Bulletins



CVE Date Description Severity Third Party Advisory
CVE-2023-43242 Sept. 21, 2023 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43241 Sept. 21, 2023 D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43240 Sept. 21, 2023 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43239 Sept. 21, 2023 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43238 Sept. 21, 2023 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43237 Sept. 21, 2023 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43236 Sept. 21, 2023 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43235 Sept. 21, 2023 D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-43309 Sept. 21, 2023 There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers ... 4.8 MEDIUM https://github.com/jerryscript-project/jerryscript/issues/5080
CVE-2023-43274 Sept. 21, 2023 Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.... 7.5 HIGH https://github.com/Num-Nine/CVE/issues/4
CVE-2023-43495 Sept. 20, 2023 Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', result... 5.4 MEDIUM https://www.icmsdev.com/
CVE-2023-43496 Sept. 20, 2023 Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly c... 8.8 HIGH https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397
CVE-2023-42454 Sept. 18, 2023 SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database conn... 9.1 CRITICAL https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39046.md
CVE-2023-39046 Sept. 18, 2023 An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.... 6.5 MEDIUM https://access.redhat.com/security/cve/CVE-2023-0923
CVE-2023-41443 Sept. 18, 2023 SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sy... 7.2 HIGH https://access.redhat.com/errata/RHSA-2023:1185
CVE-2021-26837 Sept. 18, 2023 SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute ... 9.8 CRITICAL https://medium.com/@ray.999/idoit-pro-v25-and-below-weak-password-add-on-upload-to-rce-cve-2023-37756-fa1b18433ca3
CVE-2023-35851 Sept. 17, 2023 SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands t... 7.5 HIGH https://susos.co/blog/f/cve-disclosure-sedric-louissaints-discovery-of-sql-injection-in
CVE-2023-35850 Sept. 17, 2023 SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator pri... 7.2 HIGH https://access.redhat.com/security/cve/CVE-2023-0813
CVE-2023-42336 Sept. 15, 2023 An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password p... 9.8 CRITICAL https://github.com/lovasoa/SQLpage/releases/tag/v0.11.1
CVE-2023-0923 Sept. 15, 2023 A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making r... 9.8 CRITICAL https://www.rfc-editor.org/rfc/rfc9110#section-8.6
CVE-2023-0813 Sept. 15, 2023 A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentica... 7.5 HIGH https://vuldb.com/?ctiid.239750
CVE-2023-40167 Sept. 15, 2023 Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceedin... 5.3 MEDIUM https://vuldb.com/?id.239799
CVE-2023-1108 Sept. 14, 2023 A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, whe... 7.5 HIGH https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a
CVE-2023-37756 Sept. 14, 2023 I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easil... 9.8 CRITICAL https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9r
CVE-2023-3301 Sept. 13, 2023 A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci fro... 5.6 MEDIUM https://kcm.trellix.com/corporate/index?page=content&id=SB10406
CVE-2023-20236 Sept. 13, 2023 A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software imag... 7.8 HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2238588
CVE-2023-4400 Sept. 13, 2023 A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled ... 6.5 MEDIUM https://bugzilla.redhat.com/show_bug.cgi?id=2218486
CVE-2023-39201 Sept. 12, 2023 Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access.... 6.7 MEDIUM https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-h7cm-mrvq-wcfr
CVE-2023-41885 Sept. 12, 2023 Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough informa... 5.3 MEDIUM https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-chv2-7hxj-2j86
CVE-2023-41331 Sept. 12, 2023 SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker... 9.8 CRITICAL https://bugzilla.redhat.com/show_bug.cgi?id=2215784
CVE-2023-4580 Sept. 11, 2023 Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulne... 6.5 MEDIUM https://www.mozilla.org/security/advisories/mfsa2023-34/
CVE-2023-4578 Sept. 11, 2023 When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the func... 6.5 MEDIUM https://www.mozilla.org/security/advisories/mfsa2023-34/
CVE-2023-4579 Sept. 11, 2023 Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. Th... 3.1 LOW https://www.mozilla.org/security/advisories/mfsa2023-34/
CVE-2023-4581 Sept. 11, 2023 Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of ... 4.3 MEDIUM https://www.mozilla.org/security/advisories/mfsa2023-34/
CVE-2023-4582 Sept. 11, 2023 Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shade... 8.8 HIGH https://www.mozilla.org/security/advisories/mfsa2023-34/
CVE-2023-4583 Sept. 11, 2023 When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already... 7.5 HIGH https://www.mozilla.org/security/advisories/mfsa2023-34/
CVE-2023-4584 Sept. 11, 2023 Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed... 8.8 HIGH https://www.mozilla.org/security/advisories/mfsa2023-35/
CVE-2023-4585 Sept. 11, 2023 Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we pr... 8.8 HIGH https://www.mozilla.org/security/advisories/mfsa2023-36/
CVE-2019-16470 Sept. 11, 2023 Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary co... 7.3 HIGH https://access.redhat.com/security/cve/CVE-2022-1415
CVE-2023-40953 Sept. 7, 2023 icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).... 8.8 HIGH https://www.icmsdev.com/
CVE-2023-40353 Sept. 7, 2023 An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services... 3.3 LOW https://packetstormsecurity.com/files/174240/Crypto-Currency-Tracker-CCT-9.5-Add-Administrator.html
CVE-2023-39620 Sept. 7, 2023 An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest ac... 7.5 HIGH https://www.sourcecodester.com/
CVE-2023-37759 Sept. 7, 2023 Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an... 9.8 CRITICAL https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3235
CVE-2023-30908 Sept. 7, 2023 Potential security vulnerability have been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be remotely exploited t... 9.8 CRITICAL https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3235
CVE-2023-39711 Sept. 7, 2023 Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web... 6.1 MEDIUM https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233
CVE-2023-39424 Sept. 7, 2023 A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such ... 8.8 HIGH http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
CVE-2023-39423 Sept. 7, 2023 The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs,  among other features. By using a UNION SQL operator, an attac... 9.1 CRITICAL https://usn.ubuntu.com/3810-1/
CVE-2023-39422 Sept. 7, 2023 The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however expos... 9.8 CRITICAL https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3233
CVE-2023-39421 Sept. 7, 2023 The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twili... 7.7 HIGH https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3065
CVE-2023-41933 Sept. 6, 2023 Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attack... 8.8 HIGH https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082
CVE-2023-41932 Sept. 6, 2023 Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowin... 6.5 MEDIUM https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3082
CVE-2021-32292 Aug. 22, 2023 An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sam... 9.8 CRITICAL https://www.debian.org/security/2023/dsa-5486
CVE-2023-39018 July 28, 2023 FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerabi... 9.8 CRITICAL https://go.dev/issue/54385
CVE-2023-34798 July 25, 2023 An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.... 9.8 CRITICAL https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html
CVE-2022-46901 July 25, 2023 An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vo... 7.5 HIGH https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html
CVE-2022-46900 July 25, 2023 An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report... 6.5 MEDIUM https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305
CVE-2022-46899 July 25, 2023 An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each ... 7.5 HIGH https://www.ibm.com/support/pages/node/7007421
CVE-2022-46898 July 25, 2023 An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Voc... 9.8 CRITICAL https://github.com/HeidiSecurities/CVEs/blob/main/Trialworks.md
CVE-2023-37903 July 21, 2023 vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to esca... 9.8 CRITICAL https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html
CVE-2023-2083 June 9, 2023 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in... 4.3 MEDIUM https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2
CVE-2023-2084 June 9, 2023 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in ... 4.3 MEDIUM https://www.wordfence.com/threat-intel/vulnerabilities/id/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=cve
CVE-2023-2085 June 9, 2023 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates functi... 4.3 MEDIUM https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2
CVE-2023-2086 June 9, 2023 The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count f... 4.3 MEDIUM https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2
CVE-2023-0993 June 9, 2023 The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and includin... 4.3 MEDIUM https://wordpress.org/plugins/wp-simple-firewall/
CVE-2023-1016 June 9, 2023 The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escap... 7.2 HIGH https://www.wordfence.com/threat-intel/vulnerabilities/id/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=cve
CVE-2023-0292 June 9, 2023 The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to mi... 8.1 HIGH https://plugins.trac.wordpress.org/changeset/2834471/quiz-master-next
CVE-2023-0688 June 9, 2023 The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, an... 6.5 MEDIUM https://plugins.trac.wordpress.org/changeset/2910040/
CVE-2023-0691 June 9, 2023 The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, a... 4.3 MEDIUM https://plugins.trac.wordpress.org/changeset/2910040/
CVE-2023-0693 June 9, 2023 The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up ... 4.3 MEDIUM https://plugins.trac.wordpress.org/changeset/2910040/
CVE-2023-1169 June 9, 2023 The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader... 4.3 MEDIUM https://plugins.trac.wordpress.org/changeset/2888622/ooohboi-steroids-for-elementor/tags/2.1.5/inc/exopite-simple-options/upload-class.php?old=2874981&old_path=ooohboi-steroids-for-elementor%2Ftags%2F2.1.4%2Finc%2Fexopite-simple-options%2Fupload-class.php
CVE-2023-0694 June 9, 2023 The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and includi... 4.3 MEDIUM https://plugins.trac.wordpress.org/changeset/2910040/
CVE-2023-33864 June 7, 2023 RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 2 of 2).... 9.8 CRITICAL https://plugins.trac.wordpress.org/changeset/2910040/
CVE-2023-33863 June 7, 2023 RenderDoc through 1.26 allows an Integer Overflow with a resultant Buffer Overflow (issue 1 of 2).... 9.8 CRITICAL https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=
CVE-2023-33533 June 6, 2023 Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Vers... 8.8 HIGH https://www.netgear.com/about/security/
CVE-2023-32551 June 6, 2023 Landscape allowed URLs which caused open redirection.... 6.1 MEDIUM http://seclists.org/fulldisclosure/2023/Jun/2
CVE-2023-30948 June 6, 2023 A security defect in Foundry's Comments functionality resulted in the retrieval of attachments to comments not being gated by additional authorization... 6.5 MEDIUM http://seclists.org/fulldisclosure/2023/Jun/2
CVE-2023-3028 June 1, 2023 Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of ve... 9.8 CRITICAL https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
CVE-2023-3017 May 31, 2023 A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part... 5.4 MEDIUM https://vuldb.com/?ctiid.230361
CVE-2023-3018 May 31, 2023 A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknow... 8.8 HIGH https://vuldb.com/?ctiid.230358
CVE-2023-34229 May 31, 2023 In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible... 5.4 MEDIUM https://vuldb.com/?ctiid.230154
CVE-2023-33735 May 31, 2023 D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNA... 9.8 CRITICAL https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
CVE-2023-3014 May 31, 2023 A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/a... 6.1 MEDIUM https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29738/CVE%20detail.md
CVE-2023-3012 May 31, 2023 NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.... 7.8 HIGH https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29739/CVE%20detail.md
CVE-2023-0329 May 30, 2023 The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module befor... 7.2 HIGH https://vuldb.com/?ctiid.230079
CVE-2023-32699 May 30, 2023 MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The `checkUserPassword` metho... 6.5 MEDIUM https://github.com/metersphere/metersphere/security/advisories/GHSA-qffq-8gf8-mhq7
CVE-2021-31233 May 30, 2023 SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_bree... 7.5 HIGH https://www.sourcecodester.com/php/12824/fighting-cock-information-system.html
CVE-2023-33181 May 30, 2023 Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called ... 5.3 MEDIUM https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m
CVE-2023-33180 May 30, 2023 Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `... 6.5 MEDIUM https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7ww5-x9rm-qm89
CVE-2023-33177 May 30, 2023 Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded ... 8.8 HIGH https://github.com/xibosignage/xibo-cms/commit/1cbba380fa751a00756e70d7b08b5c6646092658
CVE-2023-33179 May 30, 2023 Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `... 6.5 MEDIUM https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-jmx8-cgm4-7mf5
CVE-2023-33178 May 30, 2023 Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting... 6.5 MEDIUM https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-g9x2-757j-hmhh
CVE-2023-32696 May 30, 2023 CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent... 8.8 HIGH https://github.com/ckan/ckan-docker-base/security/advisories/GHSA-c74x-xfvr-x5wg
CVE-2023-20884 May 30, 2023 VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to ... 6.1 MEDIUM https://huntr.dev/bounties/5df8b951-e2f1-4548-a7e3-601186e1b191
CVE-2023-33245 May 30, 2023 Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that ... 8.8 HIGH https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2792-2734-hr7j
CVE-2023-2984 May 30, 2023 Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.... 8.8 HIGH https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1
CVE-2023-33183 May 30, 2023 Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP... 4.3 MEDIUM https://vuldb.com/?ctiid.230213
CVE-2023-2983 May 30, 2023 Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.... 8.8 HIGH https://vuldb.com/?ctiid.230212
CVE-2023-2981 May 30, 2023 A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the ... 6.1 MEDIUM https://vuldb.com/?ctiid.230211
CVE-2023-2980 May 30, 2023 A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation... 9.8 CRITICAL https://vuldb.com/?ctiid.230210
CVE-2023-2979 May 30, 2023 A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handl... 9.8 CRITICAL https://gitee.com/mindspore/mindspore/issues/I73DOS
CVE-2023-2978 May 30, 2023 A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the... 9.8 CRITICAL https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
CVE-2023-29728 May 30, 2023 The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege atta... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2023-29726 May 30, 2023 The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into t... 7.5 HIGH https://play.google.com/store/apps/details?id=com.cuiet.blockCalls
CVE-2023-29727 May 30, 2023 The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that i... 9.8 CRITICAL https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073
CVE-2022-45853 May 30, 2023 The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could ... 6.7 MEDIUM https://github.com/jstachio/jstachio/issues/157
CVE-2012-10015 May 30, 2023 A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr... 8.8 HIGH https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29740/CVE%20detail.md
CVE-2023-23699 May 29, 2023 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions.... 5.4 MEDIUM https://lists.qt-project.org/pipermail/announce/2023-May/000413.html
CVE-2023-27613 May 29, 2023 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions.... 6.1 MEDIUM https://github.com/autolab/Autolab/security/advisories/GHSA-h8g5-vhm4-wx6g
CVE-2023-33291 May 28, 2023 In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address ... 7.4 HIGH https://www.ebankit.com/digital-banking-platform
CVE-2023-30570 May 28, 2023 pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packe... 7.5 HIGH https://github.com/ckan/ckan/security/advisories/GHSA-446m-hmmm-hm8m
CVE-2023-31874 May 28, 2023 Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').... 8.8 HIGH https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
CVE-2023-32763 May 28, 2023 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rende... 7.5 HIGH https://github.com/PostHog/posthog-js/security/advisories/GHSA-8775-5hwv-wr6v
CVE-2023-2927 May 27, 2023 A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. Th... 9.8 CRITICAL https://vuldb.com/?ctiid.230082
CVE-2023-2925 May 27, 2023 A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/o... 5.4 MEDIUM https://vuldb.com/?ctiid.230077
CVE-2023-2671 May 12, 2023 A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown p... 6.1 MEDIUM https://vuldb.com/?id.228887
CVE-2023-2670 May 12, 2023 A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknow... 9.8 CRITICAL https://vuldb.com/?id.228886
CVE-2023-2667 May 12, 2023 A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability i... 6.1 MEDIUM https://vuldb.com/?id.228883
CVE-2023-2668 May 12, 2023 A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function m... 9.8 CRITICAL https://vuldb.com/?id.228884
CVE-2023-2669 May 12, 2023 A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of... 9.8 CRITICAL https://vuldb.com/?id.228885
CVE-2023-2672 May 12, 2023 A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the ... 9.8 CRITICAL https://vuldb.com/?id.228888
CVE-2023-30763 May 12, 2023 Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privile... 6.7 MEDIUM https://packetstormsecurity.com/files/172276/Optoma-1080PSTX-Firmware-C02-Authentication-Bypass.html
CVE-2023-29242 May 12, 2023 Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of... 7.8 HIGH https://vuldb.com/?id.228911
CVE-2023-31922 May 12, 2023 QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.... 7.5 HIGH https://seq.team/en/blog/reflected-cross-site-scripting-xss-in-vinteo-vcc/
CVE-2023-27823 May 12, 2023 An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.... 9.8 CRITICAL https://wpscan.com/vulnerability/1270588c-53fe-447e-b83c-1b877dc7a954
CVE-2023-2663 May 11, 2023  In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. ... 5.5 MEDIUM https://www.gl-inet.com
CVE-2023-2664 May 11, 2023  In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. ... 5.5 MEDIUM https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/
CVE-2023-32668 May 11, 2023 LuaTeX before 1.17.0 enables the socket library by default.... 9.8 CRITICAL https://github.com/ipfs/boxo/commit/9cb5cb54d40b57084d1221ba83b9e6bb3fcc3197
CVE-2023-2645 May 11, 2023 A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management P... 9.8 CRITICAL https://vuldb.com/?ctiid.228774
CVE-2023-0851 May 11, 2023 Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on... 9.8 CRITICAL https://psirt.canon/advisory-information/cp2023-001/
CVE-2023-0852 May 11, 2023 Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an... 9.8 CRITICAL https://psirt.canon/advisory-information/cp2023-001/
CVE-2023-0853 May 11, 2023 Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attac... 9.8 CRITICAL https://psirt.canon/advisory-information/cp2023-001/
CVE-2023-0854 May 11, 2023 Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may... 9.8 CRITICAL https://psirt.canon/advisory-information/cp2023-001/
CVE-2023-0855 May 11, 2023 Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker o... 9.8 CRITICAL https://psirt.canon/advisory-information/cp2023-001/
CVE-2023-0856 May 11, 2023 Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on th... 9.8 CRITICAL https://vuldb.com/?ctiid.228778
CVE-2023-2649 May 11, 2023 A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate... 8.8 HIGH http://weblab.com
CVE-2023-29863 May 11, 2023 Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WS... 9.8 CRITICAL https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-30394
CVE-2023-2443 May 11, 2023 Rockwell Automation ThinManager product allows the use of medium strength ciphers.  If the client requests an insecure cipher, a malicious actor coul... 7.5 HIGH http://rollout-ui.com
CVE-2023-2444 May 11, 2023 A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways.... 8.8 HIGH https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw
CVE-2023-30394 May 11, 2023 MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.... 6.1 MEDIUM https://www.github.com
CVE-2023-25309 May 11, 2023 Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete... 6.1 MEDIUM https://www.ibm.com/support/pages/node/6965812
CVE-2021-34076 May 11, 2023 File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.... 8.8 HIGH https://crbug.com/1430692
CVE-2023-23789 May 10, 2023 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.... 4.8 MEDIUM https://github.com/pay-rails/pay/security/advisories/GHSA-cqf3-vpx7-rxhw
CVE-2023-31907 May 10, 2023 Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-ut... 7.8 HIGH https://security.netapp.com/advisory/ntap-20200717-0004/
CVE-2023-31906 May 10, 2023 Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/... 7.8 HIGH https://security.netapp.com/advisory/ntap-20200717-0004/
CVE-2023-25776 May 10, 2023 Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure ... 4.4 MEDIUM https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0
CVE-2023-25771 May 10, 2023 Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.... 5.5 MEDIUM https://psirt.canon/advisory-information/cp2023-001/
CVE-2023-31472 May 9, 2023 An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesy... 7.5 HIGH https://security.netapp.com/advisory/ntap-20200717-0004/
CVE-2022-45065 May 8, 2023 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.... 6.1 MEDIUM https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d
CVE-2023-28471 April 28, 2023 Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.... 5.4 MEDIUM https://github.com/silverstripe/silverstripe-framework/security/advisories/GHSA-fw84-xgm8-9jmv
CVE-2023-28384 April 27, 2023 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.... 8.8 HIGH https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2
CVE-2023-28400 April 27, 2023 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. ... 8.8 HIGH https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d
CVE-2023-26286 April 26, 2023 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute ... 7.8 HIGH https://https://www.ibm.com/support/pages/node/6983236
CVE-2023-29011 April 25, 2023 Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e... 7.8 HIGH https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20
CVE-2023-29012 April 25, 2023 Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted ... 7.8 HIGH https://www.ibm.com/support/pages/node/6985679
CVE-2023-25314 April 25, 2023 Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the su... 6.1 MEDIUM https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
CVE-2023-25652 April 25, 2023 Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by fee... 7.5 HIGH https://github.com/git/git/commit/18e2b1cfc80990719275d7b08e6e50f3e8cbc902
CVE-2023-25815 April 25, 2023 In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize m... 2.2 LOW https://axcheron.github.io/exploit-101-format-strings/#writing-to-the-stack
CVE-2023-28084 April 25, 2023 HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens... 5.5 MEDIUM https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04469en_us
CVE-2023-20871 April 25, 2023 VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate p... 7.8 HIGH https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23839
CVE-2023-20872 April 25, 2023 VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.... 8.8 HIGH https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
CVE-2023-23839 April 25, 2023 The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCom... 6.5 MEDIUM https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm
CVE-2023-29007 April 25, 2023 Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a spec... 7.8 HIGH https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g
CVE-2023-29570 April 24, 2023 Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Se... 5.5 MEDIUM https://github.com/z1r00/fuzz_vuln/blob/main/mjs/SEGV/mjs_fii2/readme.md
CVE-2023-28484 April 24, 2023 In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xm... 6.5 MEDIUM https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf
CVE-2023-2258 April 24, 2023 Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.... 8.8 HIGH https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff
CVE-2023-2259 April 24, 2023 Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.... 7.2 HIGH https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf
CVE-2023-2260 April 24, 2023 Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.... 8.8 HIGH https://github.com/rona-dinihari/dawnsparks-node-tesseract
CVE-2023-29566 April 24, 2023 huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the chi... 9.8 CRITICAL https://community.mybb.com/mods.php?action=view&pid=1336
CVE-2022-28354 April 24, 2023 In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.... 6.1 MEDIUM https://github.com/TheThingsNetwork/lorawan-stack/blob/ecdef730f176c02f7c9afce98b0457ae64de5bfc/pkg/webui/account/views/token-login/index.js#L74-L74
CVE-2023-0276 April 24, 2023 The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them bac... 5.4 MEDIUM https://huntr.dev/bounties/1714df73-e639-4d64-ab25-ced82dad9f85/
CVE-2023-0388 April 24, 2023 The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL ... 8.8 HIGH https://www.npmjs.com/package/rails-routes-to-json
CVE-2023-1767 April 20, 2023 The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display t... 5.4 MEDIUM https://iotaa.cn/articles/62
CVE-2023-22309 April 20, 2023 Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.... 6.1 MEDIUM https://huntr.dev/bounties/edeff16b-fc71-4e26-8d2d-dfe7bb5e7868
CVE-2023-27652 April 20, 2023 An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field ... 5.5 MEDIUM https://vuldb.com/?ctiid.227229
CVE-2023-29926 April 20, 2023 PowerJob V4.3.2 has unauthorized interface that causes remote code execution.... 9.8 CRITICAL https://vuldb.com/?ctiid.227236
CVE-2023-2177 April 20, 2023 A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed,... 5.5 MEDIUM https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61
CVE-2022-29606 April 20, 2023 An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper... 9.8 CRITICAL https://huntr.dev/bounties/31eaf0fe-4d91-4022-aa9b-802bc6eafb8f
CVE-2022-29607 April 20, 2023 An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without an... 7.5 HIGH https://huntr.dev/bounties/649badc8-c935-4a84-8aa8-d3269ac54377
CVE-2023-1382 April 19, 2023 A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference wh... 4.7 MEDIUM https://piwigo.com
CVE-2023-29196 April 18, 2023 Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom fea... 6.1 MEDIUM https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a
CVE-2023-30538 April 18, 2023 Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaSc... 5.4 MEDIUM https://weizman.github.io/2023/04/10/snyk-xss/
CVE-2023-30606 April 18, 2023 Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on th... 4.9 MEDIUM https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download
CVE-2023-30608 April 18, 2023 sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReD... 7.5 HIGH https://github.com/torvalds/linux/commit/92fbb6d1296f
CVE-2021-28254 April 18, 2023 A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.... 9.8 CRITICAL https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x
CVE-2023-25413 April 11, 2023 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.... 7.5 HIGH https://friends-of-presta.github.io/security-advisories/modules/2023/04/04/lgbudget.html
CVE-2023-25415 April 11, 2023 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration.... 5.3 MEDIUM https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt
CVE-2023-25407 April 11, 2023 Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.... 7.2 HIGH https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5
CVE-2023-25414 April 11, 2023 Aten PE8108 2.4.232 is vulnerable to denial of service (DOS).... 5.3 MEDIUM https://lists.apache.org/thread/3cr1cz3210wzwngldwrqzm43vwhghp0p
CVE-2023-20141 April 5, 2023 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could all... 6.1 MEDIUM https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail=
CVE-2023-20137 April 5, 2023 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could all... 6.1 MEDIUM https://www.wordfence.com/threat-intel/vulnerabilities/id/0870de2d-bca5-4d57-a07f-877a416ce0d5?source=cve
CVE-2023-20122 April 5, 2023 Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco... 7.8 HIGH https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail=
CVE-2023-20121 April 5, 2023 Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco... 6.7 MEDIUM https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%401.15.1
CVE-2023-20103 April 5, 2023 A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affecte... 7.2 HIGH https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2
CVE-2023-20102 April 5, 2023 A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbit... 8.8 HIGH https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1
CVE-2022-4940 April 5, 2023 The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to... 6.5 MEDIUM https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a
CVE-2023-23677 March 30, 2023 Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.... 6.1 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1500/
CVE-2023-23681 March 30, 2023 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versio... 5.4 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1499/
CVE-2023-24399 March 30, 2023 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.... 5.4 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1498/
CVE-2023-25040 March 30, 2023 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.... 5.4 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1504/
CVE-2022-36976 March 29, 2023 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists... 9.8 CRITICAL https://www.zerodayinitiative.com/advisories/ZDI-22-781/
CVE-2022-36975 March 29, 2023 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists... 9.8 CRITICAL https://www.zerodayinitiative.com/advisories/ZDI-22-780/
CVE-2022-36974 March 29, 2023 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication... 9.8 CRITICAL https://www.zerodayinitiative.com/advisories/ZDI-22-779/
CVE-2022-36973 March 29, 2023 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication ... 8.8 HIGH https://www.zerodayinitiative.com/advisories/ZDI-22-778/
CVE-2022-43629 March 29, 2023 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... 6.8 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1502/
CVE-2022-43628 March 29, 2023 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... 6.8 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1501/
CVE-2022-43627 March 29, 2023 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... 6.8 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-777/
CVE-2022-43632 March 29, 2023 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... 6.8 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1048/
CVE-2022-43631 March 29, 2023 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although aut... 6.8 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-1505/
CVE-2022-43630 March 29, 2023 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authenticati... 8.8 HIGH https://www.zerodayinitiative.com/advisories/ZDI-22-776/
CVE-2022-36972 March 29, 2023 This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists... 9.8 CRITICAL https://www.zerodayinitiative.com/advisories/ZDI-22-1124/
CVE-2023-24838 March 27, 2023 HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the adminis... 9.8 CRITICAL https://vuln.ryotak.net/advisories/67
CVE-2022-47595 March 14, 2023 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 ... 6.5 MEDIUM https://vuldb.com/?id.222860
CVE-2022-47154 March 14, 2023 Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plu... 8.8 HIGH https://vuldb.com/?ctiid.222861
CVE-2022-47422 March 14, 2023 Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions.... 8.8 HIGH https://vuldb.com/?ctiid.222862
CVE-2023-24180 March 14, 2023 Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a... 6.5 MEDIUM https://vuldb.com/?ctiid.222870
CVE-2023-1296 March 14, 2023 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1... 5.3 MEDIUM https://vuldb.com/?ctiid.222871
CVE-2023-1299 March 14, 2023 HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixe... 8.8 HIGH https://vuldb.com/?ctiid.222872
CVE-2023-0978 March 13, 2023 A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary ... 6.7 MEDIUM https://www.dlink.com/en/security-bulletin/
CVE-2023-24762 March 13, 2023 OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress par... 9.8 CRITICAL https://vuldb.com/?ctiid.222985
CVE-2022-30564 Feb. 9, 2023 Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the v... 5.3 MEDIUM https://www.dlink.com/en/security-bulletin/
CVE-2023-0751 Feb. 8, 2023 When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and su... 6.5 MEDIUM https://www.dlink.com/en/security-bulletin/
CVE-2023-25150 Feb. 8, 2023 Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to p... 5.7 MEDIUM https://www.dlink.com/en/security-bulletin/
CVE-2023-25151 Feb. 8, 2023 opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/h... 7.5 HIGH https://www.dlink.com/en/security-bulletin/
CVE-2023-25163 Feb. 8, 2023 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization... 6.5 MEDIUM https://github.com/argoproj/argo-cd/issues/12309
CVE-2023-25167 Feb. 8, 2023 Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefu... 5.7 MEDIUM https://github.com/discourse/discourse/security/advisories/GHSA-4w55-w26q-r35w
CVE-2023-25164 Feb. 8, 2023 Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 wh... 7.5 HIGH https://github.com/tinacms/tinacms/security/advisories/GHSA-pc2q-jcxq-rjrr
CVE-2023-0401 Feb. 8, 2023 A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for ... 7.5 HIGH https://www.ibm.com/support/pages/node/6909427
CVE-2023-0286 Feb. 8, 2023 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRIN... 9.1 CRITICAL https://www.ibm.com/support/pages/node/6890669
CVE-2023-0217 Feb. 8, 2023 An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() f... 7.5 HIGH https://www.ibm.com/support/pages/node/6890663
CVE-2022-43755 Feb. 7, 2023 A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after th... 9.8 CRITICAL https://github.com/open-telemetry/opentelemetry-go/blob/v1.12.0/semconv/internal/v2/http.go#L159
CVE-2022-21953 Feb. 7, 2023 A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local... 8.8 HIGH https://www.dlink.com/en/security-bulletin/
CVE-2023-24198 Feb. 6, 2023 Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters.... 9.8 CRITICAL https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html
CVE-2023-24197 Feb. 6, 2023 Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.... 6.1 MEDIUM https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
CVE-2023-24195 Feb. 6, 2023 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.... 6.1 MEDIUM https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html
CVE-2023-24194 Feb. 6, 2023 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.... 6.1 MEDIUM https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
CVE-2023-24202 Feb. 6, 2023 Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.... 9.8 CRITICAL https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
CVE-2023-24201 Feb. 6, 2023 Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.... 9.8 CRITICAL https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html
CVE-2023-24192 Feb. 6, 2023 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.... 6.1 MEDIUM https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html
CVE-2023-24191 Feb. 6, 2023 Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.... 6.1 MEDIUM https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAGKPZDXQ6KRUGQVRAO6N4PCINP6KS5F/
CVE-2023-24200 Feb. 6, 2023 Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php.... 9.8 CRITICAL https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E
CVE-2023-24199 Feb. 6, 2023 Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.... 9.8 CRITICAL https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
CVE-2022-32595 Feb. 6, 2023 In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System exec... 4.4 MEDIUM http://seclists.org/fulldisclosure/2022/Dec/30
CVE-2022-4677 Feb. 6, 2023 The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a ro... 5.4 MEDIUM https://github.com/joseconti/WangGuard/pull/14
CVE-2022-4681 Feb. 6, 2023 The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action a... 9.8 CRITICAL https://github.com/tinymighty/wiki-seo/pull/21
CVE-2022-4670 Feb. 6, 2023 The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/po... 5.4 MEDIUM https://github.com/OnShift/turbogears/pull/18
CVE-2022-4626 Feb. 6, 2023 The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which co... 5.4 MEDIUM https://github.com/serbanghita/Mobile-Detect/pull/741
CVE-2022-32655 Feb. 6, 2023 In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System ... 6.7 MEDIUM https://github.com/segmentio/is-url/pull/18
CVE-2014-125084 Feb. 5, 2023 A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigg... 9.8 CRITICAL https://github.com/gimmie/vbulletin-v4/tree/v1.3.0
CVE-2014-125085 Feb. 5, 2023 A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.ph... 9.8 CRITICAL https://github.com/gimmie/vbulletin-v4/tree/v1.3.0
CVE-2014-125086 Feb. 5, 2023 A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the fi... 9.8 CRITICAL https://github.com/gimmie/vbulletin-v4/tree/v1.3.0
CVE-2017-20176 Feb. 5, 2023 A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_wind... 6.1 MEDIUM https://vuldb.com/?ctiid.220204
CVE-2023-0673 Feb. 4, 2023 A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality... 9.8 CRITICAL https://vuldb.com/?id.220195
CVE-2023-0675 Feb. 4, 2023 A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation... 8.8 HIGH https://vuldb.com/?id.220197
CVE-2023-0676 Feb. 4, 2023 Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.... 6.1 MEDIUM https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b
CVE-2023-0677 Feb. 4, 2023 Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.... 6.1 MEDIUM https://huntr.dev/bounties/d280ae81-a1c9-4a50-9aa4-f98f1f9fd2c0
CVE-2022-45786 Feb. 4, 2023 There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreS... 8.1 HIGH https://github.com/codenameone/CodenameOne/issues/3583
CVE-2023-23477 Feb. 3, 2023 IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafte... 9.8 CRITICAL https://www.ibm.com/support/pages/node/6891111
CVE-2021-36426 Feb. 3, 2023 File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.... 8.8 HIGH https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
CVE-2021-36424 Feb. 3, 2023 An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.... 9.8 CRITICAL https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html
CVE-2021-36425 Feb. 3, 2023 Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method i... 5.4 MEDIUM https://www.sourcecodester.com/php/15951/raffle-draw-system-using-php-and-javascript-free-source-code.html
CVE-2023-23082 Feb. 3, 2023 A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length ... 4.6 MEDIUM https://github.com/fritsch/xbmc/commit/54df944584fc9fecd4cd5d69c2289f0934de305b
CVE-2023-24029 Feb. 3, 2023 In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insu... 7.2 HIGH https://www.progress.com/ws_ftp
CVE-2013-10017 Feb. 3, 2023 A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save... 9.8 CRITICAL https://vuldb.com/?ctiid.220056
CVE-2013-10018 Feb. 3, 2023 A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of t... 9.8 CRITICAL https://vuldb.com/?ctiid.220057
CVE-2015-10072 Feb. 3, 2023 A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Mes... 6.1 MEDIUM https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0
CVE-2023-0637 Feb. 2, 2023 A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the ... 6.5 MEDIUM https://vuldb.com/?id.220017
CVE-2022-4564 Dec. 16, 2022 A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the... 8.8 HIGH https://github.com/ucfopen/Materia/pull/1371
CVE-2022-4560 Dec. 16, 2022 A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wfl... 6.1 MEDIUM https://github.com/jogetworkflow/jw-community/releases/tag/7.0.32
CVE-2022-4525 Dec. 15, 2022 A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerabil... 6.1 MEDIUM https://github.com/nsrr/sleepdata.org/releases/tag/59.0.0.rc
CVE-2022-4524 Dec. 15, 2022 A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the ... 6.1 MEDIUM https://github.com/roots/soil/pull/285
CVE-2022-45914 Nov. 26, 2022 The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does n... 6.5 MEDIUM https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64xc-r58v-53gj
CVE-2022-41946 Nov. 23, 2022 pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` ... 5.5 MEDIUM https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h
CVE-2020-23592 Nov. 22, 2022 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to cond... 8.8 HIGH https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94
CVE-2020-23591 Nov. 22, 2022 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files throu... 9.8 CRITICAL https://www.dlink.com/en/security-bulletin/
CVE-2020-23590 Nov. 22, 2022 A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to condu... 6.5 MEDIUM https://www.dlink.com/en/security-bulletin/
CVE-2020-23589 Nov. 22, 2022 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to cond... 6.5 MEDIUM https://www.dlink.com/en/security-bulletin/
CVE-2020-23588 Nov. 22, 2022 A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to cond... 4.3 MEDIUM https://www.dlink.com/en/security-bulletin/
CVE-2022-34827 Nov. 18, 2022 Carel Boss Mini 1.5.0 has Improper Access Control.... 9.9 CRITICAL https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0040/MNDT-2022-0040.md
CVE-2022-38871 Nov. 18, 2022 In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.... 7.5 HIGH https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html
CVE-2022-45061 Nov. 9, 2022 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 34... 7.5 HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYQPCHGCVKFS3H226QQKZFQP56JYOQ3T/
CVE-2022-42965 Nov. 9, 2022 An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able ... 7.5 HIGH https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245
CVE-2022-43945 Nov. 4, 2022 The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by ea... 7.5 HIGH https://security.netapp.com/advisory/ntap-20221215-0006/
CVE-2022-3244 Oct. 17, 2022 The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to a... 4.2 MEDIUM https://wpscan.com/vulnerability/d718b993-4de5-499c-84c9-69801396f51f
CVE-2022-39282 Oct. 12, 2022 FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read ... 7.5 HIGH https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
CVE-2022-3211 Sept. 15, 2022 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.... 5.4 MEDIUM https://huntr.dev/bounties/31ac0506-ae38-4128-a46d-71d5d079f8b7
CVE-2022-29649 Sept. 15, 2022 Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.... 6.1 MEDIUM https://gist.github.com/arifseyda/bce00ed14562975d1a96d1d9a0660ec7
CVE-2022-37207 Sept. 15, 2022 JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL co... 8.8 HIGH https://github.com/AgainstTheLight/someEXP_of_jfinal_cms/blob/main/jfinal_cms/sql10.md
CVE-2022-3221 Sept. 15, 2022 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.... 8.8 HIGH https://huntr.dev/bounties/1fa1aac9-b16a-4a70-a7da-960b3908ae1d
CVE-2022-32190 Sept. 13, 2022 JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the UR... 7.5 HIGH https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
CVE-2022-34101 Sept. 13, 2022 A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain ... 7.8 HIGH https://www.crestron.com/release_notes/airmedia_windows_installer_release_notes_5.5.1.84.pdf
CVE-2022-31324 Sept. 13, 2022 An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers ... 6.5 MEDIUM https://www.pentasecurity.com/product/wapples/
CVE-2021-36568 Sept. 13, 2022 In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "... 5.4 MEDIUM https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing
CVE-2022-38496 Sept. 13, 2022 LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.... 5.5 MEDIUM https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845
CVE-2022-38497 Sept. 13, 2022 LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.... 5.5 MEDIUM https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845
CVE-2022-38495 Sept. 13, 2022 LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.... 7.8 HIGH https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845
CVE-2022-38307 Sept. 13, 2022 LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCo... 5.5 MEDIUM https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845
CVE-2022-25765 Sept. 9, 2022 The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.... 9.8 CRITICAL https://wordpress.org/plugins/woo-order-export-lite/
CVE-2022-40305 Sept. 9, 2022 A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, an... 9.8 CRITICAL https://wordpress.org/plugins/getresponse-integration/
CVE-2022-35275 Sept. 9, 2022 Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vulnerability in AlgolPlus Advanced Order Export For WooCommerce plugin <= 3.3.1 at... 4.8 MEDIUM https://wordpress.org/plugins/wp-forecast/#developers
CVE-2022-35277 Sept. 9, 2022 Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin <= 5.5.20 at WordPress.... 8.8 HIGH https://wordpress.org/plugins/culture-object/#developers
CVE-2022-35725 Sept. 9, 2022 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.... 4.8 MEDIUM https://wordpress.org/plugins/wp-shop-original/
CVE-2022-36356 Sept. 9, 2022 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy / Thirty8 Digital Culture Object plugin <= 4.0.1 at WordPress.... 4.8 MEDIUM https://wordpress.org/plugins/wp-postratings/#developers
CVE-2022-40299 Sept. 8, 2022 In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a ... 7.8 HIGH https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50
CVE-2022-36834 Aug. 5, 2022 Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interactio... 5.0 MEDIUM https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/
CVE-2022-33734 Aug. 5, 2022 Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection infor... 5.5 MEDIUM http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
CVE-2022-31471 July 26, 2022 untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity refer... 7.5 HIGH https://github.com/stchris/untangle/releases/tag/1.2.1
CVE-2022-22999 July 25, 2022 Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges acces... 4.8 MEDIUM https://plugins.trac.wordpress.org/changeset/2648808
CVE-2022-33969 July 25, 2022 Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress.... 7.2 HIGH https://grimthereaperteam.medium.com/cve-2022-34965-open-source-social-network-6-3-3f61db82880
CVE-2022-34965 July 25, 2022 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/admin... 7.2 HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2106274
CVE-2022-2131 July 25, 2022 OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags... 9.8 CRITICAL https://bugzilla.redhat.com/show_bug.cgi?id=2106273
CVE-2022-35650 July 25, 2022 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in ... 7.5 HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2106276
CVE-2022-35649 July 25, 2022 The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in... 9.8 CRITICAL https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
CVE-2022-24083 July 25, 2022 Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.... 9.8 CRITICAL https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691
CVE-2022-35652 July 25, 2022 An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can crea... 6.1 MEDIUM https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a
CVE-2022-31151 July 21, 2022 Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the ... 6.5 MEDIUM https://www.yrl.com/fwp_support/info/a1hrbt0000002037.html
CVE-2022-32457 July 19, 2022 Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network ... 5.3 MEDIUM https://github.com/Maheshkumar-Kakade/otp-generator/issues/12
CVE-2022-34762 July 13, 2022 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware i... 7.5 HIGH https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdf
CVE-2022-34761 July 13, 2022 A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. Affecte... 7.5 HIGH https://www.ibm.com/support/pages/node/6603131
CVE-2022-34760 July 13, 2022 A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to im... 7.5 HIGH https://github.com/bytecodealliance/wasmtime/
CVE-2022-31135 July 7, 2022 Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are s... 7.5 HIGH https://cwe.mitre.org/data/definitions/434.html
CVE-2022-32449 July 7, 2022 TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. ... 9.8 CRITICAL https://huntr.dev/bounties/3055b3f5-6b80-4d47-8e00-3500dfb458bc
CVE-2022-33098 July 7, 2022 Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows att... 6.1 MEDIUM https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796
CVE-2022-28889 July 7, 2022 In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking us... 4.3 MEDIUM https://northern.tech
CVE-2022-32055 July 7, 2022 Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.... 7.5 HIGH https://github.com/humhub/humhub/commit/f88991dfe56a05870df165ac89a2755dd4c1ffa1
CVE-2022-32056 July 7, 2022 Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.... 9.8 CRITICAL https://www.exploit-db.com/exploits/49773
CVE-2022-33737 July 6, 2022 The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generat... 7.5 HIGH https://github.com/AttorneyOnline/akashi/security/advisories/GHSA-vj86-vfmg-q68v
CVE-2021-30344 June 14, 2022 Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Conn... 7.5 HIGH /download-e/09vsft6_inf/Search.php
CVE-2021-30345 June 14, 2022 RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearab... 5.5 MEDIUM https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CVE-2021-30346 June 14, 2022 RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearab... 5.5 MEDIUM https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CVE-2021-30347 June 14, 2022 Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon... 8.1 HIGH https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CVE-2021-30327 June 14, 2022 Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute,... 6.8 MEDIUM https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CVE-2022-29522 June 14, 2022 Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an att... 7.8 HIGH https://github.com/l00neyhacker/CVE-2021-40650
CVE-2022-32359 June 14, 2022 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.... 7.2 HIGH https://huntr.dev/bounties/2615adf2-ff40-4623-97fb-2e4a3800202a
CVE-2022-1659 June 13, 2022 Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function... 7.3 HIGH https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0209
CVE-2022-1658 June 13, 2022 Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber ro... 5.4 MEDIUM https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749
CVE-2022-1657 June 13, 2022 Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path... 8.8 HIGH https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1969
CVE-2022-1654 June 13, 2022 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain... 8.8 HIGH https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2725322%40rsvpmaker&new=2725322%40rsvpmaker&sfp_email=&sfph_mail=
CVE-2022-0209 June 13, 2022 The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficie... 4.8 MEDIUM https://www.exploit-db.com/exploits/47477
CVE-2022-1750 June 13, 2022 The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, ... 4.8 MEDIUM https://www.ibm.com/support/pages/node/6589099
CVE-2022-1749 June 13, 2022 The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ... 8.8 HIGH https://huntr.dev/bounties/a85a53a4-3009-4f41-ac33-8bed8bbe16a8
CVE-2022-1969 June 13, 2022 The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due ... 8.8 HIGH http://caphyon.com
CVE-2022-1768 June 13, 2022 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied d... 7.5 HIGH https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
CVE-2022-30899 June 8, 2022 A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.... 4.8 MEDIUM https://github.com/mustgundogdu/Research/edit/main/Dolibar_12.0.5-ReflectedXSS/README.md
CVE-2022-31325 June 8, 2022 There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.... 7.2 HIGH https://github.com/sshnet/SSH.NET/commit/03c6d60736b8f7b42e44d6989a53f9b644a091fb
CVE-2022-30875 June 8, 2022 Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.... 6.1 MEDIUM https://github.com/ramank775/chat-server/releases/tag/v2.6.0
CVE-2020-36532 June 7, 2022 A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The... 6.5 MEDIUM https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html
CVE-2020-36533 June 7, 2022 A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The ma... 9.8 CRITICAL https://www.modzero.com/modlog/archives/2020/09/07/knapp_daneben_ist_auch_vorbei/index.html
CVE-2022-1467 May 23, 2022 Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will... 9.9 CRITICAL https://www.cisa.gov/uscert/ics/advisories/icsa-22-130-05
CVE-2022-29376 May 23, 2022 Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary c... 8.8 HIGH https://github.com/nextauthjs/next-auth/security/advisories/GHSA-q2mx-j4x2-2h74
CVE-2022-28999 May 23, 2022 Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary... 8.8 HIGH https://github.com/tensorflow/tensorflow/issues/55263
CVE-2021-32958 May 23, 2022 Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local comman... 5.5 MEDIUM https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf
CVE-2022-28874 May 23, 2022 Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit fil... 7.5 HIGH https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
CVE-2022-29214 May 20, 2022 NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulne... 6.1 MEDIUM https://www.withsecure.com/en/support/security-advisories
CVE-2022-29213 May 20, 2022 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf... 5.5 MEDIUM https://github.com/mscdex/dicer/pull/22
CVE-2022-29215 May 20, 2022 RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection... 7.5 HIGH https://www.koyoele.co.jp/en/topics/202205095016/
CVE-2022-29181 May 20, 2022 Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX p... 8.2 HIGH https://github.com/smarty-php/smarty/releases/tag/v3.1.45
CVE-2022-24434 May 20, 2022 This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could s... 7.5 HIGH https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01
CVE-2022-28487 May 4, 2022 Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confide... 7.5 HIGH https://github.com/appneta/tcpreplay/pull/720
CVE-2022-24859 April 18, 2022 PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.2... 5.5 MEDIUM https://github.com/py-pdf/PyPDF2/pull/740
CVE-2022-24780 April 5, 2022 Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the ... 8.8 HIGH https://github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3
CVE-2021-32503 April 1, 2022 Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker co... 4.9 MEDIUM http://smartbear.com
CVE-2022-1032 March 29, 2022 Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.... 7.2 HIGH https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
CVE-2022-1078 March 29, 2022 A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admi... 9.8 CRITICAL https://www.3cx.com/community/forums/posts-articles-news/
CVE-2021-44581 March 28, 2022 An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.... 7.5 HIGH https://twitter.com/1ofThegutHakrs/status/1508455262885191682
CVE-2022-25521 March 28, 2022 UNNO v03.11.00 was discovered to contain access control issue.... 9.8 CRITICAL https://medium.com/@dnyaneshgawande111/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-network-video-5490d107fa0
CVE-2021-45865 March 28, 2022 A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.... 9.8 CRITICAL https://huntr.dev/bounties/cb9a0393-be34-4021-a06c-00c7791c7622
CVE-2022-26642 March 28, 2022 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.... 7.2 HIGH https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
CVE-2022-26641 March 28, 2022 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.... 7.2 HIGH https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
CVE-2022-26640 March 28, 2022 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.... 9.8 CRITICAL https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699
CVE-2022-26639 March 28, 2022 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.... 9.8 CRITICAL http://seclists.org/fulldisclosure/2022/Mar/45
CVE-2022-27942 March 26, 2022 tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.... 7.8 HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/
CVE-2022-27940 March 26, 2022 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.... 7.8 HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/
CVE-2022-27939 March 26, 2022 tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.... 5.5 MEDIUM https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5B75AFRJUGOYHCFG2ZV2JKSUPA6MSCT5/
CVE-2022-27941 March 26, 2022 tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.... 7.8 HIGH http://rhn.redhat.com/errata/RHSA-2015-1628.html
CVE-2021-25019 March 21, 2022 The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admi... 6.1 MEDIUM https://play.google.com/store/apps/details?id=com.cuiet.blockCalls
CVE-2020-25180 March 18, 2022 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged comma... 6.5 MEDIUM https://github.com/CycloneDX/cyclonedx-bom-repo-server/releases/tag/v2.0.1
CVE-2020-25178 March 18, 2022 ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides variou... 8.8 HIGH https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329
CVE-2020-25176 March 18, 2022 Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in th... 9.8 CRITICAL https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr
CVE-2020-25184 March 18, 2022 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable fi... 5.5 MEDIUM https://www.xiongmaitech.com/en/index.php/service/notice_info/51/2
CVE-2021-41657 March 10, 2022 SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking a... 6.1 MEDIUM https://github.com/stefanberger/libtpms/commit/2e6173c
CVE-2021-20269 March 10, 2022 A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel... 5.5 MEDIUM https://github.com/m1k1o/blog/commit/6f5e59f1401c4a3cf2e518aa85b231ea14e8a2ef
CVE-2021-32006 March 10, 2022 This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Sec... 4.3 MEDIUM https://www.network-olympus.com/monitoring/
CVE-2022-25225 March 10, 2022 Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. ... 7.2 HIGH https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960
CVE-2022-25368 March 10, 2022 Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branch... 4.7 MEDIUM https://www.tuv.com/content-media-files/master-content/global-landingpages/images/vulnerability-disclosure/tuv-rheinland-security-advisory-local-privilege-escalation-vulnerability-in-otris-update-manager.pdf
CVE-2022-25814 March 10, 2022 PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized act... 7.8 HIGH http://smartbear.com
CVE-2022-25815 March 10, 2022 PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action wit... 7.8 HIGH https://www.fujifilm.com/fbglobal/eng/company/news/notice/2022/0302_addressbook_announce.html
CVE-2022-25816 March 10, 2022 Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authent... 4.6 MEDIUM https://developer.arm.com/support/arm-security-updates/mali-gpu-kernel-driver
CVE-2022-26521 March 10, 2022 Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Med... 7.2 HIGH https://advisories.nats.io/CVE/CVE-2022-26652.txt
CVE-2022-26311 March 10, 2022 Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernet... 7.5 HIGH https://launchpad.support.sap.com/#/notes/3144941
CVE-2022-26652 March 10, 2022 NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-ser... 6.5 MEDIUM https://launchpad.support.sap.com/#/notes/3132360
CVE-2022-26104 March 10, 2022 SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthori... 5.3 MEDIUM https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8
CVE-2022-26103 March 10, 2022 Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to i... 5.3 MEDIUM https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html
CVE-2022-20058 March 10, 2022 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an at... 6.6 MEDIUM https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html
CVE-2022-20059 March 10, 2022 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an at... 6.6 MEDIUM https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
CVE-2022-20056 March 10, 2022 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an at... 6.6 MEDIUM https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
CVE-2022-20060 March 10, 2022 In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privile... 6.6 MEDIUM https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html
CVE-2022-22805 March 9, 2022 A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an ... 9.8 CRITICAL https://www.couchbase.com/alerts
CVE-2022-24713 March 8, 2022 regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service at... 7.5 HIGH https://launchpad.support.sap.com/#/notes/3145997
CVE-2022-24738 March 7, 2022 Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds... 7.4 HIGH http://lua-users.org/lists/lua-l/2020-07/msg00054.html
CVE-2022-25220 March 3, 2022 PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a produ... 4.8 MEDIUM https://github.com/1modm/petereport/issues/35
CVE-2022-23710 March 3, 2022 A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow ... 6.1 MEDIUM https://github.com/michaelrsweet/htmldoc/issues/417
CVE-2021-26948 March 3, 2022 Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted h... 7.8 HIGH https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563
CVE-2021-26259 March 3, 2022 A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of se... 7.8 HIGH https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67f
CVE-2021-38578 March 3, 2022 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.... 9.8 CRITICAL https://github.com/ArianeBlow/Axelor_Stored_XSS/blob/main/README.md
CVE-2022-0265 March 3, 2022 Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast prior to 5.1.... 9.8 CRITICAL https://github.com/stefanberger/libtpms/commit/2e6173c
CVE-2021-38577 March 3, 2022 Heap Overflow in BaseBmpSupportLib.... 9.8 CRITICAL https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10284
CVE-2022-24723 March 3, 2022 URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs ... 5.3 MEDIUM https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10284
CVE-2022-25138 March 3, 2022 Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter.... 5.4 MEDIUM http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
CVE-2021-3623 March 2, 2022 A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-... 8.2 HIGH http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
CVE-2022-0360 Feb. 28, 2022 The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress plugin before 6.4.3 does not sanitise and escaped imported comments, which coul... 4.8 MEDIUM https://play.google.com/store/apps/details?id=com.cuiet.blockCalls
CVE-2022-22794 Feb. 24, 2022 Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker can send a request to: /manage/emailrichment/userlist.php?CUSTOMER_ID_INNER=1 /ad... 9.8 CRITICAL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ/
CVE-2022-22793 Feb. 24, 2022 Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a request to : /manage/mailpolicymtm/log/eml_viewer/email.content.body.php?filesy... 7.5 HIGH http://www.openwall.com/lists/oss-security/2021/08/17/3
CVE-2022-20625 Feb. 23, 2022 A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attac... 4.3 MEDIUM http://packetstormsecurity.com/files/162316/Sipwise-C5-NGCP-CSC-Cross-Site-Scripting.html
CVE-2022-0729 Feb. 23, 2022 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.... 8.8 HIGH https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea
CVE-2022-0685 Feb. 20, 2022 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.... 7.8 HIGH https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
CVE-2022-0554 Feb. 10, 2022 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.... 7.8 HIGH https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71
CVE-2022-23626 Feb. 8, 2022 m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly... 8.8 HIGH http://www.openwall.com/lists/oss-security/2021/05/10/2
CVE-2021-46228 Feb. 3, 2022 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerabilit... 9.8 CRITICAL https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2021-46230 Feb. 3, 2022 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability... 9.8 CRITICAL https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10284
CVE-2021-46227 Feb. 3, 2022 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerabili... 9.8 CRITICAL https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10287
CVE-2022-0368 Jan. 26, 2022 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.... 7.8 HIGH https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9
CVE-2022-0361 Jan. 26, 2022 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... 7.8 HIGH https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
CVE-2022-0359 Jan. 26, 2022 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.... 7.8 HIGH https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
CVE-2021-3850 Jan. 25, 2022 Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.... 9.1 CRITICAL https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c
CVE-2021-39031 Jan. 25, 2022 IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By usin... 8.8 HIGH https://www.ibm.com/support/pages/node/6550488
CVE-2021-25013 Jan. 24, 2022 The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure ... 6.5 MEDIUM https://wpscan.com/vulnerability/7d5f58a8-bee4-46be-9c08-d272678338f0
CVE-2021-24989 Jan. 24, 2022 The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belon... 6.5 MEDIUM https://wpscan.com/vulnerability/f0a9e6cc-46cc-4ac2-927a-c006b8e8aa68
CVE-2021-24976 Jan. 24, 2022 The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the ... 6.1 MEDIUM https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956
CVE-2021-24974 Jan. 24, 2022 The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing a... 5.4 MEDIUM https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc
CVE-2021-24968 Jan. 24, 2022 The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_p... 5.7 MEDIUM https://wpscan.com/vulnerability/2d0c4872-a341-4974-926c-10b094a5d13c
CVE-2021-24965 Jan. 24, 2022 The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX acti... 5.4 MEDIUM https://wpscan.com/vulnerability/50be0ebf-fe6d-41e5-8af9-0d74f33aeb57
CVE-2021-30636 Jan. 23, 2022 In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCal... 9.8 CRITICAL https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01
CVE-2022-23852 Jan. 23, 2022 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.... 9.8 CRITICAL https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01
CVE-2021-46313 Jan. 21, 2022 The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability c... 5.5 MEDIUM https://github.com/bpmn-io/min-dash/pull/21
CVE-2021-46311 Jan. 21, 2022 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability... 5.5 MEDIUM https://github.com/jerryscript-project/jerryscript/issues/4882
CVE-2021-46240 Jan. 21, 2022 A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerabil... 5.5 MEDIUM https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html
CVE-2021-23460 Jan. 21, 2022 The package min-dash before 3.8.1 are vulnerable to Prototype Pollution via the set method due to missing enforcement of key types.... 7.5 HIGH https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html
CVE-2022-0319 Jan. 21, 2022 Out-of-bounds Read in vim/vim prior to 8.2.... 5.5 MEDIUM https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
CVE-2021-3866 Jan. 20, 2022 Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip prior to and including 4.8.... 5.4 MEDIUM https://huntr.dev/bounties/5f48dac5-e112-4b23-bbbf-cc00ba83bcf2
CVE-2022-0278 Jan. 20, 2022 Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.... 5.4 MEDIUM https://huntr.dev/bounties/64495d0f-d5ec-4542-9693-32372c18d030
CVE-2021-46061 Jan. 20, 2022 An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management system (RSMS) 1.0 via the code parameter in /rsms/ ... 9.8 CRITICAL http://seclists.org/fulldisclosure/2022/Jan/73
CVE-2022-21323 Jan. 19, 2022 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7... 2.9 LOW https://www.oracle.com/security-alerts/cpujan2022.html
CVE-2022-21321 Jan. 19, 2022 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7... 2.9 LOW https://www.oracle.com/security-alerts/cpujan2022.html
CVE-2022-21394 Jan. 19, 2022 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.3... 6.5 MEDIUM https://www.zerodayinitiative.com/advisories/ZDI-22-128/
CVE-2021-31821 Jan. 19, 2022 When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API k... 5.5 MEDIUM https://www.code42.com/r/support/CVE-2021-43269
CVE-2021-43269 Jan. 19, 2022 In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config (PAC) file... 8.8 HIGH http://seclists.org/fulldisclosure/2022/Jan/39
CVE-2022-23221 Jan. 19, 2022 H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FOR... 9.8 CRITICAL https://vul.wangan.com/a/CNVD-2021-49171
CVE-2021-38787 Jan. 19, 2022 There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_... 7.5 HIGH https://vul.wangan.com/a/CNVD-2021-49173
CVE-2021-38786 Jan. 19, 2022 There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of s... 7.5 HIGH https://vul.wangan.com/a/CNVD-2021-49168
CVE-2022-22164 Jan. 18, 2022 An Improper Initialization vulnerability in Juniper Networks Junos OS Evolved may cause a commit operation for disabling the telnet service to not tak... 5.3 MEDIUM https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md
CVE-2021-41809 Jan. 18, 2022 SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with cer... 4.3 MEDIUM https://huntr.dev/bounties/19f3e5f7-b419-44b1-9c37-7e4404cbec94
CVE-2021-28501 Jan. 14, 2022 An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in... 7.8 HIGH http://seclists.org/fulldisclosure/2022/Jan/74
CVE-2021-28500 Jan. 14, 2022 An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in... 7.8 HIGH https://packetstormsecurity.com/files/165272/Online-Thesis-Archiving-System-1.0-SQL-Injection-Cross-Site-Scripting.html
CVE-2022-0213 Jan. 14, 2022 vim is vulnerable to Heap-based Buffer Overflow... 6.6 MEDIUM https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26
CVE-2021-45334 Jan. 10, 2022 Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin... 9.8 CRITICAL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
CVE-2021-36411 Jan. 10, 2022 An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength ... 5.5 MEDIUM https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html
CVE-2022-0158 Jan. 10, 2022 vim is vulnerable to Heap-based Buffer Overflow... 3.3 LOW http://www.openwall.com/lists/oss-security/2022/01/15/1
CVE-2022-0156 Jan. 10, 2022 vim is vulnerable to Use After Free... 5.5 MEDIUM http://www.openwall.com/lists/oss-security/2022/01/15/1
CVE-2021-46144 Jan. 6, 2022 Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.... 6.1 MEDIUM https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0
CVE-2021-46074 Jan. 6, 2022 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login pan... 4.8 MEDIUM https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1361.yaml
CVE-2021-46073 Jan. 6, 2022 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login pa... 4.8 MEDIUM https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1353.yaml
CVE-2022-0128 Jan. 6, 2022 vim is vulnerable to Out-of-bounds Read... 7.8 HIGH http://www.openwall.com/lists/oss-security/2022/01/15/1
CVE-2022-21650 Jan. 4, 2022 Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file wit... 5.4 MEDIUM https://github.com/convos-chat/convos/commit/5c0a1ec9a2c147bc3b63fd5a48da5f32e18fe5df
CVE-2022-20019 Jan. 4, 2022 In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with ... 5.5 MEDIUM https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
CVE-2021-45980 Jan. 4, 2022 Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.... 7.8 HIGH https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1188.yaml
CVE-2021-45979 Jan. 4, 2022 Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.... 7.8 HIGH https://github.com/babelouest/glewlwyd/releases/tag/v2.6.1
CVE-2021-45978 Jan. 4, 2022 Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.... 7.8 HIGH https://huntr.dev/bounties/d66f90d6-1b5f-440d-8be6-cdffc9d4587e
CVE-2021-30273 Jan. 3, 2022 Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, S... 7.5 HIGH https://www.plsanu.com/vehicle-service-management-system-settings-stored-cross-site-scripting-xss
CVE-2021-41817 Jan. 1, 2022 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1,... 7.5 HIGH https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss
CVE-2021-45939 Dec. 31, 2021 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Subscribe).... 5.5 MEDIUM https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1349.yaml
CVE-2021-45938 Dec. 31, 2021 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Unsubscribe).... 5.5 MEDIUM https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1348.yaml
CVE-2021-45937 Dec. 31, 2021 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_WaitType and MqttClient_Connect).... 5.5 MEDIUM https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1204.yaml
CVE-2021-45936 Dec. 31, 2021 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Disconnect (called from MqttClient_DecodePacket and MqttClient_WaitType).... 5.5 MEDIUM https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-45980
CVE-2021-45934 Dec. 31, 2021 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_DecodePacket (called from MqttClient_HandlePacket and MqttClient_WaitType).... 5.5 MEDIUM https://github.com/google/oss-fuzz-vulns/blob/main/vulns/wolfmqtt/OSV-2021-1211.yaml
CVE-2021-45933 Dec. 31, 2021 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket... 5.5 MEDIUM https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-45979
CVE-2021-45932 Dec. 31, 2021 wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in MqttDecode_Publish (called from MqttClient_DecodePacket and MqttClient_HandlePacket... 5.5 MEDIUM https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-45978
CVE-2021-4193 Dec. 31, 2021 vim is vulnerable to Out-of-bounds Read... 5.5 MEDIUM http://www.openwall.com/lists/oss-security/2022/01/15/1
CVE-2020-20595 Dec. 22, 2021 A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.... 6.5 MEDIUM https://github.com/Sea0o/vulnerability/issues/1
CVE-2021-45263 Dec. 22, 2021 An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application c... 5.5 MEDIUM https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
CVE-2021-45267 Dec. 22, 2021 An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and applic... 5.5 MEDIUM https://support.apple.com/en-us/HT212979
CVE-2021-45260 Dec. 22, 2021 A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application cras... 5.5 MEDIUM https://support.apple.com/en-us/HT212981
CVE-2021-45262 Dec. 22, 2021 An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.... 5.5 MEDIUM https://support.apple.com/en-us/HT212976
CVE-2021-45266 Dec. 22, 2021 A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and applicat... 7.5 HIGH https://wordpress.org/plugins/contact-form-cfdb7/#developers
CVE-2021-36886 Dec. 22, 2021 Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).... 8.8 HIGH https://www.openssl.org/news/secadv/20211214.txt
CVE-2021-21926 Dec. 22, 2021 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This ca... 6.5 MEDIUM https://www.ibm.com/support/pages/node/6526488
CVE-2021-38966 Dec. 21, 2021 IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W... 5.4 MEDIUM https://github.com/Sea0o/vulnerability/issues/2
CVE-2021-26800 Dec. 16, 2021 Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows... 6.5 MEDIUM https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/
CVE-2020-35210 Dec. 16, 2021 A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest ... 6.5 MEDIUM https://github.com/sulu/sulu/security/advisories/GHSA-vx6j-pjrh-vgjh
CVE-2020-35209 Dec. 16, 2021 An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.... 7.5 HIGH https://excellium-services.com/cert-xlm-advisory/cve-2019-19614/
CVE-2021-45097 Dec. 16, 2021 KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropria... 5.5 MEDIUM https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215
CVE-2021-45096 Dec. 16, 2021 KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.... 4.3 MEDIUM https://gist.github.com/WinMin/46165779215f1d47ec257210428c0240
CVE-2021-43518 Dec. 15, 2021 Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading ... 7.8 HIGH https://community.opmantek.com/display/OA/Release+Notes+for+Open-AudIT+v4.3.0
CVE-2021-43836 Dec. 15, 2021 Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files v... 8.8 HIGH https://www.knime.com/changelog-v45
CVE-2021-45092 Dec. 15, 2021 Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.... 9.8 CRITICAL https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427
CVE-2021-4044 Dec. 14, 2021 Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a nega... 7.5 HIGH https://wordpress.org/plugins/contact-form-cfdb7/#developers
CVE-2021-4092 Dec. 11, 2021 yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)... 4.3 MEDIUM https://huntr.dev/bounties/7b58c160-bb62-45fe-ad1f-38354378b89e
CVE-2021-3829 Dec. 10, 2021 openwhyd is vulnerable to URL Redirection to Untrusted Site... 6.1 MEDIUM https://huntr.dev/bounties/6b8acb0c-8b5d-461e-9b46-b1bfb5a8ccdf
CVE-2021-36911 Dec. 10, 2021 Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with ... 5.4 MEDIUM https://wordpress.org/plugins/comment-engine-pro/
CVE-2021-20373 Dec. 9, 2021 IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the ... 7.5 HIGH https://www.ibm.com/support/pages/node/6523804
CVE-2021-41246 Dec. 9, 2021 Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` ... 8.8 HIGH https://github.com/auth0/express-openid-connect/releases/tag/v2.5.2
CVE-2021-21955 Dec. 9, 2021 An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.... 7.5 HIGH https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0002-OP-TEE_TrustZone_bypass_at_wakeup.txt
CVE-2021-21954 Dec. 9, 2021 A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. ... 9.9 CRITICAL http://tp-link.com
CVE-2021-40282 Dec. 9, 2021 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.... 8.8 HIGH https://huntr.dev/bounties/81838575-e170-41fb-b451-92c1c8aab092
CVE-2021-40281 Dec. 9, 2021 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.... 8.8 HIGH https://www.mozilla.org/security/advisories/mfsa2021-48/
CVE-2021-43535 Dec. 8, 2021 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially ex... 8.8 HIGH https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/
CVE-2021-43534 Dec. 8, 2021 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of... 8.8 HIGH https://github.com/ComparedArray/printix-CVE-2022-25090
CVE-2021-37941 Dec. 8, 2021 A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application runni... 7.8 HIGH https://www.vmware.com/security/advisories/VMSA-2020-0006
CVE-2021-41450 Dec. 8, 2021 An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a ... 7.5 HIGH https://snyk.io/vuln/SNYK-JS-LOCUTUS-598675
CVE-2021-44149 Dec. 7, 2021 An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security acces... 7.8 HIGH https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/
CVE-2021-4069 Dec. 6, 2021 vim is vulnerable to Use After Free... 7.8 HIGH https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9
CVE-2021-4019 Dec. 1, 2021 vim is vulnerable to Heap-based Buffer Overflow... 7.8 HIGH https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142
CVE-2021-3984 Dec. 1, 2021 vim is vulnerable to Heap-based Buffer Overflow... 7.8 HIGH https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655
CVE-2020-10627 Dec. 1, 2021 Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manuf... 8.1 HIGH https://www.myomnipod.com/security-bulletins
CVE-2021-43358 Nov. 30, 2021 Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authenti... 7.5 HIGH https://docs.jamf.com/10.32.0/jamf-pro/release-notes/Resolved_Issues.html
CVE-2021-40809 Nov. 30, 2021 An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that u... 8.8 HIGH https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2021-24918 Nov. 29, 2021 The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As... 5.4 MEDIUM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
CVE-2021-24927 Nov. 29, 2021 The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any... 5.4 MEDIUM https://huntr.dev/bounties/d19aed43-75bc-4a03-91a0-4d0bb516bc32
CVE-2021-24908 Nov. 29, 2021 The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected ... 6.1 MEDIUM https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
CVE-2021-26611 Nov. 26, 2021 HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, fac... 9.8 CRITICAL https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320
CVE-2021-21980 Nov. 24, 2021 The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on v... 7.5 HIGH https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35
CVE-2021-32004 Nov. 22, 2021 This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker ... 5.3 MEDIUM https://github.com/matrix-org/synapse/pull/9393
CVE-2021-44144 Nov. 22, 2021 Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.... 9.1 CRITICAL https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
CVE-2021-3974 Nov. 19, 2021 vim is vulnerable to Use After Free... 7.8 HIGH https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6
CVE-2021-3973 Nov. 19, 2021 vim is vulnerable to Heap-based Buffer Overflow... 7.8 HIGH https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847
CVE-2021-23146 Nov. 18, 2021 An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affe... 7.5 HIGH https://github.com/saltstack/salt/releases
CVE-2021-26444 Nov. 9, 2021 Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-42301, CVE-2021-42323.... 5.5 MEDIUM https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
CVE-2021-29843 Nov. 8, 2021 IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force I... 6.5 MEDIUM https://wpscan.com/vulnerability/9841176d-1d37-4636-9144-0ca42b6f3605
CVE-2021-24674 Nov. 8, 2021 The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logge... 6.5 MEDIUM https://www.ibm.com/support/pages/node/6514007
CVE-2021-24669 Nov. 8, 2021 The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, whi... 8.8 HIGH https://stor2rrd.com/note730.php
CVE-2021-24664 Nov. 8, 2021 The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape the... 4.8 MEDIUM https://stor2rrd.com/note730.php
CVE-2021-24631 Nov. 8, 2021 The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to... 8.8 HIGH https://stor2rrd.com/note730.php
CVE-2021-29735 Nov. 8, 2021 IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary... 5.4 MEDIUM https://my.cloudera.com/knowledge/TSB-2021-487-Cloudera-Hue-is-vulnerable-to-Cross-Site?id=324634
CVE-2021-24767 Nov. 8, 2021 The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could... 6.5 MEDIUM https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05
CVE-2021-42662 Nov. 5, 2021 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday re... 5.4 MEDIUM https://github.com/TheHackingRabbi/CVE-2021-42662
CVE-2021-42664 Nov. 5, 2021 A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz descrip... 5.4 MEDIUM https://github.com/TheHackingRabbi/CVE-2021-42664
CVE-2021-3927 Nov. 5, 2021 vim is vulnerable to Heap-based Buffer Overflow... 7.8 HIGH https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
CVE-2021-3928 Nov. 5, 2021 vim is vulnerable to Stack-based Buffer Overflow... 7.8 HIGH https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
CVE-2021-41312 Nov. 3, 2021 Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to en... 7.5 HIGH https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html
CVE-2021-39237 Nov. 2, 2021 Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.... 4.6 MEDIUM https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKMUMLUH6ENNMLGTJ5AFRF6764ILEMYJ/
CVE-2021-39238 Nov. 2, 2021 Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overfl... 9.8 CRITICAL https://www.mozilla.org/security/advisories/mfsa2021-37/
CVE-2021-29991 Nov. 2, 2021 Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack agains... 8.1 HIGH https://www.mozilla.org/security/advisories/mfsa2021-38/
CVE-2021-41232 Nov. 2, 2021 Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerabi... 9.8 CRITICAL https://www.debian.org/security/2021/dsa-4990
CVE-2021-29993 Nov. 2, 2021 Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects F... 8.1 HIGH https://www.mozilla.org/security/advisories/mfsa2021-38/
CVE-2021-38491 Nov. 2, 2021 Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.... 6.5 MEDIUM https://www.mozilla.org/security/advisories/mfsa2021-38/
CVE-2021-38492 Nov. 2, 2021 When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scri... 6.5 MEDIUM https://www.mozilla.org/security/advisories/mfsa2021-40/
CVE-2021-38493 Nov. 2, 2021 Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption an... 8.8 HIGH https://www.mozilla.org/security/advisories/mfsa2021-43/
CVE-2021-38494 Nov. 2, 2021 Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with... 8.8 HIGH https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html
CVE-2021-38495 Nov. 2, 2021 Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume ... 8.8 HIGH https://www.mozilla.org/security/advisories/mfsa2021-43/
CVE-2021-38496 Nov. 2, 2021 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploit... 8.8 HIGH https://lists.debian.org/debian-lts-announce/2021/10/msg00020.html
CVE-2021-38497 Nov. 2, 2021 Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible use... 6.5 MEDIUM https://www.mozilla.org/security/advisories/mfsa2021-43/
CVE-2021-41728 Oct. 28, 2021 Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles.... 6.1 MEDIUM https://www.ibm.com/support/pages/node/6508583
CVE-2020-25422 Oct. 28, 2021 A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted pay... 5.4 MEDIUM https://www.ibm.com/support/pages/node/6508583
CVE-2021-22453 Oct. 28, 2021 A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process cra... 3.3 LOW https://www.ibm.com/support/pages/node/6507095
CVE-2021-34794 Oct. 27, 2021 A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) S... 5.3 MEDIUM https://github.com/nameko/nameko/security/advisories/GHSA-6p52-jr3q-c94g
CVE-2021-34793 Oct. 27, 2021 A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in tra... 8.6 HIGH https://seclists.org/oss-sec/2011/q4/249
CVE-2021-34792 Oct. 27, 2021 A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow a... 7.5 HIGH http://seclists.org/fulldisclosure/2021/Oct/33
CVE-2021-22101 Oct. 27, 2021 Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers t... 7.5 HIGH https://www.gestionaleopen.org/
CVE-2020-24932 Oct. 27, 2021 An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.... 9.8 CRITICAL https://sourceforge.net/projects/open-clinic/files/latest/download
CVE-2021-29713 Oct. 27, 2021 IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI... 5.4 MEDIUM https://www.cloudfoundry.org/blog/cve-2019-3801
CVE-2021-29774 Oct. 27, 2021 IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.... 7.5 HIGH https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35344
CVE-2021-20526 Oct. 27, 2021 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote att... 5.3 MEDIUM https://access.redhat.com/errata/RHSA-2019:1571
CVE-2021-3903 Oct. 27, 2021 vim is vulnerable to Heap-based Buffer Overflow... 7.8 HIGH https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
CVE-2021-41078 Oct. 26, 2021 Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.... 7.8 HIGH https://github.com/signalwire/freeswitch/commit/b21dd4e7f3a6f1d5f7be3ea500a319a5bc11db9e
CVE-2021-38450 Oct. 26, 2021 The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended co... 8.8 HIGH https://github.com/signalwire/freeswitch/releases/tag/v1.10.7
CVE-2021-41035 Oct. 25, 2021 In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.... 9.8 CRITICAL https://github.com/eclipse-openj9/openj9/pull/13740
CVE-2021-21319 Oct. 25, 2021 Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can ... 5.4 MEDIUM https://wpscan.com/vulnerability/d0b312f8-8b16-45be-b5e5-bf9d4b3e9b1e
CVE-2021-24885 Oct. 25, 2021 The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cro... 6.1 MEDIUM https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6
CVE-2020-20908 Oct. 25, 2021 Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts ... 5.4 MEDIUM https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm
CVE-2021-41145 Oct. 25, 2021 FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that... 7.5 HIGH https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
CVE-2021-35230 Oct. 22, 2021 As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileg... 6.7 MEDIUM https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6
CVE-2020-36490 Oct. 22, 2021 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepa... 5.4 MEDIUM https://github.com/nothings/stb/issues/1225
CVE-2021-40719 Oct. 21, 2021 Adobe Connect version 11.2.2 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation whe... 9.8 CRITICAL https://www.ibm.com/support/pages/node/6507077
CVE-2021-36869 Oct. 21, 2021 Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.... 6.1 MEDIUM https://www.ibm.com/support/pages/node/6497111
CVE-2021-41168 Oct. 21, 2021 Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found... 6.5 MEDIUM https://github.com/nothings/stb/pull/1223
CVE-2021-34743 Oct. 20, 2021 A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an externa... 7.1 HIGH https://www.compass-security.com/fileadmin/Research/Advisories/2021-18_CSNC-2021-018-WPMailster_XSS_CSRF.txt
CVE-2021-2483 Oct. 20, 2021 Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Supported versions that are affected... 8.1 HIGH https://www.vertiv.com/en-us/support/software-download/software/trellis-enterprise-and-quick-start-solutions-software-downloads/
CVE-2021-2484 Oct. 20, 2021 Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Supported versions th... 8.1 HIGH https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4
CVE-2021-2485 Oct. 20, 2021 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Supported versions that are affected are 12.1.1-1... 8.1 HIGH https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch
CVE-2021-32663 Oct. 19, 2021 iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given ... 7.5 HIGH https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec
CVE-2021-32664 Oct. 19, 2021 Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged... 4.8 MEDIUM https://github.com/Combodo/iTop/commit/84741c19f0af6fa8e7082a8807eb089182e7b88a
CVE-2021-41131 Oct. 19, 2021 python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path trav... 8.7 HIGH https://github.com/theupdateframework/python-tuf/issues/1527
CVE-2021-41140 Oct. 19, 2021 Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given b... 5.3 MEDIUM https://github.com/discourse/discourse-reactions/security/advisories/GHSA-9358-hwg5-jrmh
CVE-2021-3746 Oct. 19, 2021 A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafte... 6.5 MEDIUM https://plugins.trac.wordpress.org/browser/indeed-job-importer/trunk/indeed-job-importer.php#L224
CVE-2021-37136 Oct. 19, 2021 The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size us... 7.5 HIGH https://plugins.trac.wordpress.org/browser/mpl-publisher/trunk/libs/PublisherController.php#L35
CVE-2021-39355 Oct. 19, 2021 The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via severa... 4.8 MEDIUM https://plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165
CVE-2021-39343 Oct. 19, 2021 The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several para... 4.8 MEDIUM https://wordpress.org/plugins/icegram/#developers
CVE-2021-39329 Oct. 19, 2021 The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several paramet... 4.8 MEDIUM https://support.apple.com/en-us/HT212805
CVE-2021-37137 Oct. 19, 2021 The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved ... 7.5 HIGH https://support.apple.com/en-us/HT212805
CVE-2021-27001 Oct. 19, 2021 Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authentic... 5.5 MEDIUM https://www.ibm.com/support/pages/node/6505283
CVE-2021-26589 Oct. 19, 2021 A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Sit... 6.1 MEDIUM https://github.com/contiki-ng/contiki-ng/pull/1355
CVE-2021-36832 Oct. 19, 2021 WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) ... 5.4 MEDIUM https://www.ibm.com/support/pages/node/6505281
CVE-2021-30830 Oct. 19, 2021 A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A... 7.8 HIGH https://support.apple.com/en-us/HT212805
CVE-2021-31352 Oct. 19, 2021 An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, ... 5.3 MEDIUM https://success.trendmicro.com/solution/000289230
CVE-2021-31356 Oct. 19, 2021 A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be ab... 7.8 HIGH https://bugs.launchpad.net/mailman/+bug/1947640
CVE-2021-31357 Oct. 19, 2021 A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access ... 7.8 HIGH https://bugs.launchpad.net/mailman/+bug/1947639
CVE-2021-31364 Oct. 19, 2021 An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Ju... 5.9 MEDIUM https://www.cnvd.org.cn/flaw/show/CNVD-2020-49480
CVE-2021-3872 Oct. 19, 2021 vim is vulnerable to Heap-based Buffer Overflow... 7.8 HIGH https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
CVE-2021-29745 Oct. 15, 2021 IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which... 8.8 HIGH https://github.com/Dir0x/CVE-2021-43140
CVE-2021-29679 Oct. 15, 2021 IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled inpu... 8.8 HIGH https://www.exploit-db.com/exploits/50158
CVE-2020-4951 Oct. 15, 2021 IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.... 3.3 LOW https://www.zerodayinitiative.com/advisories/ZDI-21-909/
CVE-2021-37726 Oct. 12, 2021 A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has... 9.8 CRITICAL https://www.ibm.com/support/pages/node/6513681
CVE-2021-40462 Oct. 12, 2021 Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability... 7.8 HIGH https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
CVE-2021-40464 Oct. 12, 2021 Windows Nearby Sharing Elevation of Privilege Vulnerability... 8.0 HIGH https://security.netapp.com/advisory/ntap-20211112-0005/
CVE-2021-40465 Oct. 12, 2021 Windows Text Shaping Remote Code Execution Vulnerability... 7.8 HIGH https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/janobe/CVE-nu11-101321
CVE-2021-29004 Oct. 11, 2021 rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not se... 8.8 HIGH https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt
CVE-2021-29006 Oct. 11, 2021 rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.... 6.5 MEDIUM https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29006-POC.py
CVE-2021-39317 Oct. 11, 2021 Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable to arbitrary file uploads via the plugin_offline_ins... 8.8 HIGH https://plugins.trac.wordpress.org/changeset/2602132/access-demo-importer/trunk/inc/demo-functions.php
CVE-2021-40886 Oct. 11, 2021 Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to by... 6.5 MEDIUM https://www.johnsoncontrols.com/cyber-solutions/security-advisories
CVE-2021-40884 Oct. 11, 2021 Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php an... 8.1 HIGH https://www.ibm.com/support/pages/node/6496777
CVE-2021-27665 Oct. 11, 2021 An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and caus... 7.5 HIGH https://www.ibm.com/support/pages/node/6496781
CVE-2021-40541 Oct. 11, 2021 PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated... 6.1 MEDIUM https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832
CVE-2021-35059 Oct. 11, 2021 OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.... 6.1 MEDIUM https://github.com/zulip/zulip/security/advisories/GHSA-4h36-mqfq-42jg
CVE-2021-24719 Oct. 11, 2021 The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions... 6.1 MEDIUM https://wpscan.com/vulnerability/a53e213f-6011-47f8-93e6-aa5ad30e857e
CVE-2021-20600 Oct. 8, 2021 Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a re... 5.9 MEDIUM https://jvn.jp/en/jp/JVN36340790/
CVE-2021-35977 Oct. 8, 2021 An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. ... 9.8 CRITICAL https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33603
CVE-2021-41133 Oct. 8, 2021 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak a... 7.8 HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX/
CVE-2021-36767 Oct. 8, 2021 In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protec... 9.8 CRITICAL http://www.binaryworld.it/guidepoc.asp
CVE-2021-20489 Oct. 7, 2021 IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and u... 8.8 HIGH https://www.ibm.com/support/pages/node/6496785
CVE-2021-20481 Oct. 7, 2021 IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript... 6.1 MEDIUM https://www.openwaygroup.com/way4-platform
CVE-2021-20473 Oct. 7, 2021 IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to i... 6.5 MEDIUM https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca
CVE-2021-41511 Oct. 4, 2021 The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass auth... 9.8 CRITICAL https://github.com/Ni7inSharma/CVE-2021-41511
CVE-2021-41824 Sept. 29, 2021 Craft CMS before 3.7.14 allows CSV injection.... 8.8 HIGH https://github.com/craftcms/cms/security/advisories/GHSA-h7vq-5qgw-jwwq
CVE-2021-39821 Sept. 29, 2021 Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrar... 7.8 HIGH http://www.openwall.com/lists/oss-security/2021/06/10/5
CVE-2021-3828 Sept. 27, 2021 nltk is vulnerable to Inefficient Regular Expression Complexity... 7.5 HIGH http://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-41617 Sept. 26, 2021 sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups ... 7.0 HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
CVE-2021-41381 Sept. 23, 2021 Payara Micro Community 5.2021.6 and below allows Directory Traversal.... 7.5 HIGH https://github.com/Net-hunter121/CVE-2021-41381/blob/main/CVE:%202021-41381-POC
CVE-2021-22005 Sept. 23, 2021 The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCen... 9.8 CRITICAL https://www.vmware.com/security/advisories/VMSA-2021-0020.html
CVE-2021-32276 Sept. 20, 2021 An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an atta... 5.5 MEDIUM https://www.mozilla.org/security/advisories/mfsa2021-43/
CVE-2021-25741 Sept. 20, 2021 A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories ... 8.1 HIGH https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s
CVE-2021-39537 Sept. 20, 2021 An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.... 8.8 HIGH https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
CVE-2021-32280 Sept. 20, 2021 An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function compute_closed_spline() located in trans_spline.c.... 5.5 MEDIUM https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/
CVE-2021-38177 Sept. 14, 2021 SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted mal... 7.5 HIGH https://www.kingjim.co.jp/download/security/#sr01
CVE-2020-21050 Sept. 14, 2021 Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.... 6.5 MEDIUM https://cwe.mitre.org/data/definitions/121.html
CVE-2021-33285 Sept. 7, 2021 In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow ... 7.8 HIGH https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2021-39251 Sept. 7, 2021 A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.... 7.8 HIGH http://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39252 Sept. 7, 2021 A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.... 7.8 HIGH http://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-39253 Sept. 7, 2021 A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.... 7.8 HIGH http://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-33289 Sept. 7, 2021 In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code... 7.8 HIGH http://tuxera.com
CVE-2021-35268 Sept. 7, 2021 In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur ... 7.8 HIGH http://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-33286 Sept. 7, 2021 In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a heap buffer overflow can occur and allow for c... 7.8 HIGH http://www.openwall.com/lists/oss-security/2021/08/30/1
CVE-2021-35269 Sept. 7, 2021 NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overfl... 7.8 HIGH http://www.openwall.com/lists/oss-security/2016/12/01/2
CVE-2020-19750 Sept. 7, 2021 An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.... 7.5 HIGH https://github.com/gpac/gpac/issues/1262
CVE-2020-19751 Sept. 7, 2021 An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.... 9.1 CRITICAL https://github.com/gpac/gpac/issues/1272
CVE-2021-40528 Sept. 6, 2021 The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a cert... 5.9 MEDIUM https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
CVE-2020-18048 Sept. 2, 2021 An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.... 9.8 CRITICAL https://github.com/bertanddip/CraigMS/issues/1
CVE-2021-34746 Sept. 1, 2021 A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) coul... 9.8 CRITICAL https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
CVE-2021-36981 Aug. 31, 2021 In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.... 8.8 HIGH https://github.com/SerNet/verinice/compare/1.22.1...1.22.2
CVE-2021-37712 Aug. 31, 2021 The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution v... 8.6 HIGH https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
CVE-2020-19001 Aug. 27, 2021 Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/... 9.8 CRITICAL https://github.com/tankywoo/simiki/issues/123
CVE-2021-30931 Aug. 24, 2021 A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2, Security Update 2021-008 Cat... 5.5 MEDIUM https://medium.com/@mayhem7999/cve-2021-43441-2fcc857cb6bb
CVE-2021-24556 Aug. 23, 2021 The kento_email_subscriber_ajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the ... 6.1 MEDIUM https://www.ibm.com/support/pages/node/6482689
CVE-2021-24555 Aug. 23, 2021 The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL sta... 8.8 HIGH https://x-stream.github.io/CVE-2021-39139.html
CVE-2021-29704 Aug. 23, 2021 IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... 7.5 HIGH https://huntr.dev/bounties/dd54c5a1-0d4a-4f02-a111-7ce4ddc67a4d
CVE-2021-29802 Aug. 23, 2021 IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies... 7.5 HIGH https://huntr.dev/bounties/d32f3d5a-0738-41ba-89de-34f2a772de76
CVE-2021-39139 Aug. 23, 2021 XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load an... 8.8 HIGH https://huntr.dev/bounties/ea181323-51f8-46a2-a60f-6a401907feb7
CVE-2021-3728 Aug. 23, 2021 firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)... 6.5 MEDIUM https://www.netmodule.com
CVE-2021-39609 Aug. 23, 2021 Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.... 5.4 MEDIUM https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-39609
CVE-2020-18775 Aug. 23, 2021 In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a... 6.5 MEDIUM https://cwe.mitre.org/data/definitions/126.html
CVE-2020-18778 Aug. 23, 2021 In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a... 6.5 MEDIUM https://cwe.mitre.org/data/definitions/126.html
CVE-2020-18771 Aug. 23, 2021 Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information l... 8.1 HIGH https://github.com/Exiv2/exiv2/issues/756
CVE-2020-36477 Aug. 22, 2021 An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of m... 5.9 MEDIUM https://wpscan.com/vulnerability/f050aedc-f79f-4b27-acac-0cdb33b25af8
CVE-2020-36476 Aug. 22, 2021 An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in ... 7.5 HIGH https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f
CVE-2020-36475 Aug. 22, 2021 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are... 7.5 HIGH https://www.ibm.com/support/pages/node/6482585
CVE-2021-22246 Aug. 20, 2021 A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook feature could be abused to perform denial of service... 6.5 MEDIUM https://gitlab.com/gitlab-org/gitlab/-/issues/280633
CVE-2021-22238 Aug. 20, 2021 An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in... 5.4 MEDIUM https://gitlab.com/gitlab-org/gitlab/-/issues/332420
CVE-2021-21823 Aug. 20, 2021 An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted se... 7.5 HIGH https://www.kb.cert.org/vuls/id/608209
CVE-2021-28641 Aug. 20, 2021 Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-fr... 7.8 HIGH https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
CVE-2021-28642 Aug. 20, 2021 Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Out-of-bound... 7.8 HIGH https://github.com/ARMmbed/mbedtls/releases/tag/v2.24.0
CVE-2021-28643 Aug. 20, 2021 Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Type Confusio... 3.3 LOW https://github.com/ARMmbed/mbedtls/releases/tag/v2.25.0
CVE-2021-28640 Aug. 20, 2021 Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Use-after-fr... 7.3 HIGH https://www.kb.cert.org/vuls/id/608209
CVE-2020-18885 Aug. 20, 2021 Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.p... 7.2 HIGH https://github.com/gaozhifeng/PHPMyWind/issues/4
CVE-2021-31226 Aug. 19, 2021 An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due t... 9.8 CRITICAL https://wordfence.com/vulnerability-advisories/#CVE-2021-34645
CVE-2021-34645 Aug. 19, 2021 The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_currency_settings function found in the ... 8.8 HIGH https://github.com/1N3/Sn1per/releases
CVE-2021-31868 Aug. 19, 2021 Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing featu... 5.4 MEDIUM https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E
CVE-2021-39273 Aug. 19, 2021 In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the... 8.8 HIGH https://github.com/pimcore/pimcore/security/advisories/GHSA-pp2h-95hm-hv9r
CVE-2020-18899 Aug. 19, 2021 An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS)... 6.5 MEDIUM https://github.com/Exiv2/exiv2/issues/742
CVE-2021-34745 Aug. 18, 2021 A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM priv... 7.8 HIGH https://jsoup.org/news/release-1.14.1
CVE-2021-32588 Aug. 18, 2021 A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and ... 9.8 CRITICAL https://pivotal.io/security/cve-2015-5170-5173
CVE-2021-38291 Aug. 12, 2021 FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.... 7.5 HIGH https://www.mozilla.org/security/advisories/mfsa2021-38/
CVE-2021-0002 Aug. 11, 2021 Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to pote... 7.1 HIGH https://www.mozilla.org/security/advisories/mfsa2021-38/
CVE-2021-33707 Aug. 10, 2021 SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a ... 6.1 MEDIUM https://github.com/adriankumpf/teslamate/compare/v1.25.0...v1.25.1
CVE-2021-38198 Aug. 8, 2021 arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing g... 5.5 MEDIUM https://github.com/torvalds/linux/commit/b1bd5cba3306691c771d558e94baa73e8b0b96b7
CVE-2021-38114 Aug. 4, 2021 libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.... 5.5 MEDIUM https://github.com/StevenWeathers/thunderdome-planning-poker/security/advisories/GHSA-26cm-qrc6-mfgj
CVE-2021-35477 Aug. 2, 2021 In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass sid... 5.5 MEDIUM https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c
CVE-2021-35942 July 22, 2021 The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called ... 9.1 CRITICAL https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
CVE-2021-37159 July 21, 2021 hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED sta... 6.4 MEDIUM https://security.netapp.com/advisory/ntap-20210819-0003/
CVE-2021-33910 July 20, 2021 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and allo... 5.5 MEDIUM http://www.openwall.com/lists/oss-security/2021/08/04/2
CVE-2021-35043 July 19, 2021 OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a j... 6.1 MEDIUM http://www.openwall.com/lists/oss-security/2021/06/10/6
CVE-2021-22318 July 14, 2021 A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial o... 5.5 MEDIUM https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html
CVE-2021-25953 July 14, 2021 Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote cod... 9.8 CRITICAL https://www.exploit-db.com/exploits/43225/
CVE-2021-0441 July 14, 2021 In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege wi... 7.3 HIGH ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
CVE-2021-0486 July 14, 2021 In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead ... 7.8 HIGH http://www.iss.net/security_center/static/7494.php
CVE-2021-20781 July 13, 2021 Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.... 8.8 HIGH https://wp-filter.com/
CVE-2021-20782 July 13, 2021 Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authenticati... 8.8 HIGH https://wordpress.org/plugins/software-license-manager/
CVE-2021-20784 July 13, 2021 HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or al... 6.1 MEDIUM https://www.voidtools.com/
CVE-2021-22440 July 13, 2021 There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a path... 4.6 MEDIUM http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH
CVE-2021-27038 July 9, 2021 A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A mali... 7.8 HIGH https://github.com/KDE/ark/commits/master
CVE-2021-21775 July 7, 2021 A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted ... 8.8 HIGH https://www.wordfence.com/blog/2021/06/cross-site-request-forgery-patched-in-wp-fluent-forms/
CVE-2021-21807 July 7, 2021 An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed fi... 8.8 HIGH https://ru.wordpress.org/plugins/media-file-organizer/
CVE-2021-34620 July 7, 2021 The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privi... 8.8 HIGH https://wordpress.org/plugins/import-xml-feed/#developers
CVE-2020-24142 July 7, 2021 Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests... 9.8 CRITICAL https://docs.pexip.com/admin/security_bulletins.htm#CVE-2020-25868
CVE-2021-32538 July 7, 2021 ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files witho... 9.8 CRITICAL https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
CVE-2021-24388 July 6, 2021 In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields tha... 5.4 MEDIUM https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg
CVE-2021-36086 June 30, 2021 The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list)... 3.3 LOW https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
CVE-2021-36085 June 30, 2021 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).... 3.3 LOW https://security.netapp.com/advisory/ntap-20211112-0005/
CVE-2021-36084 June 30, 2021 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper)... 3.3 LOW https://security.netapp.com/advisory/ntap-20211112-0005/
CVE-2021-31721 June 30, 2021 Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.... 6.1 MEDIUM https://github.com/nahsra/antisamy/releases/tag/v1.6.4
CVE-2021-31811 June 12, 2021 In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2... 5.5 MEDIUM https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff@%3Cnotifications.ofbiz.apache.org%3E
CVE-2021-31812 June 12, 2021 In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 an... 5.5 MEDIUM http://packetstormsecurity.com/files/164183/Cloudron-6.2-Cross-Site-Scripting.html
CVE-2021-26414 June 8, 2021 Windows DCOM Server Security Feature Bypass... 6.5 MEDIUM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
CVE-2021-20267 May 28, 2021 A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server insta... 7.1 HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1939141
CVE-2021-33558 May 27, 2021 ** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.... 7.5 HIGH https://github.com/mdanzaruddin/CVE-2021-33558./issues/1
CVE-2020-10698 May 27, 2021 A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other o... 3.3 LOW https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325
CVE-2020-26555 May 24, 2021 Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_... 5.4 MEDIUM https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
CVE-2018-25009 May 21, 2021 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().... 9.1 CRITICAL https://epson.com/Support/wa00936
CVE-2021-23892 May 12, 2021 By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW... 7.0 HIGH https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504
CVE-2020-13529 May 10, 2021 An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP c... 6.1 MEDIUM https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
CVE-2021-25664 April 22, 2021 A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Sourc... 7.5 HIGH https://us-cert.cisa.gov/ics/advisories/icsa-21-103-04
CVE-2021-27393 April 22, 2021 A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All ver... 5.3 MEDIUM https://wpscan.com/vulnerability/84e83d52-f69a-4de2-80c8-7c1996b30a04
CVE-2021-21393 April 12, 2021 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... 6.5 MEDIUM https://github.com/matrix-org/synapse/pull/9200
CVE-2021-21392 April 12, 2021 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... 6.3 MEDIUM https://github.com/matrix-org/synapse/pull/9200
CVE-2021-21394 April 12, 2021 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... 6.5 MEDIUM https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
CVE-2021-21333 March 26, 2021 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... 6.1 MEDIUM https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
CVE-2021-21332 March 26, 2021 Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging ... 8.2 HIGH https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
CVE-2020-7346 March 23, 2021 Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through... 7.8 HIGH https://access.redhat.com/errata/RHSA-2019:2713
CVE-2021-28660 March 17, 2021 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] arr... 8.8 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414
CVE-2021-25281 Feb. 27, 2021 An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attack... 9.8 CRITICAL https://github.com/matrix-org/synapse/pull/9393
CVE-2021-25283 Feb. 27, 2021 An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.... 9.8 CRITICAL https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
CVE-2021-25284 Feb. 27, 2021 An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.... 4.4 MEDIUM https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
CVE-2021-3144 Feb. 27, 2021 In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions... 9.1 CRITICAL https://github.com/saltstack/salt/releases
CVE-2021-3148 Feb. 27, 2021 An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command... 9.8 CRITICAL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
CVE-2021-3197 Feb. 27, 2021 An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an ... 9.8 CRITICAL https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB/
CVE-2021-25282 Feb. 27, 2021 An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.... 9.1 CRITICAL https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html
CVE-2020-35662 Feb. 27, 2021 In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.... 7.4 HIGH https://github.com/matrix-org/synapse/pull/8950
CVE-2020-28972 Feb. 27, 2021 In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL... 5.9 MEDIUM https://github.com/matrix-org/synapse/pull/8821
CVE-2020-35568 Feb. 16, 2021 An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An inc... 4.3 MEDIUM https://cert.vde.com/en/advisories/VDE-2022-039
CVE-2020-35570 Feb. 16, 2021 An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated atta... 5.3 MEDIUM https://cert.vde.com/en/advisories/VDE-2022-039
CVE-2020-35566 Feb. 16, 2021 An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An att... 5.3 MEDIUM https://cert.vde.com/en/advisories/VDE-2022-039
CVE-2020-35561 Feb. 16, 2021 An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is ... 5.3 MEDIUM https://cert.vde.com/en/advisories/VDE-2022-039
CVE-2020-35558 Feb. 16, 2021 An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the... 7.5 HIGH https://cert.vde.com/en/advisories/VDE-2022-039
CVE-2020-9453 Feb. 5, 2021 In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other imp... 5.5 MEDIUM http://seclists.org/fulldisclosure/2022/Dec/6
CVE-2020-27818 Dec. 7, 2020 A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cau... 3.3 LOW https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72
CVE-2020-27158 Oct. 27, 2020 Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.... 9.8 CRITICAL https://www.westerndigital.com/support/productsecurity
CVE-2020-25765 Oct. 27, 2020 Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior... 9.8 CRITICAL https://www.westerndigital.com/support/productsecurity
CVE-2020-6648 Oct. 21, 2020 A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9... 6.5 MEDIUM https://www.fortiguard.com/psirt/FG-IR-20-236
CVE-2020-27611 Oct. 21, 2020 BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.... 7.3 HIGH https://github.com/bigbluebutton/bigbluebutton/commit/d0bc77c3dbd858295004f15d7a57ec35e6b203d6
CVE-2020-5791 Oct. 20, 2020 Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating sy... 7.2 HIGH http://packetstormsecurity.com/files/162235/Nagios-XI-5.7.3-Remote-Code-Execution.html
CVE-2020-3992 Oct. 20, 2020 OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-... 9.8 CRITICAL https://www.zerodayinitiative.com/advisories/ZDI-20-1377/
CVE-2020-13778 Oct. 19, 2020 rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate... 8.8 HIGH https://github.com/theguly/exploits/blob/master/CVE-2020-13778.py
CVE-2020-25829 Oct. 16, 2020 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records... 7.5 HIGH https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
CVE-2020-26682 Oct. 16, 2020 In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.... 8.8 HIGH https://github.com/libass/libass/issues/431
CVE-2020-7591 Oct. 15, 2020 A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to im... 8.8 HIGH https://us-cert.cisa.gov/ics/advisories/icsa-20-287-06
CVE-2020-15792 Oct. 15, 2020 A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query paramete... 4.3 MEDIUM https://us-cert.cisa.gov/ics/advisories/icsa-20-287-05
CVE-2020-6343 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6342 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6341 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6340 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6339 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6338 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of t... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6337 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6336 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6335 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6334 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
CVE-2020-6333 Sept. 9, 2020 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of ... 4.3 MEDIUM https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff@%3Cnotifications.ofbiz.apache.org%3E
CVE-2020-24654 Sept. 2, 2020 In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operatio... 3.3 LOW https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
CVE-2020-16116 Aug. 3, 2020 In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.... 3.3 LOW https://bugzilla.suse.com/show_bug.cgi?id=1175857
CVE-2020-14678 July 15, 2020 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 a... 7.2 HIGH https://security.netapp.com/advisory/ntap-20200717-0004/
CVE-2020-14680 July 15, 2020 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. E... 6.5 MEDIUM https://github.com/tharsis/evmos/releases/tag/v2.0.1
CVE-2020-14702 July 15, 2020 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 a... 4.9 MEDIUM https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
CVE-2020-14575 July 15, 2020 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily ... 4.9 MEDIUM https://www.robotemi.com/software-updates/
CVE-2020-14697 July 15, 2020 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 a... 7.2 HIGH https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
CVE-2019-18256 June 29, 2020 BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with ph... 4.6 MEDIUM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-wsma-info
CVE-2020-14472 June 24, 2020 On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.... 9.8 CRITICAL https://security.gradle.com/advisory/CVE-2020-15767
CVE-2020-7667 June 24, 2020 In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived ... 7.5 HIGH https://github.com/torvalds/linux/commit/bcd0f93353326954817a4f9fa55ec57fb38acbb0
CVE-2020-7664 June 23, 2020 In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include lea... 7.5 HIGH https://www.ibm.com/support/pages/node/6520420
CVE-2020-14401 June 17, 2020 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.... 6.5 MEDIUM https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14402 June 17, 2020 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.... 5.4 MEDIUM https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
CVE-2020-14403 June 17, 2020 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.... 5.4 MEDIUM https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10286
CVE-2020-9803 June 9, 2020 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari ... 8.8 HIGH https://support.apple.com/HT211171
CVE-2020-9806 June 9, 2020 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, S... 8.8 HIGH https://support.apple.com/HT211171
CVE-2020-9807 June 9, 2020 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, S... 8.8 HIGH https://support.apple.com/HT211171
CVE-2020-13757 June 1, 2020 Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by hel... 7.5 HIGH https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667
CVE-2020-13414 May 22, 2020 An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.... 7.5 HIGH https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
CVE-2020-13413 May 22, 2020 An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perf... 5.3 MEDIUM https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-aviatrix/
CVE-2020-12770 May 9, 2020 An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.... 6.7 MEDIUM https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
CVE-2020-12762 May 9, 2020 json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.... 7.8 HIGH https://github.com/json-c/json-c/pull/592
CVE-2020-10951 April 15, 2020 Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.... 4.7 MEDIUM https://www.westerndigital.com/support/productsecurity/wdc-19012-my-cloud-home-and-ibi-portal-websites-clickjacking-vulnerability
CVE-2020-3900 April 1, 2020 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari... 8.8 HIGH https://support.apple.com/HT211102
CVE-2020-3899 April 1, 2020 A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safar... 8.8 HIGH https://support.apple.com/HT211102
CVE-2020-3895 April 1, 2020 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari... 8.8 HIGH https://support.apple.com/HT211102
CVE-2020-1712 March 31, 2020 A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus ... 7.8 HIGH https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54
CVE-2020-6812 March 25, 2020 The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera ... 5.3 MEDIUM https://usn.ubuntu.com/4328-1/
CVE-2019-19614 March 9, 2020 An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the l... 7.5 HIGH https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-572804
CVE-2020-8648 Feb. 5, 2020 There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.... 7.1 HIGH https://bugzilla.kernel.org/show_bug.cgi?id=206361
CVE-2020-3939 Feb. 4, 2020 SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attacker... 6.1 MEDIUM https://security.gradle.com/advisory/CVE-2020-15771
CVE-2020-6007 Jan. 23, 2020 Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during th... 7.9 HIGH https://www2.meethue.com/en-us/support/release-notes/bridge
CVE-2019-20386 Jan. 21, 2020 An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may o... 2.4 LOW https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad
CVE-2014-0048 Jan. 2, 2020 An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.... 9.8 CRITICAL http://www.openwall.com/lists/oss-security/2015/03/24/22
CVE-2019-19774 Dec. 13, 2019 An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /e... 8.8 HIGH http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
CVE-2019-18420 Oct. 31, 2019 An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall... 6.5 MEDIUM http://www.openwall.com/lists/oss-security/2019/10/31/1
CVE-2019-11281 Oct. 16, 2019 Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.1... 4.8 MEDIUM http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
CVE-2019-15021 Oct. 9, 2019 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbo... 5.3 MEDIUM https://supportcontent.ibm.com/support/pages/node/886885
CVE-2019-1584 Oct. 9, 2019 A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a mal... 9.8 CRITICAL https://www.exploit-db.com/exploits/42290/
CVE-2019-15023 Oct. 9, 2019 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in ... 7.5 HIGH https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html
CVE-2019-15022 Oct. 9, 2019 A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing.... 7.5 HIGH https://gist.github.com/scottgoodwin90/19ccecdc9f5733c0a9381765cfc7fe39
CVE-2019-15020 Oct. 9, 2019 A security vulnerability exists in the Zingbox Inspector versions 1.293 and earlier, that could allow an attacker to supply an invalid software update... 9.8 CRITICAL http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
CVE-2019-15019 Oct. 9, 2019 A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that could allow an attacker to supply an invalid software update... 9.8 CRITICAL http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
CVE-2019-15018 Oct. 9, 2019 A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector i... 7.5 HIGH http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
CVE-2019-13332 Oct. 3, 2019 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is requir... 7.8 HIGH https://www.zerodayinitiative.com/advisories/ZDI-19-855/
CVE-2019-13331 Oct. 3, 2019 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is requir... 7.8 HIGH https://www.zerodayinitiative.com/advisories/ZDI-19-854/
CVE-2019-13330 Oct. 3, 2019 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is requir... 7.8 HIGH https://www.zerodayinitiative.com/advisories/ZDI-19-853/
CVE-2019-13329 Oct. 3, 2019 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to ex... 7.8 HIGH https://www.zerodayinitiative.com/advisories/ZDI-19-852/
CVE-2019-3729 Sept. 30, 2019 RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability wh... 2.4 LOW https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b
CVE-2019-4378 Sept. 26, 2019 IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is vulnerable ... 6.5 MEDIUM http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html
CVE-2019-10424 Sept. 25, 2019 Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with a... 5.5 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1561
CVE-2019-10423 Sept. 25, 2019 Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with a... 5.5 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1551
CVE-2019-10422 Sept. 25, 2019 Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Ext... 6.5 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1548
CVE-2019-10421 Sept. 25, 2019 Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed b... 4.3 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1544
CVE-2019-10420 Sept. 25, 2019 Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with a... 5.5 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1543
CVE-2019-10419 Sept. 25, 2019 Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi... 5.5 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURTIY-1541
CVE-2019-10416 Sept. 25, 2019 Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they c... 6.5 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1577
CVE-2019-10415 Sept. 25, 2019 Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master whe... 6.5 MEDIUM https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1577
CVE-2019-16712 Sept. 23, 2019 ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.... 6.5 MEDIUM http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html
CVE-2019-16709 Sept. 23, 2019 ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.... 6.5 MEDIUM https://www.npmjs.com/advisories/1095
CVE-2019-15138 Sept. 20, 2019 The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.... 7.5 HIGH https://github.com/libav/libav/commits/master/libavcodec/srtdec.c
CVE-2019-9719 Sept. 19, 2019 ** DISPUTED ** A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in M... 8.8 HIGH https://www.us-cert.gov/ics/advisories/icsa-19-255-05
CVE-2019-9009 Sept. 17, 2019 An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.... 7.5 HIGH https://jira.atlassian.com/browse/JRASERVER-69796
CVE-2019-4342 Sept. 17, 2019 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We... 5.4 MEDIUM https://security.netapp.com/advisory/ntap-20191009-0001/
CVE-2019-4183 Sept. 17, 2019 IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that... 7.5 HIGH https://security.netapp.com/advisory/ntap-20191009-0001/
CVE-2019-8449 Sept. 11, 2019 The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosur... 5.3 MEDIUM http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html
CVE-2019-16167 Sept. 9, 2019 sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.... 5.5 MEDIUM http://www.openwall.com/lists/oss-security/2019/12/05/2
CVE-2019-5473 Sept. 9, 2019 An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.... 7.2 HIGH https://hackerone.com/reports/565883
CVE-2019-5467 Sept. 9, 2019 An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulne... 5.4 MEDIUM https://hackerone.com/reports/526325
CVE-2019-5463 Sept. 9, 2019 An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerab... 5.3 MEDIUM https://hackerone.com/reports/477222
CVE-2019-9461 Sept. 6, 2019 In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent netwo... 6.5 MEDIUM https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf
CVE-2019-15954 Sept. 5, 2019 An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on th... 9.9 CRITICAL https://www.ibm.com/support/docview.wss?uid=ibm10958193
CVE-2017-18559 Aug. 21, 2019 The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.... 6.1 MEDIUM https://wpvulndb.com/vulnerabilities/9727
CVE-2014-10377 Aug. 21, 2019 The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.... 6.1 MEDIUM https://wpvulndb.com/vulnerabilities/9812
CVE-2019-4402 Aug. 20, 2019 IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X... 7.5 HIGH https://www.ibm.com/support/docview.wss?uid=ibm10870490
CVE-2019-4049 Aug. 20, 2019 IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the under... 5.5 MEDIUM http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
CVE-2019-11145 Aug. 19, 2019 Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of p... 7.8 HIGH http://seclists.org/fulldisclosure/2019/Aug/25
CVE-2019-15150 Aug. 19, 2019 In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callba... 8.8 HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/
CVE-2019-15237 Aug. 19, 2019 Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.... 7.4 HIGH https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes
CVE-2019-12854 Aug. 15, 2019 Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this... 7.5 HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYWBJHSBBLAHKMRWDWH2XXQDYAGDHB5I/
CVE-2019-9010 Aug. 15, 2019 An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All v... 9.8 CRITICAL https://www.us-cert.gov/ics/advisories/icsa-19-213-03
CVE-2019-13516 Aug. 15, 2019 In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has... 8.8 HIGH https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes
CVE-2016-10884 Aug. 14, 2019 The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.... 8.8 HIGH https://wpvulndb.com/vulnerabilities/9744
CVE-2015-9309 Aug. 14, 2019 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.... 8.8 HIGH https://wpvulndb.com/vulnerabilities/9766
CVE-2015-9308 Aug. 14, 2019 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.... 8.8 HIGH https://wpvulndb.com/vulnerabilities/9766
CVE-2015-9307 Aug. 14, 2019 The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.... 8.8 HIGH https://wpvulndb.com/vulnerabilities/9766
CVE-2016-10867 Aug. 13, 2019 The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.... 6.1 MEDIUM https://wpvulndb.com/vulnerabilities/9736
CVE-2015-9302 Aug. 13, 2019 The simple-fields plugin before 1.4.11 for WordPress has XSS.... 6.1 MEDIUM https://wpvulndb.com/vulnerabilities/8342
CVE-2015-9298 Aug. 13, 2019 The events-manager plugin before 5.6 for WordPress has code injection.... 9.8 CRITICAL https://wpvulndb.com/vulnerabilities/9761
CVE-2015-9297 Aug. 13, 2019 The events-manager plugin before 5.6 for WordPress has XSS.... 6.1 MEDIUM https://wpvulndb.com/vulnerabilities/9761
CVE-2019-1946 Aug. 8, 2019 A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote a... 6.5 MEDIUM https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4
CVE-2019-1949 Aug. 8, 2019 A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a ... 4.8 MEDIUM https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes
CVE-2019-1926 Aug. 7, 2019 Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... 7.8 HIGH https://github.com/FRRouting/frr/commit/6d58272b4cf96f0daa846210dd2104877900f921
CVE-2019-1927 Aug. 7, 2019 Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... 7.8 HIGH https://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud
CVE-2019-1928 Aug. 7, 2019 Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... 7.8 HIGH https://marketplace.atlassian.com/apps/1216090/stagil-navigation-for-jira-menus-themes?tab=overview&hosting=cloud
CVE-2019-1929 Aug. 7, 2019 Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att... 7.8 HIGH https://github.com/dataease/dataease/security/advisories/GHSA-xj3h-3wmw-j5vf
CVE-2019-14664 Aug. 5, 2019 In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted pa... 6.5 MEDIUM https://www.ibm.com/support/docview.wss?uid=ibm10886887
CVE-2019-4261 Aug. 5, 2019 IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by spec... 6.5 MEDIUM https://exchange.xforce.ibmcloud.com/vulnerabilities/158698
CVE-2019-4165 July 31, 2019 IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to cause a denial of service attack using repeated requests to the server. IBM X-F... 7.5 HIGH https://www.ibm.com/support/docview.wss?uid=ibm10884064
CVE-2019-4285 July 30, 2019 IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a vic... 5.4 MEDIUM https://www.ibm.com/support/docview.wss?uid=ibm10957121
CVE-2019-14213 July 21, 2019 An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash due to the repeated release of the signature dictionary during ... 7.5 HIGH https://www.foxitsoftware.com/support/security-bulletins.php
CVE-2019-4131 July 11, 2019 IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS looku... 5.3 MEDIUM http://www.securityfocus.com/bid/108686
CVE-2019-6633 July 3, 2019 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, when the BIG-IP system is licensed with Appliance mod... 4.4 MEDIUM https://support.f5.com/csp/article/K73522927
CVE-2019-6639 July 3, 2019 On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages f... 4.8 MEDIUM https://support.f5.com/csp/article/K61002104
CVE-2019-6635 July 3, 2019 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, when the BIG-IP system is licensed for... 4.4 MEDIUM https://support.f5.com/csp/article/K11330536
CVE-2019-6631 July 3, 2019 On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation may cause an interruption to service when processing traffic handled by a Virtual ... 7.5 HIGH https://support.f5.com/csp/article/K19501795
CVE-2019-6629 July 3, 2019 On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server configured with a Client SSL profile may cause TMM to fail and restart. The Cli... 7.5 HIGH https://support.f5.com/csp/article/K95434410?utm_source=f5support&amp;utm_medium=RSS
CVE-2019-6623 July 2, 2019 On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause t... 7.5 HIGH https://support.f5.com/csp/article/K72335002
CVE-2019-3802 June 3, 2019 This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, Ex... 5.3 MEDIUM https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
CVE-2019-6619 May 3, 2019 On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/... 7.5 HIGH https://support.f5.com/csp/article/K94563344
CVE-2019-6616 May 3, 2019 On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, administrative users with TMSH access can overwrite cri... 7.2 HIGH https://support.f5.com/csp/article/K82814400
CVE-2019-6617 May 3, 2019 On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to ... 6.5 MEDIUM https://github.com/mirchr/security-research/blob/master/vulnerabilities/F5/CVE-2019-6617.txt
CVE-2019-9017 May 2, 2019 DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.... 7.5 HIGH https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073
CVE-2019-6600 March 13, 2019 In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when remote authentication is enabled for administrati... 6.1 MEDIUM https://support.f5.com/csp/article/K23734425
CVE-2019-0030 Jan. 15, 2019 Juniper ATP uses DES and a hardcoded salt for password hashing, allowing for trivial de-hashing of the password file contents. This issue affects Juni... 7.2 HIGH https://wordpress.org/plugins/add-search-to-menu/#developers
CVE-2018-3912 Aug. 23, 2018 On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" t... 7.8 HIGH https://bugzilla.redhat.com/show_bug.cgi?id=1956917
CVE-2017-3085 Aug. 11, 2017 Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redir... 7.5 HIGH http://www.securitytracker.com/id/1039088
CVE-2017-9833 June 23, 2017 ** DISPUTED ** /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root... 7.5 HIGH http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
CVE-2013-6370 April 22, 2014 Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.... 5.0 MEDIUM http://www.mandriva.com/security/advisories?name=MDVSA-2014:079
CVE-2013-6371 April 22, 2014 The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, ... 5.0 MEDIUM http://www.mandriva.com/security/advisories?name=MDVSA-2014:079

Source: National Vulnerability Database