.securityfocus.com/bid/40111 |
| CVE-2010-1556 | May 14, 2010 | Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and m... | 6.4 MEDIUM | http://security.gentoo.org/glsa/glsa-201209-25.xml |
| CVE-2010-1359 | April 13, 2010 | SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL module for xt:Commerce, when magic_quotes_gpc is disabled, allows remote attacke... | 6.8 MEDIUM | http://www.securityfocus.com/archive/1/496583/100/0/threaded |
| CVE-2009-3720 | Nov. 3, 2009 | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-... | 5.0 MEDIUM | http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log |
| CVE-2009-3733 | Nov. 2, 2009 | Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMw... | 5.0 MEDIUM | http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1 |
| CVE-2009-3692 | Oct. 13, 2009 | Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows loca... | 7.2 HIGH | http://www.securityfocus.com/archive/1/507068/100/0/threaded |
| CVE-2009-3588 | Oct. 13, 2009 | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through... | 4.3 MEDIUM | http://www.securityfocus.com/archive/1/507068/100/0/threaded |
| CVE-2009-3587 | Oct. 13, 2009 | Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through... | 9.3 HIGH | http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html |
| CVE-2009-3597 | Oct. 8, 2009 | Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the ... | 5.0 MEDIUM | https://vuldb.com/?id.210717 |
| CVE-2009-3184 | Sept. 15, 2009 | Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary ... | 7.5 HIGH | https://www.ibm.com/support/pages/node/7142038 |
| CVE-2009-3168 | Sept. 11, 2009 | Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin/reset.php and (2) admin/user_add.php, which allows remote... | 6.5 MEDIUM | https://vuldb.com/?id.210716 |
| CVE-2008-6662 | April 7, 2009 | AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote attackers to cause a denial of service (segmentation fault) or possibly execute a... | 4.3 MEDIUM | http://www.ivizsecurity.com/security-advisory-iviz-sr-08012.html |
| CVE-2008-6661 | April 7, 2009 | Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (cr... | 5.0 MEDIUM | http://www.securityfocus.com/bid/33954 |
| CVE-2009-1073 | March 31, 2009 | nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for t... | 5.5 MEDIUM | https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e |
| CVE-2009-0849 | March 9, 2009 | Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platform... | 7.5 HIGH | http://rhn.redhat.com/errata/RHSA-2009-0332.html |
| CVE-2009-0521 | Feb. 26, 2009 | Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensit... | 4.6 MEDIUM | https://bugzilla.redhat.com/show_bug.cgi?id=2251326 |
| CVE-2008-6304 | Feb. 26, 2009 | SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attacker... | 6.8 MEDIUM | http://www.securityfocus.com/archive/1/461073/100/0/threaded |
| CVE-2009-0601 | Feb. 16, 2009 | Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application cr... | 2.1 LOW | http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html |
| CVE-2008-6044 | Feb. 3, 2009 | Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary we... | 4.3 MEDIUM | http://www.xt-commerce.com/blog/xtcommerce-news/sicherheitspatch-fuer-version-304-sp21.html |
| CVE-2008-6045 | Feb. 3, 2009 | Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTC... | 6.8 MEDIUM | http://www.vupen.com/english/advisories/2009/2442 |
| CVE-2007-5544 | Oct. 29, 2007 | IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Contro... | 7.8 HIGH | http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806 |
| CVE-2007-1126 | Feb. 26, 2007 | Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parame... | 5.0 MEDIUM | https://www.ibm.com/support/pages/node/7142038 |
| CVE-2005-1835 | June 1, 2005 | NEXTWEB (i)Site stores databases under the web document root with insufficient access control, which allows remote attackers to obtain sensitive infor... | 5.0 MEDIUM | https://vuldb.com/?id.214776 |
| CVE-2004-0458 | Sept. 28, 2004 | mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer derefe... | 7.5 HIGH | http://www.securityfocus.com/bid/10343 |
| CVE-2004-0119 | June 1, 2004 | The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a deni... | 7.5 HIGH | http://www.securityfocus.com/bid/10157 |
| CVE-2004-0389 | June 1, 2004 | RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a... | 7.5 HIGH | https://github.com/abhinavsingh/proxy.py/pull/482/commits/9b00093288237f5073c403f2c4f62acfdfa8ed46 |
| CVE-2003-1000 | Jan. 5, 2004 | xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dere... | 7.5 HIGH | http://marc.info/?l=bugtraq&m=107152093419276&w=2 |
| CVE-2002-1745 | Dec. 31, 2002 | Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions cont... | 7.5 HIGH | https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g |
| CVE-2002-1816 | Dec. 31, 2002 | Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via... | 9.8 CRITICAL | https://webkitgtk.org/security/WSA-2017-0007.html |
| CVE-2001-0609 | Aug. 2, 2001 | Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply ... | 9.8 CRITICAL | https://exchange.xforce.ibmcloud.com/vulnerabilities/8853 |
Source: National Vulnerability Database