Vulnerability Index: Year 2021

Timing Discrepancy Vulnerability in Intel(R) IPP (Before Version 2020 Update 1) Allows Local Information Disclosure Improper Conditions Check in Intel Ethernet Controllers 800 Series Linux Drivers: Information Disclosure and Denial of Service Vulnerability Information Disclosure Vulnerability in Intel(R) Ethernet Controllers 800 Series Linux Drivers Buffer Overflow Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers and Associated Adapters Denial of Service Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers Denial of Service Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers and Associated Adapters Uncaught Exception Vulnerability in Intel(R) Ethernet Adapters 800 Series Controllers Uncontrolled Resource Consumption Vulnerability in Intel Ethernet Adapters 800 Series Controllers Denial of Service Vulnerability in Intel Ethernet Adapters 800 Series Controllers Intel Graphics Driver Use After Free Vulnerability Denial of Service Vulnerability in Intel(R) EMA (CVE-2021-XXXX) Denial of Service Vulnerability in Intel(R) SPS Privilege Escalation Vulnerability in Intel(R) Computing Improvement Program Firmware Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Allows Information Disclosure via Adjacent Access Buffer Overflow Vulnerability in Intel(R) NUC System Firmware Insecure Inherited Permissions in Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers: Privilege Escalation Vulnerability Insecure Inherited Permissions in Intel(R) NUC M15 Laptop Kit Driver Pack Software: Potential Privilege Escalation Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) NUC M15 Laptop Kit Driver Pack Software Privilege Escalation Vulnerability in Intel(R) NUC M15 Laptop Kit Driver Pack Software Insufficient Compartmentalization Vulnerability in Intel(R) SPS HECI Subsystem Intel Graphics Driver Improper Initialization Vulnerability Escalation of Privilege Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Firmware Insecure Inherited Permissions in Intel(R) PROSet/Wireless WiFi Software Installer for Windows 10: Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi Software Installer Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Vulnerability: Improper Access Control in Intel(R) NUC System Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Escalation of Privilege Vulnerability in Intel(R) Server Board M10JNP2SB BMC Firmware Vulnerability: Privilege Escalation via Adjacent Access in Intel(R) PROSet/Wireless WiFi Firmware Information Disclosure Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Privilege Escalation Vulnerability in Intel(R) DSA before version 20.11.50.9 Privilege Escalation Vulnerability in Intel(R) Computing Improvement Program Software Installer Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Insecure Inherited Permissions in Intel(R) VTune(TM) Profiler Installer: Potential Privilege Escalation Vulnerability Vulnerability: Improper Input Validation in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software for Windows 10 Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software for Windows 10 Uncontrolled Search Path Vulnerability in Intel(R) PROSet/Wireless WiFi Installer for Windows 10 Denial of Service Vulnerability in Intel(R) Optane(TM) PMem Privilege Escalation Vulnerability in Intel Ethernet Controllers X722 and 800 Series Linux RDMA Driver Floating-Point Operation Response Discrepancy Vulnerability in Intel(R) Processors Intel(R) Processor Vulnerability: Local Access Information Disclosure via Observable Response Discrepancy Uncontrolled Search Path Element Vulnerability in Intel(R) DSA Firmware Vulnerability in Intel(R) Processors Allows Unauthorized Privilege Escalation Firmware Vulnerability in Intel(R) Processors Allows Local Privileged User to Enable Denial of Service Default Permissions Vulnerability in Intel(R) Processors Firmware: Local Privileged User Denial of Service Exploit Local Privilege Escalation Vulnerability in Intel(R) DSA before version 20.11.50.9 Firmware Vulnerability in Intel(R) Processors Enables Local Denial of Service Authentication Bypass Vulnerability in Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN Path Traversal Vulnerability in Intel(R) Server Board M10JNP2SB Firmware Improper Access Control in Intel Unite(R) Client for Windows: Local Privilege Escalation Vulnerability Escalation of Privilege Vulnerability in Intel(R) Processors Firmware Privilege Escalation Vulnerability in Intel(R) SSD Data Center Tool Installer Buffer Overflow Vulnerability in Intel(R) Server Board M10JNP2SB BMC Firmware Insecure Inherited Permissions in Intel Unite(R) Client for Windows: Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Intel(R) Processor Firmware Uncontrolled Search Path Element Vulnerability in Intel(R) Rapid Storage Technology Installer Insecure Inherited Permissions in Intel(R) ProSet/Wireless WiFi Drivers: A Potential Gateway for Information Disclosure and Denial of Service Attacks Privilege Escalation Vulnerability in Intel(R) Optane(TM) DC Persistent Memory for Windows Software Unchecked Return Value Vulnerability in Intel(R) Processor Firmware Allows Privilege Escalation via Local Access Uncontrolled Search Path Vulnerability in Intel Unite(R) Client for Windows Insecure Inherited Permissions in Intel(R) SOC Driver Package for STK1A32SC: Privilege Escalation Vulnerability Improper Access Control in Intel Thunderbolt Windows DCH Drivers: Potential Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel(R) Processor Firmware Unquoted Service Path Vulnerability in Intel Unite(R) Client for Windows BMC Firmware Out of Bounds Write Vulnerability in Intel(R) Server Board M10JNP2SB Unchecked Return Value Vulnerability in Intel(R) Processor Firmware: Local Privilege Escalation Critical Buffer Overflow Vulnerability in Intel(R) Processor Firmware Allows Privilege Escalation Escalation of Privilege Vulnerability in Intel(R) Processor Firmware Privilege Escalation Vulnerability in Intel(R) Processor Firmware Intel(R) Processors Firmware Out-of-Bounds Read Vulnerability: Local Privilege Escalation Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Physical Access Denial of Service Vulnerability in Intel Graphics DCH Driver Installer Privilege Escalation Vulnerability in Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers Installer Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Physical Access Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Physical Access Privilege Escalation Vulnerability in Intel(R) Manageability Commander Denial of Service Vulnerability in Intel(R) Processors: Insufficient Control Flow Management BlueZ Vulnerability: Unauthorized Information Disclosure via Adjacent Access Cryptographically Weak PRNG in Intel(R) Security Library API: Potential Information Disclosure Vulnerability Denial of Service Vulnerability in Intel(R) Security Library API Vulnerability: Key Exchange without Entity Authentication in Intel(R) Security Library Denial of Service Vulnerability in Intel(R) Security Library API Privilege Escalation Vulnerability in Intel(R) Ethernet Diagnostic Driver for Windows Privilege Escalation Vulnerability in Intel(R) Brand Verification Tool Installer Default Variable Initialization Vulnerability in Intel BSSA DFT Feature Intel(R) Processors Vulnerability: Improper Initialization of Shared Resources Enables Local Information Disclosure Intel(R) Processor Test/Debug Logic Activation Vulnerability Denial of Service Vulnerability in Intel Chipset Firmware Power Management Controller (PMC) Log File Information Disclosure Vulnerability in Intel(R) SSD DC Firmware Privilege Escalation Vulnerability in Windows 10 Bluetooth Installers Cryptographic Signature Verification Vulnerability in Windows 10 Bluetooth Installers Vulnerability in Intel(R) Processor BIOS Firmware Allows Local Privilege Escalation BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors Unchecked Return Value Vulnerability in Intel(R) Processor BIOS Firmware Firmware Vulnerability in Intel(R) Processors Allows Local Privilege Escalation BIOS Firmware Vulnerability: Privilege Escalation via Insufficient Control Flow Management BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors BIOS Authenticated Code Module Vulnerability: Local Privilege Escalation in Intel(R) Processors Uncontrolled Search Path Vulnerability in Intel(R) NUC Pro Chassis Element AverMedia Capture Card Drivers Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Unauthenticated Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software Escalation of Privilege Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Firmware Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Allows Privilege Escalation via Local Access Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Privilege Escalation via Local Access in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Uncontrolled Search Path Element Vulnerability in Intel(R) PROSet/Wireless Wi-Fi Software for Windows 10 and 11 Information Disclosure Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Local Access Information Disclosure Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Vulnerability: Denial of Service via Adjacent Access in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Firmware Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Software for Windows 10 and 11 Unauthenticated Privilege Escalation via Uncontrolled Resource Consumption in Intel(R) HAXM Software Unauthenticated User Information Disclosure Vulnerability in Intel(R) HAXM Software Denial of Service Vulnerability in Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi Privilege Escalation Vulnerability in Intel(R) Server Board M10JNP Firmware Privilege Escalation Vulnerability in Intel(R) SGX SDK Applications on SGX2 Enabled Processors BIOS Firmware Vulnerability: Local Privilege Escalation via Improper Access Control in Intel(R) Processors BIOS Firmware Vulnerability: Pointer Value Return and Privilege Escalation Out-of-Range Pointer Offset Vulnerability in Intel(R) Processor BIOS Firmware Allows Local Privilege Escalation Uncaught Exception in BIOS Firmware: Local Privilege Escalation Vulnerability for Intel(R) Processors Authentication Bypass Vulnerability in Intel(R) In-Band Manageability Software Privilege Escalation via Network Access in Intel(R) In-Band Manageability Software Kernel Mode Driver Vulnerability in Intel(R) NUC 9 Extreme Laptop Kits: Local Privilege Escalation Firmware Vulnerability in Intel Ethernet Network Controller E810: Privileged User Denial of Service Exploit Improper Access Control in Intel Ethernet Network Controller E810 Firmware: Local Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) Ethernet Network Controller E810 Firmware Escalation of Privilege Vulnerability in Intel Ethernet 700 Series Controllers Firmware Memory Leak Vulnerability in Juniper Networks MX and EX9200 Series Platforms with Trio-based MPC Vulnerability: Ineffective Storm Control Profile on Juniper Networks EX and QFX5K Series Platforms Sensitive Information Disclosure Vulnerability in Juniper Networks Junos OS Delta-Export Configuration Utility (dexp) Vulnerability: Incorrect Matching of IPv6 Prefixes in Juniper Networks MX Series with IDS Configuration NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS with SSL Proxy Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Devices Improper Input Validation Vulnerability in Juniper Networks Junos OS RPD Service Uninitialized Pointer Vulnerability in Juniper Networks Junos OS Evolved Privilege Escalation Vulnerability in Juniper Networks Junos OS J-Web BGP FlowSpec Message DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Plaintext Storage of Administrator Credentials in Juniper Networks Contrail Networking Vulnerability in Juniper Networks Junos OS PPMD Daemon Allows for DoS Attacks Memory Leak Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on ACX5448 and ACX710 Routers Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS with DHCP Server Command Injection Vulnerability in Juniper Networks Junos OS License-Check Daemon Command Injection Vulnerability in Juniper Networks Junos OS Vulnerability: Junos Space Network Management Platform Credential Exposure EVPN/VXLAN IRB Interface Traffic Loop DoS Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Local Privilege Escalation Vulnerability in Juniper Networks Junos OS telnetd.real Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved IPv6 BGP Session Termination Vulnerability on Juniper Networks Junos OS Evolved Devices Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS J-Web on SRX Series Devices Improper Check for Unusual Conditions Vulnerability in Juniper Networks MX Series Platforms with Trio-based MPC in EVPN-VXLAN Configuration Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS MQTT Server Memory Leak Vulnerability in Juniper Networks SRX Series Devices with Link Aggregation (Lag) Configuration Path Traversal Vulnerability in Juniper Networks SRX and vSRX Series Authentication Bypass Vulnerability in Juniper Networks Paragon Active Assurance Control Center Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS ACX500 and ACX4000 Series Improper Initialization Vulnerability on Juniper Networks Junos OS QFX5100-96S Devices Incorrect Permission Scheme Allows Traffic Leakage and Modification on Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Juniper Networks Junos OS Layer 2 Circuit Configuration Denial of Service Vulnerability Disk Space Exhaustion Vulnerability in Juniper Networks Junos OS on MX Series BNG Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved Juniper Networks Junos OS DHCPv6 DoS Vulnerability Juniper Networks Junos OS DHCPv6 Denial of Service Vulnerability Improper Handling of DMA Buffers on Juniper Networks EX4300 Switches: Denial of Service Vulnerability Improper Handling of Unexpected Data in Firewall Policer of Juniper Networks Junos OS on EX4300 Switches Allows Traffic to Exceed Policer Limits, Leading to Limited DoS Vulnerability Race Condition Vulnerability in Juniper Networks Junos OS L2ALD Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion Satellite Devices Incorrect Default Permissions in Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Race Condition Vulnerability in Juniper Networks Junos OS Firewall Process Vulnerability: Hard-coded Credentials in Juniper Networks Junos OS on NFX Series Devices Buffer Overflow Vulnerability in Juniper Networks Junos OS on SRX Series Devices with UTM Services Juniper Networks Junos OS BGP Update Message DoS Vulnerability NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS on MX Series with MS-PIC, MS-SPC3, MS-MIC or MS-MPC Local Code Execution Vulnerability in Juniper Networks Junos OS on NFX Series Devices via JDMD Process Local Command Execution Vulnerability in Juniper Networks Junos OS on NFX Series Devices Buffer Overflow Vulnerability in Juniper Networks Junos OS Overlayd Service Local Privilege Escalation Vulnerability in ethtraceroute of Juniper Networks Junos OS Sensitive Information Disclosure Vulnerability in Juniper Networks Junos OS Mosquitto Message Broker Memory Leak Vulnerability in Juniper Networks MX and EX9200 Series Platforms Vulnerability in TCPv6 Forwarding on Juniper Networks Junos OS Vulnerability in DDoS Protection on Juniper Networks QFX5K Series Switches Improper Authorization Vulnerability in Juniper Networks Junos OS SNMP Daemon Title: High-Volume Request DoS Vulnerability in Juniper Networks Junos OS Use After Free Vulnerability in PFE Packet Processing on Juniper Networks QFX10002-60C Switching Platform Data Processing Vulnerability in Multi-Service Process on Juniper Networks Junos OS on PTX Series Routers Leading to Denial of Service (DoS) Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Unvalidated REST API in Juniper Networks AppFormix Agent Allows Remote Root Command Execution Multiple Hard-Coded Cryptographic Keys Vulnerability in Juniper Networks Junos OS on cSRX Series Denial of Service (DoS) Vulnerability in JDHCPD's DHCP Relay Agent of Juniper Networks Junos OS HTTP Response Splitting Vulnerability in Juniper Networks Junos OS J-Web Client-Side Parameter Vulnerability in Juniper Networks Junos OS Use After Free Vulnerability in Juniper Networks Junos OS on PTX and QFX10k Series Devices Double Free Vulnerability in Juniper Networks Junos OS on EX Series Devices Kernel Memory Leak Vulnerability in Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 Devices Vulnerability: Denial of Service (DoS) via Infinite Loop in Juniper Networks Junos OS and Junos OS Evolved Cross-site Scripting (XSS) Vulnerability in J-Web on Juniper Networks Junos OS Allows Session Hijacking Stack-based Buffer Overflow Vulnerability in Juniper Networks SBR Carrier with EAP Authentication: DoS and RCE Out-of-bounds Read Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Privilege Escalation Vulnerability in J-Web of Juniper Networks Junos OS Hardcoded Credentials in Juniper Networks Contrail Cloud RabbitMQ Service Improper Initialization Vulnerability in Juniper Networks Junos OS on PTX Platforms and QFX10K Series with Paradise (PE) Chipset-based Line Cards Juniper Networks Junos OS BGP Origin Validation RPD Crash Vulnerability Juniper Networks Junos OS BGP UPDATE Message Denial of Service Vulnerability Buffer Overflow Vulnerability in Juniper Networks Junos OS TCP/IP Stack Buffer Overflow Vulnerability in Juniper Networks Junos OS TCP/IP Stack Allows DoS Attack Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS on QFX5000 and EX4600 Series Switches Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved (EVO) Segment Routing ISIS (SR-ISIS)/MPLS Link Flap DoS Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series Devices with Trio-based MPCs TOCTOU Race Condition Vulnerability in Juniper Networks Junos OS ARP Policer Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Ethernet Interface Frame Processing Exposure of System Data Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Evolved ARP Daemon and Network Discovery Protocol Memory Leak Vulnerability in Juniper Networks Junos OS Vulnerability in Juniper Networks Junos OS 18.4R2-S5: Inconsistent Implementation of Storm Control Enhanced Function DVMRP Packet Forwarding Loop Vulnerability in Juniper Networks Junos OS on QFX10K Series Switches Vulnerability: Lack of HTTP Strict Transport Security (HSTS) in Juniper Networks CTPView Server TCP MD5 Authentication Bypass Vulnerability in Juniper Networks Junos OS Evolved Race Condition Vulnerability in 'show chassis pic' Command in Juniper Networks Junos OS Evolved IPv6 Malformed Packet Handling Vulnerability in Juniper Networks Junos OS Android SoC Out of Bounds Write Vulnerability Tapjacking Vulnerability in PackageInstaller Allows Local Privilege Escalation Race condition vulnerability in dispatchGraphTerminationMessage() of StreamSetObserver.cpp in Android-11 allows for local privilege escalation Unsafe PendingIntent in GlobalScreenshot.java allows for permission bypass and local information disclosure Tapjacking Vulnerability in PackageInstaller Allows Local Privilege Escalation Possible Permissions Bypass Vulnerability in addAllPermissions of PermissionManagerService.java Automatic Runtime Permission Grant Vulnerability in PermissionManagerService Out of Bounds Write Vulnerability in ReadLogicalParts of basicmbr.cc Confused Deputy Vulnerability in grantCredentialsPermissionActivity Use-after-free vulnerability in LazyServiceRegistrar of LazyServiceRegistrar.cpp in Android-11 allows for local privilege escalation without additional execution privileges. Out-of-bounds Write Vulnerability in ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp Integer Overflow Vulnerability in WAVSource::read of WAVExtractor.cpp TextView Denial of Service Vulnerability Uninformed Uninstallation Vulnerability in UninstallerActivity Tapjacking/Overlay Attack Vulnerability in GrantCredentialsPermissionActivity Out-of-bounds Write Vulnerability in avrc_pars_vendor_cmd of avrc_pars_tg.cc Possible Local Privilege Escalation in Permission.java and Related Code (Android-10, Android-11, Android-8.0, Android-8.1, Android-9) Use-after-free vulnerability in appendEventsToCacheLocked in SensorEventConnection.cpp allows for local privilege escalation without additional execution privileges needed Bluetooth MAC Address Disclosure Vulnerability Race condition vulnerability allows bypass of lockscreen requirements for keyguard bound keys in Android Side Channel Information Disclosure in enforceDumpPermissionForPackage of ActivityManagerService.java Misleading String Display Vulnerability in SlicePermissionActivity.java Title: Android SoC Vulnerability (A-175402462) Heap Buffer Overflow in ih264d_parse_pslice of ih264d_parse_pslice.c Allows Remote Code Execution on Android Out-of-bounds Write Vulnerability in p2p_copy_client_info of Android's Wi-Fi Direct Search Possible Permission Bypass in getContentProviderImpl of ActivityManagerService.java Missing Permission Check in GattService.java Allows Unauthorized Retrieval of Bluetooth Scan Results Out of Bounds Write Vulnerability in AdvertiseManager.java Use-after-free vulnerability in add_user_ce and remove_user_ce functions of storaged.cpp in Android allows for local privilege escalation. Insecure Default Value in NotificationAccessConfirmationActivity Allows for Overlay Attack Possible Use After Free Vulnerability in bootFinished of SurfaceFlinger.cpp Bluetooth Permission Bypass via Tapjacking Overlay Arbitrary Domain Default Handler Bypass Vulnerability in ResolverActivity.java Out of Bounds Write Vulnerability in C2SoftHevcDec.cpp Leads to Remote Information Disclosure BluetoothPermissionRequest: Mutable PendingIntent Vulnerability Possible File Exposure Due to Stale Metadata in moveInMediaStore of FileSystemProvider.java Missing Bounds Checks in SystemSettingsValidators: A Potential Permanent Denial of Service Vulnerability in Android Foreground App Overlay Vulnerability Possible Information Disclosure in IsoInterface.java's parseNextBox Method Improper Crypto Usage in verifyHostName of OkHostnameVerifier.java Allows for Remote Information Disclosure Memory Corruption Vulnerability in tun_get_user of tun.c Android-11 Out of Bounds Write Vulnerability with Local Privilege Escalation Memory Corruption Vulnerability in mtkpower Allows Local Privilege Escalation Possible Privilege Escalation Vulnerability in Android-10 and Android-11 (Patch ID: ALPS05432974) Out of Bounds Write Vulnerability in Android-10 and Android-11 (ALPS05371580) Possible Out of Bounds Read Vulnerability in Android Out of Bounds Write Vulnerability in Android VPU Use-after-free vulnerability in Android Display Driver allows for local privilege escalation Improper Input Validation Vulnerability in Android OS (ALPS05342338) Remote Denial of Service Vulnerability in Android WLAN Driver Memory Corruption Vulnerability in RT Regmap Driver Heap Buffer Overflow Vulnerability in Android-11 (ALPS05425247) Integer Overflow Vulnerability in Android (ALPS05431161) Integer Overflow Vulnerability in Android-11 Allows Local Privilege Escalation Command Injection Vulnerability in netdiag on Android 10 and 11 Out of Bounds Write Vulnerability in netdiag on Android Command Injection Vulnerability in netdiag on Android 10 and 11 Out of Bounds Write Vulnerability in netdiag on Android Out of Bounds Write Vulnerability in netdiag on Android Possible Out of Bounds Read Vulnerability in Android-11 (ALPS05449968) Stack Buffer Overflow Vulnerability in Android-11 (ALPS05457070) Command Injection Vulnerability in mobile_log_d Command Injection Vulnerability in mobile_log_d Use-after-free vulnerability in Android Display Driver allows for local privilege escalation Race condition vulnerability in vpu leading to local privilege escalation Race condition vulnerability in vpu leading to local privilege escalation Out of Bounds Read Vulnerability in oggpack_look of bitwise.c Improper Display of INTERACT_ACROSS_PROFILES Grant State in Android-11 Out of Bounds Write Vulnerability in NxpMfcReader.cc Out-of-Bounds Read Vulnerability in nci_proc_rf_management_ntf of nci_hrcv.cc Possible Permission Bypass in getMediaOutputSliceAction of RemoteMediaSlice.java Possible Out of Bounds Read in BnAudioPolicyService::onTransact of IAudioPolicyService.cpp Insecure Default Value in onPackageModified of VoiceInteractionManagerService.java Allows Local Privilege Escalation Potential Local Privilege Escalation via Permissions Bypass in MediaProvider.java Untrusted Input Validation Vulnerability in DeltaPerformer::Write of delta_performer.cc Heap Buffer Overflow in getNbits of pvmp3_getbits.cpp Heap Buffer Overflow in getUpTo17bits of pvmp3_getbits.cpp Unauthenticated Privilege Escalation in onReceive of DcTracker.java Potential Permission Bypass in DeviceStorageMonitorService.java's updateNotifications() Method Incorrect Permission Check in checkSlicePermission of SliceManagerService.java Allows for Local Information Disclosure Confused Deputy Vulnerability in CaptivePortalLoginActivity.java Allows Local Privilege Escalation Untrusted WiFi Network Connection Vulnerability in ConnectToNetworkNotificationBuilder Insecure Default Value in onCreate of UsbConfirmActivity Allows for Tapjacking Vulnerability Race Condition Vulnerability in FindQuotaDeviceForUuid of QuotaUtils.cpp Incorrect Broadcast Handler in onReceive of ImsPhoneCallTracker.java Allows Misattribution of Data Usage Missing Permission Check in setNightModeActivated of UiModeManagerService.java Allows Local Privilege Escalation Missing Permission Check in WifiNetworkSuggestionsManager.java Allows Local Privilege Escalation Account Existence Disclosure Vulnerability in ChooseTypeAndAccountActivity Double Free Vulnerability in main.cpp Allows for Local Privilege Escalation on Android Integer Overflow Vulnerability in Scanner::LiteralBuffer::NewCapacity of scanner.cc Out of Bounds Read Vulnerability in android_os_Parcel_readString8 of android_os_Parcel.cpp Use-after-free vulnerability in StopServicesAndLogViolations in reboot.cpp allows for local privilege escalation in Android 11 (A-170315126) Out-of-Bounds Write Vulnerability in Builtins::Generate_ArgumentsAdaptorTrampoline Double Free Vulnerability in sdp_copy_raw_data of sdp_discovery.cc Possible foreground service launch vulnerability in bindServiceLocked of ActiveServices.java Memory Corruption Vulnerability in qtaguid_untag of xt_qtaguid.c Improper Input Validation in GnssLocationProvider.java Leads to Incorrect Reporting of Location Data to Emergency Services Race condition vulnerability in Android-10 and Android-11 allows for local privilege escalation JPEG Out of Bounds Write Vulnerability in Android 11 Netdiag Vulnerability: Local Information Disclosure in Android-11 (ALPS05475124) Possible Information Disclosure Vulnerability in Android-11 (ALPS05457039) Out of Bounds Write Vulnerability in Android-10 and Android-11 (ALPS05466547) Out of Bounds Write Vulnerability in cameraisp Out of Bounds Write Vulnerability in clk Driver ASF Extractor Out of Bounds Read Vulnerability Out of Bounds Read Vulnerability in FLV Extractor Out of Bounds Read Vulnerability in FLV Extractor Integer Overflow Vulnerability in FLV Extractor Allows for Local Information Disclosure Out of Bounds Read Vulnerability in FLV Extractor Out of Bounds Read Vulnerability in FLV Extractor Heap Buffer Overflow in FLV Extractor: Local Information Disclosure Vulnerability Missing Permission Check in Memory Management Driver Allows Local Information Disclosure Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service Exploit Memory Management Driver Vulnerability: Local Denial of Service via Missing Bounds Check Memory Management Driver Vulnerability: Local Information Disclosure without User Interaction Memory Management Driver Vulnerability: Local Denial of Service via Missing Bounds Check Uninitialized Data Information Disclosure Vulnerability in Memory Management Driver Memory Management Driver Vulnerability: Local Denial of Service via Missing Bounds Check Memory Management Driver Vulnerability: Side Channel Information Disclosure Heap Buffer Overflow in parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp Heap Buffer Overflow in parseExclusiveStateAnnotation of LogEvent.cpp Missing Permission Check in getSimSerialNumber of TelephonyManager.java Allows for Local Information Disclosure Use-after-free vulnerability in pollOnce of ALooper.cpp allows for local privilege escalation without additional execution privileges needed Out-of-bounds Write Vulnerability in rw_mfc_handle_read_op of rw_mfc.cc Out-of-bounds Read Vulnerability in avrc_msg_cback of avrc_api.cc Race Condition in ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp Allows for Local Privilege Escalation Potential Bluetooth Pairing Vulnerability in DeviceChooserActivity.java Insufficient Information in Bluetooth Permission Request Dialog Allows Phishing Attack Possible Heap Data Leak in avrc_proc_vendor_command of avrc_api.cc Integer Overflow Vulnerability in CryptoPlugin::decrypt of CryptoPlugin.cpp Double Free Vulnerability in setPlayPolicy of DrmPlugin.cpp Tapjacking Vulnerability in Android InputDispatcher and WindowManagerService Out-of-Bounds Write Vulnerability in setPowerModeWithHandle of PowerManagerService Confusing UI in PermissionActivity.java allows for local privilege escalation without additional execution privileges (Android-11, A-174495520) Use-after-free vulnerability in updateInfo of android_hardware_input_InputApplicationHandle.cpp allows for local privilege escalation without additional execution privileges needed Race condition vulnerability in ScreenshotHelper.java allows for local information disclosure across user profiles Unnecessary Intent Return in onActivityResult of QuickContactActivity.java Allows for Local Information Disclosure Confused Deputy Vulnerability in WelcomeActivity.java Allows Local Privilege Escalation Tapjacking/Overlay Attack Vulnerability in ImportVCardActivity Uninitialized Data Vulnerability in Titan M Chip Firmware Allows Local Information Disclosure Uninitialized Data Vulnerability in Titan M Chip Firmware Allows Local Information Disclosure Uninitialized Data Vulnerability in Titan M Chip Firmware Allows Local Information Disclosure Uninitialized Data in Titan M Chip Firmware: Local Information Disclosure Vulnerability Uninitialized Data in Titan-M Chip Firmware Leads to Local Information Disclosure Out of Bounds Write Vulnerability in Citadel Chip Firmware Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Citadel Chip Firmware Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Citadel Chip Firmware Allows Local Privilege Escalation Heap Buffer Overflow in FingerTipS Touch Screen Driver Allows for Local Privilege Escalation Integer Overflow Vulnerability in FingerTipS Touch Screen Driver Out-of-bounds Read Vulnerability in fts_driver_test_write of fts_proc.c Integer Overflow Vulnerability in FingerTipS Touch Screen Driver Out of Bounds Write Vulnerability in iaxxx_core_sensor_change_state of iaxxx-module.c Possible Insecure Firmware Update Vulnerability in NXP NFC Firmware Possible Out of Bounds Read Vulnerability in convertToHidl of convert.cpp Heap Buffer Overflow in sound_trigger_event_alloc of platform.h Out-of-bounds Write Vulnerability in GenerateFaceMask of face.cc Possible identifier leakage in startIpClient of ClientModeImpl.java in Android-10 Chromecast BootROM Out of Bounds Write Vulnerability Insecure Default Value Allows Local Privilege Escalation in Android SoC Integer Overflow Vulnerability in decrypt_1_2 of CryptoPlugin.cpp Vulnerability: App Pinning Bypass in shouldLockKeyguard of LockTaskController.java Double Free Vulnerability in rw_t3t_process_error of rw_t3t.cc Allows Remote Code Execution over NFC Heap Buffer Overflow in avrc_msg_cback of avrc_api.cc Allows Remote Code Execution Use-after-free vulnerability in on_l2cap_data_ind of btif_sock_l2cap.cc allows for remote code execution over Bluetooth in Android Race Condition Use-After-Free Vulnerability in FindOrCreatePeer of btif_av.cc Possible permission bypass in notifyScreenshotError of ScreenshotNotificationsController.java Possible Permission Bypass in updateDrawable of StatusBarIconView.java Sensitive Identifier Disclosure in createPendingIntent of SnoozeHelper.java Unauthorized File Access Vulnerability in EditUserPhotoController's onActivityResult Use-after-free vulnerability in BinderDiedCallback of MediaCodec.cpp allows for local privilege escalation Race condition vulnerability in AAudioService allows for local privilege escalation (Android-10 and Android-11) Uninitialized Heap Data Read Vulnerability in readVector of IMediaPlayer.cpp Possible Privilege Escalation in getMinimalSize of PipBoundsAlgorithm.java Potential Local Privilege Escalation via Permissions Bypass in Android Possible Tapjacking/Overlay Attack in CalendarDebugActivity.java Allows Unauthorized Export of Calendar Data Out of Bounds Write Vulnerability in pb_encode.c (Android Kernel) Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Missing Permission Check in Android SoC Memory Management Driver Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Out of Bounds Write Vulnerability in Android SoC Memory Management Driver Integer Overflow Vulnerability in Android SoC Memory Management Driver Uninitialized Data Out-of-Bounds Write Vulnerability in Android Memory Management Driver Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Double Free Vulnerability in Android SoC Memory Management Driver Out-of-Bounds Read Vulnerability in avrc_pars_browse_rsp of avrc_pars_ct.cc Missing Permission Check Allows Local Privilege Escalation in Android-11 VPN Tapjacking/Overlay Attack Vulnerability in ActivityPicker.java Out of Bounds Write Vulnerability in btif_rc.cc Allows Remote Code Execution over Bluetooth Race Condition Use After Free Vulnerability in DrmPlugin.cpp Race condition vulnerability in CryptoPlugin.cpp allows for local privilege escalation Integer Overflow Vulnerability in CryptoPlugin.cpp Allows for Local Privilege Escalation Improper Input Validation in Dex2oat.cc Allows Bytecode Injection and Local Privilege Escalation Heap Buffer Overflow in hid-input.c Allows Local Privilege Escalation Permission Bypass in deleteNotificationChannel and Related Functions of NotificationManagerService.java Race condition vulnerability in V8 library allows for remote code execution in Android Out of Bounds Write Vulnerability in Factory::CreateStrictFunctionMap of factory.cc Use-after-free vulnerability in p2p_process_prov_disc_req of p2p_pd.c allows for remote privilege escalation Incorrect Network State Determination in ConnectivityService.java Could Lead to Remote Information Disclosure Android Wi-Fi Vulnerability: Location-Sensitive Data Leak without User Interaction Heap Buffer Overflow in BITSTREAM_FLUSH of ih264e_bitstream.h Race Condition Vulnerability in MemoryFileSystem.cpp Allows for Local Privilege Escalation Information Disclosure Vulnerability in PackageManagerService's getAllPackages Method Out-of-Bounds Read Vulnerability in ConnectionHandler::SdpCb of connection_handler.cc Potential Wi-Fi Scanning Consent Bypass Vulnerability in WifiScanModeActivity.java Side Channel Information Disclosure in isServiceDistractionOptimized of CarPackageManagerService.java Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Uninitialized Data Out-of-Bounds Write Vulnerability in Android Memory Management Driver Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Double Free Vulnerability in Android SoC Memory Management Driver Improper Locking in Android SoC Memory Management Driver Allows Local Privilege Escalation Uninitialized Data Out-of-Bounds Write Vulnerability in Android Memory Management Driver Use-after-free vulnerability in Android SoC memory management driver allows for local privilege escalation Race condition vulnerability in Android SoC memory management driver allows for local privilege escalation Race condition vulnerability in Android SoC memory management driver allows for local privilege escalation Insecure Default Broadcast Protection in DeviceAdminReceiver.java Allows Local Privilege Escalation Memory Corruption Vulnerability in wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c Local Privilege Escalation Vulnerability in WiFiInstaller's dropFile Method Possible Hotspot 2.0 Configuration Installation Vulnerability in WiFiInstaller.java Possible Tapjacking/Overlay Attack in Emergency Callback Mode Exit Dialog (Android-11) Unauthenticated Archive Message Conversation Vulnerability in MmsService.java Out of Bounds Write Vulnerability in halWrapperDataCallback of hal_wrapper.cc Out of Bounds Read Vulnerability in phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc Missing Permission Check in updateNotification of BeamTransferManager.java Allows Local Information Disclosure of Paired Bluetooth Addresses Integer Overflow Vulnerability in phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc Out-of-bounds Write Vulnerability in phNxpNciHal_print_res_status of phNxpNciHal.cc Out of Bounds Write Vulnerability in phNxpNciHal_print_res_status of phNxpNciHal.cc Out of Bounds Write Vulnerability in phNxpNciHal_print_res_status of phNxpNciHal.cc Missing Permission Check in onReceive of NetInitiatedActivity.java Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in rw_i93_send_to_lower of rw_i93.cc Possible Bluetooth MAC Address Leak in sspRequestCallback of BondStateMachine.java Potential Local Escalation of Privilege Vulnerability in AnnotateActivity.java Remote Denial of Service Vulnerability in MediaControlPanel.java Possible Permission Bypass in getEndItemSliceAction of MediaOutputSlice.java Possible Bypass of Device Admin Settings in AppSwitchPreference.java leading to Local Privilege Escalation Missing Permission Check in isBackupServiceActive of BackupManagerService.java Allows Local Information Disclosure Null Pointer Dereference in RenderStruct of protostream_objectsource.cc Heap Buffer Overflow in getBlockSum of fastcodemb.cpp in Android-11 (A-172716941) Integer Overflow in setRange of ABuffer.cpp Allows for Remote Code Execution Heap Buffer Overflow in fillMainDataBuf of pvmp3_framedecoder.cpp Out of Bounds Read Vulnerability in Lag_max of p_ol_wgh.cpp Out-of-bounds Write Vulnerability in append_to_verify_fifo_interleaved_ of stream_encoder.c Out-of-bounds Read Vulnerability in RasterIntraUpdate of motion_est.cpp Heap Buffer Overflow in ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c Race condition vulnerability in CryptoPlugin.cpp allows for use-after-free and local privilege escalation in Android Race Condition in wrapUserThread of AudioStream.cpp Allows for Local Privilege Escalation Possible Out of Bounds Read in accessAudioHalPidscpp of TimeCheck.cpp Font File Injection Vulnerability in RemoteViews.isRestricted() Method Potential Local Privilege Escalation in DevicePolicyManagerService's onReceive Method Tapjacking/Overlay Vulnerability in ContactsDumpActivity.java Allows for Local Information Disclosure Possible Permission Bypass in sendBugreportNotification of BugreportProgressService.java Possible Permissions Bypass Vulnerability in ActivityTaskManagerService and AppTaskImpl Potential Permission Bypass in AccountManagerService's doNotification Method Out of Bounds Write Vulnerability in ASF Extractor Allows Local Privilege Escalation Out of Bounds Write Vulnerability in ASF Extractor Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Android FLV Extractor Heap Buffer Overflow in FLV Extractor Allows Local Privilege Escalation on Android Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Android WiFi Driver Out of Bounds Read Vulnerability Possible Bluetooth Pairing Dialog Tapjacking Vulnerability Out-of-bounds Read Vulnerability in Parcel.cpp's verifyBufferObject Out-of-bounds Write Vulnerability in MessageQueueBase.h Bluetooth Device Picker Tapjacking Vulnerability Out of Bounds Write Vulnerability in StreamOut::prepareForWriting of StreamOut.cpp Possible SMS Disclosure Vulnerability in MceStateMachine.java Out-of-bounds Write Vulnerability in BTM_TryAllocateSCN of btm_scn.cc Potential Information Disclosure Vulnerability in sendNetworkConditionsBroadcast of NetworkMonitor.java Privileged Broadcast Receiver Invocation Vulnerability in BluetoothPermissionActivity.java WideVine Vulnerability: Out of Bounds Write Leading to Remote Code Execution Privileged Broadcast Receiver Invocation Vulnerability in sendDevicePickedIntent of DevicePickerFragment.java Remote Bypass of User Consent in ConfirmConnectActivity: NFC Escalation of Privilege Vulnerability Work Profile PIN Bypass Vulnerability in RootWindowContainer Out of Bounds Read Vulnerability in phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp SIP Account Name Disclosure Vulnerability in SipService.java Possible Bluetooth Device Pairing Vulnerability in ConfirmConnectActivity Sensitive Identifier Disclosure via Broadcasted Intent in NotificationRecord.java Improper Input Validation in DeviceAdminAdd.java Allows for Unauthorized Device Admin Activation Double Free Out-of-Bounds Write Vulnerability in encodeFrames of avc_enc_fuzzer.cpp Potential Local Privilege Escalation in WifiNetworkDetailsFragment.java Possible Tapjacking/Overlay Vulnerability in ContactSelectionActivity.java Allows Unauthorized Access to Contacts BluetoothOppSendFileInfo.java: Potential Local Information Disclosure via Confused Deputy Vulnerability Out-of-bounds Read Vulnerability in pfkey_dump of af_key.c Use-after-free vulnerability in drm_syncobj_handle_to_fd in drm_syncobj.c allows local users to gain privileges via a crafted application. Missing Bounds Check in iaxxx_calc_i2s_div of iaxxx-codec.c Allows Local Privilege Escalation Arbitrary Activity Launch Vulnerability in handleAppLaunch of AppLaunchActivity.java Integer Overflow Vulnerability in Memory Management Driver Possible Memory Corruption Vulnerability in m4u with Use After Free Possible Memory Corruption Vulnerability in m4u with Use After Free ASF Extractor Out of Bounds Read Vulnerability ASF Extractor Out of Bounds Read Vulnerability Integer Overflow Vulnerability in FLV Extractor Allows for Local Information Disclosure Heap Buffer Overflow in Ape Extractor: Local Information Disclosure Vulnerability Heap Buffer Overflow in Ape Extractor: Local Information Disclosure Vulnerability Heap Buffer Overflow in Ape Extractor: Local Information Disclosure Vulnerability Possible Out of Bounds Read Vulnerability in Ape Extractor Heap Buffer Overflow in ASF Extractor: Local Information Disclosure without User Interaction Integer Overflow Vulnerability in ASF Extractor Allows Local Information Disclosure Heap Buffer Overflow in ASF Extractor: Local Information Disclosure without User Interaction Integer Overflow Vulnerability in ASF Extractor Allows Local Information Disclosure Heap Buffer Overflow in FLV Extractor: Local Information Disclosure Vulnerability Possible Memory Corruption Vulnerability in CCU with Improper Locking Potential Out of Bounds Write Vulnerability in ged (Patch ID: ALPS05687510; Issue ID: ALPS05687510) Integer Overflow Vulnerability in OMA DRM Allows Local Privilege Escalation Memory Corruption Vulnerability in OMA DRM Allows Local Privilege Escalation Use-after-free vulnerability in mdlactl driver allows for local privilege escalation Critical Vulnerability in WiFi Driver Allows Remote Denial of Service Attack Critical Vulnerability in WiFi Driver Allows Remote Denial of Service Attack Remote Information Disclosure Vulnerability in WiFi Driver Out of Bounds Write Vulnerability in Display Driver Uninitialized Data Memory Corruption Vulnerability in Display Driver Memory Corruption Vulnerability in Android-10 FLV File Extraction Memory Corruption Vulnerability in Android-10 (A-189392423) Local Information Disclosure Vulnerability in libl3oemcrypto.cpp Out-of-bounds Write Vulnerability in StatsdStats.cpp Missing Permission Check in getAvailableSubscriptionInfoList of SubscriptionController.java Allows Local Information Disclosure Missing Permission Check in onResume of VoicemailSettingsFragment.java Allows for Unauthorized Retrieval of Trackable Identifier Missing Permission Check in getAllSubInfoList of SubscriptionController.java Allows Unauthorized Retrieval of Long-Term Identifier Missing Permission Check in SubscriptionController.java Allows for Local Information Disclosure Possible Permissions Bypass in shouldBlockFromTree of ExternalStorageProvider.java Out-of-Bounds Write Vulnerability in sqlite3_str_vappendf of sqlite3.c Possible VPN Profile Reset Vulnerability in stopVpnProfile of Vpn.java Out-of-bounds Read Vulnerability in WT_InterpolateNoLoop of eas_wtengine.c Denial of Service Vulnerability in PackageItemInfo.java's loadLabel Method Memory Corruption Vulnerability in VectorDrawable::VectorDrawable Missing Permission Check in enqueueNotification of NetworkPolicyManagerService.java Allows for Local Information Disclosure Potential Local Information Disclosure Vulnerability in isRealSnapshot of TaskThumbnailView.java Memory Corruption Vulnerability in mdlactl Driver Use-after-free vulnerability in edma driver allows for local privilege escalation Stack-based Buffer Overflow in apusys: Local Privilege Escalation Vulnerability Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Read Vulnerability in apusys Possible Out of Bounds Read Vulnerability in CCU with Incorrect Error Handling Audio DSP Out of Bounds Write Vulnerability Audio DSP Out of Bounds Write Vulnerability Audio DSP Out of Bounds Write Vulnerability Possible Memory Corruption Vulnerability in CCU: Local Privilege Escalation without User Interaction Possible Out of Bounds Read Vulnerability in apusys Possible Out of Bounds Read Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys Missing Permission Check in Browser App Allows Local Information Disclosure Possible Permission Bypass in Audio Aurisys HAL Allows Local Privilege Escalation Out of Bounds Read Vulnerability in ALAC Decoder Allows Local Information Disclosure Out of Bounds Write Vulnerability in ALAC Decoder Allows Local Privilege Escalation Possible Out of Bounds Read Vulnerability in GenieZone Driver Integer Overflow Vulnerability in CCU Driver Allows for Local Information Disclosure Possible Out of Bounds Write Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys Missing Permission Check in System Properties Leading to Local Information Disclosure Missing Permission Check in System Properties Leading to Local Information Disclosure in Android SoC (A-192535337) Missing Permission Check in sendAccessibilityEvent of NotificationManagerService.java Local Privilege Escalation via Confused Deputy in runTraceIpcStop of ActivityManagerShellCommand.java Out of Bounds Write Vulnerability in TouchInputMapper::sync of Android Parcel Serialization/Deserialization Mismatch in ParsedIntentInfo.java Allows Local Privilege Escalation Local Information Disclosure in getDefaultSmsPackage of RoleManagerService.java Improper Input Validation in Layout.java Leads to ANR Vulnerability Race condition vulnerability in lockNow function of PhoneWindowManager.java allows for lock screen bypass Out-of-bounds Read Vulnerability in RGB_to_BGR1_portable of SkSwizzler_opts.h Heap Buffer Overflow in ih264d_mark_err_slice_skip of ih264d_parse_pslice.c Potential Local Privilege Escalation in Android-11 SELinux Policy Unsafe PendingIntent in sendBroadcastToInstaller of FirstScreenBroadcast.java allows for local privilege escalation without additional execution privileges needed Unprotected Provider in HeapDumpProvider.java Allows Unauthorized Access to Heap Dumps Insufficient Background Restrictions Allow Background App to Regain Foreground Permissions in Android-11 (A-183147114) Possible Out of Bounds Read in get_sock_stat of xt_qtaguid.c with Use After Free Vulnerability Race condition vulnerability in dllist_remove_node in TBD allows for local privilege escalation without additional execution privileges. Race Condition User After Free Vulnerability in PVRSRVRGXSubmitTransferKM of rgxtransfer.c Uninitialized Data Leak in PVRSRVBridgeHeapCfgHeapDetails Out of Bounds Write Vulnerability in Android Kernel (CVE-2021-XXXX) Integer Overflow Vulnerability in PVRSRVBridgeSyncPrimOpCreate of PowerVR Kernel Driver MediaStore Downgrade Vulnerability in RevertActiveSessions of apexd.cpp Possible Use After Free Vulnerability in SecondStageMain of init.cpp Account Information Disclosure Vulnerability in AccountManagerService Bypass of Background Service Restrictions in sanitizeSbn of NotificationManagerService.java Arbitrary App Component Disabling Vulnerability in PluginManagerImpl.java Use-after-free vulnerability in dma_buf_release in dma-buf.c allows local users to gain privileges via a crafted application. Possible Local Escalation of Privilege in runDumpHeap of ActivityManagerShellCommand.java Information Disclosure Vulnerability in Android Settings Allows Unauthorized App Detection Unauthenticated Local Information Disclosure in PackageManager Possible Bypass of User Interaction Requirements in AllowBindAppWidgetActivity.java leading to Local Privilege Escalation Content Provider Authority Collision Vulnerability in Android-12 (CVE-2021-197647956) Out-of-bounds Write Vulnerability in GetTimeStampAndPkt of DumpstateDevice.cpp Race Condition Vulnerability in RW_SetActivatedTagType of Android Integer Overflow Vulnerability in PVRSRVBridgePMRPDumpSymbolicAddr of PowerVR Kernel Driver Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Integer Overflow Vulnerability in PVRSRVBridgeDevicememHistorySparseChange Integer Overflow Vulnerability in PVRSRVBridgeChangeSparseMem of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgePhysmemNewRamBackedLockedPMR Title: Android SoC Vulnerability (A-273754094) Integer Overflow Vulnerability in PVRSRVBridgeServerSyncGetStatus of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgeRGXTDMSubmitTransfer Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Integer Overflow Vulnerability in PVRSRVBridgeRGXKickCDM of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgeRGXKickSync of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgeCacheOpQueue of PowerVR Kernel Driver Integer Overflow Vulnerability in PVRSRVBridgePhysmemImportSparseDmaBuf Integer Overflow Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Uninitialized Data Leak in PVRSRVBridgeHeapCfgHeapConfigName Silent Pairing Vulnerability in Android TV Allows Remote Code Execution PowerVR Driver Information Disclosure Vulnerability Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation without User Interaction Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation via Use After Free Possible Memory Corruption Vulnerability in apusys: Local Privilege Escalation without User Interaction Possible Out of Bounds Read Vulnerability in apusys Possible Memory Corruption Vulnerability in apusys Possible Out of Bounds Read Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Insecure Permission Setting in SRAMROM Allows Local Privilege Escalation Out-of-Bounds Write Vulnerability in gatt_process_notification of gatt_cl.cc Integer Overflow Vulnerability in getService of IServiceManager.cpp Race condition vulnerability in unix_scm_to_skb in af_unix.c allows local attackers to escalate privileges via a use-after-free bug. Improper Input Validation in ParsingPackageImpl.java Allows for Local Privilege Escalation Bypass of INTERACT_ACROSS_PROFILES Permission in PackageManagerService.java Missing Permission Check in createOrUpdate Method of Permission.java Allows for Local Escalation of Privilege in Android-12 Out of Bounds Read Vulnerability in xhci_vendor_get_ops of xhci.c Out of Bounds Read Vulnerability in rw_t4t_sm_detect_ndef of rw_t4t.cc Potential Local Privilege Escalation in NfcImportVCardActivity due to Missing Permission Check Possible Permission Bypass in requestChannelBrowsable of TvInputManagerService.java Parcel Serialization/Deserialization Mismatch in createFromParcel of OutputConfiguration.java Allows Local Privilege Escalation Use-after-free vulnerability in ion_dma_buf_end_cpu_access in ion.c allows local attackers to gain privileges via a crafted application. Out-of-Bounds Write Vulnerability in phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc Misleading Permission Dialog Vulnerability in BluetoothDevice.getAlias() Method Unsafe PendingIntent in showNotification of NavigationModeController.java allows for local escalation of privilege Improper Input Validation in CompanionDeviceActivity and DeviceChooserActivity Allows for Remote Privilege Escalation Possible Denial of Service Vulnerability in findAllDeAccounts of AccountsDb.java Out of Bounds Write Vulnerability in ip6_xmit of Android Kernel Possible Use After Free Vulnerability in acc_read of f_accessory.c in Android Kernel Uninitialized Data Vulnerability in memzero_explicit of compiler-clang.h Out-of-bounds Read Vulnerability in set_default_passthru_cfg of passthru.c Out of Bounds Write Vulnerability in Android Kernel Out-of-Bounds Read Vulnerability in bpf_skb_change_head of Android Kernel Kernel Vulnerability: Untrusted App Control of ui32PageIndex Offset via ioctl Out of Bounds Write Vulnerability in MMU_MapPages of TBD Heap Memory Overwrite Vulnerability in PMRCreate of PowerVR Kernel Driver Kernel Heap Data Leak in PVRSRVBridgePMRPDumpSymbolicAddr Kernel Heap Data Leak in PVRSRVBridgeTLDiscoverStreams Uninitialized Kernel Memory Disclosure in PowerVR Kernel Driver Arbitrary Code Execution via Integer Overflow in DevmemIntHeapAcquire Possible Permission Bypass and Local Information Disclosure in doCropPhoto of PhotoSelectionHandler.java Unsafe PendingIntent in setOnClickActivityIntent of SearchWidgetProvider.java allows unauthorized access to contacts and history bookmarks Tapjacking/Overlay Attack Vulnerability in ResolverActivity Race condition in pf_write_buf of FuseDaemon.cpp allows for local privilege escalation without additional execution privileges (Android-11) Out of Bounds Write Vulnerability in NfcTag::discoverTechnologies (activation) of NfcTag.cpp Bypassing Factory Reset Protections in NotificationStackScrollLayout of Android Potential Local Denial of Service Vulnerability in Android Possible bypass of memory restrictions in jit_memory_region.cc leading to local privilege escalation Uninitialized Data Vulnerability in xt_quota2.c Allows Local Information Disclosure Tapjacking/Overlay Attack Vulnerability in KeyChainActivity.java Heap Buffer Overflow in C2SoftMP3::process() of C2SoftMp3Dec.cpp Unauthenticated Bluetooth Pairing Vulnerability in Android Settings Uninitialized Memory Disclosure Vulnerability in BuildParcelFields of generate_cpp.cpp Out-of-bounds Write Vulnerability in vorbis_book_decodev_set of codebook.c Integer Overflow Vulnerability in osi_malloc and osi_calloc of allocator.cc Possible Denial of Service Vulnerability in AccessPoint.java Parcel Serialization/Deserialization Mismatch in GpsNavigationMessage.java Allows Local Privilege Escalation Out-of-bounds Write Vulnerability in MPEG4Source::read of MPEG4Extractor.cpp Improper Case Sensitivity Handling in isFileUri of UriUtil.java Allows Local Information Disclosure Side Channel Information Disclosure in USB Manager Allows Determination of Installed Apps Out of Bounds Read Vulnerability in toBARK of floor0.c Out-of-bounds Write Vulnerability in phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc Side Channel Information Disclosure in getSerialForPackage of DeviceIdentifiersPolicyService.java Cross-User Package Leak in ShortcutService.java Allows for Local Information Disclosure Improper Input Validation in enqueueNotificationInternal Allows Privilege Escalation without User Interaction Potential Organization Name Disclosure in getOrganizationNameForUser of DevicePolicyManagerService.java Information Disclosure Vulnerability in createAdminSupportIntent of DevicePolicyManagerService.java Possible Permission Bypass and Privilege Escalation in onNullBinding of ManagedServices.java Potential Local Privilege Escalation in AlertReceiver.java Information Disclosure in hasGrantedPolicy of DevicePolicyManagerService.java Information Disclosure Vulnerability in getNeighboringCellInfo of PhoneInterfaceManager.java Information Disclosure Vulnerability in getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java Side Channel Information Disclosure in hasManageOngoingCallsPermission of TelecomServiceImpl.java Information Disclosure Vulnerability in getDeviceId of PhoneSubInfoController.java Possible Bluetooth MAC Address Leak in OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java Tapjack Overlay Vulnerability in PaymentDefaultDialog.java Allows Unauthorized Default Payment App Change Possible Denial of Service Vulnerability in getOffsetBeforeAfter of TextLine.java Unauthenticated App Presence Disclosure in ConnectivityService.java Potential Information Disclosure Vulnerability in registerSuggestionConnectionStatusListener of WifiServiceImpl.java Out-of-bounds Read Vulnerability in nfaHciCallback of HciEventManager.cpp APN Disclosure Vulnerability in GnssNetworkConnectivityHandler Heap Buffer Overflow in ih264e_find_bskip_params() in Android-12 Unauthenticated A2DP Bluetooth Device Connection State Manipulation Vulnerability in Android Possible Permission Bypass in createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java Heap Buffer Overflow in PVInitVideoEncoder of mp4enc_api.cpp Out-of-Bounds Read Vulnerability in WT_Interpolate of eas_wtengine.c Unprivileged App Privilege Escalation via Confused Deputy in AudioService's adjustStreamVolume Unauthenticated App Presence Disclosure in Android-12's WifiServiceImpl.java Information Disclosure Vulnerability in getDeviceIdWithFeature of PhoneInterfaceManager.java Bluetooth MAC Address Information Disclosure Vulnerability in DatabaseManager.java Out of Bounds Read Vulnerability in btu_hcif_process_event of btu_hcif.cc Possible Denial of Service Vulnerability in SubscriptionController.addSubInfo Information Disclosure Vulnerability in setApplicationCategoryHint of PackageManagerService.java Missing Permission Check in getSigningKeySet of PackageManagerService.java Allows Local Information Disclosure Missing Permission Check in setPackageStoppedState of PackageManagerService.java Allows Local Information Disclosure Side Channel Information Disclosure in NotificationAccessDetails.java Allows Determining App Installation Status Side Channel Information Disclosure in checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService.java Information Disclosure Vulnerability in getNetworkTypeForSubscriber of PhoneInterfaceManager.java Information Disclosure Vulnerability in getMeidForSlot of PhoneInterfaceManager.java Possible USB Permission Granting Vulnerability in UsbPermissionActivity.java Missing Permission Check in AdapterService and GattService Definition in AndroidManifest.xml Allows for Bluetooth Connection Disabling and Local Privilege Escalation Side Channel Information Disclosure in adjustStreamVolume of AudioService.java Misleading User Consent Dialog in snoozeNotification of NotificationListenerService.java Allows Local Privilege Escalation Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195111725) Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195031703) Bluetooth Service Crash Vulnerability in btif_in_hf_client_generic_evt of btif_hf_client.cc Side Channel Information Disclosure in RequestIgnoreBatteryOptimizations.java Allows Unprivileged App Detection Possible Intent Redirection Vulnerability in EventResultPersister.java Unauthenticated App Presence Disclosure in WallpaperManagerService Side Channel Information Disclosure in startRanging of RttServiceImpl.java Allows App Installation Detection without Permissions Arbitrary Code Execution Vulnerability in SurfaceFlinger's setTransactionState Out of Bounds Write Vulnerability in setClientStateLocked of SurfaceFlinger.cpp Out of Bounds Write Vulnerability in setClientStateLocked of SurfaceFlinger.cpp Side Channel Information Disclosure in setNotificationsShownFromListener of NotificationManagerService.java Side Channel Information Disclosure in cancelNotificationsFromListener of NotificationManagerService.java Information Disclosure Vulnerability in PackageManagerService.getMimeGroup Possible Permission Bypass in createGeneralSlice of ConnectedDevicesSliceProvider.java Missing Permission Check in getLine1NumberForDisplay of PhoneInterfaceManager.java Allows App Installation Detection and Local Information Disclosure Arbitrary Broadcast Receiver Invocation Vulnerability in BluetoothDevicePickerPreferenceController Possible EoP Vulnerability in LocationSettingsActivity of AndroidManifest.xml Unauthenticated Device Pairing Broadcast Vulnerability Possible DoS Vulnerability in UserDetailsActivity of AndroidManifest.xml Tapjacking/Overlay Attack Vulnerability in NotificationAccessActivity Possible EoP Vulnerability in Bluetooth Pairing Selection Fragment Possible Out of Bounds Read Vulnerability in Android Kernel Use-after-free vulnerability in dsi_panel_debugfs_read_cmdset of dsi_panel.c allows local information disclosure Possible Downgrade Attack Exploiting Underutilized Anti-Rollback Protections in Android Kernel Out-of-bounds Write Vulnerability in eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c Android Kernel Vulnerability: A-195580473 Out-of-bounds Read Vulnerability in lwis_dpm_update_clock of lwis_device_dpm.c Out-of-Bounds Read Vulnerability in cm_access_control.c Use After Free Vulnerability in Android Kernel's ep_loop_check_proc Function Android SoC Vulnerability: A-204256722 Out of Bounds Write Vulnerability in PowerVR Kernel Driver Allows Local Privilege Escalation Elevated Privileges Vulnerability in NVIDIA GPU Display Driver for Windows NVIDIA GPU Display Driver Privilege Escalation Vulnerability Improper Validation of User Pointer in NVIDIA GPU Display Driver for Windows and Linux Leads to Denial of Service NVIDIA GPU Display Driver for Windows Denial of Service Vulnerability NVIDIA GPU Display Driver for Windows: Kernel Mode Access Control Vulnerability NVIDIA GPU Display Driver for Linux Kernel Mode Layer Vulnerability Unauthorized Resource Allocation Vulnerability in NVIDIA Virtual GPU Manager NVIDIA vGPU Software Input Data Size Validation Vulnerability NVIDIA vGPU Manager Integer Overflow Vulnerability NVIDIA vGPU Software Input Index Validation Vulnerability Race Condition Vulnerability in NVIDIA vGPU Manager Plugin Unvalidated Input Length Vulnerability in NVIDIA vGPU Manager Plugin NVIDIA vGPU Manager Input Offset Validation Vulnerability NVIDIA vGPU Manager vulnerability: Untrusted Source Pointer Dereference NVIDIA vGPU Manager Plugin Input Data Validation Vulnerability NVIDIA vGPU Manager Input Data Validation Vulnerability Vulnerability in NVIDIA SHIELD TV RPMB Command Status Implementation Memory Boundary Overflow Vulnerability in NVIDIA SHIELD TV (Versions Prior to 8.2.2) Null Pointer Reference Vulnerability in NVIDIA SHIELD TV (Versions Prior to 8.2.2) Improper Access Control in NVIDIA Jetson Devices: Denial of Service Vulnerability Unauthorized Access to System Power Usage Data in NVIDIA Tegra Kernel Arbitrary File Deletion Vulnerability in NVIDIA GeForce Experience GameStream (rxdiag.dll) NVIDIA GeForce Experience Browser Login Vulnerability Vulnerability: Local Privilege Escalation via NVIDIA GPU Display Driver Installer NVIDIA Windows GPU Display Driver Kernel Mode Vulnerability Improper Access Control in NVIDIA GPU Display Driver for Windows and Linux Denial of Service Vulnerability in NVIDIA GPU Display Driver for Windows and Linux (R450 and R460) Critical Vulnerability in NVIDIA Windows GPU Display Driver: System Crash via NULL Pointer Dereference Vulnerability in NVIDIA GeForce Experience GameStream Plugins Allows Code Execution and Local Privilege Escalation NVIDIA vGPU Software Input Validation Vulnerability NVIDIA vGPU Software Input Length Validation Vulnerability NVIDIA vGPU Software Input Length Validation Vulnerability NVIDIA vGPU Software Input Length Validation Vulnerability NVIDIA vGPU Driver Input Length Validation Vulnerability NVIDIA vGPU Driver Vulnerability: Memory Manipulation and Privilege Escalation Unauthorized Resource Control Vulnerability in NVIDIA vGPU Driver NVIDIA vGPU Driver ASLR Bypass Vulnerability Vulnerability in NVIDIA GPU and Tegra Hardware Allows Unauthorized Debug Access and Information Disclosure Uncontrolled DLL Loading Path Vulnerability in NVIDIA GPU Display Driver for Windows Buffer Overflow Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver for Windows Privilege Escalation Vulnerability NVIDIA GPU Display Driver for Windows: Privilege Escalation via Symbolic Link Attack NVIDIA GPU Display Driver Firmware Vulnerability: Denial of Service and System Crash Out of Bounds Array Access Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver Kernel Mode Vulnerability NVIDIA Windows GPU Display Driver Vulnerability: NULL Pointer Dereference in DxgkDdiEscape Handler NVIDIA vGPU Software Length Validation Vulnerability Resource Leakage Vulnerability in NVIDIA vGPU Software Stack-based Buffer Overflow in NVIDIA vGPU Software NVIDIA vGPU Software Kernel Mode Driver Pointer Validation Vulnerability NVIDIA vGPU Software Null Pointer Dereference Vulnerability NVIDIA vGPU Software Denial of Service Vulnerability NVIDIA vGPU Software Denial of Service Vulnerability Unspecified Initial State of MTVEC Register in RISC-V Instruction Set Manual: A Potential Vulnerability for Information Disclosure and Data Tampering Vulnerability in NVIDIA GPU and Tegra Hardware Allows Unauthorized Access to Debug Registers Critical Privilege Escalation and Data Tampering Vulnerability in NVIDIA Linux Kernel Distributions NVIDIA Linux Kernel Vulnerability: Code Execution, Denial of Service, and System Integrity Compromise in nvmap NVMAP_IOC_WRITE* Paths Critical Vulnerability in NVIDIA Linux Kernel Distributions: FuSa Capture (VI/ISP) Integer Underflow Timing-Related Vulnerability in NVIDIA Camera Firmware: Potential Data Integrity Loss and Denial of Service Critical Vulnerability in NVIDIA Jetson Xavier Camera Firmware Allows Denial of Service and Data Corruption USB-triggered Buffer Overflow Vulnerability in NV3P Bootloader NVIDIA Linux Kernel nvmap Vulnerability: Complete Denial of Service Exploit Critical Vulnerability in NVIDIA Camera Firmware Allows Unauthorized Modification and Denial of Service Critical Vulnerability in NVIDIA Linux Kernel Distributions: Complete Denial of Service Exploit NVIDIA GPU Display Driver for Windows: Local Privilege Escalation via NULL Pointer Dereference NVIDIA GPU Display Driver for Windows Kernel Mode NULL Pointer Dereference Vulnerability Windows Kernel Mode Vulnerability: Denial of Service via DxgkDdiEscape in nvlddmkm.sys Privilege Escalation and Denial of Service Vulnerability in NVIDIA vGPU Software Double-Free Pointer Vulnerability in NVIDIA vGPU Software NVIDIA vGPU Software Virtual GPU Manager Null Termination Vulnerability Resource Starvation Vulnerability in NVIDIA vGPU Software NVIDIA vGPU Software Vulnerability: Denial of Service via NULL Pointer Dereference NVIDIA vGPU Software Denial of Service Vulnerability Vulnerability in NVIDIA GPU and Tegra Hardware Allows Privilege Escalation and Program Data Corruption Clear-text Storage of Proxy Server Credentials in Cisco Firepower Management Center (FMC) Cross-Site Scripting (XSS) Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Interface Insufficient Privilege Restriction in Cisco IOS XR Software CLI Parser Unauthenticated Information Disclosure Vulnerability in Cisco Email Security Appliance, Content Security Management Appliance, and Web Security Appliance Cisco DNA Center Software: Cross-Site Scripting (XSS) Vulnerability in Web-Based Management Interface Cisco Video Surveillance 8000 Series IP Cameras Reload Vulnerability Unauthorized Access and Data Manipulation in Cisco Data Center Network Manager (DCNM) REST API Incomplete Validation of X.509 Certificate in Cisco DNA Center Software Integration with Cisco ISE: Unauthorized Access to Sensitive Data Unauthorized Access and Data Manipulation in Cisco Data Center Network Manager (DCNM) REST API Vulnerability: Execution of Unsigned Code during Boot Process in Cisco NCS 540 Series Routers Cisco SD-WAN vManage Software Multiple Vulnerabilities Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Web UI Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Arbitrary Command Execution Vulnerabilities in Cisco Smart Software Manager Satellite Cisco CMX API Authorization Bypass Vulnerability Password Alteration Vulnerability in Cisco Connected Mobile Experiences (CMX) Vulnerability: Insecure Handling of Symbolic Links in Cisco StarOS SFTP Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Cisco Smart Software Manager Satellite Web Management Interface URL Redirection Vulnerability Insufficient Protection of Static Credentials in Cisco Smart Software Manager Satellite Denial of Service Vulnerabilities in Cisco IOS XE Software Web UI Injection of Hyperlink in Cisco Webex Meetings Invitation Emails SQL Injection Vulnerability in Cisco Smart Software Manager Satellite Cisco Snort Detection Engine HTTP Range Header Bypass Vulnerability Cisco Products Vulnerable to TCP Fast Open (TFO) Bypass for HTTP File Policy SQL Injection Vulnerabilities in Cisco SD-WAN vManage Software Clear text storage of sensitive credentials in Cisco Unified Communications Manager and related services Cross-Site Request Forgery (CSRF) Vulnerability in Cisco NX-OS Software's NX-API Feature Vulnerability: Unauthorized Server Connection in Cisco Nexus 9000 Series Fabric Switches Cisco NX-OS Software ICMPv6 Memory Leak Vulnerability Denial of Service Vulnerability in Cisco Nexus 9000 Series Fabric Switches Vulnerability: Unauthenticated Adjacent Attackers Can Disable Switching on Nexus 9000 Series Fabric Switches in ACI Mode via LLDP Cisco SD-WAN Software CLI Local Information Disclosure Vulnerability Unauthorized Access to Sensitive Database Files in Cisco SD-WAN vManage Software Vulnerability in Snort Application Detection Engine Allows Bypass of Configured Policies Arbitrary Code Execution Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface DLL Loading Vulnerability in Cisco Proximity Desktop for Windows Cisco SD-WAN Products Denial of Service Vulnerabilities File Name Manipulation Vulnerability in Cisco Webex Teams LPTS Programming Vulnerability in SNMP with Management Plane Protection in Cisco IOS XR Software Vulnerability: Execution of Unsigned Code during Boot Process in Cisco NCS 540 Series Routers Cross-Site Scripting and Authentication Bypass Vulnerabilities in Cisco Finesse Web Management Interface Cross-Site Scripting and Authentication Bypass Vulnerabilities in Cisco Finesse Web Management Interface Arbitrary SQL Command Execution Vulnerability in Cisco Data Center Network Manager (DCNM) REST API Endpoints Arbitrary SQL Command Execution Vulnerability in Cisco Data Center Network Manager (DCNM) REST API Endpoints Multiple Cross-Site Scripting and Reflected File Download Vulnerabilities in Cisco Data Center Network Manager Multiple Cross-Site Scripting and Reflected File Download Vulnerabilities in Cisco Data Center Network Manager Vulnerabilities in Cisco Small Business RV Series Routers' LLDP Implementation Denial of Service Vulnerability in ClamAV's Excel XLM Macro Parsing Module Multiple Cross-Site Scripting and Reflected File Download Vulnerabilities in Cisco Data Center Network Manager Cross-Site Scripting (XSS) Vulnerabilities in Cisco Finesse Web-Based Management Interface Unauthorized Access and Data Manipulation in Cisco Data Center Network Manager (DCNM) REST API Title: Cisco Firepower Threat Defense (FTD) Software CLI Directory Traversal Vulnerability Title: Cisco DNA Center Software Vulnerability: Unauthenticated Remote Attackers Can Manipulate Authenticated Users via CSRF Insufficient File Permission Restrictions in Cisco AnyConnect Secure Mobility Client Upgrade Component Path Traversal Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized File Write Access Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerability in Cisco DNA Center's Command Runner Tool Cisco DNA Center Configuration Archive Vulnerability: Unauthorized Access to Running Configurations Cisco Managed Services Accelerator (MSX) REST API Denial of Service Vulnerability XML Entity Denial of Service Vulnerability in Cisco Firepower Management Center (FMC) Software Cisco IOS XR Software IPv6 Flood Vulnerability Authentication Bypass and Unauthorized Data Manipulation in Cisco Data Center Network Manager (DCNM) Authentication Bypass and Unauthorized Data Access in Cisco Data Center Network Manager (DCNM) Stored XSS Vulnerability in Cisco AsyncOS for Cisco Web Security Appliance (WSA) Web Management Interface Session Validation Bypass and SSRF Vulnerability in Cisco Data Center Network Manager Cisco SD-WAN Products Denial of Service Vulnerabilities Cisco SD-WAN Products Denial of Service Vulnerabilities Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Insufficient Certificate Validation Vulnerabilities in Cisco Data Center Network Manager (DCNM) Insufficient Certificate Validation Vulnerabilities in Cisco Data Center Network Manager (DCNM) Cisco SD-WAN Products Denial of Service Vulnerabilities Cisco SD-WAN Products Denial of Service Vulnerabilities DLL Hijacking Vulnerability in Cisco Advanced Malware Protection (AMP) and Immunet for Windows Root-level Access Vulnerability in Cisco IOS XE SD-WAN Software Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Cisco Data Center Network Manager (DCNM) Log File Information Disclosure Vulnerability Unauthenticated Access and Configuration Modification Vulnerability in Cisco SD-WAN vManage Software Vulnerabilities in Cisco Data Center Network Manager (DCNM) Web Interface: XSS and RFD Attacks Arbitrary Code Execution and Denial of Service Vulnerability in Cisco RV132W and RV134W Routers Denial of Service Vulnerabilities in Cisco IOS XR Software Ingress Packet Processing Function Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business VPN Routers Directory Traversal and File Overwrite Vulnerabilities in Cisco Small Business VPN Routers Directory Traversal and File Overwrite Vulnerabilities in Cisco Small Business VPN Routers Command Injection Vulnerabilities in Cisco SD-WAN Products Command Injection Vulnerabilities in Cisco SD-WAN Products Cisco SD-WAN Products Multiple Remote Execution Vulnerabilities Cisco SD-WAN Products Multiple Remote Execution Vulnerabilities Cisco SD-WAN vManage Software: Multiple Authorization Bypass and Information Disclosure Vulnerabilities Improper Enforcement of User Roles in Cisco DNA Center Allows Unauthorized Command Execution Cisco SD-WAN vManage Software: Multiple Authorization Bypass and Information Disclosure Vulnerabilities Cisco SD-WAN vManage Software: Multiple Authorization Bypass and Information Disclosure Vulnerabilities Arbitrary File Write Vulnerability in Cisco EPN Manager, ISE, and Prime Infrastructure Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Vulnerabilities in Cisco Small Business RV Series Routers' LLDP Implementation Vulnerabilities in Cisco Small Business RV Series Routers' LLDP Implementation Cisco Webex Meetings Open Redirect Vulnerability Vulnerability: Host Role Takeover in Cisco Webex Meetings and Webex Meetings Server Denial of Service (DoS) Vulnerability in Cisco Elastic Services Controller (ESC) Health Monitor API Denial of Service Vulnerabilities in Cisco IOS XR Software Ingress Packet Processing Function Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Arbitrary Command Injection Vulnerabilities in Cisco Small Business Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Title: Cisco SD-WAN vManage Software Vulnerability: Cypher Query Language Injection via Web-based Management Interface Insufficient Rate Limiting Controls in Cisco Umbrella Web UI Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Meetings Web Interface Cisco IOS XE Software DECnet Protocol Processing Denial of Service Vulnerability Cisco StarOS IPv4 Protocol Handling Memory Leak Vulnerability Vulnerability: Rogue Cisco UCSM Registration in Cisco UCS Central Software Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerabilities in Cisco IOS XE Software Web UI Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Cisco Finesse Web Interface Open Redirect Vulnerability Command Injection and Privilege Escalation in Cisco AsyncOS for Cisco Web Security Appliance Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Vulnerability: Arbitrary File Manipulation with Root Privileges on Cisco Nexus Switches Arbitrary Code Execution Vulnerability in Cisco Unified Communications Manager and Related Services SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Path Traversal and SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities in Cisco Unified Communications Manager IM & Presence Service DLL Hijacking Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Insufficient Input Validation in Cisco NX-OS Software PIM Feature Leads to Denial of Service Vulnerability Vulnerability in Cisco UDLD Feature Allows Arbitrary Code Execution and DoS XML External Entity (XXE) Vulnerability in Cisco Firepower Device Manager (FDM) On-Box Software Privilege Escalation Vulnerability in Cisco IOS XR Software for Cisco 8000 Series Routers and NCS 540 Series Routers Privilege Escalation Vulnerability in Cisco IOS XE SD-WAN Software Shared Memory Information Disclosure Vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows Denial of Service Vulnerability in Cisco Catalyst 9000 Family Wireless Controllers Cross-Site Scripting (XSS) Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Switches Vulnerabilities in Fast Reload Feature of Cisco IOS XE Software on Catalyst Switches Multiple Vulnerabilities in Fast Reload Feature of Cisco IOS XE Software on Cisco Catalyst Switches ARP Mismanagement Vulnerability in Cisco IOS and IOS XE Software Cisco StarOS SSH Service Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Unauthorized Debugging Console Access Vulnerability in Cisco IOS XE Software Arbitrary Command Injection Vulnerability in Cisco IOS XE SD-WAN Software Privilege Escalation in Cisco IOS XE SD-WAN Software CLI Command Injection Vulnerability in Cisco IOx Application Hosting Environment Cisco IOx Application Hosting Environment Directory Traversal Vulnerability DLL Hijacking Vulnerability in Cisco AMP for Endpoints Windows Connector, ClamAV for Windows, and Immunet Denial of Service Vulnerability in Cisco NX-OS Software Network Stack Authentication Bypass Vulnerability in Cisco ACI Multi-Site Orchestrator (MSO) API Endpoint IPv6 ACL Bypass Vulnerability in Cisco IOS XR and NX-OS Software Cisco IOS XE Software Local Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Cisco IOS XE Software's Dragonite Debugger Cisco IOS and IOS XE Software CLI Command Permissions Vulnerability Privilege Escalation and Information Disclosure Vulnerabilities in Cisco Application Services Engine Denial of Service Vulnerability in Cisco IOS XE Software for Cisco NCS 520 Routers Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Intelligence Center Web Interface Privilege Escalation and Information Disclosure Vulnerabilities in Cisco Application Services Engine Cisco IMC Software Open Redirect Vulnerability Vulnerability in Cisco IOS XE Software Allows Arbitrary Code Execution at Boot Time Insufficient Validation of User-Supplied Data in Cisco Unified Communications Manager Self Care Portal Cisco Small Business Wireless Access Points: Multiple Vulnerabilities in Web Management Interface Cisco Small Business Wireless Access Points: Multiple Vulnerabilities in Web Management Interface Denial of Service Vulnerability in Cisco Firepower Threat Defense (FTD) Software Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability ClamAV PDF Parsing Module Denial of Service Vulnerability Denial of Service Vulnerability in ClamAV Email Parsing Module Improper Inclusion of Sensitive Information in Downloadable Files Vulnerability in Cisco Unified Communications Manager Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Cross-Site Scripting (XSS) Vulnerabilities in Cisco Unified Communications Manager and Unity Connection Multiple Critical Vulnerabilities in Cisco Jabber Software Improper Privilege Enforcement in Cisco Identity Services Engine (ISE) Admin Portal Allows Information Disclosure Arbitrary Code Execution Vulnerabilities in Cisco RV340, RV340W, RV345, and RV345P Routers Arbitrary Code Execution Vulnerabilities in Cisco RV340, RV340W, RV345, and RV345P Routers Arbitrary Code Execution Vulnerabilities in Cisco RV340, RV340W, RV345, and RV345P Routers Improper Privilege Enforcement in Cisco Identity Services Engine (ISE) Admin Portal Allows Information Disclosure Multiple Critical Vulnerabilities in Cisco Jabber Software Multiple Critical Vulnerabilities in Cisco Jabber Software Privilege Escalation via SSH Management in Cisco Access Points Remote Code Execution Vulnerability in Cisco Webex Meetings Command Injection Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Cisco ASA and FTD Software Cryptography Module Denial of Service Vulnerability Cisco Aironet Access Points (AP) Local File Overwrite Vulnerability Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Cisco IOS XE SD-WAN Software vDaemon Process Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability in Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability in Cisco IOS XE SD-WAN Software Arbitrary Command Injection Vulnerability in Cisco IOS XE Software Path Traversal Vulnerability in Cisco IOS XE SD-WAN Software Allows Unauthorized File Access Unrestricted TFTP Configuration Vulnerability in Cisco Aironet Series Access Points Software Cisco WAAS Software Local File Disclosure Vulnerability Denial of Service Vulnerability in Cisco Aironet Series Access Points Software Vulnerability in Hardware Initialization Routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers Allows Execution of Unsigned Code at System Boot Time Privilege Escalation Vulnerability in Cisco IOS XE Software Arbitrary Code Execution with Root Privileges in Cisco IOS XE Software Web UI Denial of Service Vulnerabilities in Cisco ASA and FTD Software DNS Application Layer Gateway Vulnerability in Cisco IOS XE Software Privilege Escalation Vulnerability in Cisco AsyncOS for Cisco Content Security Management Appliance Command Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Unsigned Code Execution Vulnerability in Cisco Access Points Software Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client IPC Channel Buffer Overflow Vulnerability in Easy Virtual Switching System (VSS) Feature of Cisco Catalyst Switches Unsigned Code Execution Vulnerability in Cisco Catalyst IE and Embedded Services Switches Cisco Catalyst 9000 Family Switches: Unsigned Code Execution at System Boot Time Vulnerability Privilege Escalation in Cisco IOS XE SD-WAN Software CLI Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary Code Execution Vulnerability in Cisco Small Business RV Series Routers Cisco IOx Application Framework Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Intelligence Center Software Improper Authorization Checks in Cisco Webex Meetings for Android Allow Remote Avatar Modification Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Multiple Critical Vulnerabilities in Cisco Jabber Software Multiple Critical Vulnerabilities in Cisco Jabber Software Multiple Remote Code Execution and Authentication Bypass Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Authentication Bypass Vulnerabilities in Cisco Small Business RV Series Routers Formula and Link Injection Vulnerabilities in Cisco Umbrella Admin Audit Log Export and Scheduled Reports Features Formula and Link Injection Vulnerabilities in Cisco Umbrella Admin Audit Log Export and Scheduled Reports Features Arbitrary Command Execution Vulnerability in Cisco ASA and FTD Software Insufficient Access Control in Cisco Firepower Management Center Software Allows Unauthorized Service Access Unsecured TCP/IP Port Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cisco SD-WAN vManage Software Multiple Vulnerabilities Cisco SD-WAN vManage Software Multiple Vulnerabilities Arbitrary Command Injection Vulnerability in Cisco IOS XR Software Title: Cisco SD-WAN vManage Software User Account Enumeration Vulnerability Arbitrary Command Execution Vulnerability in Cisco Prime Infrastructure and EPN Manager Command Injection Vulnerability in Cisco ASA and FTD Software Upgrade Process Insufficient Filesystem Resource Management Vulnerability in Cisco Firepower Device Manager (FDM) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Web Security Appliance (WSA) Web Interface Arbitrary File Write Vulnerability in Duo Authentication Proxy Installer Buffer Overflow Vulnerability in Cisco ASA and FTD Software Cisco Snort Detection Engine HTTP Header Bypass Vulnerability Vulnerabilities in Cisco AnyConnect Secure Mobility Client for Windows Allow Local Privilege Escalation Command Injection Vulnerabilities in Cisco HyperFlex HX Web Management Interface Command Injection Vulnerabilities in Cisco HyperFlex HX Web Management Interface Unauthenticated File Upload Vulnerability in Cisco HyperFlex HX Data Platform Open Redirect Vulnerability in Cisco Webex Video Mesh Cisco ASA and FTD Software SIP Inspection Engine Crash Vulnerability Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerabilities in Cisco ASA and FTD Software Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software API Multiple Critical Vulnerabilities in Cisco SD-WAN vManage Software Arbitrary Code Execution and DoS Vulnerabilities in Cisco SD-WAN vEdge Software Arbitrary Code Execution and DoS Vulnerabilities in Cisco SD-WAN vEdge Software Arbitrary Code Execution and DoS Vulnerabilities in Cisco SD-WAN vEdge Software Arbitrary File Overwrite Vulnerability in Cisco SD-WAN Software Cisco SD-WAN Software vDaemon Process Denial of Service Vulnerability Arbitrary Command Injection Vulnerability in Cisco SD-WAN Software Improper Access Controls in Cisco SD-WAN vManage Software: Unauthorized Access to Sensitive Information Confidential Information Exposure Vulnerability in Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Security Bypass Vulnerability in Cisco Webex Meetings Multimedia Viewer Feature Arbitrary Code Execution Vulnerability in Cisco Firepower Device Manager (FDM) REST API Vulnerability: Local Privilege Escalation in Cisco AnyConnect Secure Mobility Client Software Arbitrary Command Execution Vulnerability in Cisco RV340, RV340W, RV345, and RV345P Routers Cisco Video Surveillance 8000 Series IP Cameras Reload Vulnerability Incomplete Password Policy Check in Cisco CMX Change Password API Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Vulnerability Denial of Service Vulnerability in Cisco Meeting Server API Remote File Inclusion Vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server Arbitrary Code Execution Vulnerability in Cisco Webex Player for Windows and MacOS Memory State Information Disclosure Vulnerability in Cisco Webex Player for Windows and MacOS Privilege Escalation Vulnerability in Cisco SD-WAN Software Arbitrary Command Execution Vulnerability in Cisco IOS XE SD-WAN Software Cisco BroadWorks Messaging Server Software XXE Vulnerability Arbitrary Command Execution Vulnerability in Cisco Modeling Labs Web UI Arbitrary File Reading Vulnerability in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Bypassing URL Reputation Filters in Cisco Email Security Appliance Unauthenticated Remote Access to Sensitive Information in Cisco SD-WAN vManage Software Cluster Management Interface DLL Injection Vulnerability in Cisco Webex Applications for Windows Sensitive Information Exposure Vulnerability in Cisco ThousandEyes Recorder Installer Arbitrary Code Execution Vulnerability in Cisco Common Services Platform Collector (CSPC) Configuration Dashboard Authorization Bypass Vulnerabilities in Cisco ASR 5000 Series Software (StarOS) Authorization Bypass Vulnerabilities in Cisco ASR 5000 Series Software (StarOS) Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Unsafe Logging Vulnerability in Cisco Webex Meetings Client Software Information Disclosure Vulnerability in Cisco SD-WAN Software CLI Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Command Injection Vulnerabilities in Cisco Small Business Wireless Access Points Privilege Escalation and Arbitrary Command Execution in Cisco DNA Spaces Connector Privilege Escalation and Arbitrary Command Execution in Cisco DNA Spaces Connector Command Injection Vulnerabilities in Cisco DNA Spaces Connector Command Injection Vulnerabilities in Cisco DNA Spaces Connector Unauthorized Access and Modification Vulnerability in Cisco Secure Email and Web Manager Unauthorized Access Vulnerability in Cisco BroadWorks Application Server Memory Leak Vulnerabilities in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerabilities in Cisco Video Surveillance 7000 Series IP Cameras Denial of Service Vulnerabilities in Cisco Catalyst 9000 Family Wireless Controllers Improper Certificate Validation in Cisco AMP Integration: Man-in-the-Middle Attack Vulnerability DLL Hijacking Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Multiple Vulnerabilities in Cisco Jabber: Information Disclosure and DoS Multiple Vulnerabilities in Cisco Jabber: Information Disclosure and DoS Multiple Vulnerabilities in Cisco Small Business 220 Series Smart Switches Web Management Interface Privilege Escalation Vulnerability in ConfD Denial of Service Vulnerability in Cisco ASA and FTD Software via Malicious HTTPS Requests Privilege Escalation Vulnerabilities in Cisco Business Process Automation (BPA) Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Virtualized Voice Browser Web Interface Privilege Escalation Vulnerabilities in Cisco Business Process Automation (BPA) Web Interface Improper Access Control in Cisco APIC and Cloud APIC API Endpoint Allows Arbitrary File Read/Write Privilege Escalation Vulnerability in Cisco APIC and Cloud APIC Insufficient Role-Based Access Control in Cisco APIC and Cloud APIC Allows Privilege Escalation Command Injection and File Upload Vulnerabilities in Cisco APIC and Cloud APIC Command Injection and File Upload Vulnerabilities in Cisco APIC and Cloud APIC Stored Cross-Site Scripting Vulnerability in Cisco APIC Web UI Fabric Infrastructure File System Access Control Vulnerability in Cisco Nexus 9000 Series Fabric Switches Privilege Escalation Vulnerability in Cisco Nexus 9000 Series Fabric Switches Title: Remote Code Execution Vulnerability in Cisco ASDM Launcher Denial of Service Vulnerability in Cisco Nexus 9000 Series Fabric Switches in Multi-Pod or Multi-Site Configurations Vulnerability in Cisco NX-OS Software's VXLAN OAM Feature Allows DoS Attacks Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability Unauthorized Access to User Credentials in Cisco SD-WAN vManage Software Denial of Service Vulnerability in Cisco NX-OS Software Login Process EtherChannel Port Subscription Logic Vulnerability in Cisco Nexus 9500 Series Switches Cisco UCS Manager Software SSH Session DoS Vulnerability Title: Cisco Packet Tracer for Windows DLL Injection Vulnerability Command Injection Vulnerability in Cisco ISE REST API Allows Privilege Escalation Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Memory Leak Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Customer Voice Portal (CVP) Web Interface Unauthenticated Access to Sensitive Internal Services in Cisco Intersight Virtual Appliance Unauthenticated Access to Sensitive Internal Services in Cisco Intersight Virtual Appliance Arbitrary Command Execution Vulnerability in Cisco Small Business VPN Routers Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stored Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Multiple Remote Code Execution and Command Injection Vulnerabilities in Cisco Small Business RV340, RV340W, RV345, and RV345P Routers Multiple Remote Code Execution and Command Injection Vulnerabilities in Cisco Small Business RV340, RV340W, RV345, and RV345P Routers Denial of Service (DoS) Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9800 Family Wireless Controller Arbitrary File Overwrite Vulnerability in Cisco IOS XE SD-WAN Software CLI Insufficient Handling of Malformed MPLS Packets in Cisco SD-WAN Software Allows Unauthorized Access to Sensitive Information Insufficient Buffer Allocation Vulnerability in Cisco Embedded Wireless Controller Software for Catalyst Access Points NAT Slipstreaming: Bypassing H.323 ALG Vulnerability Vulnerabilities in Cisco Intersight Virtual Appliance Web Management Interface Vulnerabilities in Cisco Intersight Virtual Appliance Web Management Interface Unauthenticated Remote Attack on Cisco IOS XE Software: Bypassing AAA and Manipulating Device Configuration IKEv2 AutoReconnect Feature Vulnerability: Exhaustion of IP Addresses in Cisco IOS Software and Cisco IOS XE Software Cisco IOS XE Software Layer 2 Punt Code Denial of Service Vulnerability Cisco IOS XE Software COPS Resource Exhaustion Vulnerability Cisco cBR-8 Converged Broadband Routers SNMP Punt Path Overload Vulnerability Cisco IOS XE Software Rate Limiting NAT DoS Vulnerability Zone-Based Policy Firewall Bypass Vulnerability Remote Code Execution Vulnerability in MuleSoft Runtime Components Server Side Request Forgery Vulnerability in MuleSoft Runtime Components XML External Entity (XXE) Vulnerability in MuleSoft Runtime Components URL Validation Bypass in Tableau Server Email Links Critical XXE Vulnerability in Mule Runtime Component: Impact on CloudHub, GovCloud, and More Unauthenticated Elevation of Privilege Vulnerability in Microsoft SQL Server Windows DNS Query Information Leakage Vulnerability BlueBypass: Exploiting Windows Bluetooth Security Feature Bypass Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Print Spooler Privilege Escalation Vulnerability in Windows Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server AppX Deployment Extensions Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Docker Information Leakage Vulnerability Windows WLAN Service Privilege Escalation Vulnerability DefenderShield: Microsoft Defender Remote Code Execution Vulnerability Microsoft splwow64 Elevation of Privilege Vulnerability: Exploiting Windows Printer Spooler for Unauthorized Access ATL Elevation of Privilege Vulnerability Windows Runtime C++ Template Library Privilege Escalation Vulnerability Elevated Privilege Vulnerability in Diagnostics Hub Standard Collector CSC Service Privilege Escalation Vulnerability in Windows CSC Service Privilege Escalation Vulnerability in Windows CSC Service Privilege Escalation Vulnerability in Windows CSC Service Privilege Escalation Vulnerability in Windows TPM Device Driver Information Leakage Vulnerability Windows Fax Compose Form RCE Vulnerability RPC Runtime RCE Vulnerability CSC Service Privilege Escalation Vulnerability in Windows RPC Runtime RCE Vulnerability Windows Installer Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Windows Projected File System FS Filter Driver Information Disclosure Vulnerability RPC Runtime RCE Vulnerability GDI+ Remote Code Execution Vulnerability: Exploiting Graphics Processing for Unauthorized Access RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability Exploiting the Microsoft DTV-DVD Video Decoder for Remote Code Execution Windows Remote Desktop Security Bypass Vulnerability Windows Projected File System FS Filter Driver Information Disclosure Vulnerability RPC Runtime RCE Vulnerability Windows Projected File System FS Filter Driver Information Disclosure Vulnerability RPC Runtime RCE Vulnerability Windows Remote Desktop Protocol Security Bypass Vulnerability PrintNightmare: Windows Print Spooler Remote Code Execution Vulnerability Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Azure Active Directory Pod Identity Spoofing Vulnerability Print Spooler Spoofing: A Critical Windows Vulnerability Windows CryptoAPI Denial of Service Vulnerability: Exploiting Weaknesses in Cryptographic Services Elevated Privilege Vulnerability in Diagnostics Hub Standard Collector Windows WalletService Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability BlueBypass: Exploiting Windows Bluetooth Security Feature Bypass Vulnerability BlueBypass: Exploiting Windows Bluetooth Security Feature Bypass Vulnerability AppX Deployment Extensions Privilege Escalation Vulnerability Windows WalletService Privilege Escalation Vulnerability Windows WalletService Privilege Escalation Vulnerability CSC Service Privilege Escalation Vulnerability in Windows Windows Multipoint Management Privilege Escalation Vulnerability Windows WalletService Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Hyper-V DoS Vulnerability: Disrupting Windows Virtualization CSC Service Privilege Escalation Vulnerability in Windows Windows Update Stack Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows InstallService Privilege Escalation Vulnerability Windows Win32k Privilege Escalation Vulnerability Windows Modem.sys Information Disclosure Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability Windows RPC Runtime Elevation of Privilege Vulnerability Windows Event Logging Service Privilege Escalation Vulnerability Hyper-V Privilege Escalation Vulnerability in Windows Edge of Insecurity: Memory Corruption Vulnerability in Microsoft Edge (HTML-based) Windows LUAFV Privilege Escalation Vulnerability SharePoint Server Remote Code Execution Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Windows Win32k Privilege Escalation Vulnerability Windows Media Foundation Remote Code Execution Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability SharePoint Privilege Escalation Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server SharePoint Server Tampering Vulnerability: A Potential Breach in Microsoft's Collaboration Platform SharePoint Privilege Escalation Vulnerability .NET Core and Visual Studio Denial of Service Vulnerability: Exploiting Software to Overwhelm and Disable Systems Faxploit: Remote Code Execution Vulnerability in Windows Fax Service ASP.NET Core and Visual Studio DoS Vulnerability Exploiting Cross-site Scripting Vulnerability in Microsoft Dynamics Business Central Bot Framework SDK Information Leakage Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Windows Installer Privilege Escalation Vulnerability System Center Operations Manager Privilege Escalation Vulnerability Windows Update Stack Setup Privilege Escalation Vulnerability Microsoft Exchange Server Spoofing Vulnerability PFX Encryption Security Bypass Vulnerability Windows Win32k Privilege Escalation Vulnerability PsExec Elevation of Privilege Vulnerability Windows RPC Information Disclosure Vulnerability Vulnerability: Out-of-Bounds Read in Image Processing Leading to Arbitrary Code Execution Vulnerability Title: Arbitrary Code Execution via Maliciously Crafted Image in macOS Big Sur 11.2 and Earlier Versions Vulnerability Patched: Arbitrary Code Execution via Maliciously Crafted Image Vulnerability: Local User Privilege Escalation through Directory Path Parsing Issue Improper Path Validation Allows Local User to Modify Protected File System Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Image Processing Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Vulnerability: Out-of-Bounds Write in Image Processing Leading to Arbitrary Code Execution Vulnerability: Out-of-Bounds Read in USD File Processing Arbitrary Code Execution Vulnerability in Image Processing Vulnerability: Out-of-Bounds Write Leading to Code Execution Arbitrary JavaScript Code Execution via Maliciously Crafted URL Arbitrary Code Execution Vulnerability in macOS and iOS Vulnerability: Arbitrary Code Execution via Malicious Samba Network Share Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Image Processing Lock Screen Vulnerability: Unauthorized Access to Contacts on Locked iOS Devices Lock Screen Contact Access Vulnerability Privilege Escalation Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Improper Bounds Checking Leading to Arbitrary Code Execution Improper Input Validation in Image Processing Leading to Arbitrary Code Execution Memory Corruption Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Title: Remote Denial of Service Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Operating Systems Vulnerability: Out-of-Bounds Write in USD File Processing Buffer Overflow Vulnerability Patched in macOS Big Sur 11.2 and iOS 14.4 Use After Free Vulnerability Patched in Multiple Apple Operating Systems Improved iframe sandbox enforcement in macOS Big Sur 11.2 and Security Updates 2021-001 Catalina/Mojave mitigates violation of iframe sandboxing policy Denial of Service Vulnerability in Image Processing Heap Corruption Vulnerability Fixed in macOS Big Sur 11.2 and iOS 14.4 Vulnerability: Out-of-Bounds Read in USD File Processing Pointer Authentication Bypass Vulnerability Patched in Apple Operating Systems Buffer Overflow Vulnerability Patched in macOS Big Sur 11.3 and iOS 14.5 Vulnerability: Unauthorized Rejoining of iMessage Group Title: Critical Stack Overflow Vulnerability Patched in macOS and iOS Updates Improper Image Processing Vulnerability Patched in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in Image Processing Font Processing Arbitrary Code Execution Vulnerability Fixed in macOS Big Sur 11.2 and Security Updates Arbitrary Code Execution Vulnerability in Font File Processing Arbitrary Code Execution Vulnerability in Image Processing Curl Out-of-Bounds Read Vulnerability Vulnerability: Logic Error in Kext Loading Allows Arbitrary Code Execution Memory Initialization Vulnerability in iOS 14.4 and iPadOS 14.4 Allows for Denial of Service Attack Contact Card Privacy Vulnerability Privilege Escalation Vulnerability in macOS and iOS Memory Management Vulnerability in macOS and iOS: Arbitrary Code Execution through Malicious Image Processing DiskArbitration Permissions Vulnerability Vulnerability: Out-of-Bounds Read Leading to Arbitrary Code Execution in Image Processing Improved State Management Fixes Logic Issue Allowing Local User to Modify System Files Privilege Escalation Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Use After Free Vulnerability Patched in Multiple Apple Products Type Confusion Vulnerability Patched in Multiple Apple Products Font Processing Vulnerability in macOS Big Sur 11.2 and Earlier Versions Kernel Memory Disclosure Vulnerability Improper Bounds Checking Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Image Processing Improper Input Validation Leads to Arbitrary Code Execution in iOS 14.4 and iPadOS 14.4 iOS and iPadOS 14.4 Patch Out-of-Bounds Write Vulnerability Allowing Arbitrary Code Execution Improper Input Validation Leads to Arbitrary Code Execution in iOS 14.4 and iPadOS 14.4 Improved Permissions Logic Fixes Arbitrary File Read Vulnerability Port Redirection Vulnerability Patched in macOS Big Sur 11.2 and Other Apple Updates Arbitrary File Access Vulnerability in Xcode 12.4 Improved iframe sandbox enforcement in macOS and iOS Privilege Escalation Vulnerability in macOS Big Sur 11.2 and Earlier Versions Improved Permissions Logic Fixes iCloud Document Enumeration Vulnerability Vulnerability: Out-of-Bounds Write Allows Arbitrary Code Execution with Kernel Privileges Kernel Privilege Escalation Vulnerability in macOS Improved Input Sanitization Fixes Arbitrary File Write Vulnerability in iOS 14.5 and iPadOS 14.5, watchOS 7.4 Memory Corruption Vulnerability Patched in Multiple Apple Operating Systems Memory Corruption Vulnerability Patched in Multiple Apple Operating Systems Gatekeeper Bypass Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Font Processing Logic Issue Leading to Memory Disclosure Arbitrary Code Execution Vulnerability in iOS 14.5 and iPadOS 14.5 Root Privilege Escalation Vulnerability Patched in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in macOS Big Sur 11.3 and watchOS 7.4 Improper Path Validation Allows Local User to Modify Protected File System Areas Improved Bounds Checking Fixes Buffer Overflow Vulnerability in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5 Memory Corruption Vulnerability in Apple Operating Systems Improper State Management Leading to Remote Code Execution in macOS and iOS Memory Disclosure Vulnerability in macOS Big Sur 11.3, iOS 14.5, iPadOS 14.5, watchOS 7.4, and tvOS 14.5 Improper State Management in watchOS and macOS: Denial of Service Vulnerability Improved Restrictions for File System Modification Vulnerability Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Cross-Site Scripting Vulnerability Patched in Apple Software Updates Universal Cross-Site Scripting Vulnerability Patched in macOS Big Sur 11.3 and iOS 14.5 Memory Corruption Vulnerability in macOS Big Sur 11.3 and Earlier Versions Type Confusion Vulnerability in macOS Big Sur 11.3 Allows Arbitrary Code Execution with Kernel Privileges Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in iOS 14.5 and iPadOS 14.5 Enhanced Permissions Logic Resolves File Access Vulnerability in iOS 14.5 and iPadOS 14.5 Improper File Permissions in Copied Files Elevated Privileges Vulnerability Patched in iOS 14.5 and iPadOS 14.5 Kernel Privilege Escalation via Out-of-Bounds Write Vulnerability Lock Screen Note Access Vulnerability Privilege Escalation Vulnerability in iOS 14.5 and iPadOS 14.5, tvOS 14.5 Certificate Validation Vulnerability in iOS 14.5 and iPadOS 14.5 Allows Network Traffic Manipulation Arbitrary Code Execution Vulnerability in iOS 14.4 and iPadOS 14.4 Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Earlier Versions Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Earlier Versions Kernel Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Arbitrary Code Execution Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in iOS, iPadOS, Safari, watchOS, and macOS Memory Disclosure Vulnerability in Audio File Processing Memory Corruption Vulnerability in macOS Big Sur 11.3 and Earlier Versions Sensitive Information Exposure in App Switcher on iOS 14.5 and iPadOS 14.5 Code Signature Validation Vulnerability Allows Bypass of Privacy Preferences Kernel Privilege Escalation Vulnerability Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in iOS 14.5 and iPadOS 14.5 Privilege Escalation Vulnerability in macOS Big Sur 11.3 Improved Logic for Call Termination Issue in iOS 14.5 and iPadOS 14.5 Vulnerability: Logic Issue in Favicon Fetching Leading to Unnecessary Network Connections Memory Initialization Vulnerability in iTunes and Apple Operating Systems Arbitrary Code Execution via Maliciously Crafted Image macOS Big Sur 11.3 Fixes Logic Issue Allowing Unexpected Unlocking of Locked Notes Memory Disclosure Vulnerability in Multiple Apple Operating Systems Cache Occupancy Tracking Vulnerability Physical Access Vulnerability: Unauthorized Contact Access via Siri Search (Fixed in iOS 14.5 and iPadOS 14.5) NFC Tag Authentication Vulnerability in iOS 14.5 and iPadOS 14.5 Use After Free Vulnerability in iOS, iPadOS, watchOS, and tvOS 14.5 Improved Logic Fixes Password Visibility Issue in iOS 14.5 and iPadOS 14.5 Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Privilege Escalation Vulnerability Patched in Multiple Apple Operating Systems Title: Logic Issue in macOS and iOS Allows Remote Code Execution Title: Logic Issue in macOS and iOS Allows Remote Code Execution CallKit Call Muting Logic Issue in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3 Vulnerability: Credential Leakage from Secure Text Fields in Accessibility TCC Permissions Arbitrary Code Execution Vulnerability in iOS 14.5 and iPadOS 14.5 Heap Corruption Vulnerability Fixed in Multiple Apple Updates Use After Free Vulnerability Patched in macOS Big Sur 11.3 and Security Updates Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in iOS 14.5 and iPadOS 14.5 Integer Overflow Vulnerability in macOS Big Sur 11.3 and Earlier Universal Cross-Site Scripting Vulnerability in iOS, iPadOS, and watchOS Arbitrary Code Execution Vulnerability in macOS Big Sur 11.3 and watchOS 7.4 Font File Out-of-Bounds Read Vulnerability Patched in Multiple Operating Systems Elevated Privileges Vulnerability Patched in Multiple Apple Operating Systems Heap Corruption Vulnerability in Apple Operating Systems Improved Locking to Address Race Condition Vulnerability Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Memory Corruption Vulnerability in Snapdragon Platforms Vulnerability in Snapdragon Wi-Fi Fine Timing Measurement Protocol Allows Assertion in WLAN Subsystem Double Free Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Vulnerability: Improper Length Check of Public Exponent in RSA Import Key Function Use-After-Free Vulnerability in Snapdragon Audio Driver Memory Corruption Vulnerability in Snapdragon Compute, Connectivity, Consumer Electronics Connectivity, Wired Infrastructure, and Networking due to Improper Input Validation in Nonstandard IO Control Processing Improper Access Control Vulnerability in Snapdragon Platforms Critical Vulnerability: Integer Overflow in Image Flashing Process in Snapdragon IOT Devices Unencrypted Packet Forwarding Vulnerability in Snapdragon Compute and Connectivity Unvalidated Boundary Checks in Splash Image Loading: A Potential Buffer Over-read Vulnerability Buffer Over-read Vulnerability in Snapdragon Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables: Incorrect Overflow Check in Splash Image Loading Unbounded Buffer Read Vulnerability in Snapdragon Devices Race condition vulnerability in Display creation leading to use after free in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Unbounded Buffer Read Vulnerability in Snapdragon Devices Lack of Length Check on Channel Switch Announcement IE in Snapdragon Devices: A Potential Denial of Service Vulnerability PID Reuse Vulnerability in Snapdragon Platforms Memory Mapping Vulnerability in Multiple Snapdragon Platforms Address Deregistration Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability Found in Multiple Snapdragon Platforms Double Free Vulnerability in Multiple Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Platforms Improper Length Check Vulnerability in Snapdragon Platforms Unreachable Exit Condition Vulnerability in Snapdragon Platforms Improper Validation of NDP Application Information Length in Multiple Snapdragon Platforms Critical Buffer Underflow Vulnerability in Snapdragon Platforms Memory Allocation Failure in DIAG: A Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Connectivity, Industrial IOT, and Wearables Information Exposure Vulnerability in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile due to Improper Resource Allocation in Virtual Machines Integer Underflow Vulnerability in Snapdragon Platforms RTCP Packet Integer Underflow Vulnerability in Snapdragon Platforms Concurrent Memory Operations Vulnerability in Snapdragon Platforms Pointer Argument Vulnerability in Snapdragon Auto, Compute, Connectivity, and Industrial IOT Timing and Power Side-Channel Vulnerability in RSA-CRT Implementation on Snapdragon Platforms Critical Denial of Service Vulnerability in Snapdragon Platforms: Improper Handling of Group Management Action Frame Use After Free Vulnerability in FastRPC Driver in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure, and Networking Bootmode Validation Vulnerability: Information Disclosure in Snapdragon Platforms Critical Out of Bounds Read Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Vulnerability: Unauthorized Access to VM Memory in Snapdragon Platforms Improper Validation of Invite Message with SDP Body Vulnerability in Snapdragon Platforms Improper Check in Application Loader Object Destruction Leads to Memory Corruption in Snapdragon Platforms Null Pointer Dereference Vulnerability in Snapdragon Platforms Null Pointer Dereference Vulnerability in Snapdragon Platforms Vulnerability: Reachable Assertion in Snapdragon Platforms Improper Verification Vulnerability in Snapdragon Platforms Improper Validation Leads to Null Pointer Dereference in Snapdragon Platforms Vulnerability in Snapdragon Platforms: Use After Free Exploit in Firmware Response Handling Improper Length Check Vulnerability in Snapdragon Platforms Shared Memory Region Permission Vulnerability Buffer Out of Bound Read Vulnerability in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms Improper Validation in SDP Processing Leads to Null Pointer Dereference in Snapdragon Platforms Critical Use-After-Free Vulnerability in Snapdragon Kernel Graphics Driver Unbounded Data Parsing Vulnerability in Multiple Snapdragon Platforms Critical Vulnerability: Integer Overflow in Snapdragon Platforms with Enabled Sanitizer Secure Memory Cleaning Vulnerability in Snapdragon Platforms Critical Buffer Over Read Vulnerability in Snapdragon Platforms Vulnerability: Reachable Assertion in Snapdragon Platforms Improper Validation of Data Pointer Leads to Buffer Over-read in Snapdragon Platforms Improper Connection Handling Vulnerability in Snapdragon Platforms ASB-U Packet Interference Vulnerability in Snapdragon Devices Insecure ACL Link Reconnection in Snapdragon Devices Race Condition in FastRPC Kernel Driver: Exploiting Use After Free in Snapdragon Platforms Unbounded Input Index Vulnerability in Snapdragon Platforms Vulnerability: Uncontrolled Resource Consumption in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Devices: Insufficient Validation in IOCTL Endpoint Information Retrieval Critical Use-After-Free Vulnerability in Snapdragon Platforms' IPA Driver Improper Validation of IE Size in Snapdragon Devices: Buffer Over Read Vulnerability Buffer Overflow Vulnerability in Snapdragon Platforms: Unchecked Parameter Length in MBSSID Scan IE Parse Critical Buffer Overflow Vulnerability in Snapdragon Platforms Critical Stack Buffer Overflow Vulnerability in Snapdragon Platforms Kernel Memory Information Exposure Vulnerability in Snapdragon Platforms Kernel Memory Information Exposure Vulnerability in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms Critical Vulnerability: Lack of Physical Layer State Validation in Snapdragon Platforms Improper Device Type Validation Vulnerability in Multiple Snapdragon Platforms Arbitrary Write Vulnerability in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Platforms Heap Overflow Vulnerability in Snapdragon Platforms: Improper Length Check in DNS Response Parsing Use After Free Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Voice & Music, Wearables, Wired Infrastructure, and Networking Improper Validation of Frame Length in AEAD Decryption: Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Platforms Improper Size Check Vulnerability in Bearer Capability IE of MT Setup Request in Snapdragon Platforms Critical Denial of Service Vulnerability in Snapdragon Platforms: Improper Input Validation of NAS OTA Messages Critical Buffer Overflow Vulnerability in Snapdragon Services Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Over Read Vulnerability in QVR Service Configuration in Snapdragon Platforms Java VM Component Vulnerability in Oracle Database Server (Versions 12.1.0.2, 12.2.0.1, 18c, and 19c) Oracle WebLogic Server Remote Code Execution Vulnerability Oracle WebLogic Server Web Services Unauthorized Data Access Vulnerability Oracle WebLogic Server Unauthorized Read Access Vulnerability Vulnerability in Oracle Hospitality Reporting and Analytics: Unauthorized Data Access and Modification Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation and Partial Denial of Service Vulnerability in Oracle ZFS Storage Appliance Kit Allows Unauthorized Data Manipulation Oracle Database Server Unified Audit Component Vulnerability Insecure Permissions in debian-edu-config Lead to Privilege Escalation MySQL Server Denial of Service Vulnerability Critical SQL-Injection Vulnerability in SonicWall SSLVPN SMA100 (Build Version 10.x) Title: SonicWall SMA100 Post-Authenticated Command Injection Vulnerability SonicWall SMA100 Post-Authentication Configuration File Export Vulnerability Memory Leakage Vulnerability in SonicOS HTTP Server: Potential Internal Data Disclosure MySQL Server Replication Vulnerability Remote Privilege Escalation Vulnerability in SonicWall GMS 9.3 Remote Account Creation Vulnerability in SonicWall Email Security 10.0.9.x Arbitrary File Upload Vulnerability in SonicWall Email Security Version 10.0.9.x Arbitrary File Read Vulnerability in SonicWall Email Security Version 10.0.9.x Out-of-Bound Read Vulnerability in SonicWall Switch Handling LLDP Protocol Default Username and Password Vulnerability in SonicWall Email Security Virtual Appliance OS Command Injection Vulnerability in SonicWall NSM On-Prem 2.2.0-R10 and Earlier Versions SonicOS Buffer Overflow Vulnerability: Remote DoS Exploit SQL Injection Vulnerability in End-of-Life Secure Remote Access (SRA) Products Vulnerability in Oracle Fusion Middleware's Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation SonicWall GMS File Path Manipulation Vulnerability SonicOS Host Header Redirection Vulnerability SonicWall Analytics 2.5 On-Prem Java Debug Wire Protocol (JDWP) Interface Security Misconfiguration Vulnerability Path Traversal Vulnerability in SMA100 Allows Remote Attackers to Delete Files and Trigger Factory Reset Command Injection Vulnerability in SMA100 Management Interface SonicWall Global VPN Client 4.10.5 Installer Privilege Escalation Vulnerability Stack-based Buffer Overflow Vulnerability in SMA100 Apache httpd Server's mod_cgi Module Arbitrary Command Injection in SMA100 Management Interface Siebel Core - Server BizLogic Script Unauthorized Read Access Vulnerability Relative Path Traversal Vulnerability in SMA100 Upload Function CPU Consumption Vulnerability in SMA Appliances Unauthenticated Remote Proxy Bypass Vulnerability in SMA Appliances Heap-based Buffer Overflow Vulnerability in SonicWall SMA100 getBookmarks Method SonicWall SMA100 Post-Authentication Remote Command Injection Vulnerability Buffer Overflow Vulnerability in SMA100 SonicFiles RAC_COPY_TO Method SonicOS HTTP Content-Length Response Header Stack-based Buffer Overflow Vulnerability DLL Search Order Hijacking Vulnerability in SonicWall Global VPN Client Stack-based Buffer Overflow in SonicOS SessionID HTTP Response Header SonicWall SMA100 Password Change API Username Enumeration Vulnerability Oracle Business Intelligence Enterprise Edition Vulnerability: Unauthorized Data Access Unauthenticated Access to Restricted Management APIs in SMA100 Series: Exposing Configuration Meta-data DLL Search Order Hijacking Vulnerability in SonicWall Global VPN Client Installer Vulnerability in Oracle MySQL Client: Unauthorized Denial of Service (DoS) Local Resource Manipulation Vulnerability in JSDom Unauthenticated Access to Sensitive Syslog Events in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Unauthenticated Unauthorized Read Access Vulnerability in Oracle MySQL Client Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Scripting Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Arbitrary File Access and Deletion Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Cross-Site Request Forgery Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Arbitrary OS Command Execution Vulnerability in Racom's MIDGE Firmware 4.4.40.105 Privilege Escalation Vulnerability in Racom's MIDGE Firmware 4.4.40.105 via configd Remote Code Execution (RCE) via Hypertext Preprocessor Unserialization in Tenable.sc and Tenable.sc Core versions 5.13.0 - 5.17.0 IAM Role Security Token Leakage in Nessus Agent Remote Denial of Service Vulnerability in Manage Engine OpManager Builds Below 125346 Privilege Escalation Vulnerability in Nessus Versions 8.13.2 and Earlier Vulnerability in Oracle Enterprise Manager for Fusion Middleware: Unauthorized Access and Data Manipulation Persistent Cross-Site Scripting (XSS) Vulnerability in ManageEngine ServiceDesk Plus and AssetExplorer Arbitrary Command Execution Vulnerability in ManageEngine ServiceDesk Plus before version 11205 Prototype Pollution Vulnerability in jquery-plugin-query-object 2.2.3 Prototype Pollution Vulnerability in jquery-sparkle 1.5.2-beta Prototype Pollution Vulnerability in backbone-query-parameters 0.4.0 Prototype Pollution Vulnerability in jquery-bbq 1.2.1 Prototype Pollution in jquery-deparam 0.5.1: Unauthorized Modification of Object Prototype Attributes Prototype Pollution in mootools-more 1.6.0: Unauthorized Modification of Object Prototype Attributes Prototype Pollution Vulnerability in purl 2.3.2 MySQL Server Vulnerability: Unauthorized Hang and Crash Path Traversal Vulnerability in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 Web Interfaces Allows Authentication Bypass Unsanitized User Input in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 Firmware Allows Remote Code Execution Unrestricted Access to Sensitive Information in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 Firmware Buffer Over-read Vulnerability in Wibu-Systems CodeMeter Versions < 7.21a Denial of Service Vulnerability in Wibu-Systems CodeMeter Runtime Server OpenOversight 0.6.4 Cross-Site Request Forgery Vulnerability Multiple Local Privilege Escalation Vulnerabilities in Nessus Agent 8.2.4 and Earlier for Windows Vulnerability in Oracle MySQL Client: Unauthorized Data Access and Partial Denial of Service Local Privilege Escalation Vulnerabilities in Nessus Agent 8.2.4 and Earlier for Windows HTTP Host Header Injection Vulnerability in Machform Prior to Version 16 Cross-Site Request Forgery Vulnerability in Machform Prior to Version 16 Stored Cross-Site Scripting Vulnerability in Machform (prior to version 16) Unauthenticated Remote Code Execution in Machform Prior to Version 16 Open Redirect Vulnerability in Machform prior to version 16 Privilege Escalation Vulnerability in Nessus Agent Versions 8.2.5 and Earlier Unauthenticated BLE Interface Vulnerability in Sloan SmartFaucets and Flushometers Memory Leak Vulnerability in Manage Engine Asset Explorer Agent 1.0.34 Heap Overflow Vulnerability in AEAgent.cpp MySQL Client Denial of Service Vulnerability Vulnerability: Heap Overflow in Manage Engine Asset Explorer Agent 1.0.34 Stored Cross-Site Scripting Vulnerability in TCExam <= 14.8.1 via tce_filemanager.php Stored Cross-Site Scripting Vulnerability in TCExam <= 14.8.1 via tce_select_mediafile.php TCExam users. Unauthenticated Access to Sensitive Database Backup Files in TCExam <= 14.8.1 Reflected Cross-Site Scripting Vulnerability in TCExam <= 14.8.3 via Unsantized Path Parameters in tce_filemanager.php Reflected Cross-Site Scripting Vulnerability in TCExam <= 14.8.4 via tce_select_mediafile.php Local Privilege Escalation Vulnerability in Nessus Agent 8.3.0 and Earlier Local Privilege Escalation Vulnerability in Nessus Agent 8.3.0 and Earlier Vulnerability: Bypassing Safety Measures in Arris SurfBoard SB8200 Password Change Utility Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability: Lack of Cross-Site Request Forgery (CSRF) Protection in Arris Surfboard SB8200 Administration Web Interface Authenticated Arbitrary File Read Vulnerability in Telus Wi-Fi Hub (PRV65B444A-S-TS) Firmware 3.00.20 Authenticated Command Injection Vulnerability in Telus Wi-Fi Hub (PRV65B444A-S-TS) Firmware 3.00.20 Draytek VigorConnect 1.6.0-B3 Local File Inclusion Vulnerability Local File Inclusion Vulnerability in Draytek VigorConnect 1.6.0-B3 Allows Unauthorized File Downloads Arbitrary File Upload and Directory Traversal Vulnerability in Draytek VigorConnect 1.6.0-B3 Cross-Site Request Forgery (CSRF) Vulnerability in Draytek VigorConnect 1.6.0-B3 Arbitrary File Deletion Vulnerability in Draytek VigorConnect 1.6.0-B3 Stored XSS Vulnerability in Draytek VigorConnect 1.6.0-B3's Profile Name Field Information Disclosure Vulnerability in Draytek VigorConnect 1.6.0-B3: Unauthorized System Log Export Oracle BI Publisher Product Vulnerability: Unauthorized Access and Data Compromise Post-Authentication Remote Code Execution Vulnerability in ManageEngine ADManager Plus Build 7111 Post-Authentication Remote Code Execution Vulnerability in ManageEngine ADManager Plus Build 7111 Default Hard-Coded Credentials Vulnerability in Quagga Services on D-Link DIR-2640 (<= 1.11B02) Absolute Path Traversal and Denial of Service Vulnerability in Quagga Services on D-Link DIR-2640 (<=1.11B02) Absolute Path Traversal Vulnerability in Quagga Services on D-Link DIR-2640 (<=v1.11B02): Remote Code Execution and Unauthenticated Root Shell Access Local Privilege Escalation Vulnerability in Nessus Versions 8.15.2 and Earlier Improper Access Control Vulnerability in ManageEngine Log360 Builds < 5235: Remote Code Execution Reflected Cross-Site Scripting Vulnerability in Gryphon Tower Router's Web Interface Unauthenticated Command Injection Vulnerability in Gryphon Tower Router's Web Interface Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Title: High-Privilege Remote Attack Vulnerability in Oracle MySQL Server (PAM Auth Plugin) Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unauthenticated Command Injection Vulnerability in Gryphon Tower Routers Unprotected OpenVPN Configuration File in Gryphon Tower Routers Exposes LAN Interfaces and Enables Unauthorized Access Unprotected SSH Private Key Vulnerability on Gryphon Devices Observable Response Discrepancy in ManageEngine ADSelfService Plus Allows User Existence Enumeration Predictable Filename Vulnerability in ManageEngine ADSelfService Plus Insufficient Access Controls for WAN Interface on Trendnet AC2600 TEW-827DRU Version 2.08B01 Oracle E-Business Suite Worklist Unauthenticated Remote Code Execution Vulnerability Improper Information Disclosure and Authentication Bypass in Trendnet AC2600 TEW-827DRU Version 2.08B01 Setup Wizard Session Hijacking Vulnerability in Trendnet AC2600 TEW-827DRU Router Trendnet AC2600 TEW-827DRU Version 2.08B01 Bittorrent Web Client Authentication Bypass Symlink Vulnerability in Trendnet AC2600 TEW-827DRU v2.08B01 Bittorrent Functionality Cleartext Transmission of Sensitive Information in Trendnet AC2600 TEW-827DRU v2.08B01 Hardcoded Credentials in Trendnet AC2600 TEW-827DRU Version 2.08B01 Improper Access Control Configuration in Trendnet AC2600 TEW-827DRU v2.08B01 Allows for Malicious Firmware Updates Hidden Administrative Command Vulnerability Allows Unauthenticated Reboot Attacks Authentication Bypass Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 Command Injection Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 MySQL Server Denial of Service Vulnerability Command Injection Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 Unauthenticated UART Access Vulnerability in Trendnet AC2600 TEW-827DRU v2.08B01 Plaintext Storage of Credentials in Trendnet AC2600 TEW-827DRU v2.08B01 FTP Server Information Disclosure Vulnerability Trendnet AC2600 TEW-827DRU Version 2.08B01 SMB Credentials Disclosure Vulnerability CSRF Vulnerability in Trendnet AC2600 TEW-827DRU Version 2.08B01 Buffer Overrun Vulnerability in Netgear RAX43 Router (Version 1.0.3.96) Command Injection Vulnerability in Netgear RAX43 Version 1.0.3.96: Exploiting the ReadyCloud CGI Application Vulnerability: Unprotected UART Interface Allows Unauthorized Access to Netgear RAX43 (Version 1.0.3.96) Cleartext Transmission of Sensitive Information in Netgear RAX43 Version 1.0.3.96 Oracle User Management Proxy User Delegation Unauthorized Read Access Vulnerability Hardcoded Credentials and Unauthorized Configuration Manipulation in Netgear RAX43 Version 1.0.3.96 Plaintext Storage of Sensitive Information in Netgear RAX43 Version 1.0.3.96 Local Privilege Escalation Vulnerability in Netgear Genie Installer for macOS Command Injection Vulnerability in Netgear Nighthawk R6700 Version 1.0.4.120 Cleartext Transmission of Sensitive Information in Netgear Nighthawk R6700 Version 1.0.4.120 Insecure Communication in Netgear Nighthawk R6700: Cleartext Transmission of Sensitive Information ImageMagick Divide-by-Zero Vulnerability Linux Kernel String Matching Vulnerability: Privileged User Panic Exploit Vulnerability: Disclosure of Bitbucket Pipeline Credentials in Ansible Console Log Vulnerability: Key Compromise Allows Unauthorized Certificate Renewal Vulnerability in Oracle Database Server's Advanced Networking Option (CVE-2021-2018) Vulnerability: Disclosure of Bitbucket Pipeline Credentials in Ansible Console Log Race Condition Vulnerability in QEMU 9pfs Server Implementation Allows Privilege Escalation Privilege Escalation Vulnerability in openshift4/ose-docker-builder Reflected XSS Vulnerability in Moodle Search Inputs Insufficient Capability Checks in Moodle Grade Web Services Allow Unauthorized Grade Access Unrestricted Character Limit in Moodle Messaging Leads to Denial of Service Vulnerability Stored XSS Vulnerability in Moodle TeX Notation Filter Arbitrary PHP Script Execution via Shibboleth Authentication in Moodle Privileged Container File Permissions Vulnerability MySQL Server Privilege Escalation Vulnerability Jackson-databind Deserialization Vulnerability Vulnerability in Ansible: Credentials Disclosure in Console Log Memory Consumption Vulnerability in tar 1.33 and Earlier Heap Overflow Vulnerability in Linux Kernel Versions 5.2 and Higher Keycloak Vulnerability: Self-Stored XSS Leading to Account Takeover QEMU Floppy Disk Emulator NULL Pointer Dereference Vulnerability Privilege Escalation Vulnerability in GNU Binutils Utilities OpenShift Installer Vulnerability: Unauthenticated Remote Command Execution Rootless Containers in Podman Vulnerability: Remote Hosts Can Bypass Authentication via 127.0.0.1 MySQL Server Denial of Service Vulnerability Denial of Service Vulnerability in spice before 0.14.92 Keycloak Directory Creation Vulnerability Integer Overflow Vulnerability in QEMU's vmxnet3 NIC Emulator Heap Memory Corruption Vulnerability in libgetdata v0.10.0 Divide by Zero Denial of Service Vulnerability in Libjpeg-turbo Improper Path Name Limitation Allows Execution of Arbitrary Binaries Kerberos Credential Leakage in cifs-utils Memory Leak Vulnerability in Privoxy's show-status CGI Handler MySQL Server Denial of Service Vulnerability Memory Leak in Privoxy's show-status CGI Handler Can Cause System Crash Memory Leak Vulnerability in Privoxy Versions Before 3.0.29 Memory Leak and System Crash Vulnerability in Privoxy NULL-pointer Dereference Vulnerability in Privoxy Memory Leak Vulnerability in Privoxy Versions Before 3.0.29 Memory Leak Vulnerability in Privoxy Versions Before 3.0.29 Memory Leak Vulnerability in Privoxy Versions before 3.0.31 Denial of Service Vulnerability in Privoxy Versions Before 3.0.31 Vulnerability in fabric8 kubernetes-client allows unauthorized file extraction Denial of Service Vulnerability in n_tty_receive_char_special in Linux Kernel MySQL Server Denial of Service Vulnerability Undertow HTTP Request Smuggling Vulnerability Heap Buffer Overflow in ARM Generic Interrupt Controller Emulator of QEMU Referrer URL-based Code Execution Vulnerability in Keycloak Integer Overflow in ImageMagick's ExportIndexQuantum() Function Heap Buffer Overflow in grub2 Option Parser Use-After-Free Vulnerability in Linux Kernel's io_uring Leads to Denial of Service SQLite SELECT Query Use-After-Free Vulnerability Sensitive Information Exposure in Ansible Engine 2.9.18 PostgreSQL Confidentiality Vulnerability: Unauthorized Access to Table Columns Oracle Installed Base API Unauthenticated Remote Compromise Vulnerability Improper Validation of Client Certificates in stunnel Allows Unauthorized Access Use After Free Vulnerability in gnutls Key_Share Extension Use After Free Vulnerability in gnutls' client_send_params Function Grub2 Vulnerability: Memory Corruption via Quoted Single Quotes ZeroMQ Client Memory Leak Vulnerability Buffer Overflow Vulnerability in zeromq Server (Versions < 4.3.3) in src/decoder_allocators.hpp ZeroMQ Server Stack Buffer Overflow Vulnerability ZeroMQ Memory Leak Vulnerability Unauthenticated Access to Ignition Config in OpenShift Container Platform 4 BPF Protocol Information Leakage Vulnerability MySQL Server Denial of Service Vulnerability Integer Wraparound Vulnerability in gdk-pixbuf: Potential Code Execution and System Crash ImageMagick jp2.c Division by Zero Vulnerability ImageMagick Vulnerability: Math Division by Zero in Resize Function ImageMagick Vulnerability: Math Division by Zero in visual-effects.c ImageMagick Vulnerability: Math Division by Zero in coders/webp.c ImageMagick Vulnerability: Math Division by Zero in resample.c Vulnerability: Unvalidated Mailbox Names in mbsync Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Access and Data Compromise Wildfly EJB Client Privileged Actions Vulnerability: Threat to Data Confidentiality Race Condition in Samba Password Lockout Code Increases Brute Force Attack Risk Denial of Service Vulnerability in Red Hat 3scale API Management Platform 2 Job Isolation Escape Vulnerability in Ansible Tower: Privilege Escalation and Data Compromise Samba Vulnerability: Information Disclosure and Data Integrity Flaw Stack Overflow Vulnerability in QEMU's eepro100 i8255x Device Emulator Vulnerability in Red Hat Satellite: Exposed Password in BMC Interface API Denial of Service Vulnerability in QEMU e1000 NIC Emulator Vulnerability in Foreman Project: Exposed Password in Proxmox Compute Resource API Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability: Password Exposure in Foreman Datacenter Plugin Race Condition Vulnerability in Linux Kernel's Floppy Disk Drive Controller Driver Keycloak 12.0.0 Vulnerability: Password Update Without Re-authentication Privilege Escalation Vulnerability in virtio-fs Shared File System Daemon Insecure Modification Flaw in openjdk-1.8 and openjdk-11 Containers Allows Privilege Escalation Linux Kernel Memory Exhaustion Vulnerability Out-of-Bounds Read Vulnerability in RPM's hdrblobInit() Function OpenStack Neutron Open vSwitch Firewall Rules Impersonation Vulnerability Linux Kernel eBPF Code Verifier Out-of-Bounds Access Vulnerability Local Unprivileged User Can Read Kernel Internal Information via Log File in kexec-tools Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Denial of Service Vulnerability in Pygments SMLLexer RPM Signature Check Bypass Vulnerability Privoxy CGI Request Assertion Failure Vulnerability Privoxy Denial of Service Vulnerability Privoxy Null-Pointer Dereference Vulnerability Denial of Service Vulnerability in Privoxy before 3.0.32 Denial of Service Vulnerability in Privoxy before 3.0.32 LDAP Attribute Out-of-Bounds Memory Write Vulnerability in Samba's libldb Authentication Bypass Vulnerability in Kiali with OpenID Implicit Flow Stored XSS Vulnerability in Moodle User Profile Field (CVE-2021-12345) Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Stored XSS and Blind SSRF Vulnerabilities in Moodle User Privacy Breach: Unauthorized Access to Full Names in Moodle Account Verification Bypass in Moodle Versions 3.10.2, 3.9.5, 3.8.8, 3.5.17 Unrestricted Access to Enrolled Courses in Moodle Heap-based Buffer Overflow in GNU Binutils 2.35.1: Threat to System Availability Denial of Service Vulnerability in UPX 3.96 Assertion Failure in libnbd 1.7.3: Denial of Service Vulnerability Authentication Flaw in Ceph Allows Key Reuse and User Impersonation Exposure of Endpoint Class and Method Names in RESTEasy Exception Response Oracle Scripting Product Vulnerability in Oracle E-Business Suite Improper Authorization Handling in Foreman OpenSCAP Plugin: Local Access and Denial of Service Deadlock Vulnerability in 'github.com/containers/storage' Allows DoS Attacks Privilege Escalation Vulnerability in Linux Kernel's Nouveau DRM Subsystem Reflected XSS Vulnerability in RESTEasy up to 4.6.0.Final Stack Buffer Overflow in binutils readelf 2.35: Confidentiality, Integrity, and Availability Impact Red Hat Enterprise Linux 8.3 Update Vulnerability: Failure to Include Fix for CVE-2020-10756 OpenEXR Dwa Decompression NULL Pointer Dereference Vulnerability NetworkManager Vulnerability: Profile Activation Crash via match.path OpenEXR B44Compressor Memory Exhaustion Vulnerability OpenEXR Multipart Input File NULL Pointer Dereference Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Integer Overflow Vulnerability in OpenEXR's hufUncompress Functionality OpenEXR TiledInputFile Floating-Point Exception Vulnerability Integer Overflow Vulnerability in dataWindowForTile() Function of OpenEXR OpenEXR hufDecode Right Shift Error Vulnerability Vulnerability in Nettle Signature Verification Functions Allows for Invalid Signatures Unauthorized Access to Ruleflow Groups in jBPM 7.51.0.Final Format String Vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier Integer Overflow Vulnerability in htmldoc 1.9.11 and Earlier Versions Division by Zero Vulnerability in ImageMagick MySQL Server Denial of Service Vulnerability ImageMagick Division by Zero Vulnerability Division by Zero Vulnerability in ImageMagick Integer Overflow in WriteTHUMBNAILImage of ImageMagick: A System Availability Vulnerability Cipher Leak Vulnerability in ImageMagick (Versions < 7.0.11) Stack Buffer Overflow in libspf2: A Potential Denial of Service and Code Execution Vulnerability Vulnerability: Locking Protection Bypass in GNOME Shell with Enabled Extensions Samba File/Directory Metadata Leakage Vulnerability Linux Kernel Denial of Service Vulnerability: Corrupted Timer Tree in timerqueue_add Function Unpatched HornetQ Component in EAP 7 Allows Remote Code Execution via JMS ObjectMessage Improper Signature Verification Vulnerability in coreos-installer Allows Installation of Unsigned Content Unauthorized Read Access Vulnerability in Oracle MySQL Server Vulnerability: Local Privilege Escalation in s390 eBPF JIT Race Condition Vulnerability in Linux Kernel OverlayFS Subsystem Allows Local Users to Crash System Vulnerability: ICMP Error Processing Flaw in Linux Kernel Allows UDP Port Scanning Keycloak Vulnerability: Reflected Cross Site Scripting via POST Request Red Hat Enterprise Linux 8.5.0 Security Regression: Missing Fixes for CVE-2021-40438 and CVE-2021-26691 Denial of Service Vulnerability in MongoDB Server v4.4.4 Insecure Certificate Validation in Node.js mongodb-client-encryption Module Insecure Host Name Verification in Java Driver for Client-Side Field Level Encryption Potential Injection of Additional Fields in MongoDB Go Driver Oracle WebLogic Server Denial of Service Vulnerability Denial of Service Vulnerability in MongoDB Server Versions Prior to 4.4.9 MongoDB C# Driver Authentication Data Exposure Vulnerability Credentials Leakage in MongoDB Rust Driver MongoDB Server Log Entry Manipulation Vulnerability Arbitrary Code Execution Vulnerability in MongoDB Compass on Windows SSL Disabling Bug during MongoDB Ops Manager Upgrade Stored Cross-Site Scripting Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Weak Cryptographic Algorithms in IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 194449) Vulnerability in Oracle Common Applications Calendar of Oracle E-Business Suite: Unauthorized Access and Data Compromise Cross-Site Scripting Vulnerability in IBM Engineering Products: Potential Credentials Disclosure Information Disclosure Vulnerability in IBM Cloud Pak for Multicloud Management Monitoring 2.2 IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) IBM Jazz Foundation and IBM Engineering Products Vulnerable to Server-Side Request Forgery (SSRF) Vulnerability: Server-Side Request Forgery (SSRF) in IBM Jazz Foundation and IBM Engineering Products Stack-based Buffer Overflow in IBM Tivoli Workload Scheduler 9.4 and 9.5 Oracle Database Server RDBMS Scheduler Component Takeover Vulnerability Cross-Site Scripting Vulnerability in IBM Engineering Products (X-Force ID: 194707) Cross-Site Scripting Vulnerability in IBM Engineering Products (X-Force ID: 194708) Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (X-Force ID: 194710) XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Directory Traversal Vulnerability in IBM WebSphere Application Server 8.0, 8.5, and 9.0 IBM Jazz Team Server Information Disclosure Vulnerability Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (IBM X-Force ID: 194963) Clear Text Storage of Sensitive Information in IBM Cloud Pak for Automation API Connection Log Files Information Disclosure Vulnerability in IBM Cloud Pak for Automation MySQL Server Denial of Service Vulnerability Weak Cryptographic Algorithms in IBM Cloud Pak for Applications 4.3: A Potential Decryption Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Applications 4.3 Weak Cryptographic Algorithms in IBM Cloud Pak for Applications 4.3: A Potential Threat to Sensitive Data Information Disclosure Vulnerability in IBM Jazz Foundation and IBM Engineering Products Insufficient Permission Checking in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 Information Disclosure Vulnerability in IBM Db2 LOAD Utility Stored Cross-Site Scripting Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Improper Access Controls in IBM Sterling File Gateway Allow Message Interception and Replacement User Enumeration Vulnerability in IBM Sterling File Gateway Remote Information Disclosure Vulnerability in IBM Security Guardium 11.3 Session Invalidation Vulnerability in IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 Weak Cryptographic Algorithms in IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4: Vulnerability to Information Decryption Vulnerability in Oracle MySQL Server: Unauthorized Server Crash Remote Information Disclosure Vulnerability in IBM QRadar Advisor With Watson App Arbitrary Command Execution Vulnerability in IBM Security Guardium 11.2 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 Local User Credential Exposure Vulnerability Vulnerability in Oracle Siebel CRM: Unauthorized Access and Data Compromise Local File Inclusion Vulnerability in IBM QRadar User Behavior Analytics Cross-Site Scripting (XSS) Vulnerability in IBM QRadar User Behavior Analytics Sensitive Information Disclosure in IBM QRadar User Behavior Analytics Local File Disclosure Vulnerability in IBM QRadar Analyst Workflow App Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 XML External Entity Injection (XXE) Vulnerability in IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA Oracle Argus Safety Product Vulnerability: Unauthorized Data Access and Manipulation Weak Cryptographic Algorithms in IBM QRadar SIEM 7.3 and 7.4: Vulnerability to Information Decryption Hard-coded Credentials Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Sensitive Information Disclosure in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Cross-Site Request Forgery Vulnerability in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Denial of Service Vulnerability in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Improper Output Encoding in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Weak Cryptographic Algorithms in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Sensitive Information Disclosure in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Improper Storage of Plaintext Cryptographic Key in IBM Security Verify Information Queue 1.0.6 and 1.0.7 HTTP Strict Transport Security Bypass in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Clear Text Transmission of User Credentials in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Session Impersonation Vulnerability in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Hard-coded Credentials in IBM Security Verify Information Queue 1.0.6 and 1.0.7 Sensitive Information Disclosure in IBM Guardium Data Encryption (GDE) 4.0.0.4 Unrestricted Interaction Vulnerability in IBM Guardium Data Encryption (GDE) 3.0.0.2 Inadequate Account Lockout Setting in IBM Guardium Data Encryption (GDE) 4.0.0.4 Failure to Set HTTPOnly Flag in IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 Allows Remote Information Disclosure Sensitive Information Disclosure in IBM Guardium Data Encryption (GDE) 4.0.0.4 Weak Password Policy in IBM Security Guardium 11.2 Puts User Accounts at Risk Weak Cryptographic Algorithms in IBM Security Guardium 11.2: A Potential Decryption Vulnerability MySQL Server Vulnerability: Unauthorized Data Access Untrusted Inputs in IBM Security Guardium 11.2 Could Lead to Disclosure of Sensitive Information IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 SSRF Vulnerability Memory Disclosure Vulnerability in IBM Cloud Pak for Applications 4.3 (IBM X-Force ID: 196304) Improper Application Permissions in IBM Cloud Pak for Applications 4.3 Allows Escalation of Privileges Sensitive Information Disclosure in IBM Cloud Pak for Applications 4.3 Hard-coded Credentials Vulnerability in IBM Security Guardium 11.2 Inadequate Account Lockout Setting in IBM Security Guardium 11.2 Allows Remote Brute Force Attack Remote Information Disclosure Vulnerability in IBM Security Guardium 11.2 Overly Permissive Cross-Domain Policy in IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 Allows Disclosure of Sensitive Information Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Sensitive Information Disclosure in IBM i2 Analyst's Notebook Premium Session Invalidation Vulnerability in IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 Cross-Origin Resource Sharing (CORS) Misconfiguration in IBM Spectrum Protect Plus 10.1.0 through 10.1.7 IBM Security Guardium 11.3 Authenticated User Information Disclosure Vulnerability Clear Text Storage of User Credentials in IBM Security Verify Bridge 1.0.5.0 Certificate Validation Vulnerability in IBM Security Verify Bridge 1.0.5.0 Clear Text Storage of User Credentials in IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise FIN Payables (9.2) Unrestricted Member Registration in IBM API Connect 10.0.0.0 and 2018.4.1.0 through 2018.4.1.13 Weak Cryptographic Algorithms in IBM Security Verify Bridge: A Gateway to Decryption Vulnerability Hard-coded Credentials in IBM Security Verify Bridge Inclusion of Executable Functionality from Untrusted Source in IBM Maximo for Civil Infrastructure 7.6.2 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 Insecure Storage of Authentication Credentials in IBM Maximo for Civil Infrastructure 7.6.2 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo for Civil Infrastructure 7.6.2 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (IBM X-Force ID: 196623) Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0.CD Oracle Text Component Denial of Service Vulnerability XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 8.0, 8.5, and 9.0 XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Vulnerability in Oracle MySQL Server: Stored Procedure DOS System Appearance Configuration Bypass Vulnerability in IBM Cognos Analytics 10.0 and 11.1 XML Bomb Vulnerability in IBM Cognos Analytics PowerPlay Cross-Site Request Forgery Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Oracle WebLogic Server Remote Code Execution Vulnerability Weak Password Policy in IBM Cognos Analytics 11.1.7 and 11.2.0 Session Impersonation Vulnerability in IBM Sterling File Gateway User Interface Lack of Authentication in IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics 2.0 Local User Privilege Escalation in IBM Cloud Pak System 2.3 Weak Cryptographic Algorithms in IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service IBM WebSphere Application Server 7.0, 8.0, and 8.5 Server-Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 XML External Entity Injection (XXE) Vulnerability in IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 IBM Security Identity Manager 6.0.2 SSRF Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 Sensitive Information Disclosure in IBM Sterling File Gateway Information Disclosure Vulnerability in IBM Cloud Pak for Data 3.0 with Additional Plugins IBM Power9 Self Boot Engine (SBE) Privilege Escalation and Firmware Integrity Compromise Vulnerability: Password Manipulation in IBM Security Identity Manager 6.0.2 Cross-Site Request Forgery Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 Vulnerability in Oracle BI Publisher Allows Unauthorized Access and Data Manipulation Insecure File Permission Settings Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.8 Stack-based Buffer Overflow in IBM Spectrum Protect Server 7.1 and 8.1 XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 Heap Based Buffer Overflow in IBM Security Identity Manager Adapters 6.0 and 7.0 Improper Input Validation in IBM Security Verify Access Docker 10.0.0 Weak Cryptographic Algorithms in IBM Security Verify Access Docker 10.0.0: A Potential Decryption Vulnerability Information Disclosure Vulnerability in IBM Security Verify Access Docker 10.0.0 Sensitive Information Disclosure in IBM Security Verify Access Docker 10.0.0 Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Local Privilege Escalation Vulnerability in IBM Security Verify Access Docker 10.0.0 SMTP Non-Existent Local-Domain Recipient Vulnerability XML External Entity Injection (XXE) Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Vulnerability: Compromised Encryption Key Exchange in PowerVM Logical Partition Mobility (LPM) Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 198235) Sensitive Information Disclosure in IBM Security Secret Server CSV Injection Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Clear Text Storage of User Credentials in IBM Security Verify Access Docker 10.0.0 Directory Traversal Vulnerability in IBM Security Verify Access Docker 10.0.0 Stack-Based Buffer Overflow in IBM Informix Dynamic Server 14.10 Directory Traversal Vulnerability in IBM WebSphere Application Server Network Deployment 8.5 and 9.0 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Team Server Products JD Edwards EnterpriseOne Orchestrator Unauthenticated Read Access Vulnerability Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Sensitive Information Disclosure in IBM Security Verify Access Docker 10.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Access Docker 10.0.0 IBM Planning Analytics 2.0 HTTPOnly Flag Failure Vulnerability Privileged User Exploit in IBM Resilient SOAR V38.0: Execution of Malicious Scripts as Another User Cross-Site Scripting (XSS) Vulnerability in IBM Control Center 6.2.0.0 Information Disclosure Vulnerability in IBM Control Center 6.2.0.0 Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Access and Manipulation Insecure Directory Permissions Vulnerability in IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 Arbitrary Command Execution Vulnerability in IBM Security Verify Access Docker 10.0.0 Open Redirect Vulnerability in IBM Security Verify Access Docker 10.0.0 IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 SSRF Vulnerability Local User Information Disclosure in IBM Spectrum Protect Plus File Systems Agent Hard-coded Credentials in IBM Security Verify Access Docker 10.0.0 Authorization Bypass Vulnerability in IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) Oracle Database Server RDBMS Sharding Component Privilege Escalation Vulnerability Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) HTML Injection Vulnerability in IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 SSRF Vulnerability Stack-Based Buffer Overflow in IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0.CD MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0.CD Local File Disclosure Vulnerability in IBM Jazz Team Server Sensitive Information Disclosure in IBM Sterling File Gateway Cross-Site Scripting (XSS) Vulnerability in IBM Sterling Order Management 9.4, 9.5, and 10.0 Remote Code Execution Vulnerability in IBM Security Guardium 11.2 Cross-Site Scripting (XSS) Vulnerability in IBM Control Desk 7.6.1.2 and 7.6.1.3 MySQL Server Denial of Service Vulnerability Remote Click Hijacking Vulnerability in IBM Sterling Connect:Direct Browser User Interface Cross-Site Scripting (XSS) Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Information Disclosure Vulnerability in IBM Sterling File Gateway Improper HTTP Strict Transport Security Configuration in IBM Cloud Pak for Security (CP4S) Bypassing Protection Mechanism in IBM Cloud Pak for Security (CP4S) Weak Cryptographic Algorithms in IBM Resilient SOAR V38.0: A Potential Threat to Sensitive Data Improper Encryption in IBM Resilient SOAR V38.0 Allows Local Privileged Attacker to Obtain Sensitive Information Improper Input Validation in IBM Security Secret Server Allows User Enumeration Vulnerability in Oracle Retail Customer Management and Segmentation Foundation: Unauthorized Data Access and Partial Denial of Service Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator Stack-Based Buffer Overflow in IBM Security Identity Manager Adapters 6.0 and 7.0 Heap-based Buffer Overflow in IBM Security Identity Manager Adapters 6.0 and 7.0 LDAP Injection Vulnerability in IBM Security Identity Manager Adapters 6.0 and 7.0 Local File Disclosure Vulnerability in IBM Security Verify Access 20.07 Remote Code Execution Vulnerability in IBM Security Verify Access 20.07 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 Improper or Missing Authentication Controls in IBM Cloud Pak for Security (CP4S) 1.7.0.0 - 1.8.0.0 Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows MySQL Server Vulnerability: Unauthorized Hang and Crash Cross-Site Request Forgery (CSRF) Vulnerability in IBM Planning Analytics 2.0 Insufficient Session Expiration in IBM Security Verify Privilege On-Premises 11.5 Sensitive Information Disclosure in IBM Security Secret Server Improper Input Validation in IBM Security Verify Privilege Vault 10.9.66 Allows Disclosure of Sensitive Information Arbitrary File Upload Vulnerability in IBM Sterling File Gateway HTTP Server Header Information Disclosure Vulnerability in IBM Security Verify Access 20.07 Resource Management Errors Vulnerability in MELFA Robot Controllers Heap-based Buffer Overflow Vulnerability in Mitsubishi Electric FA Engineering Software Length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software Buffer Access with Incorrect Length Value Vulnerability in Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 Communication Drivers Oracle iStore Unauthenticated Read Access Vulnerability Unauthenticated Remote Access Vulnerability in Mitsubishi Electric GOT Series VNC Servers Uncontrolled Resource Consumption Vulnerability in Mitsubishi Electric MELSEC iQ-R Series CPU Modules Unauthenticated Remote DoS Vulnerability in GOT2000 Series GT27, GT25, GT23, and GT SoftGOT2000 Communication Drivers Authentication Bypass and Information Disclosure Vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers and Air Conditioning System/Expansion Controllers Sensitive Information Exposure via Brute-Force Attack on User Names in Mitsubishi Electric MELSEC iQ-R Series Safety and SIL2 Process CPU Modules XML External Entity (XXE) Reference Vulnerability in Mitsubishi Electric Air Conditioning System/Centralized Controllers NULL Pointer Dereference Vulnerability in MELSEC-F Series FX3U-ENET Firmware Mitsubishi Electric MELSEC iQ-R Series Safety and SIL2 Process CPU Modules Insufficient Credential Protection Vulnerability Account Lockout Bypass Vulnerability in Mitsubishi Electric MELSEC iQ-R Series CPU Modules Cleartext Transmission of Sensitive Information Vulnerability in MELSEC iQ-R Series Safety and SIL2 Process CPU MySQL Server Denial of Service Vulnerability Uncontrolled Resource Consumption Vulnerability in Mitsubishi Electric MELSEC iQ-R Series C Controller Module R12CCPU-V Firmware Versions 16 and Prior Input Validation Bypass Vulnerability in Mitsubishi Electric GOT2000 and GT SoftGOT2000 Series DoS Vulnerability in Mitsubishi Electric Software via Malicious Project File DoS Vulnerability in Mitsubishi Electric Software through Malicious Project File Length Parameter Inconsistency DoS Vulnerability in Mitsubishi Electric GX Works2 Uncontrolled Resource Consumption Vulnerability in Mitsubishi Electric MELSEC iQ-R and Q Series CPUs and MELIPC Series High-Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2020-2819) Improper Handling of Length Parameter Inconsistency Vulnerability in Mitsubishi Electric MELSEC iQ-R and Q Series CPUs and MELIPC Series MI5122-VW Denial-of-Service (DoS) vulnerability in Mitsubishi Electric MELSEC iQ-R and Q Series CPUs and MELIPC Series MI5122-VW Unauthenticated Remote DoS Vulnerability in MELSEC-F Series FX3U-ENET Firmware Denial-of-Service Vulnerability in MELSEC-F Series FX3U-ENET Firmware Untrusted Search Path Vulnerability in SKYSEA Client View Installer Arbitrary OS Command Execution and Privilege Escalation Vulnerability in acmailer Privilege Escalation Vulnerability in acmailer and acmailer DB Arbitrary Script Injection Vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in Aterm WF800HP Firmware Ver1.0.9 and Earlier CSRF Vulnerability in Aterm WG2600HP and WG2600HP2 Firmware Arbitrary Script Injection Vulnerability in Aterm WG2600HP and WG2600HP2 Firmware Arbitrary Code Execution Vulnerability in Video Insight VMS Versions Prior to 7.8 Access Control Bypass Vulnerability in Cybozu Office Scheduler Bulletin Board Access Control Bypass Vulnerability in Cybozu Office 10.0.0 to 10.8.4 Access Control Bypass Vulnerability in Cybozu Office Workflow Arbitrary Script Injection Vulnerability in Cybozu Office Address Book (10.0.0 to 10.8.4) Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 when using Mozilla Firefox Arbitrary Script Injection Vulnerability in Cybozu Office E-mail Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Takeover Phone Messages Access Control Bypass Vulnerability in Cybozu Office 10.0.0 to 10.8.4 Data Alteration Vulnerability in Cybozu Office Custom App Access Control Bypass Vulnerability in Cybozu Office Bulletin Board Cabinet of Cybozu Office 10.0.0 to 10.8.4 Access Control Bypass Vulnerability Access Control Bypass Vulnerability in Cybozu Office Custom App Wireless Range PIN Recovery Vulnerability in LOGITEC LAN-WH450N/GR CSRF Vulnerability in LOGITEC LAN-W300N/PR5B Allows Remote Authentication Hijacking Denial-of-Service (DoS) Vulnerability in LOGITEC LAN-W300N/PR5B Arbitrary OS Command Execution Vulnerability in LOGITEC LAN-W300N/PGRB Arbitrary OS Command Execution Vulnerability in LOGITEC LAN-W300N/PGRB Oracle WebLogic Server Vulnerability: Unauthenticated Takeover via IIOP, T3 Buffer Overflow Vulnerability in LOGITEC LAN-W300N/PGRB CSRF Vulnerability in LOGITEC LAN-W300N/RS Allows Remote Authentication Hijacking Denial-of-Service (DoS) Vulnerability in LOGITEC LAN-W300N/RS Remote Password Change Vulnerability in ELECOM LD-PS/U1 Arbitrary Script Execution Vulnerability in ELECOM WRC-1467GHBK-A Arbitrary Script Injection Vulnerability in ELECOM WRC-300FEBK-A CSRF Vulnerability in ELECOM WRC-300FEBK-A Allows Remote Authentication Hijacking and Arbitrary Request Execution CSRF Vulnerability in ELECOM WRC-300FEBK-S Allows Remote Authentication Hijacking and Arbitrary Request Execution Arbitrary OS Command Execution Vulnerability in ELECOM WRC-300FEBK-S Improper Certificate Validation Vulnerability in ELECOM WRC-300FEBK-S Allows for Arbitrary OS Command Execution MySQL Server Denial of Service Vulnerability CSRF Vulnerability in ELECOM NCC-EWF100RMWH2 Allows Remote Authentication Hijacking and Arbitrary Request Execution Arbitrary File Creation and Overwrite Vulnerability in ELECOM File Manager CSRF Vulnerability in Name Directory 1.17.4 and Earlier: Remote Authentication Hijacking Access Restriction Bypass Vulnerability in Calsos CSDJ Fieldbleed: Multiple Stored Cross-Site Scripting Vulnerabilities in Wekan Arbitrary OS Command Execution in FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) Directory Listing Vulnerability in SolarView Compact SV-CPT-MC310 Improper Access Control Vulnerability in SolarView Compact SV-CPT-MC310 (Ver.6.5) Arbitrary OS Command Execution Vulnerability in SolarView Compact SV-CPT-MC310 (prior to Ver.6.5) Arbitrary File Upload and Remote Code Execution in SolarView Compact SV-CPT-MC310 Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Arbitrary Script Injection Vulnerability in SolarView Compact SV-CPT-MC310 (Ver.6.5 and earlier) SolarView Compact SV-CPT-MC310 Directory Traversal Vulnerability Missing Authentication in SolarView Compact SV-CPT-MC310 Prior to Ver. 6.5 Allows Unauthorized Alteration of Setting Information Arbitrary Script Injection Vulnerability in Movable Type Versions 6.7.5 and Earlier Arbitrary Script Injection Vulnerability in Movable Type Asset Registration Screen Arbitrary Script Injection Vulnerability in Movable Type Content Field Stored Cross-Site Scripting (XSS) Vulnerability in GROWI v4.2.2 and Earlier Arbitrary Path Read Vulnerability in GROWI v4.2.2 and Earlier Path Traversal Vulnerability in GROWI v4.2.2 and Earlier: Arbitrary Path Read/Delete Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Improper Access Control Vulnerability in GROWI v4.2.2 and Earlier: Unauthorized Information Disclosure Arbitrary Code Execution via File Overwrite in GROWI v4.2.2 Insufficient Verification of URL Query Parameters in GROWI (v4.2 Series) Allows Reflected Cross-Site Scripting Stored Cross-Site Scripting Vulnerability in GROWI Admin Page (v4.2 Series) Untrusted Search Path Vulnerability in MagicConnect Client Installer Allows Privilege Escalation and Remote Code Execution Denial of Service Vulnerability in M-System DL8 Series (prior to Ver3.0) Remote Access Bypass Vulnerability in M-System DL8 Series Remote Authenticated DoS Vulnerability in UNIVERGE Aspire, UX, SV9100, and SL2100 PBX Systems SQL Injection Vulnerability in Paid Memberships Pro Plugin Vulnerability: Denial of Service and Abnormal End (ABEND) in Fuji Xerox Multifunction Devices and Printers Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Cross-site Scripting Vulnerability in NEC Aterm Devices Arbitrary Script Injection Vulnerability in baserCMS Versions Prior to 4.4.5 Arbitrary OS Command Execution in baserCMS versions prior to 4.4.5 Arbitrary Script Injection in baserCMS Blog Article Editing Function Cross-Site Scripting Vulnerability in MagazinegerZ v.1.01 Arbitrary Script Injection Vulnerability in Kagemai 0.8.8 Arbitrary Script Injection Vulnerability in Kagemai 0.8.8 CSRF Vulnerability in Kagemai 0.8.8 Allows Remote Authentication Hijacking Arbitrary Script Injection Vulnerability in Click Ranker Ver.3.5 Arbitrary Script Injection Vulnerability in Yomi-Search Ver4.22 Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Arbitrary Script Injection Vulnerability in Yomi-Search Ver4.22 Arbitrary Script Injection Vulnerability in Yomi-Search Ver4.22 Directory Traversal Vulnerability in Archive Collectively Operation Utility Ver.2.10.1.0 and Earlier: File Manipulation via Malicious ZIP Archives Arbitrary Website Access Vulnerability in Gurunavi App for Android and iOS Improper Access Control Vulnerability in DAP-1880AC Firmware Version 1.21 and Earlier Chain of Trust Vulnerability in DAP-1880AC Firmware Version 1.21 and Earlier Arbitrary OS Command Execution in DAP-1880AC Firmware Version 1.21 and Earlier Unauthenticated Remote Login Vulnerability in DAP-1880AC Firmware Remote Code Execution Vulnerability in Sharp NEC Displays Buffer Overflow and Remote Code Execution Vulnerability in Sharp NEC Displays MySQL Server Denial of Service Vulnerability Remote Code Execution Vulnerability in Disk Agent CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in Disk Agent CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote Code Execution Vulnerability in CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote File Upload Vulnerability in WebManager CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Remote File Upload Vulnerability in WebManager CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows File Disclosure Vulnerability in Transaction Server CLUSTERPRO X 4.3 and EXPRESSCLUSTER X 4.3 for Windows Arbitrary OS Command Execution in NEC Aterm Devices Arbitrary OS Command Execution Vulnerability in NEC Aterm WF1200CR, WG1200CR, and WG2600HS Firmware Elastic Search Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Arbitrary Script Injection Vulnerability in Aterm WG2600HS Firmware Ver1.5.1 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm WG2600HS Firmware Ver1.5.1 and Earlier LAN-to-WAN Access Control Vulnerability in NEC Aterm WG2600HS and Aterm WX3000HP Firmware Privilege Escalation Vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and Earlier Arbitrary File Deletion Vulnerability in WP Fastest Cache Arbitrary Website Access Vulnerability in Hot Pepper Gourmet App for Android and iOS Hidden functionality vulnerability in multiple Buffalo network devices Arbitrary Script Execution Vulnerability in EC-CUBE 4.0.0 to 4.0.5 Denial-of-Service Vulnerability in mod_auth_openidc 2.4.0 to 2.4.7 Arbitrary OS Command Execution Vulnerability in RFNTPS Firmware Versions System_01000004 and Earlier, and Web_01000004 and Earlier MySQL Server Stored Procedure Denial of Service Vulnerability SQL Injection Vulnerability in KonaWiki2 versions prior to 2.2.4 Arbitrary File Upload and Remote Code Execution in KonaWiki2 versions prior to 2.2.4 Untrusted Search Path Vulnerability in ScanSnap Manager Installers Reflected Cross-Site Scripting Vulnerability in Outdated MailForm01 Free Edition Reflected Cross-Site Scripting Vulnerability in Telop01 Free Edition ver1.0.1 and Earlier Reflected Cross-Site Scripting Vulnerability in Admin Page of [Calendar01] Free Edition ver1.0.1 and Earlier Untrusted Search Path Vulnerability in Overwolf Installer Allows Privilege Escalation and Code Execution Arbitrary Script Execution Vulnerability in Zettlr (0.20.0 - 1.8.8) via Invalid Iframe Loading Arbitrary Website Access Vulnerability in goo blog App for Android and iOS Arbitrary Script Injection Vulnerability in pfSense CE and pfSense Plus Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability WSR-1166DHP3 and WSR-1166DHP4 Firmware Vulnerability: Unauthorized Access to Configuration Information Arbitrary OS Command Execution Vulnerability in WSR-1166DHP3 and WSR-1166DHP4 Firmware Insecure Certificate Verification in ATOM - Smart life App for Android and iOS Arbitrary Website Access Vulnerability in あすけんダイエット (asken diet) for Android Cross-Site Scripting Vulnerability in Welcart e-Commerce Versions Prior to 2.2.4 Arbitrary Script Injection Vulnerability in ETUNA EC-CUBE Plugins GROWI NoSQL Injection Vulnerability Unauthenticated Access Vulnerability in GROWI versions prior to v4.2.20 Unauthenticated Information Disclosure Vulnerability in WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA Unauthenticated OS Command Execution Vulnerability in WRC and WRH Series Routers Oracle VM VirtualBox Prior to 6.1.18 Vulnerability: High Privileged Takeover Arbitrary OS Command Execution Vulnerability in Hitachi Virtual File Platform and NEC Storage M Series NAS Gateway Arbitrary Script Injection Vulnerability in Hitachi Application Server Help Arbitrary Script Injection Vulnerability in EC-CUBE Business Form Output Plugin Arbitrary Script Injection in EC-CUBE Email Newsletters Management Plugin Arbitrary Script Injection in EC-CUBE Category Contents Plugin (EC-CUBE 3.0 Series) Arbitrary OS Command Execution Vulnerability in Inkdrop Versions Prior to v5.3.1 Arbitrary Script Injection Vulnerability in WordPress Popular Posts Plugin Arbitrary Website Access via Custom URL Scheme in Retty App for Android and iOS Hard-coded API Key Vulnerability in Retty App for Android and iOS Arbitrary Script Injection Vulnerability in Fudousan Plugin ver5.7.0 and earlier Oracle WebLogic Server Samples Unauthenticated Takeover Vulnerability Arbitrary Script Injection Vulnerability in EC-CUBE eCommerce Platform Arbitrary Script Injection Vulnerability in EC-CUBE 4.0.0 to 4.0.5-p1 Arbitrary Script Injection Vulnerability in IkaIka RSS Reader Arbitrary Script Injection Vulnerability in Cybozu Garoon Scheduler 4.0.0 to 5.0.2 Unauthorized Data Alteration Vulnerability in Cybozu Garoon Workflow Portal of Cybozu Garoon: Viewing Restrictions Bypass Vulnerability Address Viewing Restrictions Bypass Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 E-mail Operational Restrictions Bypass Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 CSRF Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2: Remote Authentication Hijacking Data Alteration Vulnerability in Cybozu Garoon 4.6.0 to 5.0.2 MySQL Server Denial of Service Vulnerability User Profile Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Privilege Escalation Vulnerability in Cybozu Garoon E-mail E-mail Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Data Leakage Vulnerability in Cybozu Garoon Portal 4.0.0 to 5.0.2 Remote File Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.0.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Cybozu Garoon Full Text Search Data Deletion Vulnerability in Cybozu Garoon Scheduler and MultiReport Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.6.0 to 5.0.2 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.6.0 to 5.0.2 Arbitrary Script Injection Vulnerability in Cybozu Garoon E-Mail Functions Title: Bulletin of Cybozu Garoon Information Disclosure Vulnerability: Unauthorized Access to Bulletin Titles Remote Authenticated Route Deletion Vulnerability in Cybozu Garoon Workflow (4.0.0 - 5.5.0) Arbitrary Script Injection Vulnerability in Cybozu Garoon E-mail Functions Unauthenticated Access to Comment and Space Data in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 Authentication Bypass Vulnerability in SCT-40CM01SR and AT-40CM01SR Arbitrary Website Access Vulnerability in GU App for Android (4.8.0 - 5.0.2) Improper Access Control Vulnerability in EC-CUBE 4.0.6: Remote Information Disclosure CSRF Vulnerability in WordPress Email Template Designer - WP HTML Mail Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise CSRF Vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and Earlier CSRF Vulnerability in WordPress Meta Data Filter & Taxonomies Filter CSRF Vulnerability in Software License Manager Versions Prior to 4.4.6 CSRF Vulnerability in Optical BB Unit E-WMTA2.3 Allows Remote Authentication Hijacking HTTP Header Injection Vulnerability in Everything (All Versions except Lite) Arbitrary Script Injection Vulnerability in GroupSession CSRF Vulnerability in GroupSession Allows Remote Authentication Hijacking Arbitrary Script Injection Vulnerability in GroupSession Server-side Request Forgery (SSRF) Vulnerability in GroupSession: Remote Port Scanning and Information Disclosure Open Redirect Vulnerability in GroupSession Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise Arbitrary Code Execution Vulnerability in RevoWorks Browser 2.1.230 and Earlier Improper Access Control Vulnerability in RevoWorks Browser 2.1.230 and Earlier Arbitrary Script Injection Vulnerability in Quiz And Survey Master Untrusted Search Path Vulnerability in Sony Audio USB Driver and HAP Music Transfer Installer CSRF Vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 Arbitrary File Upload Vulnerability in Cybozu Remote Service 3.1.8 Management Screen Cross-Site Script Inclusion Vulnerability in Cybozu Remote Service 3.1.8 Management Screen Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.8 Management Screen Cybozu Remote Service 3.1.8 to 3.1.9 XXE Vulnerability Cybozu Remote Service 3.1.8 to 3.1.9 HTTP Header Injection Vulnerability Operation Restriction Bypass in Cybozu Remote Service 3.1.8 to 3.1.9: Remote Data Alteration Vulnerability Cybozu Remote Service 3.1.8 to 3.1.9 Denial of Service Vulnerability Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.1.7 to 3.1.9 Open Redirect Vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9: Phishing Attack Vector Arbitrary Script Injection Vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 Cross-site scripting vulnerability in Movable Type Search screen (Movable Type 7 r.4903 and earlier, Movable Type 6.8.0 and earlier, Movable Type Advanced 7 r.4903 and earlier, Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) Cross-site scripting vulnerability in Create screens of Movable Type allows remote code injection MySQL Server Stored Procedure Denial of Service Vulnerability Cross-site scripting vulnerability in Movable Type allows remote code injection via Website Management screen Cross-site scripting vulnerability in List of Assets screen of Movable Type Cross-Site Scripting Vulnerability in Movable Type Server Sync Setting Screen Arbitrary Script Injection Vulnerability in Movable Type Content Data Edit Screen Arbitrary Script Injection in Movable Type ContentType Information Widget Plugin Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Arbitrary Script Injection Vulnerability in List Item Change Plug-in for EC-CUBE 3.0 Series Ver.1.1 and Earlier Unprotected Transport of Credentials Vulnerability in IDEC PLCs Plaintext Storage of Passwords in IDEC PLCs: Web Server Hijacking Vulnerability Arbitrary Script Injection Vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) Inadequate Tag Sanitization in GROWI v4.2.19 and Earlier: Cross-Site Scripting (XSS) Vulnerability Oracle iSupport User Responsibilities Unauthorized Access Vulnerability CSRF Vulnerability in OG Tags Prior to 2.0.2 Allows Remote Authentication Hijacking Information Disclosure Vulnerability in InBody App for iOS and Android Insecure Certificate Verification in SNKRDUNK Market Place App for iOS Arbitrary Website Access Vulnerability in Nike App for Android and iOS Arbitrary Activity Launch via Custom URL Scheme in Mercari (Merpay) Android App CX-Supervisor v4.0.0.13 and v4.0.0.16 Out-of-Bounds Read Vulnerability in SCS Project Files Arbitrary OS Command Execution Vulnerability in Movable Type XML External Entity (XXE) Attack in Office Server Document Converter XML External Entity (XXE) Attack in Office Server Document Converter Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Arbitrary Script Injection Vulnerability in Booking Package - Appointment Booking Calendar System Improper Access Control in EC-CUBE 2 Series 2.11.2 to 2.17.1 Management Screen CSRF Vulnerability in EC-CUBE 2 Series: Remote Authentication Hijacking and Administrator Deletion Cross-Site Script Inclusion Vulnerability in Web GUI of RTX830, NVR510, NVR700W, and RTX1210 HTTP Request Header Scripting Vulnerability in RTX830, NVR510, NVR700W, and RTX1210 CSRF Vulnerability in Unlimited Sitemap Generator Allows Remote Authentication Hijacking CSRF Vulnerability in Push Notifications for WordPress (Lite) Plugin Arbitrary script injection vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) Arbitrary Script Injection Vulnerability in rwtxt Versions Prior to v1.8.6 Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Arbitrary OS Command Execution in PowerCMS XMLRPC API CSRF Vulnerability in Browser and Operating System Finder Versions Prior to 1.2 Buffer Overflow Vulnerability in ELECOM LAN Routers: Arbitrary OS Command Execution Arbitrary OS Command Execution Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary OS Command Execution Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary Script Injection Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary Script Injection Vulnerability in ELECOM LAN Routers (WRH-733GBK and WRH-733GWH) Arbitrary Script Injection Vulnerability in ELECOM LAN Router WRC-2533GHBK-I Firmware v1.20 and Prior Arbitrary Script Injection Vulnerability in ELECOM LAN Router WRC-2533GHBK-I Firmware v1.20 and Prior Arbitrary OS Command Execution Vulnerability in ELECOM LAN Routers Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability ELECOM LAN Routers CSRF Vulnerability Access Control Bypass Vulnerability in ELECOM LAN Routers Improper Access Control Vulnerability in ELECOM Routers OS Command Injection Vulnerability in ELECOM Routers: Remote Root Privilege Execution Improper Access Control Vulnerability in ELECOM Routers Missing Authorization Vulnerability in Advanced Custom Fields (ACF) and ACF Pro versions prior to 5.11 Missing Authorization Vulnerability in Advanced Custom Fields Plugin Missing Authorization Vulnerability in Advanced Custom Fields Incorrect Authorization Vulnerability in KONICA MINOLTA bizhub Series: Unauthorized User Credential Retrieval Sensitive Information Exposure Vulnerability in KONICA MINOLTA bizhub Series MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Improper Handling of Exceptional Conditions Vulnerability in KONICA MINOLTA bizhub Series: Unauthorized Access to Unsent Scanned Image Data Sensitive Information Exposure Vulnerability in KONICA MINOLTA bizhub Series Firmware Integrity Bypass Vulnerability in KONICA MINOLTA bizhub Series Improper Authorization in Custom URL Scheme Handler in Yappli Application Development Platform Arbitrary File Access Vulnerability in GroupSession Free Edition, GroupSession byCloud, and GroupSession ZION ver5.1.1 and Earlier Open Redirect Vulnerability in GroupSession Free Edition ver5.1.1 and Earlier, GroupSession byCloud ver5.1.1 and Earlier, and GroupSession ZION ver5.1.1 and Earlier Path Traversal Vulnerability in GroupSession Free Edition ver5.1.1 and Earlier, GroupSession byCloud ver5.1.1 and Earlier, and GroupSession ZION ver5.1.1 and Earlier Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle E-Business Suite Oracle Scripting Product Vulnerability Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Oracle Common Applications Vulnerability: Unauthorized Access and Data Compromise Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle iSupport Allows Unauthorized Access and Data Manipulation Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Hilscher PROFINET IO Device V3 Denial of Service Vulnerability Hilscher EtherNet/IP Core V2 Denial of Service and Memory Corruption Vulnerability UDP Packet Length Verification Vulnerability in Hilscher rcX RTOS Versions Prior to V2.1.14.1 Vulnerability: DNS Spoofing Attack Allows Unauthorized Access to Fibaro Home Center Devices Vulnerability in Oracle CRM Technical Foundation: Unauthorized Access and Data Compromise Unauthenticated Access to Management Service Allows Shutdown and Reboot in Fibaro Home Center 2 and Lite Devices Command Injection Vulnerability in Fibaro Home Center 2 and Lite Devices Unencrypted HTTP Protocol Vulnerability in Fibaro Home Center 2 and Lite Devices Directory Listing Vulnerability in WAGO Managed Switches WAGO Managed Switches: Web-Based Management Code Injection Vulnerability WAGO Managed Switches: Webserver Cookie Vulnerability Cookie Leakage Vulnerability in WAGO Managed Switches Password Hash Disclosure Vulnerability in WAGO Managed Switches Unauthorized User Creation Vulnerability in WAGO Managed Switches Accidental External Network Interface Access Vulnerability in Weidmüller u-controls and IoT-Gateways Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Denial of Service Vulnerability in WAGO PFC200 Login Service Privilege Escalation Vulnerability on WAGO PFC200 Devices Invalid Modbus Exception Response Vulnerability in Phoenix Contact FL COMSERVER UNI (Versions < 2.40) Fragmented TCP Packets Vulnerability in Phoenix Contact FL SWITCH SMCS Series Products LLDP Frame Injection Vulnerability in Phoenix Contact FL SWITCH SMCS Series Products TCP Urgent-Flag Crash Vulnerability in Phoenix Contact FL SWITCH SMCS Series Heap Buffer Overflow Vulnerability in Adobe Photoshop Version 22.1 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Illustrator 25.0 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Animate 21.0 and Earlier Adobe Campaign Classic Gold Standard Multiple Versions Server-Side Request Forgery (SSRF) Vulnerability Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Uncontrolled Search Path Vulnerability in InCopy for Windows (CVE-2020-12345) Uncontrolled Search Path Element Vulnerability in Adobe Captivate 2019 (CVE-2020-12345) Insecure Direct Object Vulnerability in Magento Checkout Module Leads to Sensitive Information Disclosure Insecure Direct Object Vulnerability in Magento Customer API Module Arbitrary Code Execution via File Upload Restriction Bypass in Magento Versions 2.4.1 and Earlier OS Command Injection Vulnerability in Magento Customer Attribute Save Controller OS Command Injection Vulnerability in Magento WebAPI Allows Remote Code Execution Heap-Based Buffer Overflow Vulnerability in Acrobat Reader DC OS Command Injection Vulnerability in Magento Scheduled Operation Module XML Injection Vulnerability in Magento Widgets Module Allows Arbitrary Code Execution Title: Oracle Complex Maintenance, Repair, and Overhaul Dialog Box Vulnerability Access Control Bypass Vulnerability in Magento's Login as Customer Module Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Insecure Direct Object Reference (IDOR) Vulnerability in Magento Product Module Stored Cross-Site Scripting Vulnerability in Magento Admin Console Blind SQL Injection Vulnerability in Magento Search Module Allows Unauthorized Access XML Injection Vulnerability in Magento Product Layout Updates Improper Authorization Vulnerability in Magento Integrations Module Allows Unauthorized Access Cross-Site Request Forgery (CSRF) Vulnerability in Magento GraphQL API Allows Unauthorized Modification of Customer Metadata Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Reflected Cross-site Scripting Vulnerability in Magento Versions 2.4.1 and Earlier Title: Oracle Complex Maintenance, Repair, and Overhaul Dialog Box Vulnerability Stored Cross-Site Scripting (XSS) in Magento Customer Address Upload Feature Session Invalidation Vulnerability in Magento Versions 2.4.1 and Earlier, 2.4.0-p1 and Earlier, and 2.3.6 and Earlier Inadequate User Session Invalidation in Magento Versions 2.4.1 and Earlier, 2.4.0-p1 and Earlier, and 2.3.6 and Earlier Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Acrobat Reader DC Allows Local Privilege Escalation Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Integer Overflow Vulnerability in Acrobat Reader DC Versions Path Traversal Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Title: Oracle Complex Maintenance, Repair, and Overhaul Dialog Box Vulnerability Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Acrobat Reader DC Versions 2020.013.20074 and Earlier Reflected Cross-site Scripting (XSS) Vulnerability in ACS Commons 4.9.2 and Earlier Out-of-bounds Write Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Improper Access Control Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Out-of-bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Photoshop: Arbitrary Code Execution via Crafted File Out-of-bounds Read Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Vulnerability in Oracle Customer Interaction History Allows Unauthorized Access and Data Manipulation Out-of-bounds Read Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Untrusted Search Path Vulnerability in Adobe Dreamweaver: Information Disclosure Out-of-bounds Read Vulnerability in Adobe Framemaker 2020.0.1 and Earlier Null Pointer Dereference Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Vulnerability in Oracle Customer Interaction History Allows Unauthorized Access and Data Manipulation Improper Input Validation Vulnerability in Adobe Acrobat Pro DC Use-after-free vulnerability in Acrobat Pro DC allows for sensitive information disclosure Memory Corruption Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Path Traversal Vulnerability in Magento UPWARD Connector Allows Arbitrary File Reading Out-of-Bounds Write Vulnerability in Adobe Bridge 11.0 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge 11.0 and Earlier Out-of-bounds Write Vulnerability in Adobe Photoshop's CoolType Library Allows Arbitrary Code Execution Arbitrary File Overwriting Vulnerability in Adobe Creative Cloud Desktop Application Local Privilege Escalation Vulnerability in Adobe Creative Cloud Desktop Application Vulnerability in Oracle Customer Interaction History Allows Unauthorized Access and Data Manipulation Uncontrolled Search Path Element Vulnerability in Adobe Robohelp 2020.0.3 and Earlier Memory Corruption Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.3 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Animate Allows Arbitrary Code Execution Unquoted Service Path Vulnerability in Adobe Creative Cloud Desktop Application 5.3 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect version 11.0.7 and Earlier Oracle WebLogic Server Vulnerability: Unauthenticated Takeover via IIOP, T3 Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect version 11.0.7 and Earlier Memory Corruption Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Improper Access Control Vulnerability in AEM Cloud Service and Earlier Versions Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Versions 6.5.7.0 and below, 6.4.8.3 and below, and 6.3.3.8 and below Input Validation Vulnerability in Adobe Connect Export Feature Out-of-bounds Write Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Cross-site Scripting (XSS) Vulnerability in Adobe ColdFusion Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions Oracle WebLogic Server Console Remote Code Execution Vulnerability Path Traversal Vulnerability in Adobe InCopy Allows Remote Code Execution Out-of-bounds read vulnerability in Adobe Bridge allows for sensitive memory disclosure Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Adobe Bridge Genuine Software Service Improper Authorization Vulnerability Out-of-bounds Write Vulnerability in Adobe InDesign Allows Remote Code Execution Out-of-bounds Write Vulnerability in Adobe InDesign Allows Remote Code Execution Oracle Argus Safety 8.2.2 Letters Component Unauthorized Data Access Vulnerability Privilege Escalation Vulnerability in Adobe Digital Editions Allows Arbitrary File System Write Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Path Traversal Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator 25.2 and Earlier Memory Corruption Vulnerability in Adobe Illustrator Allows Remote Code Execution Memory Corruption Vulnerability in Adobe Illustrator Allows Remote Code Execution Sandbox Escape via Use After Free Vulnerability in Google Chrome Autofill Sandbox Escape Vulnerability in Google Chrome's Drag and Drop Feature on Linux (CVE-2020-16044) Sandbox Escape via Use After Free Vulnerability in Google Chrome's Media Component Remote Code Execution via Use After Free in Google Chrome Payments (CVE-2020-16044) Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Remote Code Execution via Use After Free in Safe Browsing in Google Chrome Sandbox Escape Vulnerability in Google Chrome WebUI (CVE-2020-16044) Remote Code Execution Vulnerability in Google Chrome Prior to 87.0.4280.141 Skia Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-16009) Remote Code Execution via User After Free in Safe Browsing in Google Chrome Heap Buffer Overflow in Google Chrome: Remote Code Execution via Crafted HTML Page Local Privilege Escalation in Cryptohome: Exploiting Insufficient Policy Enforcement in Google Chrome Out of Bounds Memory Access Vulnerability in V8 in Google Chrome (CVE-2021-21148) Remote Code Execution via Use After Free in Google Chrome Media (CVE-2021-21148) Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability WebSQL Use After Free Vulnerability in Google Chrome Remote Code Execution via Use After Free in Omnibox in Google Chrome on Linux Remote Code Execution Vulnerability in Google Chrome: Use After Free in Blink File System API Bypass Vulnerability in Google Chrome (CVE-2021-21148) Sandbox Escape Vulnerability in Google Chrome Speech Recognizer on Android (prior to 88.0.4324.96) Bypassing File System Restrictions in Google Chrome on Windows Bypassing Site Isolation via Crafted Chrome Extension in Google Chrome (CVE-2021-21148) Bypassing Content Security Policy via Crafted Chrome Extension in Google Chrome (prior to 88.0.4324.96) Heap Buffer Overflow in Google Chrome: Remote Code Execution via Crafted HTML Page Bypassing File System Restrictions via Crafted HTML Page in Google Chrome (CVE-2021-21148) Vulnerability in Oracle Financial Services Revenue Management and Billing: Unauthorized Data Manipulation Bypassing File System Restrictions via Crafted HTML Page in Google Chrome (CVE-2021-21148) Bypassing File System Restrictions via Crafted HTML Page in Google Chrome (CVE-2021-21148) Sandbox Escape Vulnerability in Google Chrome DevTools Bypassing Navigation Restrictions via Downloads in Google Chrome (CVE-2021-21148) Security UI Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage in Performance API in Google Chrome (CVE-2021-21148) Cross-Origin Data Leakage in WebView on Android Prior to Version 88.0.4324.96 Information Disclosure Vulnerability in Google Chrome DevTools Sandbox Escape Vulnerability in Google Chrome DevTools Bypassing Navigation Restrictions in Google Chrome's iframe Sandbox Vulnerability in Oracle Common Applications Calendar Allows Unauthorized Access and Data Manipulation Uninitialized Use Vulnerability in Google Chrome Allows Out of Bounds Memory Access via USB Bypassing File Extension Policy in Google Chrome File System API (CVE-2021-21148) Remote Code Execution via Use After Free in Payments in Google Chrome on Mac Heap Buffer Overflow in Google Chrome Extensions: Exploiting Heap Corruption via Malicious Extension Heap Buffer Overflow in Tab Groups in Google Chrome Remote Code Execution Vulnerability in Google Chrome's Font Handling (CVE-2021-21148) Sandbox Escape via Use After Free Vulnerability in Google Chrome Navigation (CVE-2021-21148) Omnibox Spoofing Vulnerability in Google Chrome (CVE-2021-21148) Heap Buffer Overflow in V8: Remote Code Execution in Google Chrome Stack Buffer Overflow in Google Chrome on Linux (Versions prior to 88.0.4324.182) via Crafted HTML Page Vulnerability in Oracle Common Applications Calendar Allows Unauthorized Access and Data Manipulation Sandbox Escape via Use After Free Vulnerability in Google Chrome Downloads (Windows) Remote Code Execution via Use After Free in Payments in Google Chrome Heap Buffer Overflow in Google Chrome on Linux (prior to version 88.0.4324.182) via Crafted HTML Page Stack Buffer Overflow in GPU Process in Google Chrome on Linux Heap Buffer Overflow in Tab Strip in Google Chrome: Remote Code Execution and Sandbox Escape Vulnerability Heap Buffer Overflow in Tab Strip in Google Chrome on Windows Heap Buffer Overflow in V8: Remote Code Execution in Google Chrome Remote Code Execution via Use After Free in Web Sockets in Google Chrome on Linux Heap Buffer Overflow in TabStrip in Google Chrome Vulnerability in Oracle Application Express Opportunity Tracker component of Oracle Database Server (CVE-2020-XXXX) Heap Buffer Overflow in WebAudio in Google Chrome Heap Buffer Overflow in TabStrip in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome (CVE-2021-21166) Cross-Origin Data Leakage in Google Chrome Reader Mode on iOS Cross-Origin Data Leakage Vulnerability in Chrome on iOS Audio Data Race Vulnerability in Google Chrome (Versions prior to 89.0.4389.72) Audio Data Race Vulnerability in Google Chrome (Versions prior to 89.0.4389.72) Remote Code Execution Vulnerability in Google Chrome Prior to 89.0.4389.72 via Bookmarks Use After Free Information Disclosure Vulnerability in Google Chrome AppCache Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2021-21148) Vulnerability in Oracle Application Express Survey Builder component of Oracle Database Server (CVE-2020-2950) Spoofing Omnibox Contents via Incorrect Security UI in Google Chrome Spoofing Vulnerability in Google Chrome on Android prior to 89.0.4389.72 Bypassing File System Restrictions in Google Chrome on Windows (CVE-2021-21193) Cross-Origin Data Leakage in Google Chrome Prior to Version 89.0.4389.72 Referrer Bypass Vulnerability in Google Chrome (CVE-2021-21148) Cross-Origin Data Leakage in Google Chrome Prior to Version 89.0.4389.72 Omnibox Spoofing Vulnerability in Google Chrome (prior to 89.0.4389.72) Autofill Information Disclosure Vulnerability in Google Chrome (CVE-2021-21148) Omnibox Spoofing Vulnerability in Google Chrome on Linux and Windows Remote Code Execution Vulnerability in Google Chrome on Linux (CVE-2021-21193) Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Remote Code Execution Vulnerability in Google Chrome Tab Search Autofill Information Leakage Vulnerability in Google Chrome (CVE-2021-21166) Bypassing Navigation Restrictions in Google Chrome (CVE-2021-21193) Cross-Origin Data Leakage in Google Chrome Performance APIs Cross-Origin Data Leakage in Google Chrome Performance APIs Insufficient Policy Enforcement in Google Chrome Extensions: Exploiting Sensitive Information Disclosure QR Code Bypass Vulnerability in Google Chrome on iOS (Versions prior to 89.0.4389.72) Domain Spoofing Vulnerability in Google Chrome (Versions prior to 89.0.4389.72) Remote Code Execution Vulnerability in Google Chrome (CVE-2021-21148) Bypassing Navigation Restrictions in Google Chrome Prior to 89.0.4389.72 Oracle VM VirtualBox Prior to 6.1.18 High Privilege Unauthorized Access Vulnerability Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21193) WebRTC Use After Free Vulnerability in Google Chrome (CVE-2021-21148) Heap Buffer Overflow in Tab Groups in Google Chrome Remote Code Execution Vulnerability in Google Chrome Prior to Version 89.0.4389.90 Remote Code Execution via Use After Free in Google Chrome Screen Sharing Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2021-21148) Heap Buffer Overflow in TabStrip in Google Chrome on Windows Heap Buffer Overflow in TabStrip in Google Chrome Sandbox Escape Vulnerability in Google Chrome IPC (CVE-2021-21193) Use After Free Vulnerability in Aura in Google Chrome on Linux (Versions prior to 89.0.4389.114) Oracle VM VirtualBox Prior to 6.1.18 High Privilege Unauthorized Access Vulnerability Out of Bounds Read Vulnerability in Google Chrome WebUI Settings Sandbox Escape via Use After Free Vulnerability in Google Chrome Sandbox Escape via Crafted Chrome Extension in Google Chrome (CVE-2021-21224) Remote Code Execution Vulnerability in Google Chrome Prior to Version 90.0.4430.72 Use After Free Vulnerability in Google Chrome on OS X (CVE-2021-21224) Bypassing Navigation Restrictions in Google Chrome on iOS (CVE-2021-30563) Remote Code Execution Vulnerability in Google Chrome: Use After Free in Blink Sandbox Escape via Crafted Chrome Extension in IndexedDB Domain Spoofing Vulnerability in Google Chrome QR Scanner on iOS Cross-Origin Data Leakage Vulnerability in Google Chrome (prior to 90.0.4430.72) Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Remote Access to Local UDP Ports via Crafted HTML Page in Google Chrome (prior to 90.0.4430.72) Cross-Origin Data Leakage in Google Chrome on iOS (prior to version 90.0.4430.72) via Insecure Navigation Implementation Insecure Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72: WiFi Compromise Vulnerability WebMIDI Use After Free Vulnerability in Google Chrome (CVE-2021-21224) Use After Free Vulnerability in Google Chrome Network API Remote Security UI Spoofing Vulnerability in Google Chrome Autofill Remote Security UI Spoofing Vulnerability in Google Chrome Autofill Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21224) Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21224) Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2021-21224) MySQL Server Denial of Service Vulnerability Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-21193) Cross-Origin Data Leakage in Mojo in Google Chrome (CVE-2021-21227) Remote Code Execution via Heap Buffer Overflow in V8 in Google Chrome Sandbox Escape via Integer Overflow in Mojo in Google Chrome Type Confusion Vulnerability in V8: Remote Code Execution in Google Chrome (CVE-2021-21227) Remote Code Execution via Out of Bounds Memory Access in V8 in Google Chrome Sandbox Escape via Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-21227) Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2021-21224) Domain Spoofing Vulnerability in Google Chrome for Android (prior to 90.0.4430.93) Vulnerability in Oracle VM VirtualBox Prior to 6.1.18 Allows Unauthorized Data Access Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 90.0.4430.93) Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-21227) Remote Code Execution Vulnerability in Google Chrome Dev Tools (CVE-2021-21224) Heap Buffer Overflow in ANGLE in Google Chrome on Windows Directory Traversal Vulnerability in spring-boot-actuator-logview Infinite Loop Vulnerability in kamadak-exif 0.5.2 Regular Expression Denial of Service (REDoS) Vulnerability in CairoSVG Arbitrary Code Execution via Git LFS on Windows Improper Verification of Cryptographic Signature in PySAML2 Improper Verification of Cryptographic Signature in PySAML2 Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Denial of Service Vulnerability in httplib2 Prior to Version 0.19.0 Flask-Security-Too: Authentication Token Leakage via GET Request Pre-Auth Remote Code Execution in OneDev 4.0.3 and Earlier Versions Unauthenticated Remote Code Execution in OneDev 4.0.3 and Earlier Pre-Auth Server Side Template Injection via Bean Validation Message Tampering in OneDev Arbitrary File Upload Vulnerability in OneDev before 4.0.3 Arbitrary User Details and Access Token Leakage in OneDev (<= 4.0.3) Unauthenticated Remote Code Execution in OneDev before version 4.0.3 Arbitrary Code Execution via Build Endpoint Parameters in OneDev (CVE-2021-12345) Remote Code Execution via YAML Parsing in OneDev (CVE-2021-12345) Vulnerability in Oracle VM VirtualBox Prior to 6.1.18: Unauthorized Data Access and Manipulation Arbitrary File Read Vulnerability in OneDev (before version 4.0.3) Critical 'Zip Slip' Vulnerability in OneDev Allows Arbitrary File Write Regular Expression Denial of Service (ReDoS) Vulnerability in jQuery Validation Plugin Vulnerability: Lack of Salt in Password Hashing CKEditor 5 Markdown Plugin <= 24.0.0 Regex Denial of Service (ReDoS) Vulnerability IDOR vulnerability in GLPI version 9.5.3 allows unauthorized entity switching Out-of-Bounds Write Vulnerability in Contiki-NG RPL-Classic and RPL-Lite Implementations Cross-Site Scripting (XSS) Injection Vulnerability in GLPI 9.5.0 - 9.5.3 Arbitrary JavaScript Injection in HedgeDoc Slide Mode Oracle VM VirtualBox Prior to 6.1.18 Core Vulnerability Stored XSS vulnerability in Online Invoicing System (OIS) version 4.0 allows admin account takeover Flatpak Portal Service Sandbox Escape Vulnerability Query Binding Exploitation in Laravel Versions before 6.20.11, 7.30.2, and 8.22.1 Arbitrary PHP Execution Vulnerability in October CMS Host Header Poisoning Vulnerability in October CMS XML External Entity (XXE) Attack in openHAB Allows Retrieval of Internal Information Denial-of-Service Vulnerability in Email Address Validation in Schema-Inspector Path Traversal Vulnerability in Keymaker Server (Version < 0.2.0) Allows Unauthorized File Access Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Plaintext Logging of Customer API Key in OctopusDSC Inconsistent Timestamps in DuplicateVoteEvidence Formation in Tendermint Core v0.34.0-v0.34.2 Zip-Slip Vulnerability in ORAS Allows Unauthorized File Manipulation Improper IP Address Validation in Synapse Server (CVE-2021-39145) Denial of Service Attack via Malicious .well-known File in Synapse Matrix Homeserver MediaWiki Report Extension CSRF Vulnerability Polr URL Shortener Setup Process Admin Access Vulnerability Remote Code Execution Vulnerability in angular-expressions before version 1.1.2 Code Injection Vulnerability in RSSHub Denial-of-Service Vulnerability in Contiki-NG 4.6 and Earlier Versions Vulnerability in Oracle VM VirtualBox Prior to 6.1.18: Unauthorized Access to Critical Data Out-of-Bounds Write Vulnerability in Contiki-NG Buffer Overflow Vulnerability in Contiki-NG Versions Prior to 4.6 Buffer Overflow Vulnerability in Contiki-NG's RPL Implementations Cross-Site Scripting (XSS) Vulnerability in Flarum Sticky Extension Privilege Escalation via --userns-remap in Docker Docker Image Manifest Malformed Pull Vulnerability Authorization Bypass Vulnerability in AVideo Platform (CVE-XXXX) MinIO Server-Side Request Forgery (SSRF) Vulnerability SSRF Vulnerability in CarrierWave's Download Feature Command Injection Vulnerability in Mechanize Library (CVE-2021-2345) Oracle VM VirtualBox Prior to 6.1.18 Multiple Vulnerabilities Insecure Temp File Vulnerability in Netty Improper Redirect Validation in OAuth2 Proxy Whitelist Domain Feature Unquoted Windows Binary Path Vulnerability in Traccar 4.12 and Earlier Unbounded Connection Acceptance Leading to File Handle Exhaustion Denial-of-Service Vulnerability in Http4s Netty HTTP/2 Request Smuggling Vulnerability Denial of Service Vulnerability in Fleet 3.7.0 Prototype Pollution Vulnerability in Node-RED Admin API Arbitrary Path Traversal Vulnerability in Node-RED Projects API Vulnerability: HTTP Request Smuggling in Hyper Oracle VM VirtualBox Prior to 6.1.18 Denial of Service Vulnerability Git Symbolic Link Vulnerability Privacy Vulnerability: Unintended Video Streaming in Wire for iOS CSV Injection Vulnerability in PrestaShop Admin Panel (Fixed in 1.7.7.2) Unsanitized Data Input Vulnerabilities in Helm 3.0 to 3.5.2 Prototype Pollution Vulnerability in Dynamoose Code Injection Vulnerability in CarrierWave Regular Expression Denial of Service (ReDoS) Vulnerability in marked (npm package) versions 1.1.1 and below Unauthenticated Remote Code Execution in Lucee Server Admin Incomplete Soft Logout System in PrestaShop Allows for Foreign Request Execution Integer Overflow Vulnerability in 32-bit Redis Versions 4.0 or Newer Oracle VM VirtualBox Prior to 6.1.18 Core Vulnerability Token Verification Bypass Vulnerability in NextAuth.js (next-auth) Server-side Request Forgery Vulnerability in Adminer Unsanitized Input in GLPI Document Upload Function Allows for JavaScript Payload Injection Unsanitized Parameters Vulnerability in GLPI before version 9.5.4 XSS Vulnerability in GLPI Ticket Update Functionality Command Injection Vulnerability in systeminformation npm Package (CVE-2021-12345) Untrusted JavaScript Execution in less-openui5 Regular Expression Denial of Service (REDoS) in uap-core before version 0.11.0 Opencast 9.2 Vulnerability: Denial of Access and Series Hiding Stored XSS vulnerability in Galette prior to version 0.9.5 User Content Sandbox Bypass in matrix-react-sdk before 3.15.0 Vulnerability: Prefix Escaping in fastify-reply-from Vulnerability: Prefix Escaping in fastify-http-proxy Vulnerability: DNS Leakage in Brave Browser's CNAME Adblocking Feature Insecure Direct Object Reference (IDOR) vulnerability in GLPI allows unauthorized user enumeration of GLPI items Cross-Site Scripting (XSS) Vulnerability in GLPI before version 9.5.4 Ticket Creation Vulnerability in GLPI Self-Service Interface Unauthenticated Remote Object Instantiation Vulnerability in GLPI Denial of Service (DoS) Attack via Metrics Backend in Vapor Authentication Bypass in RATCF with Multi-Factor Authentication Open Redirect Vulnerability in aiohttp Local Information Disclosure Vulnerability in Datadog API Client Cross-Site Scripting (XSS) Vulnerability in Synapse before 1.27.0 HTML Injection Vulnerability in Synapse Matrix Homeserver Incorrect Environment Variable Sharing in containerd's CRI Implementation Bypassing Basic Authentication in SPNEGO HTTP Authentication Module for nginx Information Disclosure Vulnerability in Products.PluggableAuthService Open Redirect Vulnerability in Products.PluggableAuthService Open Redirection Vulnerability in TYPO3 Login Handling Clear-text Storage of User Session Identifiers in TYPO3 Critical Denial of Service Vulnerability in Oracle Enterprise Manager for Fusion Middleware Cross-Site Scripting (XSS) Vulnerability in TYPO3's _descriptionColumn_ Preview Denial of Service Vulnerability in XStream Library XStream Unmarshalling Vulnerability XStream Unmarshalling File Deletion Vulnerability Arbitrary Code Execution Vulnerability in XStream Remote Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream XStream Remote Thread Occupation Vulnerability XStream XML Deserialization Remote Resource Access Vulnerability Oracle WebLogic Server Coherence Container Unauthenticated Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in XStream (Versions Prior to 1.4.16) Arbitrary Code Execution Vulnerability in XStream (Versions < 1.4.16) Predictable Tokens in Password Reset Feature in Anuko Time Tracker Remote Code Execution Vulnerability in Pug Template Engine (CVE-2021-23337) Open Redirection Vulnerability in Pollbot before Version 1.4.4 Arbitrary File Upload and Disclosure in TYPO3 Arbitrary File Upload Vulnerability in TYPO3 Form Framework Cross-Site Scripting Vulnerability in TYPO3 Form Designer Backend Module Recursive Amplification Vulnerability in TYPO3 Oracle WebLogic Server IIOP Unauthenticated Remote Code Execution Vulnerability Information Disclosure Vulnerability in Products.GenericSetup Information Disclosure Vulnerability in com.bmuschko:gradle-vagrant-plugin Bypassing readOnly Policy in MinIO Multi-User Environment Race condition vulnerability in swagger-codegen allows local privilege escalation Insecure File and Directory Permissions in swagger-codegen Cross-Site Scripting Vulnerability in Bootstrap Package for TYPO3 XML Injection Vulnerability in xmldom 0.4.0 and older Incorrect Authorization Vulnerability in Switchboard Bluetooth Plug for elementary OS Prototype Poisoning Vulnerability in msgpack5 Denial-of-Service Vulnerability in Hyperledger Besu's HTTP JSON-RPC API Service Critical Vulnerability in Oracle Enterprise Manager Base Platform: Policy Framework Compromise Cross-Site Scripting Vulnerability in TYPO3 Content Elements Arbitrary Code Execution through YAML Configuration File in Tenable for Jira Cloud Arbitrary Command Execution in Nimble Package Manager Insecure Package List Retrieval in Nimble Package Manager Insecure SSL/TLS Certificate Verification in Nimble Package Manager Denial of Service Vulnerability in PJSIP Version 2.10 and Earlier Information Exposure Vulnerability in OMERO.web Unvalidated Redirection Vulnerability in OMERO.web Authentication Bypass Vulnerability in Envoy 1.17.0 Privilege Escalation through `{{wikimacrocontent}}` in XWiki Platform Oracle Cloud Infrastructure Data Science Notebook Sessions Vulnerability SQL Script Injection Vulnerability in XWiki Platform with Ratings API Flatpak File Forwarding Vulnerability Vulnerability: Unauthorized Administrative Commands via Restund TURN Server's Status Interface Stored Cross-Site Scripting Vulnerability in Wiki.js Shell Injection Vulnerability in shescape (<=1.1.2) Allows Attackers to Bypass Protection Insecure HTTPS Hostname Verification in Mifos-Mobile Android Application Arbitrary OS Command Execution Vulnerability in APKLeaks v2.0.3 and below Inadequate Encryption Strength and Improper Safety Number Calculation in Wrongthink Messenger (Versions 2.0.0 - 2.3.0) Command Injection Vulnerability in systeminformation Library (Versions < 5.6.4) BuddyPress REST API Members Endpoint Privilege Escalation Vulnerability Vulnerability: MITM Modification of Request Bodies in MinIO Regular Expression Denial of Service (ReDoS) Vulnerability in CKEditor 5 Packages Unrestricted Outbound Requests to User-Provided Domains in Synapse Resource Exhaustion Vulnerability in Synapse Resource Exhaustion Vulnerability in Synapse Cross-Site Request Forgery Vulnerability in Magneto LTS (Long Term Support) Exposure of Client Metadata in Wire-Server (CVE-2021-XXXX) HTML Injection Vulnerability in PrestaShop 1.7.7.3 Unauthenticated Access Vulnerability in Ampache Versions Prior to 4.4.1 Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Manipulation Passphrase Leakage Vulnerability in wire-webapp Invalid free() or realloc() calls in Nanopb when decoding a specifically formed message with an `oneof` field containing both a pointer and non-pointer field Arbitrary File Read Vulnerability in Jellyfin Media System Authentication Bypass Vulnerability in Kongchuanhujiao Server (<=1.3.20) Denial of Service (DoS) vulnerability in Syncthing relay server Vulnerability: Block CID Collision in Lotus Filecoin Implementation Command Injection Vulnerability in Combodo iTop Setup Wizard CSRF Token Bypass Vulnerability in Combodo iTop Arbitrary Code Execution in Smarty Template Engine (Versions < 3.1.43 and 4.0.3) Netty HTTP/2 Request Smuggling Vulnerability Vulnerability in Oracle FLEXCUBE Direct Banking: Unauthorized Data Manipulation Out-of-Bounds Read Vulnerability in Contiki-NG 4.6 and Prior OAuth2-Proxy GitLab Group-Based Authorization Bypass Arbitrary Code Execution Vulnerability in npm Package @thi.ng/egf with GPG-Tagged Property Values Vulnerability: API Pitfalls in isolated-vm Library Allow for Unauthorized Access and Arbitrary Code Execution Remote Code Execution Vulnerability in Prisma's `@prisma/sdk` Package Prisma VS Code Extension Remote Code Execution Vulnerability Sensitive Data Leakage in django-registration Prior to 3.1.2 Use After Free Vulnerability in fluidsynth when Loading Invalid SoundFont File JavaScript Injection Vulnerability in PrestaShop Newsletter Subscription Module (Fixed in 2.6.1) Memory Exhaustion Vulnerability in Eventlet due to Large Websocket Frames Vulnerability in Oracle WebLogic Server Console Allows Unauthorized Data Access and Manipulation Arbitrary Code Execution Vulnerability in vscode-stripe Extension Exposure of API Key in Error Messages in node-etsy-client Vulnerability: Unsanitized Rendering of Large Data Cells in mongo-express Potential Code Execution and Repository Access Vulnerability in `projen` User Enumeration Vulnerability in Symfony Framework Arbitrary YAML File Creation and Modification Vulnerability in Grav Admin Plugin Unsecured Deserialization Vulnerability in Magento-lts (CVE-2021-3007) Unauthorized Access Vulnerability in Magento-lts Versions Before 19.4.13 and 20.0.9 Insecure Temporary Folder Vulnerability in OpenAPI Generator Insecure Temporary File Creation in OpenAPI Generator Maven Plug-in Insecure Temporary File Creation in OpenAPI Generator Bypassing Bot Removal Restrictions in sopel-channelmgnt Plugin Vela 0.7.0 Authentication Bypass Vulnerability Remote Code Execution Vulnerability in Discord Recon Server 0.0.1 Crafted Survey Allows Execution of Malicious Code in OTRS AG Survey Interface Confidential Customer Information Exposed in Printed Tickets via OTRS External Interface Unrestricted Access to Config Items in OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions Unauthorized Access to Linked Config Items in OTRS and ITSM Configuration Management Unauthorized Access to Linked FAQ Articles in OTRS Denial of Service (DoS) Vulnerability in OTRS AG Community Edition 6.0.x, OTRS 7.0.x, and OTRS 8.0.x MySQL Server Vulnerability: Remote Takeover via Parser Component Vulnerability: Exposure of Private S/MIME and PGP Keys in Generated Support Bundles XSS Vulnerability in Ticket Overview Screens of OTRS AG ((OTRS)) Community Edition 6.0.x and OTRS 7.0.x Cross-Site Scripting (XSS) Vulnerability in OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19 Unrestricted Access to Customer User Emails in OTRS AG Community Edition and OTRS Multiple X-Frame-Options Headers Vulnerability in SAP Business Objects BI Platform Improper Input Validation in SAP Commerce Cloud Allows for Cross-Site Scripting and Page Hijacking Denial of Service Vulnerability in SAP NetWeaver AS ABAP Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform SAP GUI for Windows 7.60 Local Credential Spoofing Vulnerability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated PSD File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash MySQL Server Denial of Service Vulnerability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated BMP File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing via Manipulated PCX File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing via Manipulated PCX File SQL Injection Vulnerability in BW Database Interface Remote Code Injection Vulnerability in SAP Business Warehouse and SAP BW/4HANA Privilege Escalation in SAP Banking Services: Unauthorized Access to Restricted Market Data Privilege Escalation in BW Database Interface: Unauthorized Access to Database Tables SAP NetWeaver Master Data Management Windows Configuration Vulnerability: Information Disclosure via SMB Relay Attack Oracle ZFS Storage Appliance Kit Installation Vulnerability XML External Entity (XXE) Vulnerability in SAP EPM Add-in for Microsoft Office and SAP Analysis Office Improper Access Control in CLA-Assistant Allows Unauthorized API Endpoint Access Lack of Password Setting Option in SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) Installation Unauthenticated User Can Execute Reports in SAP NetWeaver ABAP Platform SAP HANA Database SAML Assertion Tampering Vulnerability SAP Master Data Management Directory Traversal Vulnerability Reverse Tabnabbing Vulnerability in SAP UI5 Versions Remote Code Execution Vulnerability in SAP Commerce Cloud Reverse Tabnabbing Vulnerability in SAP Web Dynpro ABAP Allows for User Redirection to Malicious Sites Java Expression Injection Vulnerability in SCIMono before 0.0.19 Remote Code Execution and Privilege Escalation in SAP MII through Malicious JSP Injection Unauthorized Access to Configuration Objects in SAP NetWeaver MigrationService Brute Force Password Vulnerability in SAP NetWeaver Master Data Management SAP Solution Manager 720 Information Disclosure Vulnerability Bypassing LDAP Authentication in SAP HANA Database Version 2.0 Telnet Command Exploit in SAP NetWeaver Application Server for Java Allows Unauthorized Access to NTLM Hashes Privilege Escalation Vulnerability in SAP Enterprise Financial Services SAP Payment Engine Version 500 Privilege Escalation Vulnerability Insecure Deserialization Vulnerability in Knowledge Management Versions 7.01-7.50 Stored Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Unauthorized Data Manipulation Vulnerability in Oracle ZFS Storage Appliance Kit (Version 8.8) Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver AS for ABAP (Web Survey) Reverse Tabnabbing Vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java Logon Group Spoofing Vulnerability SAP 3D Visual Enterprise Viewer Version 9 GIF File Crash Vulnerability XSS Vulnerability in MK-AUTH 19.01 K4.9 via admin/logs_ajax.php Tipo Parameter CSRF Vulnerability in MK-AUTH 19.01 K4.9: Password Change via executar_central.php Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise ServiceComb ServiceCenter Directory Traversal Vulnerability Use of SSH Key Past Account Expiration Vulnerability in Dell PowerScale OneFS Versions 8.1.0 – 9.1.0 Privilege Escalation Vulnerability in PowerScale OneFS 8.1.2, 8.2.2, and 9.1.0 Undocumented Default iDRAC Account Vulnerability in Dell EMC Integrated System for Microsoft Azure Stack Hub Privilege Escalation Vulnerability in PowerScale OneFS API Handler Weak Password Encryption Vulnerability in Dell EMC Networking X-Series and PowerEdge VRTX Switch Module Firmware Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and DOS Dell iDRAC8 Host Header Injection Vulnerability Unauthorized Access to Backup Data in Dell EMC Avamar Server Dell EMC PowerProtect Cyber Recovery Information Disclosure Vulnerability Authentication Bypass Vulnerability in Dell EMC OpenManage Server Administrator (OMSA) Version 9.5 with Distributed Web Server (DWS) Enabled Configuration Path Traversal Vulnerability in Dell EMC OpenManage Server Administrator (OMSA) Versions 9.5 and Prior Stored Cross-Site Scripting Vulnerability in Dell EMC SourceOne XML External Entity Injection (XXE) Vulnerability in SRS Policy Manager 6.X DLL Injection Vulnerability in Dell SupportAssist Client for Consumer and Business PCs Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Dell BIOS Credentials Management Vulnerability Untrusted Deserialization Vulnerability in Dell SRM and SMR Versions Prior to 4.5.0.1 Dell PowerScale OneFS Privilege Escalation in SmartLock Compliance Mode Privilege Escalation Vulnerability in Dell PowerScale OneFS 8.1.0-9.1.0 Exposure of Information through Directory Listing Vulnerability in Dell EMC PowerScale OneFS Versions 9.1.0, 9.2.0.x, 9.2.1.x during Upgrade Denial of Service Vulnerability in Dell System Update (DSU) 1.9 and Earlier Versions Vulnerability in Oracle Internet Expenses: Unauthorized Data Manipulation Dell OpenManage Enterprise-Modular (OME-M) Security Bypass Vulnerability Authorization Bypass Vulnerability in Dell Unisphere for PowerMax Improper Management Server Validation Vulnerability in Dell Wyse ThinOS 8.6 MR9 Denial of Service Vulnerability in Wyse Management Suite Versions up to 3.2 Information Exposure Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Critical Root-Level Access Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Information Exposure Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Information Exposure Vulnerability in Dell Hybrid Client Versions Prior to 1.5 Dell EMC iDRAC9 Improper Authentication Vulnerability Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Dell EMC iDRAC9 MySQL Server Denial of Service Vulnerability Stack-based Overflow Vulnerability in Dell EMC iDRAC9 DOM-based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9 Stored Cross-Site Scripting Vulnerabilities in Dell EMC iDRAC9 Versions Prior to 4.40.10.00 Stored Cross-Site Scripting Vulnerabilities in Dell EMC iDRAC9 Versions Prior to 4.40.00.00 Improper Authentication Vulnerability in Dell EMC iDRAC9 Versions Prior to 4.40.00.00 Dell Peripheral Manager 1.3.1 or Greater Local Privilege Escalation Vulnerability Dell EMC NetWorker Information Disclosure in Log Files Vulnerability Plain-text password storage vulnerability in Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 Improper Certificate Validation Vulnerability in Dell EMC Unisphere for PowerMax Cross-Site Request Forgery Vulnerability in Dell EMC XtremIO XMS Oracle One-to-One Fulfillment Unauthorized Data Manipulation Vulnerability Privilege Escalation Vulnerability in Dell EMC PowerScale OneFS 8.1.0-9.1.0 Insufficient Access Control Vulnerability in Dell dbutil_2_3.sys Driver Improper Authorization Vulnerability in Dell Wyse Windows Embedded Systems Dell PowerScale OneFS Incorrect User Management Vulnerability Stack-based Buffer Overflow Vulnerability in Dell PowerEdge and Precision BIOS with Intel Optane DC Persistent Memory Heap-based Buffer Overflow Vulnerability in Dell PowerEdge Server BIOS with NVDIMM-N Stack-based Buffer Overflow Vulnerability in Dell PowerEdge Server BIOS with NVDIMM-N Out-of-Bounds Array Access Vulnerability in Dell PowerEdge and Precision Rack BIOS Dell EMC NetWorker Information Disclosure Vulnerability Improper Certificate Validation in Dell EMC NetWorker Management Console Oracle Customers Online Vulnerability: Unauthorized Data Access and Modification Sensitive Information Exposure Vulnerability in Dell PowerScale OneFS Version 8.1.2 Untrusted Search Path Vulnerability in Dell EMC PowerScale OneFS Improper Check for Unusual or Exceptional Conditions in Dell EMC PowerScale OneFS Auditing Component Leading to Denial of Service Improper Authentication Vulnerability in Dell OpenManage Enterprise Denial of Service Vulnerability in Dell PowerScale OneFS Versions 9.1.0.3 and Earlier Dell PowerScale OneFS 9.1.0.x Privilege Escalation Vulnerability Insufficient Logging Vulnerability in Dell EMC PowerScale OneFS Versions 8.2.x - 9.2.x Dell NetWorker Path Traversal Vulnerability Oracle WebLogic Server TopLink Integration Unauthenticated Remote Code Execution Vulnerability Dell NetWorker Information Disclosure Vulnerability Dell UEFI BIOS HTTPS Stack Improper Certificate Validation Vulnerability Dell BIOSConnect Buffer Overflow Vulnerability: Bypassing UEFI Restrictions and Executing Arbitrary Code Dell BIOSConnect Buffer Overflow Vulnerability: Bypassing UEFI Restrictions and Executing Arbitrary Code Dell BIOSConnect Buffer Overflow Vulnerability: Bypassing UEFI Restrictions and Executing Arbitrary Code Observable Timing Discrepancy Vulnerability in Dell BSAFE Micro Edition Suite DOM-based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9 DOM-based Cross-Site Scripting Vulnerability in Dell EMC iDRAC9 Open Redirect Vulnerability in Dell EMC iDRAC9 Versions Prior to 4.40.40.00 Open Redirect Vulnerability in Dell EMC iDRAC9 Versions Prior to 4.40.40.00 Vulnerability in Hyperion Financial Management: Unauthorized Data Access and Partial Denial of Service Content Spoofing / Text Injection Vulnerability in Dell EMC iDRAC8 and iDRAC9 Cross-Site Scripting (XSS) Vulnerability in Dell EMC iDRAC9 Information Disclosure Vulnerability in Dell OpenManage Enterprise and OpenManage Enterprise-Modular Dell OpenManage Enterprise OS Command Injection Vulnerability Absolute Path Traversal Vulnerability in Wyse Management Suite Versions 3.2 and Earlier Dell Wyse Management Suite Full Path Disclosure Vulnerability Cross-Site WebSocket Hijacking Vulnerability in Dell EMC PowerFlex Presentation Server/WebUI Privilege Escalation Vulnerability in Dell EMC Unity Storage Systems Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community (9.2) Plain-text Password Storage Vulnerability in Dell EMC Unity, Unity XT, and UnityVSA Versions Prior to 5.1.0.0.5.394 Plain-text Password Storage Vulnerability in Dell EMC Unity, Unity XT, and UnityVSA Versions Prior to 5.1.0.0.5.394 Improper Exception Handling in Dell EMC PowerScale OneFS: Unauthorized Information Disclosure Vulnerability Dell PowerScale OneFS Sensitive Data Disclosure Vulnerability Privilege Escalation Vulnerability in Dell EMC PowerScale OneFS Remote Code Execution Vulnerability in Dell OpenManage Enterprise and OpenManage Enterprise Modular Sensitive Information Disclosure Vulnerability in Dell Wyse ThinOS 9.0 Sensitive Smartcard Data Disclosure Vulnerability in Dell Wyse ThinOS Critical OS Command Injection Vulnerability in Dell EMC PowerScale OneFS Versions 8.2.x - 9.2.1.x MySQL Server Denial of Service Vulnerability Uncontrolled Resource Consumption Vulnerability in Dell EMC NetWorker API Service Information Exposure in Log File Vulnerability in Dell EMC Data Protection Search and IDPA Arbitrary File Reading Vulnerability in Jenkins 2.274 and Earlier Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.274 and Earlier Jenkins Old Data Monitor Injection Vulnerability Jenkins Vulnerability: Agent Name Override in Global `config.xml` File Improper Validation of Fingerprint ID in Jenkins LTS Versions Allows Path Enumeration Jenkins Memory Exhaustion Vulnerability Cross-Site Scripting (XSS) Vulnerability in Jenkins UI Button Labels Jenkins Access Control Vulnerability: Unauthorized Access to Restricted URLs Unauthenticated Access Vulnerability in Oracle Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.274 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.274 and Earlier Unencrypted Storage of Credentials in Jenkins TraceTronic ECU-TEST Plugin Cross-Site Scripting (XSS) Vulnerability in Jenkins TICS Plugin 2020.3.0.6 and Earlier Unencrypted Storage of Credentials in Jenkins Bumblebee HP ALM Plugin Arbitrary File Read Vulnerability in Jenkins 2.275 and LTS 2.263.2 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Active Choices Plugin Jenkins Configuration Slicing Plugin CSRF Vulnerability: Unauthorized Configuration Modification Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Repository Connector Plugin 2.0.2 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Claim Plugin 2.18.1 and Earlier Vulnerability in MySQL Server Audit Plug-in Allows Unauthorized Data Manipulation Jenkins Claim Plugin 2.18.1 CSRF Vulnerability: Unauthorized Claim Modification Jenkins Support Core Plugin Information Disclosure Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Artifact Repository Parameter Plugin 1.0.0 and Earlier Incorrect Permission Check in Jenkins Matrix Authorization Strategy Plugin Allows Unauthorized Access to Nested Items Incorrect Permission Check in Jenkins Role-based Authorization Strategy Plugin Allows Unauthorized Access to Nested Items Jenkins CloudBees AWS Credentials Plugin Vulnerability: Unauthorized Enumeration of AWS Credentials Unauthenticated File Pattern Matching in Jenkins Warnings Next Generation Plugin Jenkins Libvirt Agents Plugin CSRF Vulnerability: Hypervisor Domain Stoppage Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Build With Parameters Plugin CSRF Vulnerability in Jenkins Build With Parameters Plugin 1.5 and Earlier Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Extra Columns Plugin Jenkins Cloud Statistics Plugin Vulnerability: Unauthorized Access to Provisioning Exception Error Messages Vulnerability: Unauthorized URL Connection in Jenkins OWASP Dependency-Track Plugin Jenkins OWASP Dependency-Track Plugin CSRF Vulnerability Unencrypted Storage of Passwords in Jenkins Jabber (XMPP) Notifier and Control Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins REST List Parameter Plugin 1.3.0 and Earlier Vulnerability: Enumeration of Credentials ID in Jenkins Team Foundation Server Plugin Vulnerability: Missing Permission Check in Jenkins Team Foundation Server Plugin CSRF Vulnerability in Jenkins Team Foundation Server Plugin Allows Unauthorized Access to Stored Credentials Jenkins Node Replacement Vulnerability MySQL Server Denial of Service Vulnerability Jenkins View Creation Vulnerability Jenkins Promoted Builds Plugin 3.9 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Allows Unauthorized Build Promotion Jenkins Config File Provider Plugin 3.7.0 and earlier: XML External Entity (XXE) Vulnerability Jenkins Config File Provider Plugin 3.7.0 and earlier: Permission Check Bypass Vulnerability CSRF Vulnerability in Jenkins Config File Provider Plugin Allows Unauthorized Deletion of Configuration Files Jenkins Config File Provider Plugin 3.7.0 and earlier: Permission Bypass in HTTP Endpoints Arbitrary Code Execution in Jenkins Templating Engine Plugin Unauthenticated Build Scheduling Vulnerability in Jenkins CloudBees CD Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Credentials Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Dashboard View Plugin Information Disclosure Vulnerability in Jenkins S3 Publisher Plugin Jenkins S3 Publisher Plugin Information Disclosure Vulnerability Jenkins Xray - Test Management for Jira Plugin 2.4.0 CSRF Vulnerability Jenkins Xray Plugin Vulnerability: Unauthorized Enumeration of Credentials Jenkins P4 Plugin 1.11.4 and earlier: Unauthenticated Perforce Server Connection Vulnerability CSRF Vulnerability in Jenkins P4 Plugin Allows Unauthorized Perforce Server Access XML External Entity (XXE) Vulnerability in Jenkins Xcode Integration Plugin 2.0.14 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Filesystem Trigger Plugin 0.40 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Nuget Plugin 1.0 and Earlier Jenkins URLTrigger Plugin 0.48 and earlier vulnerable to XML External Entity (XXE) attacks MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Markdown Formatter Plugin Jenkins Kubernetes CLI Plugin 1.10.0 and earlier: Credential Enumeration Vulnerability Vulnerability: Credential Enumeration in Jenkins XebiaLabs XL Deploy Plugin Unauthenticated Remote Code Execution in Jenkins XebiaLabs XL Deploy Plugin Vulnerability: Unauthorized Access to Jenkins Credentials via XL Deploy Plugin CSRF Vulnerability in Jenkins XebiaLabs XL Deploy Plugin Allows Unauthorized Access to User Credentials Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Kiuwan Plugin 1.6.0 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Scriptler Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Scriptler Plugin 3.1 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Generic Webhook Trigger Plugin Oracle Solaris Common Desktop Environment Vulnerability: Unauthorized Takeover of System Unauthorized Cancellation and Abortion of Jenkins Jobs Session Persistence Vulnerability in Jenkins 2.299 and earlier, LTS 2.289.1 and earlier Jenkins Selenium HTML Report Plugin 1.0 and earlier - XML External Entity (XXE) Vulnerability Jenkins CAS Plugin 1.6.0 and Earlier Vulnerability: Phishing Attacks via Redirect URL Unauthenticated Access to Pending Requests in Jenkins requests-plugin Plugin 2.2.6 and Earlier CSRF Vulnerability in Jenkins requests-plugin Plugin 2.2.12 and Earlier Unauthenticated Test Email Sending Vulnerability in Jenkins requests-plugin Plugin Remote Code Execution Vulnerability in Jenkins Code Coverage API Plugin 1.4.0 and Earlier CSRF Bypass Vulnerability in Jenkins SAML Plugin 2.0.7 and Earlier Jenkins Azure AD Plugin CSRF Bypass Vulnerability Jenkins Nested View Plugin XML External Entity (XXE) Vulnerability Unencrypted Storage of Docker Passwords in Jenkins Nomad Plugin Jenkins Trailing Dot Character Vulnerability Path Traversal Vulnerability in Jenkins File Browser Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Git Plugin 4.8.2 and Earlier Unauthenticated Directory Creation Vulnerability in Jenkins File Path Filter Bypass in Jenkins Agent-to-Controller Security Subsystem Unarchiving Symbolic Links Vulnerability in Jenkins Unrestricted Read Access Vulnerability in Jenkins 2.318 and Earlier Lack of Access Control in Jenkins 2.318 and Earlier: FilePath#unzip and FilePath#untar Vulnerability MySQL Server Denial of Service Vulnerability Bypassing File Path Filtering in Jenkins 2.318 and Earlier Unrestricted Symbolic Link Creation Vulnerability in Jenkins Insufficient Permission Check in FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier Insecure Temporary File Creation in Jenkins 2.318 and Earlier Lack of Permission Checks in FilePath Methods in Jenkins 2.318 and Earlier Unrestricted Access to Files via Symbolic Links in Jenkins Unsandboxed Code Execution Vulnerability in Jenkins Jenkins Vulnerability: Unrestricted Access to Build Directories Unrestricted File Name Lookup Vulnerability in Jenkins Subversion Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Active Choices Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Scriptler Plugin XML External Entity (XXE) Vulnerability in Jenkins Performance Plugin 3.20 and Earlier Null Pointer Dereference Vulnerability in PHP SOAP Extension Privilege Escalation Vulnerability in PHP FPM SAPI Firebird PDO Driver Extension Vulnerability: Remote Code Execution and Denial of Service URL Validation Bypass Vulnerability in PHP Versions 7.3.x, 7.4.x, and 8.0.x ZipArchive::extractTo Vulnerability: Arbitrary File Write in PHP XML Parsing Vulnerability in PHP Versions 7.3.x, 7.4.x, and 8.0.x Memory Corruption and Remote Code Execution Vulnerability in PHP FILTER_VALIDATE_FLOAT MySQL Server Replication Vulnerability: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability Information Leak Vulnerability in ZTE Smart STB (ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom) ZTE Products DoS Vulnerability: Memory Leak Leading to Device Denial of Service Memory Leak Vulnerability in ZTE ZXR10 8900E (Versions up to V3.03.20R2B30P1) ZXHN H196Q V9.1.0C2 Information Leak Vulnerability ZTE Products Diagnostic Function Interface Input Verification Vulnerability IPv6 Packet Amplification DoS Vulnerability in ZTE ZXHN F623 (All versions up to V6.0.0P3T33) ZTE ZXA10 C300M Configuration Error Vulnerability CSRF Vulnerability in ZTE Products: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5 and ZXHN H108N V2.5.5_BTMT1 Oracle Database Server Recovery Component Unauthorized Read Access Vulnerability ZXHN H168N V3.5.0_TY.T6 Improper Access Control Vulnerability CSRF Vulnerability in ZTE ZXCLOUD iRAI Management Page Improper Access Control Vulnerability in ZTE Axon 11 5G: Unauthorized File Access ZXCDN Management System Information Leak Vulnerability Plaintext Storage of Sensitive Information in ZTE PON MDU Devices ZXHN H168N Information Leak Vulnerability Permission and Access Control Vulnerability in ZTE ZXHN HS562 Smart Camera ZTE Smart STB Product Vulnerability: System Tampering and Customization Exploitation Reflective Cross-Site Scripting (XSS) Vulnerabilities in ZTE's Big Video Business Platform Unauthenticated Optical Module Replacement Vulnerability in ZTE's ZXCTN 6120H V5.10.00B24 MySQL Server Denial of Service Vulnerability Information Leak Vulnerability in ZTE Residential Gateway's Digital Media Player ZTE Conference Management System Command Execution Vulnerability ZTE Mobile Phone Message Service App Information Leak Vulnerability ZTE MF971R Product CRLF Injection Vulnerability ZTE MF971R Configuration File Control Vulnerability Referer Authentication Bypass Vulnerability in ZTE MF971R ZTE MF971R Product Reflective XSS Vulnerability: Cookie Information Exposure ZTE MF971R Product Reflective XSS Vulnerability: Cookie Information Exposure Critical Stack-Based Buffer Overflow Vulnerabilities in ZTE MF971R: Risk of Arbitrary Code Execution Critical Stack-Based Buffer Overflow Vulnerabilities in ZTE MF971R: Risk of Arbitrary Code Execution Database Vault Access Control Bypass Vulnerability Privilege Escalation Vulnerability in ZTE BigVideo Analysis Product Input Verification Vulnerability in ZTE BigVideo Analysis Product Oracle Secure Global Desktop 5.6 Vulnerability: Unauthenticated Takeover Use-After-Free Vulnerability in lib3mf 2.0.0 Allows Code Execution via Crafted 3MF File Accusoft ImageGear 19.8 TIFF Header Count Out-of-Bounds Write Vulnerability Use-After-Free Vulnerability in WebKitGTK 2.30.4 Allows Information Leak and Memory Corruption Accusoft ImageGear 19.8 SGI Format Buffer Size Processing Out-of-Bounds Write Vulnerability Ethernet/IP UDP Handler Information Disclosure Vulnerability Denial of Service Vulnerability in lib60870.NET 2.2.0 Allows Loss of Communications Use-After-Free Vulnerability in WebKitGTK 2.30.4: Information Leak and Memory Corruption MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Information Disclosure Vulnerability in ARM SIGPAGE Functionality of Linux Kernel Accusoft ImageGear 19.8 SGI Format Buffer Size Processing Out-of-Bounds Write Vulnerability Remote Code Execution Vulnerability in Genivia gSOAP 2.8.107 WS-Addressing Plugin Accusoft ImageGear 19.8: JPG Format SOF Marker Out-of-Bounds Write Vulnerability Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Privilege Escalation Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Privilege Escalation Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Privilege Escalation via IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver IOCTL Handling Privilege Escalation Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver MySQL Server Group Replication Plugin Denial of Service Vulnerability Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Information Disclosure Vulnerability in IOBit Advanced SystemCare Ultimate 14.2.0.220 Driver Accusoft ImageGear 19.8 and 19.9 - JPG sof_nb_comp Header Out-of-Bounds Write Vulnerability Accusoft ImageGear 19.9 TIF bits_per_sample Out-of-Bounds Write Vulnerability Accusoft ImageGear 19.9 PSD read_icc_icCurve_data Heap-Based Buffer Overflow Vulnerability Use-After-Free Vulnerability in Nitro Pro PDF's JavaScript Implementation Double-Free Vulnerability in Nitro Pro PDF Allows for Code Execution Nitro Pro PDF JavaScript Stack Variable Address Out-of-Scope Vulnerability Cross-Site Scripting (XSS) Vulnerability in Advantech R-SeeNet v2.4.12 (telnet_form.php) MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Advantech R-SeeNet v2.4.12 (20.10.2020) SSH Form Arbitrary JavaScript Code Execution in Advantech R-SeeNet's device_graph_page.php Arbitrary JavaScript Code Execution in Advantech R-SeeNet's device_graph_page.php Arbitrary JavaScript Code Execution in Advantech R-SeeNet's device_graph_page.php Local File Inclusion (LFI) Vulnerability in Advantech R-SeeNet v2.4.12 (20.10.2020) options.php Script OS Command Injection Vulnerability in Advantech R-SeeNet v2.4.12 (20.10.2020) Use-After-Free Remote Code Execution Vulnerability in WebKitGTK Browser Integer Overflow Vulnerability in Accusoft ImageGear 19.9 DICOM parse_dicom_meta_info Functionality Accusoft ImageGear 19.9 PNG png_palette_process Heap Buffer Overflow Vulnerability Command Execution Vulnerability in Moodle 3.10 Legacy Spellchecker Plugin Oracle Document Management and Collaboration Product Vulnerability Heap Buffer Overflow in AT&T Labs’ Xmill 0.7 XML Parsing Heap Buffer Overflow in AT&T Labs’ Xmill 0.7 XML Parsing Stack-based Buffer Overflow in HandleFileArg Functionality of AT&T Labs' Xmill 0.7 Stack-buffer overflow vulnerability in HandleFileArg function Arbitrary Null Write Vulnerability in HandleFileArg Function Stack-based Buffer Overflow in Xmill 0.7's HandleFileArg Functionality Syslog Information Disclosure Vulnerability in D-LINK DIR-3040 1.13B03 Zebra IP Routing Manager Information Disclosure Vulnerability in D-LINK DIR-3040 1.13B03 Hard-coded Password Vulnerability in D-LINK DIR-3040 1.13B03: Exploiting the Zebra IP Routing Manager for Denial of Service Arbitrary Command Execution Vulnerability in D-LINK DIR-3040 1.13B03 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Hard-coded Password Vulnerability in D-LINK DIR-3040 1.13B03's Libcli Test Environment Accusoft ImageGear 19.9 PDF Process_Fontname Stack-Based Buffer Overflow Vulnerability Use-After-Free Vulnerability in Foxit PDF Reader 10.1.3.37598 Allows Arbitrary Code Execution Friend Finder Information Disclosure Vulnerability Accusoft ImageGear 19.9 JPG Handle_JPEG420 Out-of-Bounds Write Vulnerability Heap-based Buffer Overflow in Xmill 0.7 XML Decompression Functionality Heap-Based Buffer Overflow in AT&T Labs Xmill 0.7 XML Decompression DecodeTreeBlock Functionality Heap-Based Buffer Overflow in AT&T Labs Xmill 0.7 XML Decompression DecodeTreeBlock Functionality Heap-Based Buffer Overflow in AT&T Labs Xmill 0.7 XML Decompression DecodeTreeBlock Functionality Heap-based Buffer Overflow in XML Decompression EnumerationUncompressor::UncompressItem Functionality of Xmill 0.7 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Heap-based Buffer Overflow in XML Decompression LabelDict::Load Functionality of Xmill 0.7 Use-After-Free Vulnerability in Foxit PDF Reader 10.1.3.37598 Allows Arbitrary Code Execution ISO Parsing Functionality Memory Corruption Vulnerability in Deamon Tools Pro 8.3.0.0767 Out-of-Bounds Write Vulnerability in Accusoft ImageGear 19.9 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 MPEG-4 Decoding Functionality Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 MPEG-4 Decoder Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerability in GPAC Project on Advanced Content Library v1.0.1 MPEG-4 Decoder Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Overflow Vulnerabilities in GPAC Project on Advanced Content Library v1.0.1 Integer Truncation Vulnerability in GPAC Project on Advanced Content Library v1.0.1 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Heap-based Buffer Overflow in GPAC Project on Advanced Content Library v1.0.1 Heap-based Buffer Overflow in GPAC Project on Advanced Content Library v1.0.1 Heap-based Buffer Overflow in GPAC MPEG-4 Decoding Functionality Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 Allows Arbitrary Command Execution Arbitrary Command Execution via Unsafe Deserialization in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Unsafe Deserialization Vulnerability in CODESYS Development System 3.5.16 and 3.5.17 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Use-After-Free Vulnerability in Foxit PDF Reader 10.1.4.37651 Memory Corruption Vulnerability in PowerISO 7.9 DMG File Format Handler OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Diagnostics: Traceroute Functionality Arbitrary Command Execution in RSA Keypasswd Parameter via Specially-Crafted HTTP Request Arbitrary Command Execution in DSA KeyPasswd Parameter Arbitrary Command Execution in EC Keypasswd Parameter via Specially-Crafted HTTP Request Arbitrary Command Execution in PUT Requests via Specially-Crafted HTTP Requests Arbitrary Command Execution via Specially-Crafted HTTP GET Requests Local File Inclusion Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Applications and FsBrowse Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager File Upload Functionality Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager FsCopyFile Functionality OS Command Injection Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Wireless Network Scanner OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager FsUnmount Functionality OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager Diagnostics: Ping Functionality OS Command Injection in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager SslGenerateCSR Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 Web Manager FsMove Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Web Manager FSBrowsePage Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager SslGenerateCSR Functionality OS Command Injection in Lantronix PremierWave 2050 Web Manager SslGenerateCertificate Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager Ping Functionality Oracle Sales Offline Product Vulnerability: Unauthorized Hang and Crash Exploit Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager FsBrowseClean Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager FsBrowseClean Functionality Stack-based Buffer Overflow in Lantronix PremierWave 2050 Web Manager FsUnmount Functionality Use-After-Free Vulnerability in Foxit PDF Reader 11.0.0.49893 Allows Arbitrary Code Execution Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 (QEMU) Web Manager FsTFtp Functionality Directory Traversal Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 (QEMU) Allows for FsTFtp File Overwrite Arbitrary File Deletion Vulnerability in Lantronix PremierWave 2050 8.9.0.0R4 Heap Buffer Overflow in Ribbonsoft dxflib 3.17.0's DL_Dxf::handleLWPolylineData Functionality Out-of-Bounds Write Vulnerability in LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580 Heap Buffer Overflow in LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580 Oracle Sales Offline Product Vulnerability: Unauthorized Hang and Crash Exploit Use-after-free vulnerability in dxfRW::processLType() function of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580 Stack-based Buffer Overflow in Garrett Metal Detectors' iC Module CMA Version 5.0 Authentication Bypass Vulnerability in Garrett Metal Detectors iC Module CMA Version 5.0 Stack-based Buffer Overflow in Garrett Metal Detectors' iC Module CMA Version 5.0 Directory Traversal Vulnerability in Garrett Metal Detectors' iC Module CMA Version 5.0 Stack-based Buffer Overflow Vulnerability in Garrett Metal Detectors iC Module CMA Version 5.0 Stack-based Buffer Overflow in Garrett Metal Detectors iC Module CMA Version 5.0 Directory Traversal Vulnerability in Garrett Metal Detectors' iC Module CMA Version 5.0 Arbitrary File Deletion via Command Line Arguments Arbitrary File Deletion Vulnerability in del .cnt|.log Command Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Privilege Escalation Vulnerability in Advantech R-SeeNet 2.4.15 (Windows Installation) Privilege Escalation Vulnerability in Advantech R-SeeNet 2.4.15 (Windows Installation) Privilege Escalation Vulnerability in Advantech R-SeeNet 2.4.15 (Windows Installation) WiFi Smart Mesh Functionality Information Disclosure Vulnerability in D-LINK DIR-3040 1.13B03 Heap-based Buffer Overflow in Accusoft ImageGear 19.10 DecoderStream::Append Functionality SQL Injection Vulnerability in Advantech R-SeeNet 2.4.15 (30.07.2021) - Group List Page SQL Injection Vulnerability in Advantech R-SeeNet 2.4.15 (30.07.2021) via 'description_filter' Parameter SQL Injection Vulnerability in Advantech R-SeeNet 2.4.15 (30.07.2021) on 'group_list' Page SQL Injection Vulnerability in 'name_filter' Parameter with Super-Administrator Account SQL Injection Vulnerability in HTTP Request Parameter 'ord' Oracle Solaris Kernel Vulnerability: Unauthorized Access and Denial of Service SQL Injection Vulnerability in 'surname_filter' Parameter SQL Injection Vulnerability in 'name_filter' Parameter SQL Injection Vulnerability in 'username_filter' Parameter SQL Injection Vulnerability in 'company_filter' Parameter SQL Injection Vulnerability in 'desc_filter' Parameter SQL Injection Vulnerability in 'firm_filter' Parameter SQL Injection Vulnerability in 'health_filter' Parameter SQL Injection Vulnerability in 'loc_filter' Parameter SQL Injection Vulnerability in 'mac_filter' Parameter SQL Injection Vulnerability in 'prod_filter' Parameter MySQL Server Denial of Service Vulnerability SQL Injection Vulnerability in 'sn_filter' Parameter SQL Injection Vulnerability in stat_filter Parameter SQL Injection Vulnerability in 'name_filter' Parameter SQL Injection Vulnerability in 'esn_filter' Parameter SQL Injection Vulnerability in 'imei_filter' Parameter SQL Injection Vulnerability in host_alt_filter2 Parameter SQL Injection Vulnerability in 'health_alt_filter' Parameter SQL Injection Vulnerability in 'host_alt_filter' Parameter Accusoft ImageGear 19.10 Palette Box Parser Heap-Based Buffer Overflow Vulnerability Accusoft ImageGear 19.10 XWD Parser Heap-Based Buffer Overflow Vulnerability MySQL Server Denial of Service Vulnerability Heap-Based Buffer Overflow in Anker Eufy Homebase 2 2.1.6.9h's pushMuxer processRtspInfo Functionality Use-After-Free Vulnerability in Anker Eufy Homebase 2 2.1.6.9h: Remote Code Execution Accusoft ImageGear 19.10 TIFF YCbCr Image Parser Out-of-Bounds Write Remote Code Execution Vulnerability Accusoft ImageGear 19.10 XWD Parser Heap-Based Buffer Overflow Vulnerability Heap-Based Buffer Overflow in Accusoft ImageGear 19.10 TIFF Parser Heap-Based Buffer Overflow in Accusoft ImageGear 19.10 TIFF Parser Functionality Heap-based Buffer Overflow in Accusoft ImageGear 19.10 JPEG-JFIF Lossless Huffman Image Parser Heap-Based Buffer Overflow in Accusoft ImageGear 19.10 JPEG-JFIF Lossless Huffman Image Parser Heap-Based Buffer Overflow in AnyCubic Chitubox AnyCubic Plugin 1.0.0 JPEG-JFIF Scan Header Parser Out-of-Bounds Write Vulnerability in Accusoft ImageGear 19.10 Vulnerability in Oracle Partner Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise Out-of-Bounds Write Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Out-of-Bounds Write Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Authentication Bypass Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Authentication Bypass Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Command Execution Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Authentication Bypass Vulnerability in Anker Eufy Homebase 2 2.1.6.9h Allows Password Recovery via Network Sniffing PHP Unserialize Vulnerability in CloudLinux Inc Imunify360 5.10.2: Arbitrary Command Execution Dream Report ODS Remote Connector 20.2.16900.0 Privilege Escalation via Command Injection Heap-based Buffer Overflow Vulnerability in Hancom Office 2020 11.0.0.2353 MQTTS Misconfiguration in SeaConnect 370W v1.3.34: Enabling Man-in-the-Middle Attacks and Device Takeover MySQL Server Denial of Service Vulnerability Stack-based Buffer Overflow Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 Stack-based Buffer Overflow Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 NBNS Functionality Heap-based Buffer Overflow in SeaConnect 370W v1.3.34 OTA Update u-download Functionality SeaConnect 370W v1.3.34 Web Server Information Disclosure Vulnerability Denial of Service Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 Modbus Configuration Denial of Service Vulnerability in SeaMax Remote Configuration Functionality of SeaConnect 370W v1.3.34 Uninitialized Read Vulnerability in Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0 HTTP Server Out-of-Bounds Write Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 OTA Update Task Sealevel Systems SeaConnect 370W v1.3.34 - OTA Update Task Arbitrary File Write Vulnerability Out-of-Bounds Write Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Out-of-bounds write vulnerability in HandleSeaCloudMessage function of Sealevel Systems, Inc. SeaConnect 370W v1.3.34 Out-of-Bounds Write Vulnerability in Sealevel Systems SeaConnect 370W v1.3.34 MQTT URL_decode Functionality vSphere Client (HTML5) Remote Code Execution Vulnerability vSphere Client (HTML5) SSRF Vulnerability in vCenter Server Plugin Heap-Overflow Vulnerability in OpenSLP Service Allows Remote Code Execution CVE-2021-21975: vRealize Operations Manager API Server Side Request Forgery Vulnerability vSphere Replication Remote Code Execution Vulnerability Remote Code Execution Vulnerability in VMware View Planner 4.x prior to 4.6 Security Patch 1 Fixed APP_KEY Vulnerability in Bitnami Laravel Containers Vulnerability in Oracle Knowledge Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise Unauthorized Arbitrary File Read Vulnerability in vSphere Web Client VMware NSX-T Privilege Escalation Vulnerability Authentication Bypass Vulnerability in VMware Carbon Black Cloud Workload Appliance Arbitrary File Write Vulnerability in vRealize Operations Manager API (CVE-2021-21983) Remote Code Execution Vulnerability in VMware vRealize Business for Cloud 7.x prior to 7.6.0 vSphere Client (HTML5) Remote Code Execution Vulnerability in Virtual SAN Health Check Plug-in Unauthenticated Access Vulnerability in vSphere Client (HTML5) Plug-ins Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Oracle iStore Product Vulnerability: Unauthorized Access and Data Compromise Cross-Site Scripting Vulnerability in VMware Workspace ONE UEM Console Local Privilege Escalation Vulnerability in vCenter Server vCenter Server Denial-of-Service Vulnerability through Improper XML Entity Parsing vCenter Server SSRF Vulnerability in Content Library Allows Information Disclosure ESXi SFCB Authentication Bypass Vulnerability OpenSLP Heap Out-of-Bounds Read Denial-of-Service Vulnerability in ESXi Root-level File System Access Vulnerability in SaltStack Salt Denial-of-Service Vulnerability in VMware Tools for Windows (11.x.y prior to 11.3.0) Authentication Bypass Vulnerability in VMware Carbon Black App Control Local Privilege Escalation Vulnerability in VMware Tools, VMware Remote Console, and VMware App Volumes Oracle Applications Framework Home Page Unauthenticated Access Vulnerability DLL Hijacking Vulnerability in VMware ThinApp 5.x Sensitive Information Disclosure in UAA Server: Identity Provider Deletion Vulnerability Vulnerability: Unauthorized Access and Authentication Bypass in VMware Workspace ONE Access and Identity Manager Unintended Login Interface on Port 7443 in VMware Workspace ONE Access and Identity Manager Vulnerability: Unauthorized Configuration File Usage in SaltStack Salt Installer Arbitrary File Upload Vulnerability in vCenter Server Analytics Service Reverse Proxy Bypass Vulnerability in vCenter Server Allows Unauthorized Endpoint Access Local Information Disclosure Vulnerability in vCenter Server Analytics Service VAPI Information Disclosure Vulnerability in vCenter Server vCenter Server VAPI Denial-of-Service Vulnerabilities MySQL Server Vulnerability: Unauthorized Hang and Crash vCenter Server Denial-of-Service Vulnerability in VPXD Service Unauthenticated API Endpoint Vulnerability in vCenter Server Content Library Allows Unauthorized VM Network Setting Manipulation Unauthenticated Appliance Management API in vCenter Server Allows Information Disclosure vCenter Server File Path Traversal Vulnerability: Information Disclosure in Appliance Management API Authenticated Code Execution Vulnerability in vCenter Server's VAMI Local Privilege Escalation Vulnerabilities in vCenter Server Appliance vCenter Server Reflected Cross-Site Scripting Vulnerability Improper URI Normalization in Rhttproxy Allows Bypassing Proxy and Accessing Internal Endpoints Arbitrary File Deletion Vulnerability in vCenter Server's vSphere Life-cycle Manager Plug-in vCenter Server VAPI Denial-of-Service Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang and Crash vCenter Server Analytics Service Denial-of-Service Vulnerability Cross Site Scripting (XSS) Vulnerability in VMware vRealize Log Insight (8.x prior to 8.4) Arbitrary File Read Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Insecure Object Reference Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Account Takeover Arbitrary Log File Read Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Unauthenticated API Access Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Server Side Request Forgery (SSRF) Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Information Disclosure Server Side Request Forgery (SSRF) Vulnerability in vRealize Operations Manager API (8.x prior to 8.5) Allows Information Disclosure File Path Traversal Vulnerability in Greenplum Database: Information Disclosure and File System Manipulation Denial of Service Vulnerability in VMware Workspace ONE UEM REST API MySQL Server Vulnerability: Unauthorized Hang and Crash Sensitive Credential Information Leakage in Greenplum Database Logs VMware vRealize Operations 8.6 SSRF Vulnerability Information Disclosure Vulnerability in VMware vRealize Operations Tenant App 8.6 CSV Injection Vulnerability in VMware vRealize Log Insight (8.x prior to 8.6) Open Redirect Vulnerability in VMware vRealize Orchestrator (8.x prior to 8.6) Path Interception by Search Order Hijacking in InstallBuilder Windows Installers Unprivileged Binary Replacement Vulnerability in Windows Installers Oracle WebLogic Server Unauthenticated Read Access Vulnerability Use-After-Free Vulnerability in VMware XHCI USB Controller Allows Code Execution Double-fetch vulnerability in UHCI USB controller allows code execution in VMware virtual machines Unauthorized Access Vulnerability in VMware ESXi: Exploiting VMX Privileges to Access High-Privileged settingsd Service VMware ESXi Privilege Escalation via TOCTOU Vulnerability Involuntary Endpoint Exposure in Spring Cloud OpenFeign Heap-Overflow Vulnerability in VMware CD-ROM Device Emulation Unauthorized Access to Custom Controllers in Spring Data REST vCenter Server Privilege Escalation via IWA Authentication Vulnerability vSphere Web Client vSAN UI Plug-in SSRF Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation ESXi rhttpproxy Denial-of-Service Vulnerability Vulnerability: Request Smuggling in Spring Cloud Gateway Code Execution Vulnerability in Spring Cloud Netflix Hystrix Dashboard SSRF Vulnerability in VMware Workspace ONE UEM Console Remote Log Injection Vulnerability in SchedulerServer of VMware Photon SSRF Vulnerability in VMware Workspace ONE Access and Identity Manager Authentication Bypass Vulnerability in VMware Workspace ONE Access Oracle Trade Management Product Vulnerability: Unauthorized Access and Data Compromise Log Injection Vulnerability in Spring Framework Oracle Database - Enterprise Edition RMAN Privilege Escalation Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Oracle Email Center Product Vulnerability: Unauthorized Access and Data Compromise Out-of-Memory Error Vulnerability in Spring AMQP Message toString() Method Log Injection Vulnerability in Spring Framework Deserialization-based Denial of Service in Spring AMQP Open Redirect Vulnerability in UAA Server Versions Prior to 75.4.0 Oracle Trade Management Product Vulnerability: Unauthorized Access and Data Compromise Denial-of-Service Vulnerability in Cloud Foundry CAPI Versions Prior to 1.122 Unauthenticated Denial of Service (DoS) Vulnerability in Cloud Controller Versions Prior to 1.118.0 Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Privilege Escalation Vulnerability in Spring Security Bypassing Sensitive Headers Restriction in Spring Cloud Netflix Zuul 2.2.6.RELEASE and Below Arbitrary File Write Vulnerability in Spring-integration-zip (CVE-2018-1263) Insecure Logging of Service Broker Credentials in Cloud Controller API Denial of Service Vulnerability in RabbitMQ AMQP 1.0 Client Connection Endpoint Insecure Plugin Directory Permissions in RabbitMQ Installers on Windows Privilege Escalation in Spring Framework WebFlux Application Denial-of-Service (DoS) Vulnerability in Spring Security OAuth 2.0 Client Web and WebFlux Applications MySQL Server Denial of Service Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in FortiWeb GUI Interface FortiWeb Management Interface OS Command Injection Vulnerability Uncontrolled Resource Consumption (Denial of Service) Vulnerability in FortiSandbox and FortiAuthenticator Command Execution Vulnerability in FortiSandbox Sniffer Module Arbitrary Code Execution via Network Name Trickery in FortiClient for Linux Improper Access Control Vulnerability in FortiProxy SSL VPN Portal Buffer Overflow Vulnerability in FortiMail Webmail and Administrative Interface MySQL Server Denial of Service Vulnerability Stack-based Buffer Overflow Vulnerability in FortiProxy Physical Appliance CLI Certificate Validation Vulnerability in Fortinet FortiToken Applications Information Disclosure Vulnerability in Elasticsearch 7.7.0 to 7.10.1 Async Search API Sensitive HTTP Header Information Leakage in Elastic APM Agent for Go Versions Before 1.11.0 Elasticsearch Document Disclosure Vulnerability Document Disclosure Vulnerability in Elasticsearch Suggester and Profile API Kibana Session Timeout Bypass Vulnerability Elasticsearch Document Disclosure Vulnerability TLS Certificate Validation Flaw in Logstash Monitoring Feature Denial of Service Vulnerability in Kibana Webhook Actions Oracle WebLogic Server Console Unauthorized Access Vulnerability XML External Entity Injection (XXE) Vulnerability in Elastic App Search Web Crawler Beta Feature Open Redirect Vulnerability in Kibana Versions Before 7.13.0 and 6.8.16 Kibana Chromium Browser Vulnerability Vulnerability: Information Leakage of Sensitive HTTP Headers in Elastic APM .NET Agent Elasticsearch Grok Parser Uncontrolled Recursion Denial of Service Vulnerability Memory Disclosure Vulnerability in Elasticsearch 7.10.0 to 7.13.3 Error Reporting Default Enabled Anonymous User in Elastic Cloud Enterprise Allows for Unauthorized Access Elasticsearch Searchable Snapshots Unauthorized Access Vulnerability API Key Misconfiguration in Elastic Enterprise Search App Search API Key Authorization Bypass in Elastic Enterprise Search App Search Versions Prior to 7.14.0 MySQL Server Stored Procedure Denial of Service Vulnerability Insecure Package Upload Vulnerability in Fleet Admin Permissions Arbitrary File Loading Vulnerability in Kibana Denial of Service Vulnerability in BlackBerry UEM Management Console Remote Code Execution Vulnerability in BlackBerry UEM Management Console Information Disclosure Vulnerability in BlackBerry UEM Management Console Allows Unauthorized Access to Web History Title: Authentication Bypass Vulnerability in BlackBerry Workspaces Server Allows Unauthorized Access Integer Overflow Vulnerability in calloc() Function of BlackBerry QNX Software Development Platform (SDP) and QNX OS Stored XSS Vulnerability in Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 XML External Entity (XXE) Injection in Proofpoint Insider Threat Management Server Web Console Proofpoint Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Apache Pulsar JSON Web Token (JWT) Signature Validation Bypass Vulnerability IPv6 Routing Loop Vulnerability in OpenWrt 19.07.x Prometheus Denial of Service Vulnerability in GitLab 13.7+ GitLab Vulnerability: Temporary Read Access to Private Repository via Incorrect Headers Critical Vulnerability: Regular Expression Denial of Service in NuGet API of GitLab 12.8+ GitLab EE 13.4 or Later: Internal IP Address Leakage Vulnerability MySQL Server Stored Procedure Denial of Service Vulnerability Nonce Reuse Vulnerability in GitLab 11.6+: Decrypting Encrypted Database Content GitLab Pages Authentication Parameter Vulnerability Unauthorized Access to Tag Data on GitLab Releases Page USB HID Dissector Memory Leak Vulnerability in Wireshark 3.4.0 to 3.4.2 USB HID Dissector Denial of Service Vulnerability in Wireshark 3.4.0 to 3.4.2 Server-Side Request Forgery Vulnerability in GitLab Allows Unauthenticated Attackers to Exploit Webhook Requests Improper Access Control in GitLab Allows Demoted Project Members to Access Authored Merge Request Details GitLab CE/EE 12.6.0 and Above: DoS Vulnerability in gitlab-shell GitLab Vulnerability: SSRF Attack via Prometheus Integration SSRF Vulnerability in GitLab's Outbound Requests Feature Vulnerability in Oracle PeopleSoft: Unauthorized Access and Data Manipulation Improper Access Control Vulnerability in GitLab Allows Unauthorized Access to Analytic Pages Recursive Pipeline Denial of Service Vulnerability in GitLab CE/EE Stored XSS Vulnerability in GitLab Merge Request Stored XSS Vulnerability in GitLab's Epics Page Unredacted Sensitive Information Disclosure in GitLab 12.8 and above Stored Cross-Site Scripting (XSS) Vulnerability in GitLab Wikis (Version 13.8+) Group Maintainer Privilege Escalation in GitLab CE/EE Version 9.4 and Up GitLab Vulnerability: Resource Exhaustion Allows Jobs to Continue After Project Deletion Confidential Issue Title Disclosure in GitLab via Branch Logs Certificate Validation Vulnerability in Gitlab CE/EE Editions Leads to Authentication Issues with Fortinet OTP Vulnerability in Oracle PeopleSoft: Unauthorized Access and Data Manipulation GitLab Workhorse Path Traversal Vulnerability: JWT Token Leakage Remote Code Execution Vulnerability in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 via Improper URL Handling Arbitrary Code Execution Vulnerability in GitLab CE/EE (All Versions from 13.2) Privilege Escalation Vulnerability in GitLab: Unauthorized Validation of Private Project Names Vulnerability: Insecure Storage of Session Keys in GitLab Remote Code Execution in GitLab VSCode Extension v3.15.0 and Earlier Stored Cross-Site Scripting Vulnerability in GitLab CE/EE via Crafted Branch Name Infinite Loop Vulnerability in GitLab CE/EE: Authenticated User Exploitation Authenticated User Privilege Escalation: Incident Metric Image Deletion Vulnerability in GitLab CE/EE (Versions 13.8 and above) Stored XSS Vulnerability in GitLab with Scoped Labels Vulnerability in Oracle PeopleSoft Enterprise SCM eProcurement: Unauthorized Data Access and Manipulation Vulnerability: Unauthorized Access to Internal Repository Data in GitLab CE/EE File Disclosure Vulnerability in GitLab CE/EE Versions 13.9 and above CSRF Vulnerability in GitLab CE/EE System Hooks API Arbitrary File Read Vulnerability in GitLab CE/EE Arbitrary Code Execution Vulnerability in ExifTool's DjVu File Format Parsing Remote Command Execution Vulnerability in GitLab CE/EE GitLab Vulnerability: Exposed Pull Mirror Credentials in Plain-Text Denial of Service Vulnerability in Wireshark MS-WSP Dissector Improper Permission Check in GitLab Allows Unauthorized Timestamp Modification for Issue Creation/Update Authorization Token Validation Vulnerability in GitLab CE/EE (Versions 13.8 and above) Oracle Secure Global Desktop 5.6 Vulnerability: Unauthenticated Takeover GitLab API Branch Query Parameter Ignored Vulnerability GitLab Dependency Proxy User Impersonation Vulnerability Vulnerability: NTPsec 1.2.0 Key Parsing Issue OAuth Access Token Leakage Vulnerability in GitLab CE/EE Versions 7.10 and Above Unauthenticated Server-Side Request Forgery Vulnerability in GitLab CE/EE (Versions 10.5 and above) with Enabled Internal Network Webhooks GitLab EE Information Disclosure: On-Call Rotation Leakage Uncontrolled Resource Consumption Vulnerability in GitLab CE/EE Uncontrolled Resource Consumption Vulnerability in GitLab CE/EE GitLab CE/EE Vulnerability: Spoofing of Author in Signed Commits via x509 Certificates Sensitive Information Exposure in GitLab Log Files Oracle Bill Presentment Architecture Template Search Vulnerability Stored XSS Vulnerability in GitLab Blob Viewer of Notebooks Insufficient Expired Password Validation in GitLab Allows Limited Access After Expiration Denial of Service Vulnerability in Wireshark 3.4.0 to 3.4.5: Infinite Loop in DVB-S2-BB Dissector Feature Flag Name Client-Side Code Injection Vulnerability in GitLab CE/EE 11.9 Cross-Site Request Forgery Vulnerability in GitLab GraphQL API Allows Unauthorized Mutation Calls Stored Cross-Site Scripting (XSS) Vulnerability in GitLab Markdown Parsing Vulnerability: Unauthorized Push to Protected Branches in GitLab CE/EE (Version 13.9) Reflected Cross-Site Scripting (XSS) Vulnerability in GitLab Versions 13.11.6, 13.12.6, and 14.0.2 Improper Access Control in GitLab Allows Unauthorized Access to Project Details via GraphQL Data Leakage Vulnerability in GitLab CE/EE Versions 12.8 and above Oracle Receivables Product Vulnerability: Unauthorized Access and Data Manipulation Code Injection Vulnerability in GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2 Profile Page Denial of Service Vulnerability in GitLab CE/EE 8.0 and above HTML Injection Vulnerability in GitLab CE Versions 13.11.6, 13.12.6, and 14.0.2 GitLab EE Information Disclosure Vulnerability: Unauthorized Project Details Access Arbitrary File Read Vulnerability in GitLab CE/EE DNP Dissector Crash Vulnerability in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 Improper Handling of OAuth Client IDs Leads to Incorrect Token Generation in GitLab CE/EE (Version 14.1) Impersonation Bypass Vulnerability in GitLab CE/EE Versions before 13.12.9, 14.0.7, 14.1.2 Stored XSS Vulnerability in GitLab's Issue Design Feature Metadata Injection Vulnerability in GitLab CE/EE 14.0 and Later Oracle Compensation Workbench Vulnerability: Unauthorized Access and Data Manipulation Improper Access Control Allows Unauthorized User Creation in GitLab EE Versions 13.11.6, 13.12.6, and 14.0.2 Stored Cross-Site Scripting Vulnerability in GitLab CE/EE Versions 14.0 and Above Stored Cross-Site Scripting Vulnerability in Mermaid Markdown in GitLab CE/EE Version 11.4 and Up User Impersonation Vulnerability in GitLab CE/EE Versions 7.10 and above Unauthorized Access to Vulnerability Data in GitLab EE GitLab CE/EE Vulnerability: Unauthorized Access to Project Pages GitLab Webhook Denial of Service Vulnerability Guests in Private Projects Can Access CI/CD Analytics in GitLab CE/EE (CVE-2021-22214) Unauthorized Access to Pipeline Information in GitLab CE/EE Versions 13.12 and above GitLab EE Vulnerability: Verbose Error Message Discloses Private Email Address of Invited User Vulnerability in Oracle E-Business Intelligence: Unauthorized Access and Data Manipulation Unauthorized Access and Deletion of Impersonation Tokens in GitLab CE/EE (All Versions since 13.3) Email Address Domain Bypass Vulnerability in GitLab EE GitLab CE/EE Vulnerability: Developer Access to Protected CI Variables Unauthorized Deployment Triggering in GitLab EE Versions 13.4 and Above User Impersonation Vulnerability in GitLab Shell (CVE-2021-22214) SSRF Exploit in Baserow <1.1.0: Unauthorized Retrieval of Internal Files via URL File Upload Guest users can create issues for Sentry errors in GitLab CE/EE versions since 12.6, leading to unauthorized access and tracking of issue status. User Enumeration Vulnerability in GitLab Privacy Breach: Exploiting GitLab's Project Import/Export Feature to Access Private Email Addresses GitLab EE 12.6 DOS Vulnerability: Lack of Pagination in Dependencies API Vulnerability in Oracle MySQL Server: Unauthorized Access to Critical Data Stored Cross-Site Scripting Vulnerability in DataDog Integration in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in GitLab's Jira Integration Vulnerability: Unauthorized Namespace Manipulation in GitLab with Jira Cloud Integration Privilege Escalation Vulnerability in GitLab Persistent Access to Projects for Deleted Invited Group Members in GitLab Remote Replay Attack Vulnerability in Idelji Web ViewPoint Suite Vulnerability in Oracle Cash Management Allows Unauthorized Access and Data Manipulation ControlTouch Serial Number Exploit: Unauthorized Access and Control Vulnerability Buffer Overflow Vulnerability in B&R Automation Runtime Webserver: Remote Denial of Service Exploit Integrity Check Bypass Vulnerability in free@home System Access Point Denial of Service Vulnerability in ABB 800xA Control Software PCM600 Update Manager Certificate Validation Vulnerability Missing Authentication Vulnerability in RobotWare Enables Unauthorized File Access and Modification Oracle Incentive Compensation User Interface Unauthorized Data Access Vulnerability Relative Path Traversal Vulnerability in B&R Industrial Automation Automation Studio Code Injection Vulnerability in B&R Industrial Automation Automation Studio Improper Initialization vulnerability in ABB Relion protection relays and Remote Monitoring and Control Arbitrary Code Execution Vulnerability in OPC Server for AC 800M Denial of Service Vulnerability in ABB SPIET800 and PNI800 Module Denial of Service Vulnerability in ABB SPIET800 and PNI800 Module Denial of Service Vulnerability in ABB SPIET800 and PNI800 Module Code Execution Vulnerability in B&R Automation Studio Project Upload Mechanism Vulnerability in Oracle Depot Repair: Unauthorized Data Access and Modification eCNS280 Denial of Service (DoS) Vulnerability Inconsistent Interpretation of HTTP Requests Vulnerability in Huawei Products HarmonyOS 2.0 Component API Permission Bypass Vulnerability HarmonyOS Local Permission Bypass Vulnerability Leading to Device Hang HarmonyOS 2.0 Component DoS Vulnerability: File System Mount Attack Logic Vulnerability in Huawei Gauss100 OLTP Product: Service Abnormality via SQL Statement Exploit Local Privilege Escalation Vulnerability in Huawei Products MySQL Server Denial of Service Vulnerability Information Leak Vulnerability in eCNS280_TD Versions V100R005C00 and V100R005C10 Buffer Overflow Vulnerability in Mate 30 10.0.0.203(C00E201R7P2) Out-of-Bound Read Vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1) Pointer Double Free Vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1): Lack of Multi-Thread Protection Use After Free Vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1) Buffer Overflow Vulnerability in Mate 30 10.1.0.126(C00E125R5P3) Out-of-Bound Read Vulnerability in Mate 30 10.0.0.182(C00E180R6P2) Weak Algorithm Vulnerability in Mate 3010.0.0.203(C00E201R7P2) Allows Local Attackers to Compromise Module Integrity Business Logic Error in Huawei Smartphone Allows Unauthorized Screenshot Capture Insecure Algorithm Vulnerability in Huawei Products: Brute Forcing for Sensitive Message Extraction Oracle Installed Base API Unauthorized Data Access and Modification Vulnerability Title: Information Leakage Vulnerability in Huawei Products Improper Permission Assignment Vulnerability in Huawei ManageOne Product Memory Leak Vulnerability in Huawei Products Data Confidentiality Impairment Vulnerability in Huawei Smartphone ManageOne Local Privilege Escalation Vulnerability Critical Vulnerability in Huawei Smartphone Allows Unauthorized Access and Data Compromise Information Disclosure Vulnerability in Huawei Smartphone: Impairing Data Confidentiality HarmonyOS 2.0 Component Null Pointer Dereference Vulnerability: Local Denial of Service Exploit Smartphone Vulnerability: Improper Verification Leading to Integer Overflows Vulnerability in Oracle MySQL Server: Group Replication Plugin Allows Partial Denial of Service Denial of Service Vulnerability in Huawei Products: Exploiting Message Handling Module Title: Use-After-Free Vulnerability in Multiple Huawei Products Allows Memory Compromise Title: Huawei Smartphone Vulnerability: Missing Authentication for Critical Function Impairs Data Confidentiality Critical Integer Overflow Vulnerability in Huawei Smartphone Allows Root Privilege Escalation Credentials Management Errors Vulnerability in Huawei Smartphone: Impairing Data Confidentiality Video Stream Interception Vulnerability in Huawei Smartphone HarmonyOS Privilege Dropping / Lowering Errors Vulnerability: Exploiting Kernel Space Read/Write Capability Arbitrary Memory Write Vulnerability in Huawei Smart Phone File Parsing Denial of Service Vulnerability in Huawei CloudEngine Products License Management Vulnerability in Huawei Products Title: Oracle Enterprise Asset Management Setup Vulnerability Allows Unauthorized Data Access and Modification Out of Bounds Write Vulnerability in Huawei Smartphone HUAWEI P30 (9.1.0.131) JavaScript Injection Vulnerability in Huawei Smartphones Pointer Double Free Vulnerability in CloudEngine Switches Huawei Smartphone Improper Validation of Array Index Vulnerability Improper Access Control Vulnerability in Huawei Smartphone Allows App Redirections Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Denial of Security Services Vulnerability in Huawei Smartphone Information Disclosure Vulnerability in Huawei Smartphone: User Click Data Leakage eCNS280 XXE Injection Vulnerability Denial of Service Vulnerability in ManageOne: Insufficient Parameter Verification Java VM Component Vulnerability in Oracle Database Server (Versions 12.1.0.2, 12.2.0.1, 18c, and 19c) Title: Multiple Threads Race Condition Vulnerability in Huawei Product Memory Leak Vulnerability in Huawei Products: Resource Management Weakness in Module Title: Information Leak Vulnerability in Huawei Products: Exploitable Input Handling Issue Configuration Defect Vulnerability in Huawei Smartphone: Impact on Service Integrity and Availability Improper Access Control Vulnerability in Huawei Smartphone Leads to Temporary DoS Out-of-Bounds Memory Write Vulnerability in Huawei Smartphone Improper Permission Management Vulnerability in Huawei Smartphone: User Habits Disclosure Risk Improper Access Control Vulnerability in Huawei Smartphone Leads to Temporary DoS Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Insufficient Input Verification Vulnerability in Huawei Smartphone Leads to System Restart Vulnerability in Oracle Transportation Execution of Oracle E-Business Suite: Unauthorized Data Access and Modification Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Huawei Smartphone Credentials Management Errors Vulnerability Configuration Defect Vulnerability in Huawei Smartphone Allows Device Hijacking and Execution of Malicious Commands Huawei Smartphone Kernel Restart Vulnerability Out-of-Bounds Read Information Disclosure Vulnerability in Huawei Smartphone Weak Secure Algorithm Vulnerability in Huawei Products Denial of Service Vulnerability in Huawei Products: Inadequate Input Validation in Message Handling Module Insufficient Input Validation Vulnerability in FusionCompute 8.0.0 Allows Arbitrary File Upload Denial of Service Vulnerability in S5700 and S6700 Switches (V200R005C00SPC500) Vulnerability in Oracle Financials Common Modules of Oracle E-Business Suite: Unauthorized Data Access and Modification Resource Management Error Vulnerability in USG9500 (V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200) Improper Authorization Vulnerability in eCNS280 and eSE620X Out of Bounds Write Vulnerability in Huawei Products: Exploiting Insufficient Validation of Messages Resource Management Error Vulnerability in eCNS280_TD V100R005C10SPC650 Denial of Service Vulnerability in HUAWEI Mate 30 and Mate 30 (5G) eSE620X vESS Local Out of Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in eSE620X vESS Authentication Bypass Vulnerability in Huawei Smartphone Key Management Permission Control Vulnerability in Huawei Smartphone: Implications on Device Functionality Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone Allows Root User Escalation Oracle General Ledger Account Hierarchy Manager Unauthorized Data Access Vulnerability Credentials Management Errors Vulnerability in Huawei Smartphone: A Threat to Service Confidentiality Critical Security Flaw: Improper Permission Management in Huawei Smartphone Jeopardizes Confidentiality Security Features Vulnerability in Huawei Smartphone: Threat to Service Confidentiality Design Process Defect Vulnerability in Huawei Smartphone: Impact on Service Integrity and Availability Array Index Validation Vulnerability in Huawei Smartphone: Stability Risks Key Management Errors Vulnerability in Huawei Smartphone: Threats to Confidentiality, Availability, and Integrity HarmonyOS Improper Privilege Management Vulnerability Command Injection Vulnerability in Huawei S-Series Switches (V200R019C00SPC500) Race Condition Vulnerability in eCNS280_TD V100R005C00 and V100R005C10 Huawei Smartphone Integer Underflow Vulnerability in Samgr Leading to Denial of Service (DoS) Critical Vulnerability in Oracle MES for Process Manufacturing: Unauthorized Access and Data Manipulation Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone Input Verification Vulnerability in Huawei Smartphone Leads to DoS Attack Improper Permission Assignment Vulnerability in Huawei LTE USB Dongle Products Out-of-Bounds Read Vulnerability in eCNS280_TD and eSE620X Title: Huawei Smartphone Information Disclosure Vulnerability Enables Authentication Bypass Kernel Code Execution Vulnerability in Huawei Smartphone Component Double Free Vulnerability in Huawei Smartphone Allows Root Elevation of Privileges Remote Code Execution Vulnerability in Huawei Smartphone Integer Overflow Vulnerability in Huawei Smartphone Allows Code Execution Permission Control Vulnerability in Huawei Smartphone Allows Execution of Arbitrary Code Oracle Time and Labor Product Vulnerability: Unauthorized Access and Data Manipulation Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Buffer Size Calculation Vulnerability in Huawei Smartphone Leads to System Reset Buffer Size Calculation Vulnerability in Huawei Smartphone Denial of Service Vulnerability in CloudEngine Series: Exploiting Module Design Weakness Buffer Overflow Vulnerability in Smartphones: Exploiting Multi-Screen Collaboration for DoS Attacks Smartphone Code Injection Vulnerability: Threat to Service Confidentiality Privilege Escalation Vulnerability in Huawei Products: Improper Privilege Management Huawei ManageOne 8.0.0 Privilege Escalation Vulnerability Digital Balance Bypass Vulnerability in Multiple Smartphone Models Bluetooth DoS Vulnerability in Huawei Smartphones Vulnerability in Oracle Outside In Technology Allows Unauthorized Access and Partial Denial of Service Insufficient Input Validation Vulnerability in Huawei Smartphones: System Crash via Malicious APP Installation Critical Remote DoS Vulnerability in Huawei Smartphone Threatens Service Integrity Critical DoS Vulnerability Discovered in Huawei Smartphones Huawei Smartphone Vulnerability: Hijacking Unverified Providers for Device Hijacking and Malicious Command Execution Directory Traversal Vulnerability in Huawei Smartphone: Impact on Service Confidentiality Configuration Defects in Huawei Smartphones: A Threat to Service Availability Uncaught Exception Vulnerability in Huawei Smartphone: App Crash Exploit Configuration Defects in Huawei Smartphone: A Threat to Service Confidentiality Denial of Service Vulnerability in ManageOne: Logic Error in Service Function Implementation Oracle iStore Shopping Cart Unauthorized Data Access Vulnerability XSS Injection Vulnerability in iMaster NCE-Fabric V100R019C10 Out-of-Bounds Write Vulnerability in Huawei Products Integer Overflow Vulnerability in Huawei Smartphone Allows for Random Kernel Address Access Integer Overflow Vulnerability in Huawei Smartphone: System Reset Exploitation Memory Buffer Errors Vulnerability in Huawei Smartphone: System Reset Exploitation Huawei Smartphone Buffer Size Calculation Vulnerability HarmonyOS Data Processing Errors Vulnerability: Exploiting Kernel Code Execution HarmonyOS Data Processing Errors Vulnerability: Exploiting Kernel Memory Leakage HarmonyOS Integer Overflow Vulnerability: Memory Overwriting Exploit HarmonyOS Component Vulnerability: Insufficient Data Authenticity Verification Leading to Persistent DoS Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Modification HarmonyOS Component Vulnerability: External Control of System or Configuration Setting HarmonyOS Component Privilege Escalation Vulnerability HarmonyOS Integer Overflow Vulnerability: Memory Overwriting Exploit HarmonyOS Component Out-of-bounds Write Vulnerability HarmonyOS Kernel Memory Leakage Vulnerability: Exploiting the Path to Kernel Denial of Service Double Free Vulnerability in HarmonyOS Component Allows Root Privilege Escalation Out of Bounds Memory Access Vulnerability in Smartphones Critical Heap-based Buffer Overflow Vulnerability in Huawei Smartphone Allows Authentication Bypass Incomplete Cleanup Vulnerability in Huawei Smartphone: Authentication Bypass Exploit Out of Bounds Memory Access Vulnerability in Smartphones Smartphone Logic Bypass Vulnerability Enables Code Injection Permission Isolation Vulnerability in Smartphones: Exploiting Out-of-Bounds Access Permission Isolation Vulnerability in Smartphones: Exploiting Out-of-Bounds Access Out of Bounds Memory Access Vulnerability in Smartphones Out of Bounds Memory Address Vulnerability in Smartphones: Exploitation and Code Execution Risk Configuration Defect Vulnerability in Huawei Smartphone: Impact on Service Integrity and Availability Logic Bypass Vulnerability in Huawei Smartphone: Threat to Service Integrity and Availability Smartphone Vulnerability: Integer Overflow and TOCTOU Exploit Leading to Random Address Access Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone Allows Code Execution Deserialization Vulnerability in Huawei AnyOffice V200R006C10 Allows Remote Code Execution Vulnerability in Hyperion Analytic Provider Services and Essbase Analytic Provider Services: Remote Takeover Path Traversal Vulnerability in Huawei Products Integer Overflow Vulnerability in Huawei Products: Potential Kernel Crash Exploit Title: Huawei Smartphone Vulnerability: Improper Validation of Integrity Check Value Leads to System Reset Input Verification Vulnerability in Huawei Smartphone Allows Random Address Access Code Injection Vulnerability in Huawei Smartphone: Input Verification Flaw Input Verification Vulnerability in Huawei Smartphone: System Reset Exploitation Information Disclosure Vulnerability in Huawei Smartphone Leading to System Reset System Reset Vulnerability in Huawei Smartphone Unauthorized File Access Vulnerability in Smartphones Unauthenticated User Friend Addition Vulnerability in Elf-G10HN 1.0.0.608 Oracle Database - Enterprise Edition Unified Audit Privilege Escalation Vulnerability HarmonyOS Component Incomplete Cleanup Vulnerability: Memory Exhaustion Exploit HarmonyOS Integer Overflow Vulnerability: Memory Overwriting Exploit HarmonyOS Local Attackers Vulnerability: Improper Input Validation Allows Unauthorized Address Reading HarmonyOS Component Vulnerability: Improper Input Validation Leading to Process Crash HarmonyOS Component Vulnerability: External Control of System or Configuration Setting Leading to Core Dump HarmonyOS Integer Overflow or Wraparound Vulnerability: Memory Leakage Exploit HarmonyOS Data Processing Errors Vulnerability: Exploiting Kernel System Unavailability HarmonyOS Component Improper Input Validation Vulnerability: Out-of-Bounds Write HarmonyOS Local Arbitrary Code Execution Vulnerability HarmonyOS Component NULL Pointer Dereference Vulnerability Oracle Universal Work Queue: Unauthorized Data Access and Modification Vulnerability HarmonyOS Component Vulnerability: Insufficient Data Authenticity Verification HarmonyOS Component Vulnerability: Resource Allocation Without Limits or Throttling HarmonyOS Component NULL Pointer Dereference Vulnerability: Kernel Crash Exploit HarmonyOS Component Use After Free Vulnerability: Kernel Information Disclosure HarmonyOS Component Out-of-bounds Read Vulnerability Leading to System Soft Restart Heap-based Buffer Overflow Vulnerability in HarmonyOS Component Leads to Kernel System Unavailability HarmonyOS Component Use After Free Vulnerability: Local Kernel Crash Exploit HarmonyOS Local Attackers Vulnerability: Improper Input Validation Allows Unauthorized Address Reading HarmonyOS Kernel Address Leakage Vulnerability HarmonyOS Kernel Out-of-bounds Read Vulnerability Oracle Advanced Collections Vulnerability: Unauthorized Data Access and Modification HarmonyOS Privileges Controls Vulnerability: Expanding Recording Trusted Domain HarmonyOS Component NULL Pointer Dereference Vulnerability: Local Process Crash Exploit Title: Huawei Smartphone Improper Verification Vulnerability: Threat to Service Confidentiality Authentication Vulnerability in Huawei Smartphone: Threat to Service Confidentiality Out-of-bounds Memory Access Vulnerability in Huawei Smartphone Improper Permission Management Vulnerability in Huawei Smartphone: Impact on Service Confidentiality HarmonyOS Module Interface UAF Vulnerability: Risk of Information Leakage Invalid Address Access Vulnerability in HarmonyOS Module Interface Oracle Secure Global Desktop 5.6 Vulnerability: Unauthenticated Network Access Compromises System HarmonyOS Module Integer Overflow Vulnerability Leading to Heap Memory Overflow Verification Errors Vulnerability in Huawei Smartphone: Implications for Service Confidentiality Uninitialized Variable Vulnerability in Huawei Smartphone Allows Transmission of Invalid Data IP Address Spoofing Vulnerability in Huawei Smartphones: Potential DoS Risk SSID Vulnerability in Huawei Devices: Threat to Service Confidentiality Unstandardized Field Names Vulnerability in Huawei Smartphones: A Threat to Service Confidentiality Out-of-bounds Read Vulnerability in Huawei Smartphone: Impact on Service Availability Unauthorized File Access Vulnerability in Huawei Smartphone Allows Tampering of Restored Backup Files Smartphone DoS Vulnerability: Threatening Service Availability Vulnerability in Oracle Landed Cost Management: Unauthorized Data Access and Modification Permission Verification Vulnerability in Huawei Smartphone: Impact on Device Performance Input Verification Vulnerability in Huawei Smartphone: Impact on Service Availability Samsung Mobile Devices Bluetooth UART Driver Buffer Overflow Vulnerability Fingerprint Inversion Vulnerability on Samsung Note20 Devices with Q(10.0) Software Exynos Mali GPU Driver Out-of-Bounds Access and Device Reset Vulnerability Critical Authentication Bypass Vulnerability in Micro Focus Access Manager: Risk of Information Leakage Improper Session Management in Advanced Authentication Versions Prior to 6.3 SP4 XML External Entity Injection Vulnerability in Micro Focus Application Lifecycle Management Persistent XSS Vulnerability in Micro Focus Application Performance Management (Versions 9.40-9.51) Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Cross Site Request Forgery Vulnerability in Micro Focus Application Performance Management (Versions 9.40-9.51) Critical Remote Code Execution Vulnerability in Micro Focus Operation Bridge Reporter (OBR) 10.40 Arbitrary Code Execution Vulnerability in Micro Focus Operations Bridge Manager Privilege Escalation Vulnerability in Micro Focus Operations Agent Critical Information Leakage Vulnerability in Micro Focus Access Manager (Versions < 5.0) Micro Focus Operations Bridge Manager Authentication Bypass Vulnerability Vulnerability in Oracle CRM Technical Foundation: Unauthorized Data Access and Modification Critical Reflected XSS Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin SSL/TLS Certificate Disabling Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin CSRF Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin Unrestricted Access Vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins Plugin Arbitrary Code Execution Vulnerability in Micro Focus Application Performance Management Bypassing Multi-Factor Authentication in NetIQ Advanced Authentication Sensitive Information Exposure via Log Files in Micro Focus Secure API Manager (SAPIM) 2.0.0 Unauthorized Privilege Escalation Vulnerability in Micro Focus Data Protector Arbitrary Code Execution Vulnerability in Micro Focus SiteScope Oracle Loans Product Vulnerability: Unauthorized Data Access and Modification Privileged Escalation Vulnerability in Micro Focus ZENworks Configuration Management Critical Reflected Cross-Site Scripting Vulnerability in Micro Focus Verastream Host Integrator 7.8 Update 1 and Earlier Versions XML External Entity (XXE) Vulnerability in Micro Focus Verastream Host Integrator Critical Injection Attack Vulnerability in NetIQ Access Manager Prior to 5.0.1 and 4.5.4 NetIQ Access Manager Information Leakage Vulnerability Open Redirect Vulnerability in NetIQ Access Manager Versions Prior to 5.0.1 and 4.5.4 NetIQ Access Manager Information Leakage Vulnerability NetIQ Access Manager Reflected XSS Vulnerability Oracle Advanced Supply Chain Planning Unauthenticated Access Vulnerability Cross-Site Scripting Vulnerability in NetIQ Access Manager 4.5 and 5.0 Critical Unauthorized Information Disclosure Vulnerability in Micro Focus Directory and Resource Administrator (DRA) Privilege Escalation Vulnerability in Google Exposure Notification Verification Server Arbitrary Code Execution through Crafted JSON Config File in VScode-bazel Vulnerability in Oracle Project Contracts of Oracle E-Business Suite: Unauthorized Data Access and Modification XSS Vulnerability via DOM Clobbering in Dart SDK (Versions prior to 2.12.3) KVM Vulnerability: Local Privilege Escalation through Improper Handling of VM_IO|VM_PFNMAP Vmas Vulnerability in BinDiff 7 allows for arbitrary code execution Heap Buffer Overflow in IoT Devices SDK's calloc() Implementation Memory Pointer Manipulation Vulnerability Address Modification Vulnerability Oracle Service Contracts Vulnerability: Unauthorized Data Access and Modification Enclave Memory Pointer Modification Vulnerability Untrusted Memory Read Vulnerability in Asylo Versions up to 0.6.1 Heap Memory Exhaustion Vulnerability in Gerrit Servers Linux Kernel Heap Out-of-Bounds Write Vulnerability in net/netfilter/x_tables.c Integer Overflow Vulnerability in Kernel Memory Cache Invalidation Operations Code Execution Vulnerability in SLO Generator via Crafted YAML Files Vulnerability in Oracle Storage Cloud Software Appliance Allows Unauthorized Takeover Out of Bounds Access Vulnerability in libjxl when Rendering Splines JPEG XL Out of Bounds Copy Vulnerability Vulnerability: Premature Expiration of Verification Codes in Exposure Notification Server Privilege Escalation via Incorrect UXN and PXN Bit Settings Bidirectional Unicode Text Vulnerability: Exploiting Code Review with Invisible Source Code OAuth2 Access Token Impersonation Vulnerability in Dart Pub Publish Command Out-of-Order Processing Vulnerability in Protobuf-Java Vulnerability in Oracle Storage Cloud Software Appliance Management Console (CVE-2021-12345) Nullptr Dereference Vulnerability in Proto Symbol Parsing File Disclosure Vulnerability in SA360 Reports Staging Process World-readable files created in system temporary directory on unix-like systems Insecure IDToken Verification Allows for Unauthorized Payload Manipulation Oracle Projects User Interface Unauthorized Data Access Vulnerability Oracle Payables Vulnerability: Unauthorized Access and Data Manipulation Vulnerability in Oracle Human Resources product of Oracle E-Business Suite (iRecruitment component) allows unauthorized access and data manipulation Double Free Vulnerability in packet_set_ring() in net/packet/af_packet.c Oracle Lease and Finance Management Product Vulnerability: Unauthorized Data Access and Modification Oracle Purchasing Product Vulnerability: Unauthorized Data Access and Modification Oracle Sourcing Product Vulnerability: Unauthorized Data Access and Modification Integer Overflow Vulnerability in Texas Instruments TI-RTOS HeapMem_allocUnprotected Function Stack-based Buffer Overflow Vulnerabilities in Tellus Lite V-Simulator and V-Server Lite (Versions prior to 4.0.10.0) Fatek FvDesigner Version 1.5.76 and Prior Out-of-Bounds Read Vulnerability Uninitialized Pointer Vulnerability in Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0) Vulnerability in Oracle VM VirtualBox Prior to 6.1.20: Unauthorized Access and Data Manipulation Vulnerability: Password Decryption through Communication Capture and Brute Force Attacks in Ovarro TBox Heap-Based Buffer Overflow Vulnerability in Tellus Lite V-Simulator and V-Server Lite (Versions prior to 4.0.10.0) Invalid Modbus Frames Exploit: Crashing Ovarro TBox System Out-of-Bounds Read Vulnerability in Luxion KeyShot Versions Prior to 10.1 Hardcoded User and Key Vulnerability in Ovarro TBox TWinSoft Remote Code Execution Vulnerability in Luxion KeyShot Versions Prior to 10.1 TWinSoft Configuration Upload Vulnerability in Ovarro TBox Multiple Out-of-Bounds Write Vulnerabilities in Luxion KeyShot Versions Prior to 10.1 Critical Vulnerability: Ovarro TBox Modbus File Access Allows Unauthorized Configuration File Manipulation Multiple NULL Pointer Dereference Vulnerabilities in Luxion KeyShot Versions Prior to 10.1 TWinSoft Code Execution Vulnerability Directory Traversal Vulnerability in Luxion KeyShot Versions Prior to 10.1 Unauthenticated Configuration Change and Code Execution in Advantech iView Versions Prior to v5.7.03.6112 Out-of-Bounds Write Vulnerabilities in Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0) SQL Injection Vulnerability in Advantech iView Versions Prior to v5.7.03.6112 Out-of-Bounds Read Vulnerabilities in Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0) Directory Traversal Vulnerability in Advantech iView Versions Prior to v5.7.03.6112 Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior SQL Injection Vulnerability in Advantech iView Versions Prior to v5.7.03.6112 Remote Unauthenticated Buffer Overflow Vulnerability in Rockwell Automation MicroLogix 1400 Version 21.6 and Below Oracle VM VirtualBox Prior to 6.1.20 High Privilege Unauthorized Access Vulnerability Out-of-Bounds Read Vulnerability in CNCSoft-B Versions 1.0.0.3 and Prior Unauthenticated Password Change Vulnerability in ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior) Use After Free Vulnerability in Fatek FvDesigner Version 1.5.76 and Prior Out-of-Bounds Read Vulnerability in Cscape (All versions prior to 9.90 SP3.5) CNCSoft-B Versions 1.0.0.3 and Prior Out-of-Bounds Write Vulnerability Privilege Escalation and System Takeover Vulnerability in Rockwell Automation DriveTools SP and Drives AOP Stack-Based Buffer Overflow in Fatek FvDesigner Version 1.5.76 and Prior Hard-coded Credentials Vulnerability in BB-ESWGP506-2SFP-T Versions 1.01.09 and Prior Out-of-Bounds Read Vulnerability in Delta Industrial Automation CNCSoft ScreenEditor Default Permissions on WebAccess/SCADA Portal Allow Unauthorized Password Update and Privilege Escalation Vulnerability in Oracle Labor Distribution User Interface: Unauthorized Data Access and Modification Uninitialized Pointer Vulnerability in Fatek FvDesigner Version 1.5.76 and Prior Remote Code Execution via Integer Overflow in SimpleLink Wi-Fi SDK Remote Code Execution Vulnerability in Delta Electronics' CNCSoft ScreenEditor Stack-based Buffer Overflow in SimpleLink Wi-Fi Firmware Update Process Relative Path Traversal Vulnerability in WebAccess/SCADA Remote Code Execution Vulnerability in SimpleLink Wi-Fi Firmware Update Cross-Site Scripting (XSS) Vulnerability in UserExcelOut.asp in WebAccess/SCADA Integer Overflow in Host MCU APIs for WIFI Network Connection Memory Corruption Vulnerability in Cscape (All versions prior to 9.90 SP4) Remote Code Execution Vulnerability in SimpleLink Wi-Fi SDKs Oracle Quoting Product Vulnerability in Oracle E-Business Suite (Courseware Component) Integer Overflow Vulnerability in NXP MQX Versions 5.1 and Prior: Arbitrary Memory Allocation and Remote Code Execution Authentication Bypass Vulnerability in Rockwell Automation Studio 5000 Logix Designer and RSLogix 5000 Local Privilege Escalation in Cscape (All versions prior to 9.90 SP4) Fatek FvDesigner Version 1.5.76 and Prior Out-of-Bounds Write Vulnerability Integer Wrap-Around Vulnerability in Tizen RT RTOS 3.0.GBB's functions_calloc and mm_zalloc Relative Path File Disclosure Vulnerability in Cassia Networks Access Controller Vulnerability in Oracle Advanced Pricing Price Book Component (CVE-2021-12345) Vulnerability: Unvalidated request_uri Parameter in Apache CXF Remote Code Execution Vulnerability in EcoStruxure Power Build - Rapsody Software Stack-Based Buffer Overflow in EcoStruxure Power Build - Rapsody Software Allows Remote Code Execution via Unrestricted File Upload Denial of Service Vulnerability in Modicon M241/M251 Logic Controllers Firmware Oracle Site Hub Vulnerability: Unauthorized Data Access and Modification Cross-Site Request Forgery Vulnerability in PowerLogic Devices CWE-319: Cleartext Transmission of Sensitive Information in PowerLogic Devices CWE-319: Cleartext Transmission of Sensitive Information in PowerLogic Devices Path Traversal Vulnerability in Harmony/HMI Products Configured by Vijeo Designer, Vijeo Designer Basic, or EcoStruxure Machine Expert Buffer Overflow Vulnerability in Vijeo Designer or EcoStruxure Machine Expert Driver Cross-site Scripting (XSS) Vulnerability in EVlink Charging Stations Vulnerability Title: Hard-coded Credentials in EVlink Charging Stations Vulnerability Title: Signature Verification Bypass in EVlink City, EVlink Parking, and EVlink Smart Wallbox Buffer Overflow Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Earlier Oracle Work in Process Product Vulnerability: Unauthorized Access and Data Manipulation Remote Code Execution Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Prior Arbitrary Read/Write Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Prior Arbitrary Read/Write Vulnerability in IGSS Definition (Def.exe) V15.0.0.21041 and Prior Buffer Overflow Vulnerability in PowerLogic Meters Buffer Overflow Vulnerability in PowerLogic ION7400, PM8000, and ION9000 (Versions prior to V3.0.0) CWE-732: Remote Code Execution via Incorrect Permission Assignment in C-Bus Toolkit (V1.15.9 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) Oracle Subledger Accounting Inquiries Vulnerability Remote Code Execution Vulnerability in C-Bus Toolkit (V1.15.7 and prior) CWE-200: Information Exposure in EVlink Charging Stations Stored Cross-site Scripting Vulnerability in EVlink City, EVlink Parking, and EVlink Smart Wallbox CWE-79: Cross-Site Scripting and Cross-Site Request Forgery Vulnerability in EVlink Charging Stations Title: CVE-352 Cross-Site Request Forgery (CSRF) Vulnerability in EVlink Charging Stations Title: CVE-352 Cross-Site Request Forgery (CSRF) Vulnerability in EVlink Charging Stations Unauthenticated Server-Side Request Forgery (SSRF) Vulnerability in EVlink Charging Stations Insufficient Entropy Vulnerability in EVlink Charging Stations Information Exposure Vulnerability in EVlink City, EVlink Parking, and EVlink Smart Wallbox Unauthorized Administrative Privileges Vulnerability in EVlink Charging Stations Oracle Legal Entity Configurator: Unauthorized Data Access and Modification Vulnerability Hard-coded Credentials Vulnerability in EVlink Charging Stations Insecure Password Recovery Mechanism Allows Unauthorized Password Change on Modicon Managed Switch Code Execution Vulnerability in homeLYnk and spaceLYnk V2.60 and earlier Shell Access Vulnerability in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior Remote Code Execution Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Remote Code Execution Vulnerability in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and Prior Path Traversal Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Insufficiently Protected Credentials Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Broken Cryptographic Algorithm Vulnerability in homeLYnk and spaceLYnk V2.60 and Prior Information Exposure Vulnerability in homeLYnk and spaceLYnk V2.60 and earlier versions during initial configuration Oracle E-Business Tax User Interface Vulnerability Unauthorized File Upload Vulnerability in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and Prior Insufficient Computational Effort in Password Hashing Vulnerability Vulnerability: Module Reset in Triconex Model 3009 MP with Malformed TriStation Packets Module Reset Vulnerability in Triconex TCM 4351B Improper Check for Unusual or Exceptional Conditions in Triconex Model 3009 MP Improper Check for Unusual or Exceptional Conditions Vulnerability in Triconex Model 3009 MP Improper Check for Unusual or Exceptional Conditions Vulnerability in Triconex Model 3009 MP Improper Check for Unusual or Exceptional Conditions Vulnerability in Triconex Model 3009 MP Remote Code Execution Vulnerability in C-Bus Toolkit and C-Gate Server Information Disclosure Vulnerability in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and Prior Oracle Applications Manager: Unauthorized Access and Data Manipulation Vulnerability IGSS Definition (Def.exe) V15.0.0.21041 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Read Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Write Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Read Vulnerability IGSS Definition (Def.exe) V15.0.0.21140 and Prior Out-of-Bounds Read Vulnerability Uninitialized Pointer Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior Use After Free Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior Oracle iSetup Product Vulnerability: Unauthorized Data Access and Modification IGSS Definition (Def.exe) V15.0.0.21140 and Prior - CWE-763: Release of Invalid Pointer or Reference Vulnerability Buffer Overflow Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior Remote Code Execution Vulnerability in IGSS Definition (Def.exe) V15.0.0.21140 and Prior CWE-640: Weak Password Recovery Mechanism for Forgotten Password in PowerLogic PM55xx, PM8ECC, EGX100, and EGX300 Vulnerability: CWE-287 - Improper Authentication in PowerLogic Devices Title: CWE-20: Improper Input Validation in PowerLogic EGX100 and EGX300 Allows for Denial of Service and Remote Code Execution Denial of Service Vulnerability in PowerLogic EGX100 and EGX300 PowerLogic EGX100 and EGX300 Improper Input Validation Vulnerability PowerLogic EGX100 and EGX300 Improper Input Validation Vulnerability Unrestricted Access to Files and Directories in Easergy T300 Firmware V2.7.1 and Older Oracle Coherence Unauthenticated Remote Code Execution Vulnerability Easergy T300 Firmware V2.7.1 and Older: Information Exposure Vulnerability Arbitrary Command Execution Vulnerability in Easergy T300 Firmware V2.7.1 and Older Authentication Bypass Vulnerability in Easergy T200 SCADA Systems Unverified Password Change Vulnerability in EVlink Charging Stations Vulnerability: Weak Password Hashing in EVlink Charging Stations Uncontrolled Search Path Element Vulnerability in GP-Pro EX, V4.09.250 and Prior CWE-502: Code Execution via Malicious Project File Deserialization Vulnerability Credential Exposure in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Modbus Authentication Bypass Vulnerability in Schneider Electric Industrial Control Systems MySQL Server Denial of Service Vulnerability Insufficiently Protected Credentials Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect SMTP Credential Leakage Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Information Disclosure Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Session Hijacking Vulnerability in Ritto Wiser Door Panel Communication C-Bus Toolkit v1.15.8 and Prior: Missing Authentication for Critical Function Vulnerability CWE-200: Information Exposure in Modicon M340 and Premium/Quantum CPUs and Communication Modules Modbus TCP Information Exposure Vulnerability Denial of Service Vulnerability in Modicon M340 and Premium/Quantum Processors and Communication Modules CWE-787: Out-of-bounds Write Vulnerability in Modicon M340 and Quantum Processors Buffer Overflow Vulnerability in Modicon PLC Controllers/Simulators Critical Remote Code Execution Vulnerability in Oracle VM VirtualBox (CVE-2021-1234) Denial of Service Vulnerability in Modicon PLC Controllers and Simulators Denial of Service Vulnerability in Modicon PLC Controllers and Simulators Modicon PLC Controller/Simulator Denial of Service Vulnerability via Crafted Project File FTP Protocol Vulnerability in AccuSine PCS+ / PFV+ and AccuSine PCSn Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.8.1 and prior) Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.8.1 and prior) Remote Code Execution Vulnerability in C-Bus Toolkit and C-Gate Server Path Traversal Vulnerability in EcoStruxure Control Expert, EcoStruxure Process Expert, and SCADAPack RemoteConnect Title: CWE-522: Insufficiently Protected Credentials in Conext ComBox (All Versions) Expose Sensitive Data Unintended Network Connection Vulnerability in Schneider Electric Software Update (V2.3.0 - V2.5.1) Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Denial of Service Vulnerability in Modicon M218 Logic Controller (V5.1.0.6 and prior) Arbitrary Command Execution Vulnerability in ConneXium Network Manager Software Remote Code Execution Vulnerability in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Unrestricted File Upload Vulnerability in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Arbitrary File Disclosure Vulnerability in IGSS Data Collector (dc.exe) (V15.0.0.21243 and prior) Missing Authentication for Critical Function in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) Title: Data Exfiltration and Unauthorized Access Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk (Versions 2.6.1 and Prior) Arbitrary Code Execution Vulnerability in Eurotherm GUIcon Tool Arbitrary Code Execution Vulnerability in Eurotherm GUIcon Tool Unintended Data Disclosure Vulnerability in Eurotherm GUIcon Tool Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Title: Cross-Site Scripting Vulnerability in Network Management Card (NMC) Allows Arbitrary Script Execution CWE-79: Cross-Site Scripting Vulnerability in APC Power Products Title: Cross-Site Scripting Vulnerability in APC Network Management Cards (NMC) Title: Cross-Site Scripting Vulnerability in Network Management Card (NMC) Software Cross-Site Scripting (XSS) Vulnerability in APC Network Management Cards Title: CWE-200: Information Exposure Vulnerability in APC Power Distribution Products and Network Management Cards Denial of Service Vulnerability in SCADAPack RTUs with Modbus Server Configuration Default Permissions Vulnerability in Harmony/Magelis iPC Series and Vijeo Designer Title: Unauthorized Access Vulnerability in EVlink Charging Stations (CWE-307) CWE-1021: UI Layer or Frame Manipulation Vulnerability in EVlink City, EVlink Parking, and EVlink Smart Wallbox Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Persistent Unauthorized Access Vulnerability in EVlink Charger Station Web Server Unpatched Server-Side Request Forgery (SSRF) Vulnerability in EVlink Charging Stations Cross-Site Scripting Vulnerability in EVlink Charging Stations Missing Authentication for Critical Function in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) Buffer Overflow Vulnerability in Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) Privileged Account Clickjacking Vulnerability Arbitrary Code Execution Vulnerability in EcoStruxure Power Monitoring Expert 9.0 and Prior Versions Arbitrary Code Execution Vulnerability in EcoStruxure Power Monitoring Expert 9.0 and Prior Versions Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Oracle VM VirtualBox Prior to 6.1.20 Core Vulnerability: Unauthorized Data Access and Modification SQL Injection Vulnerability in Hyweb HyCMS-J1's API SQL Injection Vulnerability in HGiga MailSherlock Stored XSS Vulnerability in Hyweb HyCMS-J1 Backend Editing Function Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Ineffective Access Control in HGiga EIP Product: Database Access and Privileged Function Vulnerability SQL Injection Vulnerability in HGiga EIP Document Management Page SQL Injection Vulnerability in HGiga EIP Product: Exposing Database Schema and Data through Online Registration Access Control Failure in Soar Cloud System's HR Portal: Exploiting User ID Retrieval Vulnerability SQL Injection Vulnerability in Soar Cloud System's HR Portal Deserialization Vulnerability in HR Portal of Soar Cloud System SQL Injection Vulnerabilities in CGE Property Management System Directory Traversal Vulnerability in CGE Page Allows Arbitrary File Downloads Privilege Escalation Vulnerability in CGE Account Management Function SQL Injection Vulnerability in EIC e-document System's Data Querying Function Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability Incomplete Identity Verification in EIC e-Document System Allows Unauthorized Access and Privilege Escalation GitHub Enterprise Server Improper Access Control Vulnerability GitHub Enterprise Server Improper Access Control Vulnerability in Actions Secrets Disclosure Improper Access Control Vulnerability in GitHub Enterprise Server GraphQL API GitHub Enterprise Server Remote Code Execution via GitHub Pages Configuration Override GitHub Enterprise Server Access Control Vulnerability GitHub Enterprise Server UI Misrepresentation Vulnerability GitHub Enterprise Server Path Traversal Vulnerability in GitHub Pages Configuration GitHub Enterprise Server Path Traversal Vulnerability in GitHub Pages Configuration Improper Access Control Vulnerability in GitHub Enterprise Server Oracle VM VirtualBox Prior to 6.1.20 Unauthenticated Remote Code Execution Vulnerability GitHub Pages Path Traversal Vulnerability in GitHub Enterprise Server Persistent Cross-Site Scripting (XSS) Vulnerability in Revive Adserver before 5.1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Revive Adserver before 5.1.0 via afr.php Delivery Script Open Redirect Vulnerability in Revive Adserver before 5.1.0 Reflected XSS Vulnerability in Revive Adserver before 5.1.1 via `period_preset` Parameter Reflected XSS vulnerability in Revive Adserver before 5.1.1 via `setPerPage` parameter in stats.php Credential Leakage via HTTP Referer Header in curl 7.1.1 to 7.75.0 Inadvertent Credential Leakage in Nextcloud External Storage Configuration Reflected Cross-Site Scripting (XSS) Vulnerability in Nextcloud Server prior to 20.0.6 Remote Command Execution in Nextcloud Desktop Client (CVE-2021-22879) Oracle Bills of Material Product Vulnerability: Unauthorized Data Access and Modification Regular Expression Denial of Service (REDoS) Vulnerability in PostgreSQL Adapter of Active Record Open Redirect Vulnerability in Action Pack's Host Authorization Middleware UniFi Protect v1.17.1 and Earlier: Denial-of-Service Vulnerability via Spoofed Cameras Denial of Service Vulnerability in Node.js with 'unknownProtocol' Connection Attempts Vulnerability: DNS Rebinding Attack Bypass in Node.js Unintended Method Execution and Information Disclosure Vulnerability in Action Pack >= 2.0.0 Persistent Cross-Site Scripting (XSS) Vulnerability in Rocket.Chat Desktop App BIOS Firmware Compromise Vulnerability in Pulse Secure PSA-Series Hardware Reflected XSS Vulnerability in Revive Adserver v5.2.0 and Earlier Reflected XSS Vulnerability in Revive Adserver v5.2.0 and Earlier Oracle Product Hub Template GTIN Search Vulnerability Vulnerability: MITM Attack via Bad Handling of TLS 1.3 Session Tickets in curl 7.63.0 to 7.75.0 Missing Authorization Vulnerability in Citrix ShareFile Storage Zones Controller Information Disclosure Vulnerability in Rocket.Chat Server Title: Critical Authentication Bypass Vulnerability in Pulse Connect Secure Allows Remote Code Execution Buffer Overflow Vulnerability in Pulse Connect Secure Allows Remote Code Execution Improper Certificate Validation in Nextcloud Desktop Client Improper Access Control in Nextcloud Mail 1.9.5: Unauthorized Creation of Mail Aliases Vulnerability: Exposure of Data Element to Wrong Session in libcurl Information Disclosure Vulnerability in cURL 7.7 through 7.76.1 via `-t` Command Line Option Command Injection Vulnerability in Pulse Connect Secure Allows Remote Code Execution via Windows Resource Profiles Feature Oracle E-Business Suite Change Management Vulnerability Unrestricted Upload Vulnerability in Pulse Connect Secure Use-After-Free Vulnerability in curl 7.75.0 through 7.76.1: Remote Code Execution Possible Denial of Service Vulnerability in Action Dispatch Mime Type Parser Possible Open Redirect Vulnerability in ActionPack Ruby Gem Possible Denial of Service Vulnerability in Action Controller Token Authentication Information Disclosure in Nextcloud Android App: Default Server Lookup Vulnerability Nextcloud End-to-End Encryption Denial of Service Vulnerability Improper Access Control Vulnerability in Citrix Workspace App for Windows Buffer Overflow Vulnerability in Windows File Resource Profiles in 9.X Firmware Update Man-in-the-Middle Vulnerability in EdgeMAX EdgeRouter Vulnerability in Oracle VM VirtualBox Prior to 6.1.20: Unauthorized Access to Critical Data NoSQL Injection Vulnerability in Rocket.Chat Server Versions <3.13.2, <3.12.4, <3.11.4 Unauthenticated NoSQL Injection Vulnerability in Rocket.Chat Server 3.11-3.13 Information Disclosure Vulnerability in Nextcloud iOS App Information Disclosure Vulnerability in Nextcloud Deck Insecure Storage of Sensitive Information in Citrix Cloud Connector Installation Logs Nextcloud Server Brute Force Vulnerability Information Disclosure Vulnerability in Brave Desktop's Adblocking Feature Information Disclosure Vulnerability in Brave Browser Desktop (Versions 1.17-1.20) with Adblocking and Tor Windows Out-of-Bounds Read Vulnerability in Node.js via uv__idna_toascii() Disk Space Consumption Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition Oracle Document Management and Collaboration Vulnerability: Unauthorized Data Access and Modification SAML Authentication Hijack Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition Local Privilege Escalation Vulnerability in Node.js on Windows Platforms Failure to Remove Potentially Malicious Content: Curl Metalink Hash Mismatch Vulnerability Insecure Credential Handling in curl's Metalink Feature Vulnerability: Case Insensitive Comparison in libcurl Connection Pool Uninitialized Data Disclosure Vulnerability in curl's CURLOPT_TELNETOPTIONS Vulnerability: File-Based Client Certificate Hijacking in libcurl Session Fixation Vulnerability in Citrix ADC and Citrix Gateway 13.0-82.45 Privilege Escalation Vulnerability in Citrix Virtual Apps and Desktops Information Disclosure in Brave Browser: Logged Timestamps of Connections to V2 Onion Domains MySQL Server Stored Procedure Denial of Service Vulnerability Use After Free Vulnerability in Node.js Allows Memory Corruption and Process Behavior Modification Vulnerability: Remote Code Execution, XSS, and DNS Hijacking in Node.js DNS Library Vulnerability: ShareFile File Encryption Disabling Issue Arbitrary File Deletion Vulnerability in Pulse Connect Secure Buffer Overflow Vulnerability in Pulse Connect Secure Command Injection Vulnerability in Pulse Connect Secure Cross-Site Scripting Vulnerability in Pulse Connect Secure before 9.1R12 File Write Vulnerability in Pulse Connect Secure Command Injection Vulnerability in Pulse Connect Secure Node.js HTTPS API Accepts Connections to Servers with Expired Certificates due to Incorrect Usage Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Use After Free Vulnerability in Node.js Allows Memory Corruption and Process Behavior Modification Remote Compromise of Citrix ShareFile Storage Zones Controller Open Redirect Vulnerability in Host Authorization Middleware in Action Pack >= 6.0.0 Remote Camera Control Vulnerability in UniFi Protect Application V1.18.1 and Earlier Privilege Escalation Vulnerability in UniFi Protect Application Double Free Vulnerability in libcurl <= 7.73.0 and 7.78.0 when Sending Data to MQTT Server Bypassing TLS Requirement in curl Versions 7.20.0 to 7.78.0 Curl STARTTLS Response Caching Vulnerability Insecure Session ID Generation in revive-adserver < 5.3.0 CSRF Vulnerability in Concrete CMS 8.5.5 and Below Allows File Duplication and Disk Space Exhaustion Vulnerability in Oracle Concurrent Processing of Oracle E-Business Suite: Unauthorized Data Access and Modification CSRF Vulnerability in Concrete CMS Prior to 8.5.6 Allows Deletion of Attachments in Conversation Comments Vulnerability: Unauthorized Access to Password Protected Files in Concrete CMS (previously concrete 5) prior to version 8.5.7 Remote Control Exploit in UniFi Talk Application V1.12.3 and Earlier CSRF Vulnerability in Concrete CMS 8.5.5 and Below Allows Topic Cloning and Resource Exhaustion Cross-Site Request Forgery Vulnerability in Concrete CMS <v9 Allows Unauthorized Requests Unauthenticated Denial of Service Vulnerability in Citrix ADC Uncontrolled Resource Consumption Vulnerability in Citrix ADC UniFi Protect Application Cross-Origin Resource Sharing (CORS) Account Takeover Vulnerability Server-Side Request Forgery Vulnerability in concrete5 < 8.5.5 Allows Bypassing Localhost Limitations HTTP Request Smuggling Vulnerability in llhttp < v2.1.4 and < v6.0.6 Oracle VM VirtualBox Prior to 6.1.20 Core Vulnerability HTTP Request Smuggling (HRS) Vulnerability in llhttp < 2.1.4 and < 6.0.6 GlassWire v2.1.167 Firewall Software Code Injection Vulnerability Vulnerability: Sensitive Data Leakage and Resource-Based DoS Attack via Crafted Requests Fastify-Static Module Redirect Vulnerability Double Slash Redirect Vulnerability in fastify-static Module (Versions >= 4.2.4 and < 4.4.1) Denial of Service Vulnerability in Pulse Connect Secure Privilege Escalation via Group Permissions in Concrete CMS versions 8.5.6 and below IDOR Vulnerability Allows Unauthenticated Access to Restricted Files in Concrete CMS Remote Code Execution in Concrete CMS (concrete5) File Manager via Bypass of Remote File Addition SSRF Mitigation Bypass in Concrete CMS Versions Below 8.5.7 Oracle VM VirtualBox Prior to 6.1.20 Core Vulnerability Local IP Import Vulnerability in Concrete CMS (formerly concrete5) Versions 8.5.6 and Below and Version 9.0.0 Out-of-Bounds Memory Access Vulnerability in BIG-IP JSON Parser Race condition vulnerability in BIG-IP and BIG-IQ allows for privilege escalation TMM Restart Vulnerability in BIG-IP Systems Excessive CPU Usage Vulnerability in BIG-IP Advanced WAF and ASM Coordinated Malicious HTTP Client and Server Code Vulnerability on BIG-IP Reflected XSS Vulnerability in BIG-IP Versions 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility with Fraud Protection Service Provisioning Critical Denial of Service Vulnerability in Oracle MySQL Server (Versions 8.0.23 and Prior) Untrusted Search Path Vulnerability in BIG-IP APM Client Troubleshooting Utility (CTU) for Windows Vulnerability: Man-in-the-Middle Attacks in TLS Renegotiation without Extended Master Secret (EMS) Extension Buffer Overflow Vulnerability in BIG-IP DNS and GTM Versions 11.6.x, 12.1.x, and 13.1.x Cross-Site Scripting Vulnerability in BIG-IP AFM Configuration Utility Open Redirection vulnerability in BIG-IP Advanced WAF and ASM versions 11.6.x to 15.1.x Excessive Memory Consumption Vulnerability in BIG-IP APM 16.0.x Unauthenticated Remote Command Execution Vulnerability in BIG-IP and BIG-IQ Authenticated Remote Command Execution Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Authenticated Remote Command Execution Vulnerability in BIG-IP TMUI Configuration Utility Authenticated Remote Command Execution Vulnerability in BIG-IP TMUI Configuration Utility MySQL Server Denial of Service Vulnerability Authenticated Remote Command Execution Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Buffer Overflow Vulnerability in BIG-IP Traffic Management Microkernel (TMM) URI Normalization Buffer Overflow and Remote Code Execution Vulnerability in BIG-IP Advanced WAF/BIG-IP ASM DOM-based XSS Vulnerability on DoS Profile Properties Page Reflected XSS Vulnerability in iControl REST on BIG-IP Systems Unauthenticated Failover Vulnerability in BIG-IQ High Availability Denial-of-Service Vulnerability in BIG-IQ Data Collection Device Cluster Unauthenticated and Unencrypted Clustering Transport in BIG-IQ HA ElasticSearch Service SYN Flood Protection Bypass in BIG-IP SNAT Listeners HTTP/2 Stream Retention Vulnerability MySQL Server Denial of Service Vulnerability TMM Restart Vulnerability in BIG-IP Versions 13.1.3.4-13.1.3.6 and 12.1.5.2 Undisclosed iControl REST Endpoint File Upload Vulnerability Session ID Exposure in BIG-IP APM and Edge Client on Windows Systems Undisclosed MPTCP Traffic Core File Generation Vulnerability Multipath TCP (MPTCP) Forwarding Flows Vulnerability Lack of TLS Encryption in BIG-IQ High Availability (HA) with Quorum Device Reflected Cross-Site Scripting Vulnerability in BIG-IQ Versions 7.x and 6.x Vulnerability: Fragmented IP Traffic Dropping in BIG-IP TMM Process BIG-IP APM AD Authentication Bypass via Spoofed AS-REP Response Denial of Service Vulnerability in BIG-IP Versions 16.0.x and 15.1.x Unauthorized Read Access Vulnerability in Oracle MySQL Server WebSocket JSON Payload Processing Vulnerability Excessive Resource Consumption in BIG-IP Traffic Management Microkernel (TMM) Arbitrary Command Execution Vulnerability in BIG-IP TMM Denial of Service Vulnerability in BIG-IP Missing Authorization Checks for File Uploads in BIG-IP Advanced WAF and ASM Bypassing Appliance Mode Restrictions in BIG-IP Bypassing Internal Restrictions to Retrieve Static Content in BIG-IP APM Nginx Resolver Vulnerability: UDP Packet Forgery Leading to Memory Overwrite Insecure Intra-Cluster Communication in NGINX Controller 3.x before 3.4.0 Exposure of Administrator Password in NGINX Controller Support Package Oracle Platform Security for Java Unauthenticated Takeover Vulnerability Insecure Key Generation in NAAS 3.x before 3.10.0 World Readable Agent Configuration File in Nginx Controller 3.x Weak File and Folder Permissions in BIG-IP Edge Client Windows Installer Service DLL Hijacking Vulnerability in BIG-IP Edge Client Windows Installer Authenticated Remote Command Execution Vulnerability in BIG-IQ Configuration Utility Authenticated Remote Command Execution Vulnerability in BIG-IP Configuration Utility Cross-Site Request Forgery (CSRF) Vulnerability in BIG-IP and BIG-IQ DOM-based Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Undisclosed Request Termination Vulnerability in F5 Advanced WAF/BIG-IP ASM Insufficient Permission Checks in F5 Advanced WAF and BIG-IP ASM Configuration Utility Allow SSRF Attacks Critical Vulnerability in Oracle Support Tools: Unauthorized Access to OSS Support Tools Data WebSocket Profile Denial of Service Vulnerability Privilege Escalation Vulnerability in BIG-IP Advanced WAF and ASM Configuration Utility Undisclosed DNS Responses Vulnerability in BIG-IP DNS Systems WebSocket Profile Denial of Service Vulnerability Undisclosed Requests Vulnerability in BIG-IP DNS Cache Resolver HTTP Profile Chunked Response Termination Vulnerability Undisclosed Requests Vulnerability in BIG-IP ASM and DataSafe Profiles Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Stored Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility IPSec Remote Peer Unauthorized Termination Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash SQL Injection Vulnerability in BIG-IP AFM Configuration Utility DOM-based Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Undisclosed Requests Vulnerability in BIG-IP Software Directory Traversal Vulnerability in BIG-IP Configuration Utility Denial of Service vulnerability in BIG-IP with Intel QuickAssist Technology (QAT) compression driver SCTP Profile Multiple Paths Vulnerability Insecure Logging of Secure Properties in Guided Configuration Memory Increase Vulnerability in BIG-IP APM's OCSP Verification GTP Message Vulnerability in BIG-IP Software Denial-of-Service Vulnerability in BIG-IP Traffic Management Microkernel MySQL Server Denial of Service Vulnerability CSRF-Enabled Policy HTML Response Termination Vulnerability Vulnerability: TMM Termination in BIG-IP with DPDK/ENA Driver on AWS Open Redirect Vulnerability in BIG-IP APM Access Policy MySQL Database Disk Space Exhaustion Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP APM System Command line restriction bypass in NGINX Ingress Controller Oracle VM VirtualBox Prior to 6.1.20 High Privilege Unauthorized Access Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Data Compromise Unauthorized Read Access Vulnerability in Oracle MySQL Server Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Oracle VM VirtualBox Prior to 6.1.20 Vulnerability: High Privileged Takeover Critical Data Access Vulnerability in Oracle Hospitality Inventory Management Oracle VM VirtualBox Prior to 6.1.20 Denial of Service Vulnerability Unauthenticated Access to Unpublished and Inaccessible Modules in Joomla! XSS Vulnerability in Joomla! mod_breadcrumbs Aria-label Attribute XSS Vulnerability in Joomla! com_tags Views Insecure rand() Function Used in 2FA Secret Generation in Joomla! Insufficient Length for 2FA Secret in Joomla! 3.2.0 through 3.9.24 Insecure Implementation of randval in Joomla! Core Cross-Site Scripting (XSS) Vulnerability in Joomla! 2.5.0 through 3.9.24 XSS Vulnerability in Joomla! 2.5.0 through 3.9.24 due to Missing Filtering of Feed Fields Template Manager Input Validation Vulnerability Path Traversal Vulnerability in Joomla! com_media Component Race Condition Vulnerability in Linux Kernel SCTP Sockets Leading to Privilege Escalation Privilege Escalation via Use After Free Vulnerability in Linux Kernel NFC Sockets Data Leakage through Error Messages and Logs in Argo CD Web UI Unprivileged Command Centre Operator Can Perform Macro Overrides in Gallagher Command Centre Server Stack-Based Buffer Overflow in WECON LeviStudioU Versions 2019-09-21 and Prior: Remote Code Execution Vulnerability Null Pointer Vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 Oracle Application Object Library Vulnerability: Unauthorized Access and Data Manipulation Unauthorized Modification of Command Line Macros in Gallagher Command Centre Server Bypassing PIV Verification in Gallagher Controller: An Incomplete Comparison Vulnerability UART Console Vulnerability in Netgear Nighthawk R6700 Version 1.0.4.120 Oracle HTTP Server Unauthenticated Access Vulnerability AMP for WP – Accelerated Mobile Pages Plugin <= 1.0.77.31 Authenticated Stored XSS Vulnerability Privilege Escalation Vulnerability in Intel(R) Advisor Software Arbitrary Shell Command Execution in Lens Prior to 5.3.4 Certificate Chain Validation Vulnerability in Gallagher Command Centre Mobile Client for Android Heap-Based Buffer Overflow in WECON LeviStudioU Versions 2019-09-21 and Prior: Remote Code Execution Vulnerability Double-Free Vulnerability in htmldoc v1.9.12: Arbitrary Code Execution and Denial of Service Heap-Buffer-Overflow Vulnerability in SoX's lsx_read_w_buf() Function Oracle HRMS (France) Unauthorized Data Access and Modification Vulnerability Vulnerability: Man-in-the-Middle Attack in Mobile Connect for Android CSRF Vulnerability in JFrog Artifactory Versions Prior to 7.33.6 and 6.23.38 Heap Buffer Overflow in htmldoc's pspdf_prepare_outpages() Function File Manipulation Vulnerability in Odoo Community and Enterprise 15.0 and Earlier SMTP Client Certificate Validation Vulnerability in Gallagher Command Centre Unauthenticated Out of Bounds Read Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Heap-Buffer Overflow in OpenEXR's copyIntoFrameBuffer Function (Versions < 3.0.1) Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) Heap-buffer-overflow vulnerability in SoX's startread() function in hcom.c file Improper Access Control Vulnerability Exposes Sensitive Data to Authenticated Users Download Monitor WordPress Plugin <= 4.4.6 Authenticated Persistent XSS Vulnerability Privilege Escalation and Access Control Vulnerability in NVIDIA GeForce Experience GameStream Improper Access Control in Reporting Engine of l10n_fr_fec Module in Odoo Community and Enterprise Versions 15.0 and Earlier Improper Link Resolution Vulnerability in Archive Extraction Payment Method Validation Bypass in Odoo Community and Enterprise 15.0 and Earlier Vulnerability: Out of Bounds Read in Intel(R) and Killer(TM) Bluetooth(R) Firmware Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) Null Pointer Dereference Vulnerability in htmldoc v1.9.12 and Earlier Cleartext Storage of Sensitive Information in Memory in Gallagher Command Centre Server Database Content Access and Modification Vulnerability in Odoo Community and Enterprise 15.0 and Earlier Local Access Information Disclosure Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) NULL Pointer Dereference in image_load_jpeg() Function in htmldoc v1.9.12 and Earlier Samba DCE/RPC Fragmentation Vulnerability Privilege Escalation Vulnerability in Gallagher Command Centre Server Directory Listing Vulnerability in Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 Insufficient Client-Side Authentication and Session Management in Agilia Link+ Version 3.0 Unquoted Service Path Vulnerability in Gallagher Controller Service Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console (CVE-2021-12345) Vulnerability in NVIDIA GPU and Tegra Hardware Microcontroller Allows Unauthorized Microcode Generation and Potential Device Compromise Arbitrary PDF Report Download Vulnerability in Odoo Community and Enterprise 14.0-15.0 Sensitive Information Exposure in Gallagher Command Centre Server Privilege Escalation Vulnerability in Gallagher Command Centre Server Stack Buffer Overflow in htmldoc v1.9.12 and Prior: Arbitrary Code Execution and Denial of Service Vulnerability Vulnerability: Unauthorized Access and Impersonation in Fresenius Kabi Vigilant MasterMed v2.0.1.3 Persistent Cross-Site Scripting (XSS) Vulnerabilities in AMP for WP WordPress Plugin (<= 1.0.77.32) Oracle VM VirtualBox Prior to 6.1.20 High Privilege Unauthorized Access Vulnerability SoX voc.c read_samples() Floating Point Divide-by-Zero Vulnerability Cleartext Storage of Cloud Encryption Key in Memory Vulnerability in Gallagher Command Centre Server SSL Certificate Verification Bypass Vulnerability Integer Overflow and Heap-Buffer Overflow Vulnerability in OpenEXR's DwaCompressor Time-Window Corrupting Vulnerability in NVIDIA GPU and Tegra Hardware FIPS Mode Enabled Memory Leak in Mirantis Container Runtime 20.10.8 Vulnerability in NVIDIA GPU and Tegra Hardware Microcontroller Allows Unauthorized Information Disclosure OpenGrok Web App Vulnerability: Remote Takeover (CVE-XXXX-XXXX) SSL Certificate Verification Bypass Vulnerability Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Arbitrary Web Script Injection Vulnerability in Cacti 1.1.38 User Creation CSRF Vulnerability in Alexander Fuchs PHP Everywhere Plugin <= 2.0.2 Reflected Cross-Site Scripting Vulnerability in DIAEnergie Version 1.7.5 and Prior Oracle FLEXCUBE Universal Banking: Unauthenticated Remote Access Vulnerability SQL Injection Vulnerability in Gallagher Command Centre OPCUA Interface Unauthenticated Access to Sensitive Endpoints in Fresenius Kabi Agilia Link+ v3.0 and Prior Device Disruption Vulnerability in Fresenius Kabi Agilia Link+ Version 3.0 Race Condition Vulnerability in Sudo's sudoedit Personality Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Privilege Escalation via SELinux RBAC Bypass in Sudoedit Directory Traversal and Authentication Bypass Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices Directory Traversal Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices Vulnerability in Oppo Battery App Allows Unauthorized Third-Party Provider Loading Vulnerability: ColorOS Whitelist XML Allows Unauthorized App Permissions Foreground Package Name Disclosure Vulnerability in ACE2 ColorOS11 Quick Game Engine Command Injection Vulnerability Enables Remote Code Execution URL Spoofing Vulnerability in Opera Mini for Android below 53.1 Remote Code Execution (RCE) Vulnerability in Spring Beans with SPEL Expression Remote Code Execution (RCE) Vulnerability in Groovy Script Rendering Database Vault Access Control Bypass Vulnerability in Oracle Database Server XSS Vulnerability: File Name Injection Allows Script Execution for Authenticated Users System Configuration File Override Vulnerability YAML Configuration File Modification Vulnerability Leading to Remote Code Execution (RCE) Unauthenticated Remote Attackers Can Read Textual Content via FreeMarker Unauthenticated Remote Attackers Can Manipulate Search Indexes in Unprotected Crafter-Search Installations Unauthorized Content Locking by Reviewer Role Log Injection Vulnerability Command Execution Vulnerability in Crafter Studio of Crafter CMS IPv6 Routing Loop Vulnerability in Gargoyle OS 1.12.0 Stored Cross Site Scripting (XSS) Vulnerability in TIBCO EBX Web Server Cross Site Scripting (XSS) Vulnerability in TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric Stored Cross Site Scripting (XSS) Vulnerability in TIBCO Spotfire Software Clickjacking Vulnerability in TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution Privilege Escalation Vulnerability in TIBCO Software Inc.'s Windows Installation Component Authenticated SQL Injection Vulnerability in Eaton Intelligent Power Manager (IPM) Prior to 1.69 Unauthenticated Eval Injection Vulnerability in Eaton Intelligent Power Manager (IPM) Authenticated Arbitrary File Delete Vulnerability in Eaton Intelligent Power Manager (IPM) Unauthenticated Arbitrary File Delete Vulnerability in Eaton Intelligent Power Manager (IPM) Oracle Text Component Vulnerability Authenticated Arbitrary File Upload Vulnerability in Eaton Intelligent Power Manager (IPM) Unauthenticated Remote Code Execution in Eaton Intelligent Power Manager (IPM) Stored Cross Site Scripting Vulnerability in Eaton Intelligent Power Protector (IPP) Software Stored Cross-site Scripting Vulnerability in Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) Versions 1.5.0plus205 and Earlier Reflected Cross-site Scripting Vulnerability in Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) CSV Formula Injection Vulnerability in Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) Insufficient Input Validation in Intelligent Power Manager (IPM 1) versions prior to 1.70 Insufficient Input Validation in Intelligent Power Protector Software (Versions Prior to 1.69) Oracle XML DB Component Takeover Vulnerability Oracle Database Server Core RDBMS Component Denial of Service Vulnerability Oracle LogMiner Component Vulnerability Arbitrary Command Injection in @graphql-tools/git-loader (before 6.2.6) Cross-site Scripting (XSS) Vulnerability in ApexCharts Package (Versions before 3.24.0) Prototype Pollution Vulnerability in iniparserjs Prototype Pollution in nested-object-assign before 1.0.4 via default function Oracle XML DB Component Privilege Escalation Vulnerability Command Injection Vulnerability in Launchpad Package (All Versions) via Stop Parameter Insecure Temporary File Creation in com.squareup:connect Package LDAP Injection Vulnerability in is-user-valid Package Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs Command Injection Vulnerability in Lodash Template Function Unsafe YAML Load Function in Qlib's Workflow Function in CLI Multiple Transfer-Encoding Headers Vulnerability Vulnerability in Oracle Database - Enterprise Edition Data Redaction Component Local File Inclusion Vulnerability in Pimcore CustomReportController Regular Expression Denial of Service (ReDoS) vulnerability in prismjs before 1.23.0 Vulnerability: Bypassing Remediation and Executing Malicious JavaScript in docsify before 4.12.0 Vulnerability: Regular Expression Denial of Service (ReDoS) in path-parse package Remote Code Execution (RCE) Vulnerability in total.js before 3.4.8 via set() Server-side Request Forgery (SSRF) vulnerability in github.com/thecodingmachine/gotenberg via /convert/html endpoint Regular Expression Backtracking Vulnerability in html-parse-stringify Package Cross-site Scripting (XSS) Vulnerability in Argo CD SSO Provider Arbitrary Command Execution Vulnerability in portprocesses Package (<=1.0.5) Vulnerability in Oracle Database - Enterprise Edition Data Redaction Component Denial of Service (DoS) Vulnerability in go-proxyproto Package Arbitrary Code Execution via Custom Graphviz Path in Madge ReDoS Vulnerability in jspdf's addImage Function Vulnerability: ReDoS in printf package (<=0.6.1) via regex string in lib/printf.js Arbitrary Command Execution Vulnerability in ps-kill Package Arbitrary Command Execution Vulnerability in kill-process-by-name Package Directory Traversal Vulnerability in Tyk Gateway's handleAddOrUpdateApi Function Arbitrary Code Injection Vulnerability in Underscore Package Arbitrary Command Execution Vulnerability in port-killer Package Vulnerability in Oracle Database - Enterprise Edition Data Redaction Component Arbitrary Command Execution Vulnerability in killport (before 1.0.2) Regular Expression Denial of Service (ReDoS) in hosted-git-info before 3.0.8 Arbitrary Command Execution in kill-by-port Package (CVE-2021-XXXX) Regular Expression Denial of Service (ReDoS) Vulnerability in browserslist 4.0.0 - 4.16.5 Authentication Bypass Vulnerability in Tyk Identity Broker via Go XML Parser ReDoS Vulnerability in postcss Package: Source Map Parsing Remote Code Execution (RCE) Vulnerability in Handlebars Package (Versions before 4.7.7) Oracle XML DB Component Takeover Vulnerability Critical Vulnerability in Swiper Package (Version < 6.5.1) Denial of Service Vulnerability in chrono-node before 2.2.4 Denial of Service (DoS) Vulnerability in mongo-express: Crash on Exporting Empty Collection as CSV Prototype Pollution in package set-deep-prop Arbitrary Command Execution Vulnerability in ps-visitor Package Arbitrary Command Execution Vulnerability in psnode Package Arbitrary Command Execution Vulnerability in ffmpegdotjs trimvideo Function Arbitrary Command Execution Vulnerability in onion-oled-js Package Arbitrary Command Execution Vulnerability in picotts Package Arbitrary Command Execution Vulnerability in Portkiller Package Vulnerability in Oracle Siebel CRM's Siebel Apps - Marketing: Unauthorized Data Access and Manipulation Arbitrary Command Execution Vulnerability in roar-pidusage Package Arbitrary Command Execution Vulnerability in Package Killing Regular Expression Denial of Service (ReDoS) in postcss before 8.2.13 via getAnnotationURL() and loadAnnotation() in lib/previous-map.js Prototype Pollution Vulnerability in Handlebars Package (Versions before 4.7.7) Open Redirect Vulnerability in koa-remove-trailing-slashes Package Arbitrary URL Redirect Vulnerability in Flask-Security Unencrypted Network Exposure of Internal Memory via Crafted Invalid Domain Names Open Redirect Vulnerability in trailing-slash Package (Versions before 2.0.1) Vulnerability: ReDoS in Email Validation of Package Forms Arbitrary Code Execution Vulnerability in total.js Package (before 3.4.9) via U.set() and U.get() Functions High-Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2021-2380) Arbitrary Code Execution Vulnerability in total4 Package (Versions before 0.0.43) Arbitrary File System Overwrite Vulnerability in Calipso Package Vulnerability: Regular Expression Denial of Service (ReDoS) in locutus package before 2.0.15 Arbitrary URL Redirection in Flask-Unchained before 0.9.0 Remote Code Execution (RCE) Vulnerability in studio-42/elfinder before 2.1.58 via PHP Code Execution in .phar Files Prototype Pollution Vulnerability in nedb Package Prototype Pollution in lutils package via main (merge) function Prototype Pollution vulnerability in @ianwalter/merge package Cross-site Scripting (XSS) Vulnerability in react-bootstrap-table's dataFormat Parameter Arbitrary Command Execution Vulnerability in wincred Package MySQL Server Vulnerability: Unauthorized Partial Denial of Service via Memcached Component HTTP Header Injection Vulnerability in Nodemailer Package (before 6.6.1) Arbitrary URL Redirection in Flask-User's make_safe_url Function Prototype Pollution in package record-like-deep-assign Prototype Pollution in ts-nodash Merge() Function CSRF Vulnerability in SQLite-Web Package Unvalidated Parameter in ClassificationstoreController Class in pimcore/pimcore Unsafe PAC File Handling Vulnerability in pac-resolver Improper Sanitization of User-Controlled File Names in elFinder.Net.Core Prototype Pollution Vulnerability in com.graphhopper:graphhopper-web-bundle Denial of Service (DoS) Vulnerability in github.com/pires/go-proxyproto before 0.6.0 Vulnerability in Java SE and Oracle GraalVM: Unauthorized Read Access Cross-site Scripting (XSS) Vulnerability in Package's Main Functionality Command Injection Vulnerability in gitlogplus Package Prototype Pollution Vulnerability in jszip before 3.7.0 Arbitrary Code Execution Vulnerability in video.js (before 7.14.3) Improper Sanitization of User-Controlled File Names in elFinder.AspNet Improper Input Sanitization in Curly-Bracket-Parser Template Library Prototype Pollution vulnerability in deepmergefn package XML External Entity (XXE) Injection Vulnerability in glances before 3.2.1 Prototype Pollution Vulnerability in open-graph Package (Versions before 0.2.6) MySQL Server Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in codeception/codeception Prototype Pollution in merge-change package via utils.set function Command Injection Vulnerability in bikeshed before 3.0.0 Arbitrary File Disclosure Vulnerability in bikeshed before 3.0.0 Denial of Service Vulnerability in ansi-html Package ReDoS Vulnerability in trim-off-newlines Package Proto Package Object Property Injection Vulnerability Arbitrary Extraction Vulnerability in elFinder.NetCore's ExtractAsync Function Path Traversal Vulnerability in elFinder.NetCore Denial of Service (DoS) Vulnerability in transpile Package's .to() Function Oracle Workflow Notification Mailer Unauthorized Read Access Vulnerability Directory Traversal Vulnerability in startserver Package Joplin Package Prior to 2.3.2 Vulnerable to Cross-Site Request Forgery (CSRF) Untrusted Input Vulnerability in Mootools' Object.merge() Function Prototype Pollution in algoliasearch-helper before 3.6.2 via merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers Type Confusion Vulnerability in object-path Package (CVE-2020-15256 Bypass) Session Hijacking Vulnerability Type Confusion Vulnerability in immer Package (before 9.0.6) Allows Bypass of CVE-2020-28477 ReDoS Vulnerability in Pillow's getrgb Function Type Confusion Vulnerability in mpath Package (CVE-2018-16490 Bypass) Arbitrary JavaScript Code Execution via File Upload in file-upload-with-preview Oracle Coherence Denial of Service Vulnerability Type Confusion Vulnerability in set-value Package Prototype Pollution Vulnerability in @cookiex/deep Package Type Confusion Vulnerability in edge.js Allows Bypassing Input Sanitization Type Confusion Vulnerability in jointjs before 3.4.2 Allows Bypass of CVE-2020-28480 Unescaped HTML Injection Vulnerability in datatables.net (<=1.11.3) Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function Type Confusion Vulnerability in teddy Package (before 0.5.9) Allows Bypass of Input Sanitization Prototype Pollution vulnerability in package config-handler Prototype Pollution Vulnerability in vm2 Package (<=3.9.4): Remote Code Execution Vulnerability in Oracle Commerce Guided Search / Experience Manager: Unauthorized Data Access and Manipulation Prototype Pollution Vulnerability in Dojo's setObject Function Insecure Randomness in otp-generator: Brute-Force Vulnerability Prototype Pollution Vulnerability in Package x-assign Vulnerability in Oracle Commerce Guided Search / Experience Manager: Unauthorized Data Access and Manipulation Prototype Pollution Vulnerability in min-dash Package (before 3.8.1) via set Method XML External Entity (XXE) Injection in com.h2database:h2 via org.h2.jdbc.JdbcSQLXML class object Vulnerability in Oracle Hyperion Infrastructure Technology: Unauthorized Access and Data Compromise Unvalidated Constructor Property in putil-merge's merge() Function Type Confusion Vulnerability in bootstrap-table Package Allows Bypass of Input Sanitization Unauthorized Read Access Vulnerability in Oracle Commerce Guided Search / Oracle Commerce Experience Manager Zip Slip Vulnerability in zip-local Package Unauthenticated Remote Code Execution in Oracle Essbase EAS Console Vulnerability: Regular Expression Denial of Service (ReDoS) in parse-link-header package (before 2.0.0) Open Redirect Vulnerability in Karma Package (before 6.3.16) Incomplete fix in @strikeentco/set package allows for denial of service and potential remote code execution Critical Unauthenticated Access Vulnerability in Oracle Essbase EAS Console (CVE-2021-XXXX) Prototype Pollution in object-path-set's setPath Method Type Confusion Vulnerability in json-ptr Allows Bypass of CVE-2020-7766 Vulnerability in Advanced Networking Option component of Oracle Database Server (CVE-2021-2351) Directory Traversal Vulnerability in Crow before 0.3+4 Prototype Pollution in cached-path-relative Package High-Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2021-2380) Arbitrary File Write Vulnerability in JUCE Framework's ZipFile::uncompressEntry Function Arbitrary Code Execution via Symbolic Link in JUCE Framework Vulnerability in Oracle Siebel CRM: Unauthorized Access to Critical Data MySQL Server Federated Component Denial of Service Vulnerability Sandbox Bypass Vulnerability in Realms-shim Package via Prototype Pollution Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation Sandbox Bypass Vulnerability in vm2 Package Vulnerability: Exposed Dangerous Method or Function in Guake (CVE-2021-12345) Prototype Pollution in bmoor before 0.10.1: Missing Sanitization in set Function Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Prototype Pollution in comb package via deepMerge() function Arbitrary JavaScript Code Execution via File Upload in plupload Information Exposure via valueOf() function in nanoid package (3.0.0 - 3.1.31) Vulnerability: Denial of Service (DoS) in colors package after 1.4.0 Prototype Pollution Vulnerability in extend2 Package MySQL Server Denial of Service Vulnerability Prototype Pollution in deepFillIn and set functions of js-data package (CVE-2020-28442) Oracle Access Manager Remote Access Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Deserialization of Untrusted Data Vulnerability in topthink/framework Sandbox Bypass Vulnerability in Realms-shim Package via Prototype Pollution Denial of Service Vulnerability in fastify-multipart (CVE-2020-8136 Bypass) Oracle Approvals Management Product Vulnerability: Unauthorized Data Access and Modification Oracle Advanced Inbound Telephony Vulnerability: Unauthorized Data Access and Modification Vulnerability in Oracle Field Service: Unauthorized Access and Data Manipulation Type Confusion Vulnerability in Dotty Package Allows Bypass of CVE-2021-25912 Vulnerability in Oracle Public Sector Financials (International) Allows Unauthorized Access and Data Manipulation Arbitrary File Read Vulnerability in convert-svg Packages Remote Code Execution (RCE) Vulnerability in Git Package Allows OS Command Execution Remote Code Execution (RCE) vulnerability in md-to-pdf before 5.0.0 Oracle iSupplier Portal: Unauthorized Data Access and Modification Vulnerability Cross-site Scripting (XSS) Vulnerability in @braintree/sanitize-url Package Oracle Human Resources Product Vulnerability: Unauthorized Access and Data Manipulation Unvalidated Formula Injection in html-to-csv Package Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Manipulation Prototype Pollution Vulnerability in sey's deepmerge() Function Server-side Request Forgery (SSRF) vulnerability in @isomorphic-git/cors-proxy before 2.7.1 MySQL Server Denial of Service Vulnerability File Upload Vulnerability in pekeupload Package Allows Remote Code Execution Unauthenticated Remote Access Vulnerability in Oracle Siebel CRM Prototype Pollution vulnerability in litespeed.js and appwrite/server-ce Vulnerability in Java SE and Oracle GraalVM: Unauthorized Data Access MySQL Server Denial of Service Vulnerability Prototype Pollution in mergeDeep() function of package merge-deep2 Prototype Pollution Vulnerability in object-extend Package (Version 0.0.0) Oracle Coherence Denial of Service Vulnerability Vulnerability: Server-side Request Forgery (SSRF) in ssrf-agent before 1.0.5 MySQL Server Denial of Service Vulnerability Stored Command Injection Vulnerability in Celery (CVE-2021-32823) Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Arbitrary OS Command Execution Vulnerability in docker-cli-js Vulnerability in Oracle MySQL Server (InnoDB Component) Allows Unauthorized Access to Critical Data Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Deserialization of Untrusted Data in ajaxpro.2 Package: Remote Code Execution Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Prototype Pollution in keyget package (0.0.0) via set, push, and at methods leading to DoS and potential RCE Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Sandbox Escape and Prototype Pollution Vulnerability in notevil and argencoders-notevil Packages Arbitrary File Write Vulnerability in github.com/kataras/iris Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Potential Cross-Site Scripting Vulnerability in tempura before 0.4.0 XML External Entity (XXE) Injection in com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 Directory Traversal Vulnerability in http-server-node via --path-as-is Vulnerability in Oracle Applications Framework: Unauthorized Access and Data Compromise Bypassing allowFunctions in latte/latte before 2.10.6 Type Confusion Vulnerability in jsonpointer Allows Bypass of Prototype Pollution Fix Oracle Solaris Kernel Vulnerability Allows Unauthorized Data Access and Partial Denial of Service Unisharp/laravel-filemanager Upload Function File Type Validation Bypass Vulnerability Oracle WebLogic Server Remote Code Execution Vulnerability Type Confusion Vulnerability in json-pointer Package Allows Bypass of CVE-2020-7709 Unquoted Attribute Injection leading to Cross-site Scripting (XSS) in Crow before 0.3+4 Inadequate Media Cache Clearance in Keybase Desktop Client MySQL Server Denial of Service Vulnerability Local File Disclosure Vulnerability in flatCore ACP Interface Stored XSS Vulnerability in flatCore ACP Interface Time-Based Blind SQL Injection in flatCore before 2.0.0 build 139 Reflected XSS Vulnerability in flatCore ACP Interface Vulnerability: Inverted Padding Check in OpenSSL 1.0.2 MySQL Server Denial of Service Vulnerability Vulnerability: Integer Overflow in EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate Vulnerability: OpenSSL X509_issuer_and_serial_hash() NULL Pointer Dereference Blowfish Encryption Key Retrieval Vulnerability Bosch AMC2 Configuration Tool Password Bypass Vulnerability Session Hijacking Vulnerability in Configuration Web Page Clear Text Password Vulnerability in HTTP Protocol Bosch IP Cameras: Missing Authentication in Critical Function Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Bosch IP Cameras CSRF Vulnerability in Web-Based Interface Allows Unauthorized Actions on Behalf of Users Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Remote Code Execution and Crash Vulnerability in Camera Recovery Image Telnet Interface Remote Code Execution and Crash Vulnerability in Camera Recovery Image Web Interface Bosch IP Cameras: Denial of Service (DoS) Vulnerability Arbitrary HTTP Header Injection Vulnerability in Bosch IP Cameras Reflected Cross Site Scripting (XSS) Vulnerability in Bosch IP Cameras (Versions 7.7x and 7.6x) Unprotected Web Server Exposes User and Password Database with Weak Hashing Algorithm Reflected XSS Vulnerability in Web Server Allows for Script Execution via Manipulated URLs Hash-Based Login Vulnerability Unprotected Web Server Exposes Sensitive Configuration and Device Details Unauthenticated Remote Crash and Command Injection Vulnerability in Bosch VRM and BVMS Unauthorized Read Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management Reflected Cross-Site Scripting (XSS) Vulnerability in VRM Web Interface Vulnerability: Unauthorized Access to Extended Debug Functionality on VRM Arbitrary Command Execution Vulnerability in Bosch Security Systems Bosch Video Security Android Application HTML Code Injection Vulnerability MySQL Server Denial of Service Vulnerability Privilege Escalation via Symbolic Link Manipulation in McAfee Total Protection (MTP) File Lock Component Junction Link Manipulation Privilege Escalation Vulnerability in McAfee Total Protection Arbitrary Process Execution Vulnerability in McAfee Total Protection (MTP) Prior to 16.0.30 Privilege Escalation and Arbitrary File Modification Vulnerability in McAfee Total Protection Privilege Escalation Vulnerability in McAfee Total Protection Trial Installer Clear Text Storage of Sensitive Information in Memory Vulnerability in McAfee Endpoint Security (ENS) for Windows Unquoted Service Path Vulnerability in McAfee Endpoint Product Removal (EPR) Tool Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Takeover Unauthenticated Local Administrator Uninstallation Vulnerability in McAfee Endpoint Security Stored Cross Site Scripting Vulnerability in McAfee Endpoint Security (ENS) ePO Extension Improper Access Control Vulnerability in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 February 2021 Update Null Pointer Dereference Vulnerability in McAfee Endpoint Security (ENS) for Windows Cleartext Transmission of Sensitive Information in McAfee Content Security Reporter (CSR) ePO Extension Privilege Escalation Vulnerability in McAfee Web Gateway (MWG) Prior to 9.2.8 Denial of Service Vulnerability in McAfee DLP Endpoint for Windows: BSoD via Process Suspension and Memory Modification Privilege Escalation via Arbitrary Kernel Address Write in McAfee DLP Endpoint for Windows Unvalidated Client-Side URL Redirect Vulnerability in McAfee ePolicy Orchestrator (ePO) Arbitrary Web Script Injection Vulnerability in McAfee ePolicy Orchestrator (ePO) Unauthenticated Remote Denial of Service Vulnerability in MySQL Server Information Leakage Vulnerability in McAfee ePolicy Orchestrator (ePO) Agent Handler Privilege Escalation Vulnerability in McAfee Total Protection (MTP) Prior to 16.0.32 Privilege Escalation through TOCTOU Race Condition in ENSL TP/FW Installation Process Privilege Escalation via Unutilized Memory Buffer in McAfee Drive Encryption (DE) Remote Code Execution Vulnerability in McAfee Database Security (DBSec) Prior to 4.8.2 Remote Code Execution Vulnerability in McAfee Database Security (DBSec) Prior to 4.8.2 Cleartext Transmission of Sensitive Information in McAfee Database Security (DBSec) Administrator Interface Arbitrary HTML/XML Injection in OWASP json-sanitizer (before 1.2.2) Unauthenticated Remote Denial of Service Vulnerability in MySQL Server Denial of Service Vulnerability in OWASP json-sanitizer XML External Entity (XXE) Injection Vulnerability in Nutch DmozParser Remote Code Execution Vulnerability in Mercedes-Benz MBUX Infotainment System Remote Code Execution Vulnerability in Mercedes-Benz MBUX Infotainment System Type Confusion Vulnerability in Headunit NTG6 of MBUX Infotainment System on Mercedes-Benz Vehicles Remote Code Execution Vulnerability in HERMES 2.1 MBUX Infotainment System on Mercedes-Benz Vehicles Oracle BI Publisher Scheduler Vulnerability Out-of-Bounds Array Access Vulnerability in HERMES 2.1 MBUX Infotainment System Oracle BI Publisher Remote Code Execution Vulnerability Broken Access Control on Password List Entry Elements in Devolutions Server Cross-Site Scripting (XSS) Vulnerability in Devolutions Remote Desktop Manager Broken Authentication Vulnerability in Devolutions Server Sensitive Information Exposure in Devolutions Server Diagnostic Files Cross-Site Scripting (XSS) Vulnerability in Devolutions Server Document Entries XML Entity Expansion Vulnerability in XMLBeans up to v2.6.0 SSRF Vulnerability in OX App Suite 7.10.4 via URL with @ Character in PUT Request Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.3 via ajax/apps/manifests Query String Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 Oracle E-Records E-Signatures Vulnerability Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via Conversion API for DistributedFile Inline Binary File XSS Vulnerability in OX App Suite through 7.10.4 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via Crafted Filename Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via mail:// URL Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 via Contact Name Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 via Appointment Location Field Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 via Task Subject Arbitrary DNS Lookup and Amplification Attack Vulnerability in Apache Wicket's WebClientInfo Oracle WebLogic Server Unauthenticated Takeover Vulnerability Vulnerability in Oracle Hospitality Reporting and Analytics: Unauthorized Data Access and Modification Cross-Origin Information Leakage in PDF Reader Type Confusion Vulnerability in JavaScript Switch Statement Pointer Lock State Confusion Vulnerability in Firefox < 85 Confusing File Picker Design in Firefox < 85 Allows Uploading Entire Directories Android `intent` URL scheme allows for iframe sandbox escape in Firefox for Android (Firefox < 85) Screen Sharing State Leakage Vulnerability in Firefox < 85 XSS Vulnerability in Firefox for Android: Spoofing Attacks on Internal Error Pages Oracle BI Publisher Product Takeover Vulnerability Garbage Collection Vulnerability in JavaScript Variables: User-After-Poison and Potential Crash Exploit Slipstream Exploit: Firefox < 85 Vulnerability Exposes Internal Network and Local Services User-After-Poison Vulnerability in Firefox < 85 WebRTC Geolocation Reset Vulnerability in Firefox < 85 Memory Corruption Vulnerabilities in Firefox 84 and Firefox ESR 78.6 Memory Corruption Vulnerabilities in Firefox 84 Frame Navigation Vulnerability in Firefox, Thunderbird, and Firefox ESR Improper Source File Handling in Firefox and Thunderbird Oracle WebLogic Server Remote Code Execution Vulnerability Context-Specific Code in Shared Jump Table Triggers Assertions in Multithreaded Wasm Code (Firefox < 86) Referrer-Policy Conflict in Firefox < 86 Allows Information Leakage HTTP Auth Phishing Vulnerability in Firefox < 86 Cross-Origin Resource Decoding Error Information Disclosure Vulnerability DOMParser API mXSS Bypass in Firefox < 86 Improper Use of sizeof Function in Firefox < 86 Arbitrary File Path Manifest Injection Vulnerability in Firefox for Android Time-of-Check-Time-of-Use Vulnerability in Firefox for Android Allows Unauthorized Access to Sensitive Data Memory Corruption Vulnerabilities in Firefox 85 and Firefox ESR 78.7 Memory Corruption Vulnerabilities in Firefox 85 Vulnerability in Oracle Advanced Outbound Telephony: Unauthorized Access and Data Manipulation Mutation XSS Vulnerability in bleach.clean() Function WebGL Texture Upload Vulnerability in Firefox and Thunderbird WebRTC-based Cross-Network Scanning Vulnerability CSS Rule Removal Vulnerability in Firefox < 87: Potential Memory Corruption and Exploitable Crash Popup Spoofing Vulnerability in Firefox ESR, Firefox, and Thunderbird Unnoticed Remote Monitoring and Network Traffic Exposure in Firefox < 87 Same-Origin Policy Bypass in Firefox Extension with Cross-Origin Favicon Reference Memory Corruption Vulnerabilities in Firefox 86 and Firefox ESR 78.8 Memory Corruption Vulnerabilities in Firefox 86 High Privilege Network Access Vulnerability in Oracle MySQL Server (CVE-2021-2380) Vulnerability: Invalid Subkey in Thunderbird's OpenPGP Key Handling OpenPGP Key User ID Spoofing Vulnerability in Thunderbird Denial of Service (DoS) Vulnerability in Thunderbird < 78.9.1 due to Invalid Subkey Self Signature WebGL Framebuffer Initialization Vulnerability in Firefox ESR, Thunderbird, and Firefox Arbitrary Code Execution Vulnerability in Firefox ESR, Thunderbird, and Firefox 3D CSS and Javascript Exploit: Viewport Spoofing Vulnerability in Firefox < 88 Use-After-Free Vulnerability in Firefox < 88 Allows Arbitrary Code Execution Inheriting Secure Lock Icon Vulnerability in Firefox ESR, Thunderbird, and Firefox Blob URL Privilege Escalation Vulnerability Oracle BI Publisher Unauthenticated Remote Code Execution Vulnerability Race Condition Vulnerability in Firefox < 88: User Interaction Misdirection Session History Manipulation in Firefox < 88 Arbitrary Command Injection via Encoded Newline Characters in FTP URLs Hard-coded Cryptographic Keys Vulnerability in FortiAuthenticator Versions Before 6.3.0 Improper Access Control Vulnerability in FortiManager: Unauthorized Access to SD-WAN Orchestrator Panel SQL Injection Vulnerabilities in FortiMail before 6.4.4 Arbitrary Command Execution Vulnerability in FortiWAN Web GUI (CWE-78) Oracle BI Publisher Unauthenticated Read Access Vulnerability Directory Traversal Vulnerability in FortiSandbox Privilege Escalation Vulnerability in FortiNAC Version Below 8.8.2: Abusing Sudo Privileges for Root Access LDAP User SSLVPN Certificate Trust Vulnerability Path Traversal Vulnerabilities in FortiMail Webmail: Unauthorized File Access XSS Vulnerability in FortiSandbox before 4.0.0 Command Injection Vulnerability in FortiMail Administrative Interface Arbitrary Command Execution via Crafted IPv4 Field in Fortinet FortiManager CSV Export Vulnerability Arbitrary Module Assignment Vulnerability in Fortinet FortiManager Buffer Underwrite Vulnerability in FortiOS Firmware Verification Routine Insufficient Session Expiration Vulnerability in FortiClientEMS Versions 6.4.2 and Below, 6.2.8 and Below MySQL Server Vulnerability: Unauthorized Hang and Crash Signature Verification Bypass in FortiMail 6.4.0 - 6.4.4 and 6.2.0 - 6.2.7 Stored Cross-Site Scripting (XSS) Vulnerability in FortiAnalyzer Logview Column Settings Buffer Overflow Vulnerability in FortiAnalyzer and FortiManager CLI Improper Input Validation in FortiAI v1.4.0 and Earlier Allows Authenticated User to Gain System Shell Access via Malicious Payload in diagnose Command Sensitive Information Exposure in FortiADCManager and FortiADC Integer Overflow and Heap Overflow in preg_quote function Out-of-Bounds Write Vulnerability in WhatsApp Audio Decoding Pipeline Cache Configuration Vulnerability in WhatsApp for Android and WhatsApp Business for Android Invalid Free Vulnerability in Facebook Thrift's Table-Based Serialization Packet of Death: Crash Vulnerability in mvfst and proxygen Oracle WebLogic Server Unauthenticated Read Access Vulnerability Code Execution Vulnerability in Facebook Gameroom's fbgames Protocol Handler Default File Permissions Vulnerability in Zstandard Command-Line Utility Incomplete Fix for CVE-2021-24031 Allows Momentary Unauthorized Access to Zstandard Output Files Command Injection Vulnerability in react-dev-utils prior to v11.0.4 Path Traversal Vulnerability in WhatsApp for Android and WhatsApp Business for Android Integer Overflow Vulnerability in IOBuf Creation Use After Free Vulnerability in Hermes Allows Arbitrary Code Execution via Crafted JavaScript Local Privilege Escalation Vulnerability in Oculus Desktop Versions 1.39 to 31.1.0.67.507 Vulnerability in Oracle PeopleSoft Enterprise HCM Candidate Gateway: Unauthorized Data Access and Manipulation Unsafe YAML Deserialization in ParlAI Prior to v1.1.0: Remote Code Execution Vulnerability Out-of-Bounds Write Vulnerability in WhatsApp for Android and WhatsApp Business for Android Out-of-Bounds Write Vulnerability in WhatsApp Calling Logic Out-of-Bounds Heap Read Vulnerability in WhatsApp Type Confusion Vulnerability in Hermes Prior to v0.10.0 Type Confusion Vulnerability in Facebook Hermes (prior to v0.10.0) Exploitable Logic Flaw in Ray-Ban® Stories Device Software Allows Unauthorized Parameter Modification Oracle Engineering Product Vulnerability: Unauthorized Data Access and Modification Vulnerability in Oracle Collaborative Planning User Interface Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint SharePoint Server Remote Code Execution Vulnerability Skype for Business and Lync Spoofing Vulnerability: Impersonation Threats Critical Windows TCP/IP Remote Code Execution Vulnerability Discovered Windows VMSwitch Denial of Service Vulnerability Windows VMSwitch Information Disclosure Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service Critical Remote Code Execution Vulnerability in Windows DNS Server Windows Backup Engine Data Exposure Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Windows Trust Verification API Denial of Service Vulnerability Windows Codecs Library Remote Code Execution Vulnerability WDAC Security Feature Bypass Vulnerability in Microsoft.PowerShell.Utility Module Address Book Remote Code Execution Vulnerability in Windows Windows Mobile Device Management Data Exposure Vulnerability Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Windows TCP/IP Denial of Service Vulnerability: Disrupting Network Communication Azure IoT CLI Extension Privilege Escalation Vulnerability PrintNightmare: Windows Local Spooler Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Oracle VM VirtualBox Prior to 6.1.24 Vulnerability: High Privileged Takeover Windows Error Reporting Privilege Escalation Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability: A Critical Security Flaw Guardian Breached: Microsoft Defender Elevation of Privilege Vulnerability Exploiting the Windows Graphics Component for Remote Code Execution Critical Windows TCP/IP Remote Code Execution Vulnerability Discovered Unprivileged Access Exploit in DirectX Windows Kernel Privilege Escalation Vulnerability Windows Console Driver DoS Vulnerability Skype for Business and Lync Denial of Service Vulnerability: Disrupting Communication Channels MySQL Server Denial of Service Vulnerability Microsoft Edge for Android Information Leakage Vulnerability Microsoft Dataverse Data Exposure Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Vulnerability: Dependency Confusion - Remote Code Execution Windows DirectX Information Leakage Vulnerability Windows Event Tracing Data Exposure Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Unauthenticated Elevation of Privilege Vulnerability in Microsoft Azure Kubernetes Service MySQL Cluster: Unauthenticated Remote Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion .NET Core Remote Code Execution: A Critical Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Teams iOS Data Exposure Vulnerability Lack of Constant-Time Computations in Botan Decoding and Encoding Operations Side-Channel Vulnerability in wolfSSL PEM File Decoding Allows Secret RSA Key Extraction Side-Channel Vulnerability in Apache Teaclave Rust SGX SDK 1.1.3: Exposing Secret RSA Keys through Base64 PEM File Decoding Side-Channel Vulnerability in Trusted Firmware Mbed TLS 2.24.0 Allows Secret RSA Key Extraction via Controlled-Channel and Side-Channel Attacks MySQL Server Denial of Service Vulnerability JSP Source Code Disclosure Vulnerability in Apache Tomcat Arbitrary File Upload Vulnerability in PowerPress WordPress Plugin Unauthenticated Reflected XSS in WP Shieldon WordPress Plugin v1.6.3 and below SQL Injection Vulnerability in Contact Form Submissions WordPress Plugin Privilege Escalation through Unsanitized Image Metadata in Envira Gallery Lite WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in ThirstyAffiliates Affiliate Link Manager WordPress Plugin Cross-site scripting vulnerability in Team Members WordPress plugin (versions before 5.0.4) allows injection of arbitrary web script or HTML via member's 'Description/biography' field Stored Cross-Site Scripting (XSS) Vulnerability in Themify Portfolio Post WordPress Plugin SQL Injection Vulnerability in WP Google Map Plugin WordPress Plugin Authenticated SQL Injection Vulnerabilities in Anti-Spam by CleanTalk WordPress Plugin SQL Injection Vulnerability in The Slider by 10Web WordPress Plugin CSRF Vulnerability in ActiveCampaign WordPress Plugin Allows Unauthorized API Credential Changes Multiple Stored Cross-Site Scripting Vulnerabilities in Constant Contact Forms WordPress Plugin (Versions < 1.8.8) Stored Cross-Site Scripting Vulnerabilities in WP Customer Reviews WordPress Plugin Multiple Cross-Site Scripting Vulnerabilities in Testimonials Widget WordPress Plugin SQL Injection Vulnerability in Blog2Social WordPress Plugin (Versions < 6.3.1) Authenticated SQL Injection in AdRotate WordPress Plugin (Versions < 5.8.4) via id Parameter SQL Injection Vulnerability in 10Web Photo Gallery WordPress Plugin Vulnerability in Oracle Communications Session Border Controller: Unauthorized Access to Critical Data SQL Injection vulnerability in Ajax Load More WordPress Plugin (versions before 5.3.2) via unvalidated input in POST /wp-admin/admin-ajax.php SQL Injection Vulnerability in Advanced Database Cleaner Plugin (Versions < 3.0.2) Allows Admin+ Users to Perform Unauthorized SQL Attacks SQL Injection Vulnerability in Easy Redirect Manager WordPress Plugin SQL Injection Vulnerability in AccessPress Social Icons Plugin Arbitrary Formula Injection Vulnerability in Contact Form 7 Database Addon Plugin Arbitrary PHP File Upload in Modern Events Calendar Lite WordPress Plugin Unauthenticated Access to Event Data Export in Modern Events Calendar Lite WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Modern Events Calendar Lite WordPress Plugin Authentication Bypass Vulnerability in MStore API WordPress Plugin (Versions < 3.2.0) via Sign In With Apple Authenticated SQL Injection in Modern Events Calendar Lite WordPress Plugin Oracle Time and Labor Product Vulnerability: Unauthorized Access and Data Manipulation Unauthenticated Full-Read SSRF Vulnerability in LikeBtn WordPress Plugin Authenticated Blind SQL Injection Vulnerability in WP Editor WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Popup Builder's All Subscribers Setting Page Stored Cross-Site Scripting Vulnerability in Yoast SEO WordPress Plugin Arbitrary File Download Vulnerability in Theme Editor WordPress Plugin Arbitrary File Upload and Remote Code Execution Vulnerability in Backup Guard WordPress Plugin Stored Cross-Site Scripting Vulnerability in Testimonial Rotator 3.0.3 Allows Privilege Escalation Unfiltered HTML Capability Bypass in Orbit Fox by ThemeIsle Hidden User Role Parameter Vulnerability in Orbit Fox by ThemeIsle Cross-Site Scripting (XSS) Vulnerability in Contact Form 7 Style WordPress Plugin Oracle Communications Session Border Controller Denial of Service Vulnerability Remote Code Execution Vulnerability in Responsive Menu WordPress Plugin Remote Code Execution Vulnerability in Responsive Menu WordPress Plugin Vulnerability in Responsive Menu WordPress Plugins Allows Injection of Malicious JavaScript Unauthenticated User Installation and Client Secret Retrieval Vulnerability in SendWP Ninja Forms Contact Form Plugin Unauthorized Access to OAuth Connection Information in Ninja Forms Contact Form WordPress Plugin Open Redirect Vulnerability in Ninja Forms Contact Form WordPress Plugin Vulnerability: Lack of Nonce Protection in wp_ajax_nf_oauth_disconnect Endpoint XMLHttpRequest Vulnerability in Web-Stat < 1.4.0 Allows Unauthorized Access Stored Cross-Site Scripting Vulnerability in Easy Contact Form Pro WordPress Plugin Reflected XSS Vulnerability in Advanced Order Export For WooCommerce WordPress Plugin Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Information Leakage in User Profile Picture WordPress Plugin Double Extension Attack and Path Traversal Vulnerability in WooCommerce Upload Files WordPress Plugin Vulnerability: Lack of CSRF Checks in VM Backups WordPress Plugin CSRF Vulnerability in VM Backups WordPress Plugin Allows Stored Cross-Site Scripting CSRF Vulnerability in Database Backups WordPress Plugin Vulnerability: Authentication Bypass and Arbitrary Account Creation in Plus Addons for Elementor Page Builder WordPress Plugin Arbitrary JavaScript Code Execution in JH 404 Logger WordPress Plugin Reflected XSS Vulnerability in File Manager WordPress Plugin Cross-Site Request Forgery and Stored Cross-Site Scripting Vulnerabilities in Business Directory Plugin Cross-Site Request Forgery and Remote Code Execution Vulnerability in Business Directory Plugin for WordPress MySQL Server Denial of Service Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Related Posts for WordPress Plugin Blind and Time-Based SQL Injection Vulnerability in Tutor LMS Plugin Vulnerability: UNION-based SQL Injection in Tutor LMS Plugin Vulnerability: UNION-based SQL Injection in Tutor LMS Plugin Unprotected AJAX Endpoints in Tutor LMS Plugin Allow Unauthorized Course Modifications and Privilege Escalation Blind and Time-Based SQL Injection Vulnerability in Tutor LMS Plugin UNION Based SQL Injection Vulnerability in Tutor LMS Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in SEO Redirection Plugin - 301 Redirect Manager WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in WP Content Copy Protection & No Right Click WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Captchinoo WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Arbitrary Plugin Installation and Activation Vulnerability in WooCommerce Conditional Marketing Mailer WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in WP Maintenance Mode & Site Under Construction WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Tree Sitemap WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Visitor Traffic Real Time Statistics WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Login Protection - Limit Failed Login Attempts WordPress Plugin Arbitrary Plugin Installation and Activation Vulnerability in Login as User or Customer WordPress Plugin Authenticated Reflected XSS in Social Slider Widget WordPress Plugin (<=1.8.5) via Unsanitized 'token_error' Parameter Improper Access Control in wpDataTables Plugin Allows Unauthorized Data Access Improper Access Control in wpDataTables Plugin Allows Unauthorized Data Deletion Boolean-based Blind SQL Injection in wpDataTables Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Boolean-based Blind SQL Injection in wpDataTables Plugin Unfiltered JavaScript Execution in Elementor Website Builder WordPress Plugin Arbitrary JavaScript Execution in Elementor Website Builder WordPress Plugin Arbitrary JavaScript Execution in Elementor Website Builder WordPress Plugin Unfiltered JavaScript Execution in Elementor Accordion Widget Unfiltered JavaScript Execution in Elementor Website Builder Plugin Unfiltered JavaScript Execution in Elementor Image Box Widget Vulnerability: Unauthorized Post and Page Editing by Subscriber-Level Users in WP Page Builder Plugin Unfiltered HTML and JavaScript Injection Vulnerability in WP Page Builder WordPress Plugin Authenticated Remote Code Execution (RCE) Vulnerability in WP Super Cache Plugin Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community Open Redirect Vulnerability in PhastPress WordPress Plugin Authenticated Stored XSS Vulnerability in WordPress Related Posts Plugin Unauthenticated File Upload Vulnerability in WooCommerce Help Scout WordPress Plugin Reflected Cross-Site Scripting Vulnerability in GiveWP Donation Plugin Reflected Cross-Site Scripting in OpenID Connect Generic Client WordPress Plugin 3.8.0 and 3.8.1 Improper Access Control in Controlled Admin Access WordPress Plugin Unrestricted File Upload Vulnerability in All-in-One WP Migration WordPress Plugin Object Injection and Remote Code Execution Vulnerability in Facebook for WordPress Plugin CSRF and Script Injection Vulnerability in Facebook for WordPress Plugin Arbitrary Data Injection Vulnerability in Thrive Themes WordPress Plugins and Themes MySQL Server Denial of Service Vulnerability Remote Code Execution via Image Compression Endpoint in Thrive Themes WordPress Themes SQL Injection in Quiz And Survey Master WordPress Plugin Arbitrary File Upload Vulnerability in WP-Curriculo Vitae Free WordPress Plugin Arbitrary File Upload Vulnerability in N5 Upload Form WordPress Plugin Arbitrary File Upload Vulnerability in Easy Form Builder WordPress Plugin Reflected XSS Vulnerability in Advanced Booking Calendar WordPress Plugin Information Leakage in AccessAlly WordPress Plugin Local File Disclosure Vulnerability in Patreon WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Patreon WordPress Plugin Reflected Cross-Site Scripting in Patreon WordPress Plugin (<= 1.7.2) via patreon_save_attachment_patreon_level AJAX Action Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Cross-Site Request Forgery Vulnerability in Patreon WordPress Plugin (Versions before 1.7.0) Cross-Site Request Forgery Vulnerability in Patreon WordPress Plugin (Versions before 1.7.0) Authenticated Reflected Cross-Site Scripting in Advanced Booking Calendar WordPress Plugin Unauthenticated Reflected Cross-Site Scripting Vulnerability in Cooked Pro WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Ivory Search WordPress Plugin (<= 4.6.1) Unauthenticated Reflected Cross-Site Scripting in Goto WordPress Theme Arbitrary File Upload and Remote Code Execution (RCE) in Imagements WordPress Plugin Unauthenticated Reflected Cross-Site Scripting in Realteo WordPress Plugin Arbitrary Property Deletion Vulnerability in Realteo WordPress Plugin Reflected Cross-Site Scripting in Pie Register WordPress Plugin MySQL Server Stored Procedure Denial of Service Vulnerability Arbitrary File Upload and Remote Code Execution in Business Hours Pro WordPress Plugin Reflected Cross-Site Scripting in Advanced Custom Fields Pro WordPress Plugin Local File Inclusion Vulnerability in Tutor LMS WordPress Plugin (<=1.8.8) Unsanitized AJAX Action in WPBakery Page Builder Clipboard Plugin Allows XSS Attacks Unauthenticated Privilege Escalation in WPBakery Page Builder (Visual Composer) Clipboard WordPress Plugin Reflected Cross-Site Scripting in Stop Spammers WordPress Plugin Stored Cross-Site Scripting and Cross-Frame Scripting Vulnerability in Workscout Core WordPress Plugin Privilege Escalation via XSS in Contact Form Check Tester WordPress Plugin Remote Code Execution (RCE) Vulnerability in Business Directory Plugin for WordPress Cross-Site Request Forgery Vulnerability in Business Directory Plugin for WordPress MySQL Server Denial of Service Vulnerability Authenticated Stored Cross-Site Scripting Vulnerability in Business Directory Plugin for WordPress Cross-Site Request Forgery Vulnerability in Business Directory Plugin for WordPress Arbitrary File Upload and Remote Code Execution Vulnerability in Event Banner WordPress Plugin Arbitrary PHP File Upload Vulnerability in Classyfrieds WordPress Plugin Arbitrary File Upload and Remote Code Execution Vulnerability in College Publisher Import WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Essential Addons for Elementor Lite WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Elementor – Header, Footer & Blocks Template WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Premium Addons for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Elements Kit Lite and Elements Kit Pro WordPress Plugins Stored Cross-Site Scripting (XSS) Vulnerability in Elementor Addon Elements WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Livemesh Addons for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in HT Mega WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WooLentor – WooCommerce Elementor Addons + Builder WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Elementor Addons – PowerPack Addons for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Image Hover Effects – Elementor Addon WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Rife Elementor Extensions & Templates WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in The Plus Addons for Elementor Page Builder Lite WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in All-in-One Addons for Elementor – WidgetKit WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in JetWidgets For Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Sina Extension for Elementor WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in DeTheme Kit for Elementor WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ultimate Addons for Elementor WordPress Plugin CSRF and Stored XSS Vulnerability in Fitness Calculators WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Clever Addons for Elementor WordPress Plugin Reflected Cross-Site Scripting in Ultimate Maps by Supsystic WordPress Plugin Reflected Cross-Site Scripting in Popup by Supsystic WordPress Plugin Reflected Cross-Site Scripting in Contact Form by Supsystic WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in Yandex Turbo WordPress Plugin Unauthenticated Access to Valid Nonces in Contact Form 7 WordPress Plugin Arbitrary Plugin Installation Vulnerability in Redirection for Contact Form 7 WordPress Plugin Oracle Coherence Unauthenticated Network Access Vulnerability Arbitrary PHP Object Injection in Redirection for Contact Form 7 WordPress Plugin Arbitrary Post Deletion Vulnerability in Contact Form 7 WordPress Plugin Vulnerability: Privilege Escalation in Redirection for Contact Form 7 WordPress Plugin Reflected XSS Vulnerability in Settings Page's tab GET Parameter Unauthenticated Arbitrary File Upload Vulnerability in Kaswara Modern VC Addons WordPress Plugin SQL Injection in Car Seller - Auto Classifieds Script WordPress Plugin Reflected Cross-Site Scripting in Redirect 404 to Parent WordPress Plugin Reflected Cross-Site Scripting in Select All Categories and Taxonomies WordPress Plugin (<=1.3.2) Unsanitized 'Redirect' Parameter in AcyMailing Subscription Vulnerability Privilege Escalation Vulnerability in Store Locator Plus for WordPress Plugin Unauthenticated Remote Denial of Service Vulnerability in Oracle MySQL Server Unauthenticated JavaScript Injection Vulnerability in Store Locator Plus for WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Happy Addons for Elementor WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in NextGEN Gallery Pro WordPress Plugin Unsanitized POST Parameters in DSGVO All in one for WP Plugin Allows XSS Attack and Unauthorized Account Creation Unauthenticated Time-Based Blind SQL Injection in CleanTalk WordPress Plugin XSS Vulnerability in WP Customer Reviews WordPress Plugin Unauthenticated Reflected XSS Vulnerability in Goto WordPress Theme Reflected XSS Vulnerability in Giveaway Page GET Parameters Unauthenticated XSS Vulnerability in ReDi Restaurant Reservation WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Reflected Cross-Site Scripting in PickPlugins Product Slider for WooCommerce WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Hotjar Connecticator WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Hana Flv Player WordPress Plugin SQL Injection Vulnerability in JiangQie Official Website Mini Program WordPress Plugin Unauthenticated Reflected Cross-site Scripting (XSS) vulnerability in Newsmag WordPress theme before 5.0 Critical Unauthenticated Stored XSS Vulnerability in Target First WordPress Plugin v2.0 Authenticated Reflected Cross-Site Scripting in The Ultimate Member WordPress Plugin Arbitrary Code Execution via Unserialized .ini File in All in One SEO Plugin Stored Cross-Site Scripting Vulnerability in LifterLMS Plugin Stored XSS Vulnerability in Weekly Schedule WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web Plugin Arbitrary File Upload Vulnerability in External Media WordPress Plugin RCE Vulnerability in WP Super Cache WordPress Plugin (CVE-2021-24209) Cross-Site Scripting (XSS) Vulnerability in WP Prayer WordPress Plugin Unauthenticated SQL Injection Vulnerability in Goto WordPress Theme Stored XSS Vulnerability in GiveWP WordPress Plugin Cross-Site Scripting Vulnerability in Mediumish WordPress Theme (1.0.47) Search Feature Cross-Site Scripting Vulnerabilities in Listeo WordPress Theme Arbitrary Deletion of Pages, Posts, and Bookings in Listeo WordPress Theme Cross-Site Scripting Vulnerability in Bello - Directory & Listing WordPress Theme Java SE JNDI Vulnerability Allows Unauthorized Partial Denial of Service Reflected Cross-Site Scripting Vulnerability in Bello - Directory & Listing WordPress Theme SQL Injection Vulnerability in Bello - Directory & Listing WordPress Theme before 1.6.0 Stored Cross-Site Scripting Vulnerability in Database Backup for WordPress Plugin XSS Vulnerability in 'Additional Tax Classes' Field Allows Admin-Level Privilege Users to Bypass Unfiltered_HTML Restrictions CSRF and XSS Vulnerabilities in 404 SEO Redirection WordPress Plugin Reflected XSS Vulnerability in 404 SEO Redirection WordPress Plugin Authenticated Reflected XSS Vulnerability in All 404 Redirect to Homepage WordPress Plugin Unsanitized Input in SEO Redirection Plugin Allows XSS Payload Injection Vulnerability: WP Login Security and History WordPress Plugin CSRF and XSS Exploit Stored Cross-Site Scripting Vulnerability in WP Super Cache WordPress Plugin Essbase Analytic Provider Services Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Funnel Builder by CartFlows WordPress Plugin Unsanitized Settings in Smooth Scroll Page Up/Down Buttons WordPress Plugin Allows XSS Payload Injection Stored Cross-Site Scripting Vulnerability in Autoptimize WordPress Plugin (Versions before 2.8.4) CSRF and XSS Vulnerability in Content Copy Protection & Prevent Image Save WordPress Plugin Stored Cross-Site Scripting Vulnerability in Instant Images WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Car Repair Services & Auto Mechanic WordPress Theme SQL Injection Vulnerability in FlightLog WordPress Plugin SQL Injection Vulnerability in Video Embed WordPress Plugin 1.0 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Pods WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Pods WordPress Plugin Vulnerability in Oracle Web Applications Desktop Integrator: Unauthorized Data Access and Modification Unauthenticated Access and SQL Injection Vulnerability in WP Statistics WordPress Plugin SQL Injection Vulnerability in Xllentech English Islamic Calendar WordPress Plugin Reflected Cross-Site Scripting (XSS) in JNews WordPress Theme before 8.0.6 Authenticated Stored Cross-Site Scripting in iFlyChat WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Preloader WordPress Plugin Blind SQL Injection Vulnerability in Sendit WP Newsletter WordPress Plugin Reflected XSS Vulnerability in Stock in & out WordPress Plugin Case Insensitive File Extension Check Vulnerability SQL Injection Vulnerability in Side Menu – add fixed side buttons WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Gallery from files WordPress Plugin Vulnerability in Oracle Essbase: Unauthorized Access and Data Manipulation Unauthenticated Stored XSS Vulnerability in Visitors WordPress Plugin Reflected Cross-Site Scripting Vulnerability in The Plus Addons for Elementor Page Builder WordPress Plugin Unauthenticated Export Vulnerability in Simple 301 Redirects by BetterLinks WordPress Plugin Unauthenticated Users Can Exploit Import Vulnerability in Simple 301 Redirects Plugin Arbitrary Plugin Installation Vulnerability in Simple 301 Redirects by BetterLinks WordPress Plugin Vulnerability: Unauthenticated Access to Wildcard Redirects in Simple 301 Redirects Plugin Arbitrary Plugin Activation Vulnerability in Simple 301 Redirects by BetterLinks WordPress Plugin Stored Cross-Site Scripting in FooGallery WordPress Plugin (<=2.0.35) Open Redirect Vulnerability in Plus Addons for Elementor Page Builder WordPress Plugin Arbitrary Password Reset and Account Takeover Vulnerability in Plus Addons for Elementor Page Builder WordPress Plugin Oracle Common Applications Vulnerability: Unauthorized Access and Data Compromise Blind SQL Injection Vulnerability in Yes/No Chart WordPress Plugin Unauthenticated SQL Injection in Location Manager WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web Plugin Path Traversal Vulnerability in Photo Gallery by 10Web WordPress Plugin Reflected Cross-Site Scripting (XSS) vulnerability in Jannah WordPress theme before 5.4.4 Unescaped Content Vulnerability in Admin Columns WordPress Plugin Stored Cross-Site Scripting Vulnerability in Admin Columns WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in WP Config File Editor WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Quiz And Survey Master WordPress Plugin Stored Cross-Site Scripting Vulnerability in GetPaid WordPress Plugin MySQL Server Denial of Service Vulnerability Arbitrary File Upload Vulnerability in Fancy Product Designer WordPress Plugin (CVE-2021-12345) Unvalidated URL Input in RSVPMaker WordPress Plugin Allows SSRF Attack Reflected Cross-Site Scripting Vulnerability in WP Hardening WordPress Plugin Reflected Cross-Site Scripting in WP Hardening WordPress Plugin (before 1.2.2) Jetpack Carousel Module in WordPress Plugin Allows Leakage of Non-Published Page/Post Comments Arbitrary File Access and Remote Code Execution in Motor WordPress Theme Remote Code Execution Vulnerability in Autoptimize WordPress Plugin Race Condition Vulnerability in Autoptimize WordPress Plugin (CVE-2020-24948 Bypass) Unrestricted File Upload Vulnerability in Autoptimize WordPress Plugin Unrestricted Like/Dislike Exploit in Comments Like Dislike WordPress Plugin Java VM Denial of Service Vulnerability in Oracle Database Server CSRF Vulnerability in Shantz WordPress QOTD Plugin Cross-Site Scripting (XSS) Vulnerability in Ninja Forms Contact Form WordPress Plugin Stored Cross-Site Scripting Vulnerability in Smart Slider 3 WordPress Plugin Authenticated Stored Cross-Site Scripting in WP Google Maps WordPress Plugin JoomSport WordPress Plugin Unauthenticated PHP Object Injection Vulnerability SQL Injection Vulnerability in Filebird Plugin 4.7.3 Unsanitized SVG File Upload Vulnerability in WP SVG Images WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP Pro Real Estate 7 WordPress Theme Stored Cross-Site Scripting Vulnerability in VikRentCar Car Rental Management System WordPress Plugin Unauthenticated Reflected XSS Vulnerability in WP Foodbakery WordPress Plugin Oracle Hyperion BI+ Unauthenticated Read Access Vulnerability SQL Injection Vulnerability in WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Plugin SQL Injection Vulnerability in Cashtomer WordPress Plugin (Version 1.0.0) SQL Injection Vulnerability in WordPress Membership SwiftCloud.io Plugin SQL Injection Vulnerability in Comment Highlighter WordPress Plugin SQL Injection Vulnerability in Easy Testimonial Manager WordPress Plugin SQL Injection Vulnerability in Embed Youtube Video WordPress Plugin SQL Injection Vulnerability in GSEOR – WordPress SEO Plugin WordPress Plugin SQL Injection Vulnerability in MicroCopy WordPress Plugin Time-based SQL Injection in Responsive 3D Slider WordPress Plugin SQL Injection Vulnerability in The Sorter WordPress Plugin MySQL Server Denial of Service Vulnerability SQL Injection Vulnerability in Display Users WordPress Plugin SQL Injection Vulnerability in WP Domain Redirect WordPress Plugin SQL Injection Vulnerability in WP iCommerce Plugin Allows Low Privilege Users to Manipulate Orders SQL Injection Vulnerability in WordPress Page Contact Plugin Time-Based SQL Injection Vulnerability in WP-Board WordPress Plugin Vulnerability: Easy Cookies Policy WordPress Plugin CSRF and Stored XSS Open Redirect Vulnerability in wpForo Forum WordPress Plugin Reflected Cross-site Scripting (XSS) vulnerability in Jannah WordPress theme before 5.4.5 Unsanitized Shortcode Parameters in Prismatic WordPress Plugin Allow Cross-Site Scripting (XSS) Attacks Reflected Cross-Site Scripting in Prismatic WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in తెలుగు బైబిల్ వచనములు WordPress Plugin Stored Cross-Site Scripting Vulnerability in Social Tape WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Html5 Audio Player Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Easy Twitter Feed WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Video Player for YouTube WordPress Plugin Cross-Site Scripting Vulnerability in Polo Video Gallery WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in StreamCast – Radio Player for WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Smooth Scroll Page Up/Down Buttons WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP YouTube Lyte WordPress Plugin Oracle VM VirtualBox Prior to 6.1.24 Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerability in Request a Quote WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP JobSearch WordPress Plugin Stored Cross-Site Scripting Vulnerability in UpdraftPlus WordPress Backup Plugin Authenticated Stored Cross-Site Scripting in WP Reset Plugin Stored Cross-Site Scripting Vulnerability in myStickymenu WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Backup by 10Web Plugin Authenticated Stored Cross-Site Scripting in W3 Total Cache WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in Yandex Turbo WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Salon Booking System WordPress Plugin Oracle VM VirtualBox Prior to 6.1.24 Multiple Vulnerabilities Unvalidated Input in Speed Booster Pack Plugin Leads to Remote Code Execution (RCE) Vulnerability Cross-Site Scripting Vulnerability in Language Bar Flags WordPress Plugin Reflected Cross-Site Scripting in Advanced AJAX Product Filters WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Sort&Search WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerability in Glass WordPress Plugin Reflected Cross-Site Scripting in titan-framework's iframe-font-preview.php file Reflected Cross-Site Scripting (XSS) Vulnerability in W3 Total Cache WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in RealFaviconGenerator WordPress Plugin Reflected Cross-Site Scripting in ShareThis Dashboard for Google Analytics WordPress Plugin Stored Cross-Site Scripting Vulnerability in Browser Screenshots WordPress Plugin MySQL Server Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerability in Sign-up Sheets WordPress Plugin CSV Injection Vulnerability in Sign-up Sheets WordPress Plugin SQL Injection Vulnerability in Poll, Survey, Questionnaire and Voting System WordPress Plugin (<=1.5.3) Cross-Site Scripting (XSS) Vulnerability in Youzify – BuddyPress Community Plugin Authenticated Stored Cross-Site Scripting in TaxoPress WordPress Plugin Authenticated Stored Cross-Site Scripting in My Site Audit WordPress Plugin Vulnerability: Cross-Site Request Forgery (CSRF) and Stored XSS in Remove Footer Credit WordPress Plugin Local File Inclusion Vulnerability in WP Image Zoom WordPress Plugin Authenticated Stored Cross-Site Scripting in Profile Builder WordPress Plugin Vulnerability in Oracle Hyperion Infrastructure Technology: Unauthorized Data Access and Modification Authenticated Stored Cross-Site Scripting in ProfilePress WordPress Plugin Authenticated SQL Injection in Export Users With Meta WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in W3 Total Cache WordPress Plugin Path Traversal and Local File Inclusion Vulnerability in Include Me WordPress Plugin: Risk of Remote Code Execution and System Compromise Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin Stored Cross-Site Scripting Vulnerability in Tutor LMS WordPress Plugin (<=1.9.2) SQL Injection Vulnerability in Quiz Maker WordPress Plugin SQL Injection Vulnerability in Portfolio Responsive Gallery WordPress Plugin SQL Injection Vulnerability in Popup Box WordPress Plugin SQL Injection Vulnerability in Survey Maker WordPress Plugin Oracle Secure Global Desktop Vulnerability: Unauthorized Takeover of System SQL Injection Vulnerability in Popup Like box – Page Plugin WordPress Plugin SQL Injection Vulnerability in FAQ Builder AYS WordPress Plugin SQL Injection Vulnerability in Photo Gallery by Ays WordPress Plugin (<= 4.4.4) SQL Injection Vulnerability in Image Slider by Ays- Responsive Slider and Carousel WordPress Plugin Authenticated Stored Cross-Site Scripting in YouTube Embed, Playlist and Popup WordPress Plugin Authenticated SQL Injection and Object Deserialization Vulnerability in Meow Gallery WordPress Plugin CSRF and Stored XSS Vulnerabilities in Verse-O-Matic WordPress Plugin CSRF Vulnerability in Leaflet Map WordPress Plugin Allows for Cross-Site Scripting Attacks Stored XSS Vulnerability in Leaflet Map WordPress Plugin Oracle Secure Global Desktop Vulnerability: Unauthorized Takeover of System Stored Cross-Site Scripting in Yada Wiki WordPress Plugin (before 3.4.1) Unvalidated Shortcode Attributes in YouTube Embed WordPress Plugin Leading to Stored XSS Vulnerabilities Proxy Functionality Exposes SSRF and RFI Vulnerabilities in OnAir2 WordPress Theme and QT KenthaRadio WordPress Plugin IDOR Vulnerability in User Profile Picture WordPress Plugin Unauthenticated Reflected XSS Vulnerability in Awesome Weather Widget WordPress Plugin Authenticated Stored Cross-Site Scripting in Steam Group Viewer WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerabilities in Migrate Users WordPress Plugin Authenticated Stored Cross-Site Scripting in Bookshelf WordPress Plugin Authenticated Stored Cross-Site Scripting in DrawBlog WordPress Plugin Oracle Financial Services Crime and Compliance Investigation Hub Reports Unauthorized Data Access Vulnerability Stored Cross-Site Scripting in Event Geek WordPress Plugin Authenticated Stored XSS Vulnerability in Any Hostname WordPress Plugin Stored Cross-Site Scripting Vulnerability in Related Posts for WordPress Plugin SQL Injection Vulnerability in Poll Maker WordPress Plugin SQL Injection Vulnerability in Secure Copy Content Protection and Content Locking WordPress Plugin Cross-Site Scripting Vulnerability in Special Text Boxes WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Social Media Share Buttons WordPress Plugin Stored Cross-Site Scripting in St-Daily-Tip WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Post Grid WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in Request a Quote WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Arbitrary File Upload and CSRF Vulnerability in Email Artillery WordPress Plugin CSRF Vulnerability in Fileviewer WordPress Plugin Allows Arbitrary File Upload and Deletion SQL Injection Vulnerability in Handsome Testimonials & Reviews WordPress Plugin Unauthenticated File Upload Vulnerability in Shopp WordPress Plugin Allows Remote Code Execution Stored Cross-Site Scripting Vulnerability in WP Offload SES Lite WordPress Plugin Reflected Cross-Site Scripting in Marmoset Viewer WordPress Plugin Reflected Cross-Site Scripting in Community Events WordPress Plugin SQL Injection Vulnerability in Giveaway WordPress Plugin Reflected Cross-Site Scripting in Calendar Event Multi View WordPress Plugin Arbitrary File Upload Vulnerability in Workreap WordPress Theme Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit CSRF and Insecure Direct Object Reference Vulnerabilities in Workreap WordPress Theme Unauthenticated User Object Modification and Deletion Vulnerability in Workreap WordPress Theme Stored Cross-Site Scripting Vulnerability in WP Google Map WordPress Plugin Unsanitized Shortcode Parameters in Simple Icons WordPress Plugin Allow for Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in WP LMS – Best WordPress LMS Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Forms WordPress Plugin SQL Injection Vulnerability in Slider Hero WordPress Plugin SQL Injection Vulnerability in Astra Pro Addon WordPress Plugin (<= 3.5.2) Unauthenticated Stored Cross-Site Scripting in Smash Balloon Social Post Feed WordPress Plugin Stored XSS Vulnerability in Page View Count WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Reflected Cross-Site Scripting in MF Gig Calendar WordPress Plugin SQL Injection in WooCommerce WordPress Plugin's fetch_product_ajax Functionality Authenticated Reflected XSS Vulnerability in Video Posts Webcam Recorder WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in The Form Builder WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Visual Form Builder WordPress Plugin Stored Cross-Site Scripting in Video Gallery WordPress Plugin (<=1.1.5) Authenticated Stored Cross-Site Scripting in PlanSo Forms WordPress Plugin Unfiltered HTML Capability Bypass in Stop Spammers Security Plugin Authenticated Stored Cross-Site Scripting in WPFront Notification Bar WordPress Plugin Authenticated Stored Cross-Site Scripting in VikRentCar Car Rental Management System WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit SQL Injection Vulnerability in Stock in & out WordPress Plugin SQL Injection Vulnerability in Side Menu Lite WordPress Plugin XSS Vulnerability in ProfilePress WordPress Plugin (Formerly WP User Avatar) Allows for wp-admin Access Authenticated Stored Cross-Site Scripting Vulnerability in Daily Prayer Time WordPress Plugin Cross-Site Scripting Vulnerability in GiveWP Donation Plugin Stored XSS Vulnerability in Shortcodes Ultimate WordPress Plugin Authenticated Stored Cross-Site Scripting in Form Maker WordPress Plugin Vulnerability: User Registration & User Profile Plugin Allows Unauthorized Password Reset for Admin Stored Cross-Site Scripting (XSS) Vulnerability in FluentSMTP WordPress Plugin Authenticated Stored Cross-Site Scripting in The Grid Gallery WordPress Plugin Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Cross-Site Scripting Vulnerability in Alojapro Widget WordPress Plugin Authenticated Stored Cross-Site Scripting Vulnerability in The Charitable – Donation Plugin WordPress Plugin Cross-Site Scripting Vulnerability in Maintenance WordPress Plugin 4.03 Stored Cross-Site Scripting in PhoneTrack Meu Site Manager WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Light Messages WordPress Plugin Stored Cross-Site Scripting Vulnerability in Custom Login Redirect WordPress Plugin Arbitrary PHP Code Execution Vulnerability in Similar Posts WordPress Plugin Authenticated Stored XSS Vulnerability in Current Book WordPress Plugin Authenticated Stored Cross-Site Scripting in Coming Soon Plugin Oracle VM VirtualBox Prior to 6.1.24 Vulnerability: Takeover of Oracle VM VirtualBox Stored XSS Vulnerability in Wonder Video Embed WordPress Plugin Stored XSS Vulnerability in Wonder PDF Embed WordPress Plugin Stored Cross-Site Scripting in jQuery Reply to Comment WordPress Plugin Unsanitized Slider Options in Responsive WordPress Slider Plugin Allow Cross-Site Scripting and Privilege Escalation Cross-Site Scripting (XSS) Vulnerability in WP HTML Author Bio WordPress Plugin Arbitrary PHP Code Execution in Gutenberg Block Editor Toolkit – EditorsKit WordPress Plugin (CVE-2021-12345) Authenticated Stored XSS Vulnerability in KN Fix Your Title WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) in Mimetic Books WordPress Plugin Path Traversal Vulnerability in AceIDE WordPress Plugin Critical Vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components (Person Search) Authenticated SQL Injection in Broken Link Manager WordPress Plugin SQL Injection Vulnerability in Edit Comments WordPress Plugin Authenticated SQL Injection in Simple Events Calendar WordPress Plugin Authenticated SQL Injection Vulnerability in Timeline Calendar WordPress Plugin Authenticated SQL Injection in Paytm – Donation Plugin WordPress Plugin SQL Injection and Lack of CSRF Protection in daac_delete_booking_callback Function Stored XSS Vulnerability in Email Subscriber WordPress Plugin SQL Injection Vulnerability in rslider_page's Update Functionality Reflected XSS Vulnerability in Project Status WordPress Plugin Stored Cross-Site Scripting in Qyrr WordPress Plugin Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Reflected Cross-Site Scripting in Software License Manager WordPress Plugin Authenticated Stored Cross-Site Scripting in WP SMS WordPress Plugin LMS by LifterLMS Plugin: IDOR Vulnerability Exposes Student Answers and Grades Unauthenticated File Upload Vulnerability in Frontend Uploader WordPress Plugin Authenticated Stored Cross-Site Scripting in WPFront Scroll Top WordPress Plugin CSRF and Stored XSS Vulnerabilities in Contact Form 7 Captcha WordPress Plugin LFI Vulnerability in WooCommerce Currency Switcher FOX WordPress Plugin Authenticated Stored XSS Vulnerability in Simple Post WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in AddToAny Share Buttons WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Cookie Notice & Compliance Plugin Unauthenticated Remote Access Vulnerability in Oracle Fusion Middleware Identity Manager (CVE-2021-XXXX) CSRF and Stored XSS Vulnerabilities in Accept Donations with PayPal WordPress Plugin Stored Cross-Site Scripting Vulnerability in HD Quiz WordPress Plugin Arbitrary Post Deletion Vulnerability in Accept Donations with PayPal WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Simple Banner WordPress Plugin SQL Injection Vulnerability in WPSchoolPress WordPress Plugin Improper Input Sanitization in Easy Accordion WordPress Plugin Stored XSS Vulnerability in Coming Soon and Maintenance Mode WordPress Plugin Reflected Cross-Site Scripting in SportsPress WordPress Plugin (<=2.7.9) PHP Object Injection Vulnerability in Bold Page Builder WordPress Plugin Vulnerability in Oracle Fusion Middleware Identity Manager: Unauthorized Access and Data Compromise SQL Injection Vulnerability in Side Menu Lite WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerabilities in Blue Admin WordPress Plugin Stored Cross-Site Scripting in ThinkTwit WordPress Plugin (<=1.7.1) Arbitrary Timeslot Deletion and CSRF Vulnerability in Timetable and Event Schedule WordPress Plugin Arbitrary Timeslot Update and Stored XSS Vulnerability in Timetable and Event Schedule WordPress Plugin Sensitive User Data Leakage in Timetable and Event Schedule WordPress Plugin CSRF and Stored XSS Vulnerabilities in Per Page Add to Head WordPress Plugin Authenticated Stored Cross-Site Scripting in Splash Header WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SMS Alert Order Notifications WordPress Plugin Arbitrary HTML Injection in Cookie Notice & Consent Banner Plugin Unsanitized CustomCSS Setting in Highlight WordPress Plugin Allows Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Sitewide Notice WP WordPress Plugin Authenticated Stored Cross-Site Scripting in Business Hours Indicator WordPress Plugin Cross-Site Scripting Vulnerability in Translate WordPress – Google Language Translator WordPress Plugin CSRF Vulnerability in Wp Cookie Choice WordPress Plugin Cross-Site Scripting Vulnerability in youForms for WordPress Plugin Stored Cross-Site Scripting Vulnerability in You Shang WordPress Plugin Unescaped Testimonial Fields in Testimonial WordPress Plugin 1.6.0 and Earlier Allow for Cross Site Scripting Attacks Unauthenticated Endpoint in Email Encoder WordPress Plugin Allows HTML Injection Vulnerability in Oracle Application Express Data Reporter component of Oracle Database Server (CVE-2021-2345) Cross-Site Scripting (XSS) Vulnerability in WP Dialog WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WPFront Notification Bar WordPress Plugin Unrestricted Privilege Escalation in HM Multiple Roles WordPress Plugin Cross-Site Scripting Vulnerability in Site Reviews WordPress Plugin (Versions before 5.13.1) Cross-Site Scripting (XSS) Vulnerability in Availability Calendar WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Custom Post View Generator WordPress Plugin SQL Injection Vulnerability in Availability Calendar WordPress Plugin Unsanitized Input in Storefront Footer Text WordPress Plugin Allows Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Formidable Form Builder Plugin for WordPress Cross-Site Scripting Vulnerability in WP Mapa Politico Espana WordPress Plugin Vulnerability in Oracle Communications Interactive Session Recorder: Unauthorized Access and Partial Denial of Service Authenticated Stored Cross-Site Scripting Vulnerability in TranslatePress WordPress Plugin Cross-Site Scripting and CSRF Vulnerabilities in Keyword Meta WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Sociable WordPress Plugin Cross-Site Scripting Vulnerability in Post Views Counter WordPress Plugin Cross-Site Scripting Vulnerability in Book Appointment Online WordPress Plugin Wechat Reward WordPress Plugin Cross-Site Scripting Vulnerability Cross-Site Scripting Vulnerability in AddToAny Share Buttons WordPress Plugin Reflected Cross-Site Scripting in GamePress WordPress Plugin Stored Cross-Site Scripting (XSS) vulnerability in Donate With QRCode WordPress plugin before 1.4.5 Cross-Site Scripting Vulnerability in Per Page Add to Head WordPress Plugin Vulnerability in Oracle Commerce Service Center: Unauthorized Data Access and Manipulation Unrestricted File Upload and Remote Code Execution in WordPress Simple Ecommerce Shopping Cart Plugin Stored Cross-Site Scripting Vulnerability in WP Courses LMS WordPress Plugin Cross-Site Scripting Vulnerability in Customer Service Software & Support Ticket System WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WordPress Advanced Ticket System Plugin Cross-Site Scripting Vulnerability in MP3 Audio Player for Music, Radio & Podcast Plugin SQL Injection Vulnerability in SpiderCatalog WordPress Plugin Unauthenticated User Privilege Escalation and SQL Injection in Chameleon CSS WordPress Plugin Authenticated SQL Injection in G Auto-Hyperlink WordPress Plugin Authenticated SQL Injection in Wow Forms WordPress Plugin Authenticated SQL Injection in Post Content XMLRPC WordPress Plugin Oracle Commerce Platform Unauthenticated Takeover Vulnerability Authenticated SQL Injection in Schreikasten WordPress Plugin Unlimited PopUps WordPress Plugin Authenticated SQL Injection Vulnerability Reflected Cross-Site Scripting in Recipe Card Blocks WordPress Plugin (<=2.8.1) Unauthenticated User Modification of Post Contents in Countdown Block WordPress Plugin Stored Cross-Site Scripting Vulnerability in Recipe Card Blocks by WPZOOM WordPress Plugin Unrestricted AJAX Actions and CSRF Vulnerability in Visual Link Preview WordPress Plugin CSRF Vulnerability in Print My Blog WordPress Plugin Allows Deactivation and Data Deletion Stored Cross-Site Scripting Vulnerability in Google Fonts Typography WordPress Plugin Unauthenticated Path Traversal and Arbitrary CSS File Overwrite in OMGF WordPress Plugin Arbitrary File and Folder Deletion Vulnerability in OMGF WordPress Plugin Oracle Linux OSwatcher Vulnerability: Unauthorized Takeover of Infrastructure Cross-Site Scripting Vulnerability in WordPress Slider Block Gutenslider Plugin CSRF Vulnerability in Images to WebP WordPress Plugin Vulnerability: CSRF, RCE, and XSS in Scroll Baner WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Map Block WordPress Plugin Local File Inclusion Vulnerability in Images to WebP WordPress Plugin Cross-Site Scripting Vulnerability in Booking.com Product Helper WordPress Plugin Cross-Site Scripting Vulnerability in Booking.com Banner Creator WordPress Plugin WordPress Plugin Registration Forms Vulnerability: Unauthenticated User Login via Social Login Implementation Reflected Cross-Site Scripting in RegistrationMagic WordPress Plugin Arbitrary Role Assignment Vulnerability in WP User Frontend WordPress Plugin Unauthenticated SQL Injection Vulnerability in Poll Maker WordPress Plugin Arbitrary Modification of ultp_options Values in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Cross-Site Scripting Vulnerability in Cookie Bar WordPress Plugin Stored Cross-Site Scripting Vulnerability in User Registration WordPress Plugin Arbitrary Password Reset Vulnerability in WP User Manager WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Simple Social Media Share Buttons WordPress Plugin Unauthenticated Stored Cross-Site Scripting in Limit Login Attempts WordPress Plugin Unsanitized Settings in Erident Custom Login and Dashboard WordPress Plugin Allows XSS Attacks Stored Cross-Site Scripting Vulnerability in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Stored Cross-Site Scripting Vulnerability in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Vulnerability: Unauthorized Access to Password-Protected or Private Post Contents in PostX – Gutenberg Blocks for Post Grid WordPress Plugin Authenticated SQL Injection in Game Server Status WordPress Plugin Arbitrary File Upload Vulnerability in Simple Schools Staff Directory WordPress Plugin Stored Cross-Site Scripting Vulnerability in WPSchoolPress WordPress Plugin Cross-Site Scripting Vulnerability in WP Video Lightbox WordPress Plugin SQL Injection Vulnerability in Podlove Podcast Publisher WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simply Gallery Blocks with Lightbox (Version 2.2.0 & below) CSRF Vulnerability in MAZ Loader WordPress Plugin Allows Arbitrary Loader Deletion SQL Injection Vulnerability in MAZ Loader Plugin for WordPress Stored Cross-Site Scripting Vulnerability in CoolClock WordPress Plugin Stored Cross-Site Scripting Vulnerability in MX Time Zone Clocks WordPress Plugin Stored Cross-Site Scripting Vulnerability in One User Avatar WordPress Plugin Stored Cross-Site Scripting Vulnerability in Appointment Hour Booking WordPress Plugin CSRF Vulnerability in Genie WP Favicon WordPress Plugin Allows Unauthorized Favicon Changes CSRF Vulnerability in One User Avatar WordPress Plugin Reflected Cross-Site Scripting in Better Find and Replace WordPress Plugin before 1.2.9 Unauthenticated Enumeration of Private Post Titles in Find My Blocks WordPress Plugin Stored Cross-Site Scripting Vulnerability in CM Tooltip Glossary WordPress Plugin Reflected Cross-Site Scripting in Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Travel Engine WordPress Plugin Stored Cross-Site Scripting Vulnerability in Duplicate Page WordPress Plugin Stored Cross-Site Scripting Vulnerability in Cool Tag Cloud WordPress Plugin Stored Cross-Site Scripting Vulnerability in Weather Effect WordPress Plugin OS Command Injection Vulnerability in WordPress PDF Light Viewer Plugin Cross-Site Scripting (XSS) Vulnerability in Flat Preloader WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SVG Support WordPress Plugin Cross-Site Scripting Vulnerability in Modern Events Calendar Lite WordPress Plugin Unauthenticated and Authenticated User Arbitrary Post Deletion Vulnerability in Orange Form WordPress Plugin Path Traversal Vulnerability in Contact Forms - Drag & Drop Contact Form Builder WordPress Plugin Unsanitized Inputs in Chained Quiz WordPress Plugin Settings Cross-Site Scripting (XSS) Vulnerability in Quiz And Survey Master WordPress Plugin Path Traversal Vulnerability in Simple Download Monitor WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Download Monitor WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Download Monitor WordPress Plugin Unauthenticated Access to Sensitive Information in Simple Download Monitor WordPress Plugin CSRF Vulnerability in Simple Download Monitor WordPress Plugin Reflected Cross-Site Scripting in Simple Download Monitor WordPress Plugin Vulnerability: Unauthorized Thumbnail Removal in Simple Download Monitor WordPress Plugin Stored Cross-Site Scripting Vulnerability in Easy Media Download WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Forminator WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Quiz Tool Lite WordPress Plugin Cross-Site Scripting Vulnerability in LearnPress WordPress Plugin Vulnerability: Unauthenticated Activation of Installed Plugins in Download Plugin WordPress Plugin Unsanitized Parameter in Orange Form WordPress Plugin Allows Arbitrary Post Deletion Cross-Site Scripting (XSS) Vulnerability in NEX-Forms WordPress Plugin Cross-Site Scripting Vulnerability in Qwizcards WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Learning Courses WordPress Plugin Cross-Site Scripting Vulnerability in Export any WordPress data to XML/CSV Plugin Stored Cross-Site Scripting Vulnerability in Weather Effect WordPress Plugin Vulnerability in Oracle MySQL Connectors: Unauthorized Access and DOS Cross-Site Scripting Vulnerability in Print-O-Matic WordPress Plugin CSRF Vulnerability in Software License Manager WordPress Plugin Improper Sanitization in Appointment Hour Booking WordPress Plugin (<=1.3.17) Cross-Site Scripting Vulnerability in Video Lessons Manager WordPress Plugin Unescaped Output in Import any XML or CSV File to WordPress Plugin Allows Cross-Site Attacks Cross-Site Scripting Vulnerability in WP Sitemap Page WordPress Plugin Unsanitized User Input in Modern Events Calendar Lite WordPress Plugin Privilege Escalation and Information Disclosure in AutomatorWP WordPress Plugin Cross-Site Scripting Vulnerability in Contact Form, Survey & Popup Form Plugin for WordPress Reflected Cross-Site Scripting (XSS) Vulnerability in Enfold WordPress Theme Authenticated Stored XSS Vulnerability in GeoDirectory Business Directory WordPress Plugin Authenticated Translator Users Can Inject PHP Code via Loco Translate WordPress Plugin (CVE-2021-24147) Cross-Site Scripting Vulnerability in MotoPress WordPress Plugin's Restaurant Menu Feature Cross-Site Scripting (XSS) Vulnerability in WP Reactions Lite WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in MotoPress WordPress Plugin CSRF Vulnerability in Comment Link Remove and Other Comment Tools WordPress Plugin Authenticated SQL Injection in WP Simple Booking Calendar WordPress Plugin Authenticated SQL Injection in StopBadBots WordPress Plugin Authenticated SQL Injection in Membership & Content Restriction Plugin Stored Cross-Site Scripting Vulnerability in Logo Showcase with Slick Slider WordPress Plugin Arbitrary Media Modification Vulnerability in Logo Showcase with Slick Slider WordPress Plugin SQL Injection Vulnerability in Registration Forms WordPress Plugin Stored Cross-Site Scripting Vulnerability in DearFlip WordPress Plugin Vulnerability: Unauthorized Access to Draft and Password-Protected Posts in WP Post Page Clone Plugin Stored Cross-Site Scripting Vulnerability in Compact WP Audio Player WordPress Plugin CSRF Vulnerability in Compact WP Audio Player WordPress Plugin Stored Cross-Site Scripting Vulnerability in Shared Files WordPress Plugin Stored Cross-Site Scripting Vulnerability in wpDiscuz WordPress Plugin Stored Cross-Site Scripting Vulnerability in Logo Carousel WordPress Plugin Arbitrary Private Post Duplication and Viewing Vulnerability in Logo Carousel WordPress Plugin Oracle Web Analytics Vulnerability: Unauthorized Data Access and Modification Cross-Site Scripting (XSS) Vulnerability in Tutor LMS WordPress Plugin SQL Injection Vulnerability in Support Board WordPress Plugin Insecure Authorisation Mechanism in Logo Slider and Showcase WordPress Plugin Stored XSS Vulnerability in Podcast Subscribe Buttons WordPress Plugin Cross-Site Scripting Vulnerability in WordPress Contact Forms Plugin Cross-Site Scripting (XSS) Vulnerability in About Author Box WordPress Plugin Reflected Cross-Site Scripting in Social Sharing Plugin WordPress Plugin Authenticated SQL Injection in SEO Booster WordPress Plugin Authenticated SQL Injection in Email Before Download WordPress Plugin CSRF Vulnerability in URL Shortify WordPress Plugin Oracle VM VirtualBox Prior to 6.1.28 Denial of Service Vulnerability SQL Injection Vulnerability in WP Visitor Statistics Plugin Cross-Site Scripting (XSS) Vulnerability in GenerateBlocks WordPress Plugin Vulnerability: Lack of Capability and CSRF Checks in CatchThemes Plugins Authenticated SQL Injection in Rich Reviews by Starfish WordPress Plugin SQL Injection Vulnerability in MainWP Child Reports WordPress Plugin SQL Injection Vulnerability in myCred WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP System Log WordPress Plugin Unauthenticated Image Upload Vulnerability in Stylish Price List WordPress Plugin SQL Injection Vulnerability in Email Log WordPress Plugin PDF.js Viewer WordPress Plugin Cross-Site Scripting Vulnerability Unauthenticated Access Vulnerability in Oracle Transportation Management (Version 6.4.3) Cross-Site Scripting Vulnerability in Gutenberg PDF Viewer Block WordPress Plugin Arbitrary File Deletion Vulnerability in Error Log Viewer WordPress Plugin SQL Injection Vulnerability in Perfect Survey WordPress Plugin Unauthenticated Access and Stored Cross-Site Scripting in Perfect Survey WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Perfect Survey WordPress Plugin Stored Cross-Site Scripting in Perfect Survey WordPress Plugin through 1.5.2 CSRF Vulnerability in 404 to 301 WordPress Plugin Allows Unauthorized Log Deletion CSRF Vulnerability in Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress Plugin Cross-Site Scripting Vulnerability in WP RSS Aggregator WordPress Plugin SQL Injection Vulnerability in Permalink Manager Lite WordPress Plugin Oracle Applications Framework Session Management Vulnerability Arbitrary Image Upload Vulnerability in Stylish Price List WordPress Plugin Stored Cross-Site Scripting Vulnerability in Inspirational Quote Rotator WordPress Plugin SQL Injection Vulnerability in Stream WordPress Plugin Unfiltered HTML Capability Bypass in WordPress Download Manager Plugin SQL Injection Vulnerability in Check & Log Email WordPress Plugin Arbitrary Post Title Enumeration in Document Embedder WordPress Plugin CSRF Vulnerability in WP Performance Score Booster WordPress Plugin SQL Injection Vulnerability in Hotscot Contact Form WordPress Plugin SQL Injection Vulnerability in Tradetracker-Store WordPress Plugin (<= 4.6.60) Unauthenticated Users Can Update WP Debugging Plugin Settings MySQL Server Denial of Service Vulnerability CSRF Vulnerability in Single Post Exporter WordPress Plugin Arbitrary Post Meta Field Modification Vulnerability in Image Source Control WordPress Plugin Unescaped Class Name Field in Flex Local Fonts WordPress Plugin Allows for Cross-Site Scripting Attacks Arbitrary Post Deletion Vulnerability in Post Expirator WordPress Plugin CSRF Vulnerability in WP Admin Logo Changer WordPress Plugin Cross-Site Scripting Vulnerability in Great Quotes WordPress Plugin SQL Injection Vulnerability in Download Monitor WordPress Plugin Cross-Site Scripting Vulnerability in Sprout Invoices WordPress Plugin (Version < 19.9.7) Arbitrary Category Manipulation Vulnerability in Batch Cat WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Flat Preloader WordPress Plugin MySQL Server Denial of Service Vulnerability Unauthenticated Arbitrary Data Deletion and PHP Object Injection in Contact Form Advanced Database WordPress Plugin SQL Injection Vulnerability in Header Footer Code Manager WordPress Plugin Stored Cross-Site Scripting in Shiny Buttons WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WPeMatico RSS Feed Fetcher WordPress Plugin Cross-Site Scripting Vulnerability in Connections Business Directory WordPress Plugin CSRF Vulnerability in Filter Portfolio Gallery WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in My Tickets WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Tickera WordPress Plugin Reflected Cross-Site Scripting in WP Header Images WordPress Plugin CSRF Vulnerability in Far Future Expiry Header WordPress Plugin Unauthenticated Remote Code Execution Vulnerability in Oracle HTTP Server (Web Listener) Unauthenticated User Can Edit Any Comment in DW Question & Answer Pro WordPress Plugin Unauthenticated AJAX Actions and Stored Cross-Site Scripting in WP Survey Plus WordPress Plugin CSRF Vulnerability in Colorful Categories WordPress Plugin Vulnerability: Unprotected CSRF Allows Arbitrary Admin Account Creation and Takeover Unauthenticated Settings Modification Vulnerability in Simple JWT Login WordPress Plugin CSRF Vulnerability in DW Question & Answer Pro WordPress Plugin CSRF Vulnerability in wpDiscuz WordPress Plugin (Versions before 7.3.4) Cross-Site Scripting (XSS) Vulnerability in Support Board WordPress Plugin Reflected Cross-Site Scripting in BP Better Messages WordPress Plugin CSRF Vulnerability in BP Better Messages WordPress Plugin MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Unescaped Field Editor Settings in WP Event Manager Plugin Allow for Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Shop Page WP WordPress Plugin Stored Cross-Site Scripting Vulnerability in BetterLinks WordPress Plugin Cross-Site Scripting Vulnerability in Events Made Easy WordPress Plugin Improper Content-Type Handling in WordPress GDPR Plugin Allows for Remote Code Execution Cross-Site Scripting Vulnerability in Accept Donations with PayPal WordPress Plugin Unrestricted Media File Renaming Vulnerability in Phoenix Media Rename WordPress Plugin Cross-Site Scripting Vulnerability in Ultimate NoFollow WordPress Plugin CSRF Vulnerability in WP Limits WordPress Plugin Allows Unauthorized Settings Modification Insufficient Authorization in Page/Post Content Shortcode WordPress Plugin Oracle Payables Vulnerability: Unauthorized Access and Data Manipulation Path Traversal and Local File Inclusion Vulnerability in Cost Calculator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Cost Calculator WordPress Plugin Unauthenticated Stored Cross-Site Scripting Vulnerability in Stylish Cost Calculator WordPress Plugin CSRF Vulnerability in Support Board WordPress Plugin Allows Arbitrary File Deletion Arbitrary Post Metadata Disclosure Vulnerability in Custom Content Shortcode WordPress Plugin Arbitrary File Display and Local File Inclusion Vulnerability in Custom Content Shortcode WordPress Plugin Unescaped Custom Fields Vulnerability in Custom Content Shortcode WordPress Plugin Unauthenticated SQL Injection in Asgaros Forum WordPress Plugin (<= 1.15.13) Cross-Site Scripting Vulnerability in Mortgage Calculator / Loan Calculator WordPress Plugin SQL Injection Vulnerability in Visitor Traffic Real Time Statistics WordPress Plugin Vulnerability in Oracle Content Manager of Oracle E-Business Suite: Unauthorized Access and Data Manipulation Cross-Site Scripting Vulnerability in Advanced Access Manager WordPress Plugin Unauthenticated Access and Data Manipulation Vulnerability in Tab WordPress Plugin CSRF Vulnerability in WP SEO Redirect 301 WordPress Plugin Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin SQL Injection Vulnerability in WCFM – Frontend Manager for WooCommerce Plugin Vulnerability: Lack of Authorization and CSRF Checks in Temporary Login Without Password WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Passster WordPress Plugin Open Redirect Vulnerability in AnyComment WordPress Plugin Unauthenticated Arbitrary Ticket Deletion in SupportCandy WordPress Plugin Vulnerability in Oracle Operations Intelligence: Unauthorized Access and Data Manipulation Unauthenticated Access to Private and Scheduled Posts in Squaretype WordPress Theme Unsanitized Settings in Helpful WordPress Plugin Allows Cross-Site Scripting Attacks Unrestricted Access and Manipulation of Private Post Titles and Dates in Bulk Datetime Change WordPress Plugin CSRF Vulnerability in SupportCandy WordPress Plugin Allows Arbitrary Ticket Deletion SQL Injection Vulnerability in Affiliates Manager WordPress Plugin Arbitrary Content Access Vulnerability in Improved Include Page WordPress Plugin SQL Injection Vulnerability in Ni WooCommerce Custom Order Status Plugin SQL Injection Vulnerability in SEO Redirection Plugin – 301 Redirect Manager WordPress Plugin SQL Injection Vulnerability in Mediamatic WordPress Plugin SQL Injection Vulnerability in WCFM Marketplace WordPress Plugin (<= 3.4.12) Oracle Trade Management Product Vulnerability: Unauthorized Data Access and Modification Cross-Site Scripting (XSS) Vulnerability in Insert Pages WordPress Plugin Arbitrary Access to Content and Metadata in Insert Pages WordPress Plugin CSRF Vulnerability in MouseWheel Smooth Scroll WordPress Plugin Unauthenticated Users Can Modify QR Redirect Response Status Code in QR Redirector WordPress Plugin Stored Cross-Site Scripting Vulnerability in QR Redirector WordPress Plugin Cross-Site Scripting Vulnerability in Display Post Metadata WordPress Plugin Cross-Site Scripting Vulnerability in Shared Files WordPress Plugin PHP Object Injection Vulnerability in ToTop Link WordPress Plugin Authenticated SQL Injection in Cookie Notification Plugin for WordPress Plugin User Meta Shortcodes WordPress Plugin Allows Unauthorized Access to User Metadata and Password Hashes SQL Injection Vulnerability in BSK PDF Manager WordPress Plugin SQL Injection Vulnerability in Quotes Collection WordPress Plugin SQL Injection Vulnerability in RegistrationMagic WordPress Plugin SQL Injection Vulnerability in WP Block and Stop Bad Bots Plugin SQL Injection Vulnerability in WP Cloudy Weather Plugin SQL Injection Vulnerability in Advanced Custom Fields: Extended WordPress Plugin SQL Injection Vulnerability in WP Data Access WordPress Plugin Backdoored Plugins and Themes: AccessPress Themes Vendor Compromised Title Enumeration Vulnerability in Document Embedder WordPress Plugin SQL Injection Vulnerability in WP Fastest Cache WordPress Plugin WP Fastest Cache WordPress Plugin Cross-Site Scripting Vulnerability Cross-Site Scripting Vulnerability in Get Custom Field Values WordPress Plugin Unvalidated Permissions in Get Custom Field Values WordPress Plugin Reflected Cross-Site Scripting in Tutor LMS WordPress Plugin (<=1.9.11) Reflected Cross-Site Scripting Vulnerability in Sendinblue WordPress Plugin Reflected Cross-Site Scripting in eCommerce Product Catalog Plugin for WordPress Reflected Cross-Site Scripting in Registrations for the Events Calendar WordPress Plugin SQL Injection Vulnerability in MainWP Child WordPress Plugin Reflected Cross-Site Scripting in SupportCandy WordPress Plugin Arbitrary Filter XSS Vulnerability in SupportCandy WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SupportCandy WordPress Plugin Passster WordPress Plugin Unauthenticated Access Vulnerability Cross-Site Scripting Vulnerability in Slideshow Gallery WordPress Plugin Cross-Site Scripting Vulnerability in Popup Anything WordPress Plugin HTML Injection and Remote Code Execution in Formidable Form Builder WordPress Plugin Reflected Cross-Site Scripting in YOP Poll WordPress Plugin Cross-Site Scripting Vulnerability in ImageBoss WordPress Plugin SQL Injection Vulnerability in Ninja Forms Contact Form WordPress Plugin Arbitrary PHP Code Injection Vulnerability in Scripts Organizer WordPress Plugin DOM Cross-Site Scripting Vulnerability in Elementor Website Builder WordPress Plugin Vulnerability: Insecure Direct Object Reference in Advanced Forms (Free & Pro) Edit Function Denial of Service Vulnerability in Stars Rating WordPress Plugin Denial of Service Vulnerability in Reviews Plus WordPress Plugin Cross-Site Scripting Vulnerability in Cybersoldier WordPress Plugin Cross-Site Scripting Vulnerability in Caldera Forms WordPress Plugin Cross-Site Scripting Vulnerability in Add Subtitle WordPress Plugin Cross-Site Scripting Vulnerability in EditableTable WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Media-Tags WordPress Plugin Unsanitized Table Fields in Ninja Tables WordPress Plugin Allow for Cross-Site Scripting Attacks Cross-Site Scripting Vulnerability in Security Audit WordPress Plugin Cross-Site Scripting Vulnerability in Typebot WordPress Plugin Unsanitized Gallery Settings in GRAND FlaGallery WordPress Plugin Allow Cross-Site Scripting Attacks Stored Cross-Site Scripting Vulnerability in Mortgage Calculators WP WordPress Plugin Arbitrary File Deletion Vulnerability in Advanced Contact Form 7 DB WordPress Plugin Unauthenticated Deactivation Vulnerability in Protect WP Admin WordPress Plugin Reflected Cross-Site Scripting in Contact Form, Drag and Drop Form Builder for WordPress Plugin Reflected Cross-Site Scripting in Check & Log Email WordPress Plugin Reflected Cross-Site Scripting in ACF Photo Gallery Field WordPress Plugin Reflected Cross-Site Scripting in Transposh WordPress Translation Plugin Stored Cross-Site Scripting Vulnerability in Transposh WordPress Translation Plugin Stored Cross-Site Scripting Vulnerability in Transposh WordPress Translation Plugin Arbitrary Media Manipulation in Logo Showcase with Slick Slider WordPress Plugin Tawk.To Live Chat WordPress Plugin Authenticated User Vulnerability Unauthenticated SQL Injection and User Data Exposure in Contest Gallery WordPress Plugin Arbitrary Email Sending Vulnerability in Qubely WordPress Plugin Unauthenticated Access to Secret Login Page in WPS Hide Login WordPress Plugin Unauthenticated JavaScript Injection in Smash Balloon Social Post Feed WordPress Plugin SQL Injection Vulnerability in Wicked Folders WordPress Plugin Cross-Site Scripting Vulnerability in StatCounter WordPress Plugin Reflected Cross-Site Scripting in Advanced Database Cleaner WordPress Plugin Cross-Site Scripting and CSRF Vulnerability in Pixel Cat WordPress Plugin Reflected Cross-Site Scripting in Sendinblue WordPress Plugin Reflected Cross-Site Scripting in Email Log WordPress Plugin 2.4.8 and earlier Reflected Cross-Site Scripting in Modern Events Calendar Lite WordPress Plugin Reflected Cross-Site Scripting in Domain Check WordPress Plugin Reflected Cross-Site Scripting in My Calendar WordPress Plugin SQL Injection and Arbitrary Post Modification Vulnerability in Rearrange Woocommerce Products WordPress Plugin Stored Cross-Site Scripting Vulnerability in WordPress Online Booking and Scheduling Plugin SQL Injection Vulnerability in Secure Copy Content Protection and Content Locking WordPress Plugin Reflected Cross-Site Scripting in Auto Featured Image WordPress Plugin Reflected Cross-Site Scripting in Dynamic Widgets WordPress Plugin Reflected Cross-Site Scripting in Visual CSS Style Editor WordPress Plugin Reflected Cross-Site Scripting in WP Google Fonts WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP Extra File Types WordPress Plugin Reflected Cross-Site Scripting in Asset CleanUp: Page Speed Booster WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WOOCS WordPress Plugin Reflected Cross-Site Scripting in LoginWP WordPress Plugin Reflected Cross-Site Scripting in Persian Woocommerce WordPress Plugin Reflected Cross-Site Scripting in Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress Plugin Arbitrary PHP Code Execution Vulnerability in Menu Item Visibility Control WordPress Plugin Unauthenticated SQL Injection in Registrations for the Events Calendar WordPress Plugin Cross-Site Scripting Vulnerability in Custom Dashboard & Login Page WordPress Plugin Unauthenticated User Data Leakage in LikeBtn WordPress Plugin Unauthenticated SQL Injection in Modern Events Calendar Lite WordPress Plugin Arbitrary File Read Vulnerability in RVM WordPress Plugin Unauthenticated Information Disclosure in Plus Addons for Elementor - Pro WordPress Plugin SQL Injection Vulnerability in WP Search Filters Widget of The Plus Addons for Elementor - Pro WordPress Plugin Insight Core WordPress Plugin Vulnerability: Unauthenticated PHP Object Injection and Stored XSS SQL Injection Vulnerability in LearnPress WordPress Plugin SQL Injection Vulnerability in Conversios.io WordPress Plugin Reflected Cross-Site Scripting in Advanced iFrame WordPress Plugin Reflected Cross-Site Scripting in User Registration, Login Form, User Profile & Membership WordPress Plugin Reflected Cross-Site Scripting in User Registration, Login Form, User Profile & Membership WordPress Plugin Reflected Cross-Site Scripting in Blog2Social WordPress Plugin SQL Injection Vulnerability in Advanced Page Visit Counter WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Meks Easy Photo Feed Widget WordPress Plugin SQL Injection Vulnerability in WP Email Users WordPress Plugin WordPress File Upload Plugin Cross-Site Scripting Vulnerability Cross-Site Scripting Vulnerability in WordPress File Upload Plugin Arbitrary Code Execution via Path Traversal in WordPress File Upload Plugin Reflected Cross-Site Scripting in LiteSpeed Cache WordPress Plugin Unauthenticated Cross-Site Scripting (XSS) via LiteSpeed Cache WordPress Plugin Cross-Site Scripting Vulnerability in Five Star Restaurant Reservations WordPress Plugin Arbitrary File Deletion Vulnerability in Error Log Viewer WordPress Plugin Cross-Site Scripting Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin Unauthenticated User Can Create FAQ and FAQ Questions in Ultimate FAQ WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WordPress Download Manager Plugin Local File Inclusion Vulnerability in All-in-One Video Gallery WordPress Plugin Vulnerability: Cross-Site Scripting (XSS) and Unauthorized Settings Modification in WP Responsive Menu WordPress Plugin Unescaped Settings Vulnerability in Pixel Cat WordPress Plugin Cross-Site Scripting Vulnerability in Site Reviews WordPress Plugin Stored Cross-Site Scripting Vulnerability in Product Feed PRO for WooCommerce WordPress Plugin Unauthenticated Stored Cross-Site Scripting in NextScripts: Social Networks Auto-Poster WordPress Plugin Reflected Cross-Site Scripting in Smart SEO Tool WordPress Plugin Unauthenticated Arbitrary CSS and Stored XSS Vulnerability in Use Any Font WordPress Plugin Unauthenticated Arbitrary Post Deletion in OSMapper WordPress Plugin Reflected Cross-Site Scripting in Paid Memberships Pro WordPress Plugin Reflected Cross-Site Scripting in Gwolle Guestbook WordPress Plugin Cross-Site Request Forgery to Remote File Upload Vulnerability in Directorist WordPress Plugin Reflected Cross-Site Scripting in Child Theme Generator WordPress Plugin Reflected Cross-Site Scripting in Asset CleanUp: Page Speed Booster WordPress Plugin Reflected Cross-Site Scripting in WPFront User Role Editor WordPress Plugin Reflected Cross-Site Scripting in Easy Forms for Mailchimp WordPress Plugin Reflected Cross-Site Scripting in Post Grid WordPress Plugin Reflected Cross-Site Scripting in Social Share, Social Login and Social Comments Plugin for WordPress Stored XSS vulnerability in WP RSS Aggregator WordPress Plugin CSRF Vulnerability in Accept Donations with PayPal WordPress Plugin Reflected Cross-Site Scripting in WooCommerce PDF Invoices & Packing Slips WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Smart Floating / Sticky Buttons WordPress Plugin Unauthenticated User Access and Arbitrary Product Manipulation in Ultimate Product Catalog WordPress Plugin Stored Cross-Site Scripting Vulnerability in Migration, Backup, Staging WordPress Plugin Cross-Site Scripting Vulnerability in HTML5 Responsive FAQ WordPress Plugin Reflected Cross-Site Scripting in IDPay for Contact Form 7 WordPress Plugin Unauthenticated Access and Information Disclosure in WP Guppy WordPress Plugin Insecure Password Generation in Simple JWT Login WordPress Plugin Reflected Cross-Site Scripting in Booster for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Booster for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Booster for WooCommerce WordPress Plugin Unauthenticated Access to Orders Data in Tipsacarrier WordPress Plugin Remote Code Execution (RCE) Vulnerability in WPCargo Track & Trace WordPress Plugin Arbitrary File Download Vulnerability in SEUR Oficial WordPress Plugin Unsanitized Settings in SEUR Oficial WordPress Plugin 1.7.0 Allow Cross-Site Scripting Attacks Reflected Cross-Site Scripting in MOLIE WordPress Plugin Unvalidated Post Parameter SQL Injection in MOLIE WordPress Plugin Reflected Cross-Site Scripting in Code Snippets WordPress Plugin CorreosExpress WordPress Plugin Exposes Sensitive User Data in Publicly Accessible Log Files CSRF and Stored XSS Vulnerabilities in Post Snippets WordPress Plugin Vulnerability: Arbitrary Post Deletion and Settings Modification in Maps Plugin for WordPress Reflected Cross-Site Scripting Vulnerability in Pz-LinkCard WordPress Plugin Arbitrary Post Deletion Vulnerability in Qubely WordPress Plugin Stored Cross-Site Scripting Vulnerability in Ibtana WordPress Plugin Reflected Cross-Site Scripting in myCred WordPress Plugin before 2.4 Reflected Cross-Site Scripting in Chaty WordPress Plugin Reflected Cross-Site Scripting in Tutor LMS WordPress Plugin Arbitrary Settings and Stored XSS Vulnerability in PPOM for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Squirrly SEO WordPress Plugin Arbitrary Folder Deletion Vulnerability in CAOS | Host Google Analytics Locally WordPress Plugin Arbitrary Folder Deletion Vulnerability in OMGF WordPress Plugin Reflected Cross-Site Scripting in UpdraftPlus WordPress Backup Plugin SQL Injection Vulnerability in Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress Plugin Reflected Cross-Site Scripting Vulnerability in EventCalendar WordPress Plugin Insufficient Authorization and CSRF Checks in EventCalendar WordPress Plugin Allow Unauthorized Event Creation Cross-Site Scripting Vulnerability in Patreon WordPress Plugin Reflected Cross-Site Scripting in PowerPack Addons for Elementor WordPress Plugin Arbitrary Redirect Vulnerability in Event Tickets WordPress Plugin Unsanitized Course Module Input in CLUEVO LMS Plugin Allows Cross-Site Scripting Attacks SQL Injection Vulnerability in Events Made Easy WordPress Plugin Reflected Cross-Site Scripting in Image Hover Effects Ultimate WordPress Plugin Arbitrary Blog Options Update and Administrator Role Escalation Vulnerability in PublishPress Capabilities WordPress Plugin Open Redirect Vulnerability in WordPress Newsletter Plugin Reflected Cross-Site Scripting Vulnerability in WP User WordPress Plugin Reflected Cross-Site Scripting in WP Time Capsule WordPress Plugin Privilege Escalation Vulnerability in All in One SEO WordPress Plugin Authenticated SQL Injection Vulnerability in All in One SEO WordPress Plugin Reflected Cross-Site Scripting in WordPress Multisite User Sync/Unsync Plugin Reflected Cross-Site Scripting in WordPress Multisite Content Copier/Updater Plugin Reflected Cross-Site Scripting in Booking Calendar WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Photo Gallery by 10Web WordPress Plugin Vulnerability: Unauthenticated IP Address Exclusion and Cross-Site Scripting in WP Visitor Statistics Plugin Reflected Cross-Site Scripting in WOOCS WordPress Plugin (<= 1.3.7.3) Reflected Cross-Site Scripting in Cryptocurrency Pricing List and Ticker WordPress Plugin SQL Injection Vulnerability in Asgaros Forum WordPress Plugin Stored XSS Vulnerability in Modern Events Calendar Lite WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in 10Web Social Photo Feed WordPress Plugin Arbitrary Profile Creation and Cross-Site Scripting Vulnerability in KingComposer WordPress Plugin Cross-Site Scripting Vulnerability in Mobile Events Manager WordPress Plugin Cross-Site Scripting Vulnerability in Remove Footer Credit WordPress Plugin Arbitrary File Inclusion and Remote Code Execution Vulnerability in Modal Window WordPress Plugin Arbitrary File Inclusion and Remote Code Execution Vulnerability in Button Generator WordPress Plugin Arbitrary File Inclusion Vulnerability in WP Coder WordPress Plugin (CSRF RCE) Authenticated SQL Injection in WPcalc WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in FeedWordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Ninja Forms Contact Form WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) in Translation Exchange WordPress Plugin Authenticated Stored Cross Site Scripting (XSS) Vulnerability in Buffer Button WordPress Plugin Privilege Escalation Vulnerability in Download Plugin WordPress Plugin Unauthenticated Access and Stored XSS Vulnerabilities in Five Star Business Profile and Schema WordPress Plugin Reflected XSS Vulnerability in WP Booking System WordPress Plugin Reflected Cross-Site Scripting in Orders Tracking for WooCommerce WordPress Plugin Reflected Cross-Site Scripting in Skins for Contact Form 7 WordPress Plugin Authenticated SQL Injection in Wow Countdowns WordPress Plugin Reflected XSS Vulnerability in Smash Balloon Social Post Feed WordPress Plugin Unsanitized Data Import Vulnerability in Ninja Forms Contact Form WordPress Plugin Reflected XSS Vulnerability in Landing Page Builder WordPress Plugin SQL Injection Vulnerability in Sync WooCommerce Product Feed to Google Shopping WordPress Plugin SQL Injection and Reflected Cross-Site Scripting Vulnerability in Download Manager WordPress Plugin SQL Injection Vulnerability in Block Bad Bots WordPress Plugin Reflected Cross-Site Scripting in WordPress Plugin through 2.0.1 CSRF Vulnerability in NextScripts: Social Networks Auto-Poster WordPress Plugin CSRF Vulnerability in WP125 WordPress Plugin Allows Unauthorized Deletion of Ads Open Redirect Vulnerability in WebP Converter for Media WordPress Plugin Stored Cross-Site Scripting and CSRF Vulnerability in Duplicate Page or Post WordPress Plugin SQL Injection and Reflected Cross-Site Scripting Vulnerability in WP User Frontend WordPress Plugin Reflected Cross-Site Scripting in Store Toolkit for WooCommerce WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Affiliates Manager WordPress Plugin Unsanitized Parameters in Contact Form Entries WordPress Plugin Cross-Site Scripting Vulnerability in Contact Form Entries WordPress Plugin CSRF Vulnerability in Maps Plugin for WordPress Allows Arbitrary Post Deletion and Settings Modification Local File Inclusion and Remote Code Execution Vulnerability in Popup Builder WordPress Plugin Reflected Cross-Site Scripting in Registrations for the Events Calendar WordPress Plugin Unauthenticated User Authorization Bypass in Advanced Cron Manager WordPress Plugin Reflected Cross-Site Scripting in WOOF WordPress Plugin (<=1.2.6.3) Cross-Site Scripting Vulnerability in Advanced Page Visit Counter WordPress Plugin Unauthenticated Access to Sensitive Information in Download Manager WordPress Plugin Cross-Site Scripting Vulnerability in XML Sitemaps WordPress Plugin Reflected Cross-Site Scripting in UpdraftPlus WordPress Backup Plugin Vulnerability: Unauthenticated AJAX Actions and Cross-Site Scripting in Portfolio Gallery Plugin Reflected Cross-Site Scripting in Link Library WordPress Plugin CSRF Vulnerability in Link Library WordPress Plugin Allows Arbitrary Settings Reset Unauthenticated Arbitrary Link Deletion Vulnerability in Link Library WordPress Plugin Unauthenticated File Upload and PHP Shell Execution Vulnerability in Tatsu WordPress Plugin IP2Location Country Blocker WordPress Plugin Allows Arbitrary Country Blocking Bypassing IP2Location Country Blocker WordPress Plugin 2.26.5 Vulnerability: Inadequate Authorization and CSRF Check in LabTools WordPress Plugin Allows Arbitrary Publication Deletion CSRF Vulnerability in Pricing Tables WordPress Plugin Allows Arbitrary Post Removal Reflected Cross-Site Scripting in GiveWP WordPress Plugin before 2.17.3 Reflected Cross-Site Scripting in GiveWP WordPress Plugin (<=2.17.3) Reflected Cross-Site Scripting Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin Arbitrary Redirect and Cross-Site Scripting Vulnerability in All In One WP Security & Firewall Plugin Reflected Cross-Site Scripting in Translate WordPress with GTranslate WordPress Plugin Reflected Cross-Site Scripting in Ocean Extra WordPress Plugin before 1.9.5 Cross-Site Scripting Vulnerability in Ivory Search WordPress Plugin Vulnerability: Unauthenticated User Update and Stored Cross-Site Scripting in WPLegalPages WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Form Store to DB WordPress Plugin CSRF Vulnerability in IP2Location Country Blocker WordPress Plugin SQL Injection and Cross-Site Scripting (XSS) Vulnerability in Futurio Extra WordPress Plugin User Email Address Extraction Vulnerability in Futurio Extra WordPress Plugin Open Redirect Vulnerability in English WordPress Admin WordPress Plugin Reflected Cross-Site Scripting in WHMCS Bridge WordPress Plugin Vulnerability: Unauthenticated Settings Modification and Stored XSS in Dropdown Menu Widget WordPress Plugin SQL Injection Vulnerability in Paid Memberships Pro WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WP Photo Album Plus WordPress Plugin Arbitrary Asset Deletion and Post Manipulation Vulnerability in Enqueue Anything WordPress Plugin Unsanitized postratings_image Parameter in WP-PostRatings Plugin Yoast SEO WordPress Plugin Path Disclosure Vulnerability Arbitrary File Upload and Remote Code Execution Vulnerability in AGIL WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Easy Social Feed WordPress Plugins Denial of Service Vulnerability in Rating by BestWebSoft WordPress Plugin Apache Tomcat Vulnerability: Request Header and Body Duplication in h2c Connection Handling Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline Server BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline BMC Firmware Local Path Traversal Vulnerability in HPE Cloudline BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Local Buffer Overflow Vulnerability in HPE Cloudline Server BMC Firmware Title: Remote Code Execution Vulnerability in HPE Moonshot Provisioning Manager v1.20 Remote Code Execution and Directory Traversal Vulnerability in HPE Moonshot Provisioning Manager v1.20 Title: HPE and Aruba L2/L3 Switch Firmware Vulnerability: Local Denial of Service Exploitation Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Aruba Instant Access Point (IAP) Remote Denial of Service (DoS) Vulnerability Aruba Instant Access Point Remote Buffer Overflow Vulnerability Aruba Instant Access Point (IAP) Remote Unauthorized Disclosure of Information Vulnerability Aruba Instant Access Point (IAP) Remote Command Execution Vulnerability Aruba AirWave Management Platform Remote Authentication Restriction Bypass Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point Remote Buffer Overflow Vulnerability Aruba Instant Access Point (IAP) Products Remote Command Execution Vulnerability Aruba AirWave Management Platform Remote Insecure Deserialization Vulnerability Aruba AirWave Management Platform Remote Insecure Deserialization Vulnerability Aruba AirWave Management Platform Remote SQL Injection Vulnerability Aruba AirWave Management Platform Remote Escalation of Privilege Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary Directory Create Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Read Vulnerability Aruba Instant Access Point (IAP) Products Remote Arbitrary File Read Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point (IAP) Remote Arbitrary File Modification Vulnerability Aruba Instant Access Point (IAP) Products Remote XSS Vulnerability Aruba Instant Access Point (IAP) Remote Command Execution Vulnerability Aruba AirWave Management Platform Remote XML External Entity Vulnerability Aruba AirWave Management Platform Remote XML External Entity Vulnerability Aruba AirWave Management Platform Remote XML External Entity Vulnerability Aruba AirWave Management Platform Remote Unauthorized Access Vulnerability Aruba AirWave Management Platform Remote Unauthorized Access Vulnerability Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Command Injection Vulnerability in HPE Apollo 70 System BMC Firmware Memory Allocation Vulnerability in Open Design Alliance Drawings SDK Memory Corruption Vulnerability in Open Design Alliance Drawings SDK Type Conversion Issue in Open Design Alliance Drawings SDK Allows for Denial of Service Attack NULL Pointer Dereference Vulnerability in Open Design Alliance Drawings SDK Type Confusion Vulnerability in Open Design Alliance Drawings SDK Stack-based Buffer Overflow Vulnerability in Open Design Alliance Drawings SDK SolarWinds Serv-U before 15.2 Vulnerability: Cross Site Scripting (XSS) via HTTP Host Header Windows PKU2U Privilege Escalation Vulnerability Arbitrary Code Injection via Search Parameter in SourceCodester Content Management System v 1.0 Arbitrary Code Execution via File Upload in SourceCodester Learning Management System v1.0 SQL Injection Vulnerability in Learning Management System v1.0: Remote Code Execution and Database Information Disclosure SQL Injection Vulnerability in SourceCodester Sales and Inventory System v1.0 Arbitrary Code Execution via File Upload in Victor CMS v1.0 Arbitrary Web Script Injection Vulnerability in SourceCodester E-Commerce Website v 1.0 SQL Injection Vulnerability in SourceCodester E-Commerce Website V 1.0: Arbitrary SQL Statement Execution via empViewUpdate.php Arbitrary Code Execution via File Upload in SourceCodester Responsive Ordering System v1.0 Arbitrary Code Execution via File Upload in SourceCodester E-Commerce Website v1.0 Arbitrary Code Execution via File Upload in SourceCodester Travel Management System v1.0 SQL Injection Vulnerability in SourceCodester Theme Park Ticketing System v1.0 Arbitrary Code Execution via File Upload in SourceCodester Alumni Management System v1.0 Arbitrary Code Execution via File Upload in SourceCodester Ordering System v1.0 SQL Injection Vulnerability in SourceCodester Alumni Management System v1.0 via id parameter in manage_event.php SQL Injection Vulnerability in SourceCodester Travel Management System v1.0 via catid Parameter in subcat.php BIND IXFR Malformed Packet Vulnerability BIND Denial of Service Vulnerability Vulnerability in BIND Servers with GSS-TSIG Configuration Vulnerability: Crash and Improper Lease Deletion in ISC DHCP BIND 9.16.19, 9.17.16, and 9.16.19-S1 Vulnerability: Assertion Check Failure BIND Vulnerability: Degradation in Resolver Performance due to Flawed Response Processing BIND DNS Server Cache Poisoning Vulnerability Memory Exhaustion Vulnerability in Trend Micro ServerProtect for Linux 3.0 Allows Local Denial-of-Service Memory Exhaustion Vulnerability in Trend Micro ServerProtect for Linux 3.0 Allows Local Denial-of-Service Attack Memory Exhaustion Vulnerability in Trend Micro ServerProtect for Linux 3.0 Memory Exhaustion Vulnerability in Trend Micro Antivirus for Mac 2021 (Consumer) Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Allows Unauthorized Access to Hotfix History Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Server-Side Request Forgery (SSRF) Information Disclosure Vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One (On-Prem): Unauthorized Access to Managing Port Information Improper Access Control Information Disclosure Vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 Allows Unauthorized Access to x86 Agent Hotfix Information Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1: Unauthorized Access to x64 Agent Hofitx Information Server-Side Request Forgery (SSRF) Information Disclosure Vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1: Unauthorized Access to Version and Build Information Improper Access Control Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1: Unauthorized Patch Level Information Disclosure Improper Access Control Vulnerability in Worry-Free Business Security 10.0 SP1 Allows Unauthorized Access to Configuration Information Improper Access Control Vulnerability in Worry-Free Business Security 10.0 SP1 Improper Access Control Information Disclosure Vulnerability in Trend Micro Products DLL Hijacking Vulnerability in Trend Micro HouseCall for Home Networks Out-of-Bounds Read Information Disclosure Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security Privilege Escalation Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, and Worry-Free Business Security Privilege Escalation Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Code Injection Vulnerability in Trend Micro Security 2020 and 2021: Disabling Password Protection and Protection Disabling Memory Exhaustion Vulnerability in Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) Privilege Escalation Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Yandex Browser for Windows Local Privilege Escalation Vulnerability Yandex Browser for Windows Local Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in Sophos Endpoint Products for MacOS Remote Code Execution Vulnerability in Sophos Connect Client (Versions prior to 2.1) Insecure Data Storage Vulnerability in Sophos Authenticator and Intercept X for Mobile Sophos Firewall Webadmin Privilege Escalation XSS Vulnerability XSS Vulnerabilities in Webadmin: Privilege Escalation in Sophos Firewall Unquoted Service Path Vulnerability in Sophos Intercept X Advanced and Sophos Exploit Prevention Arbitrary Code Execution with Administrator Privileges in HitmanPro.Alert (Build 901 and earlier) Arbitrary File Read/Write Vulnerability in HitmanPro (Build 318 and earlier) Stored XSS Vulnerability in Sophos UTM (before version 9.706) Allows Administrator-Level Execution in Quarantined Email Detail View Remote Arbitrary Code Execution in SolarWinds Orion Platform SolarWinds Orion Platform Database Credential Disclosure Vulnerability SolarWinds Serv-U Directory Traversal and Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in FTAPI 4.0 - 4.10 File Submission Component Cross-Site Scripting (XSS) Vulnerability in FTAPI 4.0 - 4.10 Background Image Upload Feature Remote Code Execution via Unauthorized Wheel Modules in SaltStack Salt Directory Traversal Vulnerability in SaltStack Salt's salt.wheel.pillar_roots.write Method Server Side Template Injection Vulnerability in SaltStack Salt Credentials Leakage in SaltStack Salt Out-of-Bounds Read Vulnerability in Pillow's J2kDecode Out-of-Bounds Read Vulnerability in Pillow's J2kDecode Heap-based Buffer Overflow in TiffDecode when Decoding Crafted YCbCr Files Negative-offset memcpy with invalid size in TiffDecode.c Out-of-Bounds Read Vulnerability in Pillow's TiffDecode.c Regular Expression Denial of Service (ReDoS) Vulnerability in Pillow PDF Parser Out-of-Bounds Read Vulnerability in Pillow's SGIRleDecode.c Remote Code Execution in OpenCATS through 0.9.5-3 via Unsafe Deserialization Multiple Cross-site Scripting (XSS) Vulnerabilities in OpenCATS through 0.9.5-3 OS Command Injection in Nagios XI version xi-5.7.5 OS Command Injection in Nagios XI version xi-5.7.5 OS Command Injection in Nagios XI version xi-5.7.5 via cloud-vm.inc.php Cross-Site Scripting (XSS) Vulnerability in Nagios XI version xi-5.7.5 Buffer Overflow Vulnerability in Gigaset DX600A v41.00-175: Remote Reboot Exploit Lack of Lockout and Throttling Functionality in Gigaset DX600A v41.00-175 Telnet Administrator Service Remote Command Execution in Belkin Linksys WRT160NL 1.0.04.002_US_20130619 Directory Traversal Vulnerability in HTCondor's condor_credd User Impersonation Vulnerability in HTCondor IDTOKENS Authentication Method Cross-site Scripting (XSS) Vulnerability in Rancher Versions Prior to 2.5.6 Insecure Permissions Vulnerability in hawk2 of SUSE Linux Enterprise High Availability CWE-287: Improper Authentication in SUSE Linux Enterprise Server 15 SP 3 and openSUSE Tumbleweed Insecure Temporary File Vulnerability in s390-tools: Disrupting VM Live Migrations Incorrect Default Permissions Vulnerability in CUPS Packaging of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory Improper Permission Assignment in Rancher Allows Unauthorized Resource Modification Privilege Escalation Vulnerability in openSUSE Factory VirtualBox Improper Access Control in Rancher Allows Unauthorized Cloud Provider Requests UNIX Symbolic Link (Symlink) Following Vulnerability in arpwatch: Local Privilege Escalation Privilege Escalation Vulnerability in python-HyperKitty of openSUSE Leap 15.2 and Factory Insecure Password Change Process in MISP 2.4.136 Stored XSS Vulnerability in MISP 2.4.136 Galaxy Cluster View XSS Vulnerability in MISP 2.4.136 via Galaxy Cluster Element Values Incorrect Access Control Vulnerability in Skyworth Digital Technology RN510 V.3.1.0.4: Disclosure of SSID and Web UI Passwords Cross-Site Request Forgery (CSRF) Vulnerability in Skyworth Digital Technology RN510 V.3.1.0.4 Buffer Overflow Vulnerability in Skyworth Digital Technology RN510 V.3.1.0.4: Potential DoS and Code Execution Incomplete Fix for CVE-2020-9484 in Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 Unauthenticated Provider Hijacking Vulnerability in MobileWips Application (SMR Feb-2021 Release 1) Unauthorized Access to Balance Information in Samsung Pay Mini Application Unauthorized Access to Contacts Information in Samsung Pay Mini Application Unauthorized Access to Balance Information in Samsung Pay Mini Application Denial of Service Vulnerability in Samsung Mobile Devices' Wallpaper Service Cocktailbar Service Vulnerability: Unauthorized Access to Hidden Notification Contents on Lockscreen Improper Access Control in NotificationManagerService on Samsung Mobile Devices Clipboard Service Vulnerability in Samsung Mobile Devices Memory Write Vulnerability in RKP EL2 Memory Region in Samsung Mobile Devices Address Validation Vulnerability in HArx Allows Memory Corruption in Samsung Mobile Devices Improper Access Control Vulnerability in Samsung Keyboard: Arbitrary Settings Modification Unauthenticated Provider Hijacking Vulnerability in S Assistant (prior to version 6.5.01.22) SMP SDK Prior to Version 3.0.9 Vulnerability: Unauthorized Actions and Denial of Service Attack via Provider Hijacking Vulnerability: Unauthorized Actions and Denial of Service Attack in Samsung Members Unauthenticated Access to Device Serial Number in knox_custom Service Kernel Panic Vulnerability in hwcomposer: Unsupported Format during Video Format Conversion Arbitrary Memory Overwrite Vulnerability in Quram Library (SMR Jan-2021 Release 1) Allows Arbitrary Code Execution Critical Hijacking Vulnerability in Samsung Email App Prior to SMR Feb-2021 Release 1 Unauthorized Access to Internal Storage in Samsung Internet (CVE-2021-25356) Hijacking PendingIntent Vulnerability in Slow Motion Editor (prior to version 3.5.18.5) Samsung Account Information Exposure Vulnerability Improper Access Control in EmailValidationView in Samsung Account: Unauthorized Account Logout Vulnerability Bixby Voice Implicit Intent Hijacking Vulnerability Hijacking PendingIntent in Galaxy Themes Allows Unauthorized Access to Private File Directories Improper Input Check in Samsung Internet: Exploiting Non-Exported Activity via Malicious Deeplink Hijacking PendingIntent Vulnerability in Samsung Notes (prior to version 4.2.00.22) Improper Caller Check Vulnerability in Managed Provisioning Allows Unauthorized Application Installation and Device Admin Privileges PendingIntent Hijacking Vulnerability in Create Movie App Allows Unauthorized Access to Contact Information Improper Storage of IMSI Values in SMR APR-2021 Release 1: Local Unauthorized Access Vulnerability Local Privilege Escalation Vulnerability in SELinux Policy Arbitrary Code Execution Vulnerability in libswmfextractor Library Improper Access Control Vulnerability in stickerCenter Allows Local Attackers to Read/Write Arbitrary System Files Vulnerability: Improper Permission Management in CertInstaller Allows Untrusted Applications to Delete Local Files Improper Access Control in ActivityManagerService Allows Unauthorized Process Access and File Deletion Secure Folder PendingIntent Hijacking Vulnerability: Unauthorized Access to Contact Information Improper Exception Control in softsimd: Unprivileged API Access Vulnerability Bypassing Secret Mode Authentication in Samsung Internet Prior to Version 13.2.1.70 Path Traversal Vulnerability in Samsung Notes: Unauthorized Access to Local Files Samsung Cloud Hijacking Vulnerability: Intercepting Provider Execution in Versions Prior to 4.7.0.3 Improper Access Control Vulnerability in sec_log File Exposes Sensitive Kernel Information File Descriptor Handling Vulnerability in DPU Driver Prior to SMR Mar-2021 Release 1 Arbitrary ELF Library Loading Vulnerability in DSP Driver Boundary Check Vulnerability in DSP Driver: Out-of-Bounds Memory Access Hijacking Vulnerability in Customization Service Prior to Android R(11.0) Improper Authorization Vulnerability in Samsung Members samsungrewards Scheme Allows Unauthorized Access to User Data Predictable Index Vulnerability in Samsung Email Allows Remote Access to Attachments Improper Synchronization Logic in Samsung Email Allows Plain Text Message Leakage Intent Redirection Vulnerability in Samsung Experience Service Remote Denial of Service Vulnerability in SmartThings (prior to version 1.7.63.6) due to Improper Access Control Intent Redirection Vulnerability in Gallery Prior to Version 5.4.16.1: Exploiting Privileged Actions Bixby Prior to Version 3.0.53.02 Vulnerability: Unauthorized Execution of User-Registered Actions Hijacking Vulnerability in Samsung Account PendingIntent Debugging Command Vulnerability in Secure Folder Allows Unauthorized Access to Contents Arbitrary Code Execution Vulnerability in libsapeextractor Library Arbitrary Code Execution Vulnerability in libsdffextractor Library Arbitrary Code Execution Vulnerability in libsdffextractor Library Arbitrary Code Execution Vulnerability in libsdffextractor Library Arbitrary Code Execution Vulnerability in libsflacextractor Library Arbitrary App Installation Vulnerability in Knox Core prior to SMR MAY-2021 Release 1 S Secure Vulnerability: Unauthorized Access to Locked Apps without Authentication Intent Redirection Vulnerability in PhotoTable: Exploiting Privileged Actions Intent Redirection Vulnerability in Secure Folder: Exploiting Privileged Actions Improper Protection of Backup Path Configuration in Samsung Dex: Local Attackers Exploit Vulnerability to Access Sensitive Information Local Privilege Escalation in SecSettings: Exploiting Improper Sanitization of Incoming Intent Race Condition Exploit in MFC Charger Driver: Arbitrary Write via Use After Free Vulnerability Race Condition Vulnerability in MFC Charger Driver Allows Signature Check Bypass Arbitrary Memory Write and Code Execution Vulnerability in NPU Firmware Improper Access Control Vulnerability in TelephonyUI Allows Arbitrary File Writing Intent Redirection Vulnerability in Bixby Voice: Unauthorized Access to Contacts File Access Vulnerability in Smart Manager prior to version 11.0.05.0 Intent Redirection Vulnerability in Samsung Internet: Privileged Action Execution Intent Redirection Vulnerability in Samsung Health Prior to Version 6.16: Exploiting Privileged Actions Samsung Notes Information Exposure Vulnerability Intent Redirection Vulnerability in Samsung Account Allows Unauthorized Access to Contacts and File Provider SmartThings Information Exposure Vulnerability: Unauthorized Access to User Information via Log Improper Access Control Vulnerability in Samsung Notes Allows Unauthorized File Access Gear S Plugin Information Exposure Vulnerability Arbitrary Memory Write Vulnerability in NPU Driver Prior to SMR JUN-2021 Release 1 Buffer Overflow Vulnerability in NPU Driver: Arbitrary Memory Write and Code Execution Notification Spoofing Vulnerability Arbitrary File Access Vulnerability in CallBGProvider Prior to SMR JUN-2021 Release 1 Address Validation Vulnerability in RKP API Prior to SMR JUN-2021 Release 1: Exploiting Read-Only Kernel Memory Write Access Improper Access Control Vulnerability in GenericSSOService Allows Local Attackers to Execute Protected Activity with System Privilege via Untrusted Applications Unsanitized Intent Vulnerability in Samsung Contacts Allows Unauthorized Data Access Arbitrary File Copy/Overwrite Vulnerability in Samsung Contacts Improper Address Validation in RKP Allows Local Attackers to Remap EL2 Memory as Writable Improper Address Validation in RKP Allows Creation of Executable Kernel Page Outside Code Area Unauthorized Access to Internal Storage in SDP SDK Prior to SMR JUN-2021 Release 1 Improper Component Protection Vulnerability in Samsung Internet: Arbitrary Activity Execution URL Spoofing Vulnerability in Samsung Internet Prior to Version 14.0.1.62 Wi-Fi Password Leakage Vulnerability in Galaxy Watch PlugIn Wi-Fi Password Leakage Vulnerability in Galaxy Watch3 PlugIn Wi-Fi Password Leakage Vulnerability in Watch Active PlugIn Wi-Fi Password Leakage Vulnerability in Watch Active2 PlugIn Critical Bluetooth Takeover Vulnerability in Tizen bluetooth-frwk Improper Check Vulnerability in Samsung Health: Unauthorized Access to Internal Cache Data Improper Component Protection Vulnerability in Samsung Message App Allows Unauthorized Access to Message Files Unauthenticated Access to Paired Device Information via SQL Injection in Bluetooth (SMR July-2021 Release 1) Untrusted Applications Exploit Dangerous Permissions in PackageManager Vulnerability Bluetooth Privilege Escalation Vulnerability Bluetooth Application Vulnerability: Unauthorized Access to Bluetooth Information Improper Access Control Vulnerability in Cameralyzer Samsung Members Information Exposure Vulnerability Tizen Factory Reset Policy Vulnerability: Unauthorized Factory Reset via dbus Signal Arbitrary Code Execution Vulnerability in Tizen Bootloader Prior to JUL-2021 Firmware Update Arbitrary Code Execution Vulnerability in Tizen Bootloader Prior to JUL-2021 Firmware Update Arbitrary Code Execution Vulnerability in Tizen FOTA Service via Samsung Accessory Protocol Arbitrary Code Execution Vulnerability in Tizen FOTA Service Prior to JUL-2021 Firmware Update Local File Inclusion Vulnerability in Samsung Members App Improper Access Control Vulnerability in Samsung Members App Allows Arbitrary Webpage Loading FactoryCameraFB: Improper Access Control Vulnerability AR Emoji Editor Arbitrary File Access Vulnerability KME Module Vulnerability: Bypassing Knox Manage Authentication Use After Free Vulnerability in conn_gadget Driver: Exploiting SMR AUG-2021 Release 1 IV Reuse Vulnerability in Keymaster: Decryption of Custom Keyblob with Privileged Process Unprotected Component Vulnerability: Unauthorized Access to Internal Files in Samsung Internet Arbitrary Webpage Loading Vulnerability in SmartThings Local File Inclusion Vulnerability in SmartThings (prior to version 1.7.67.25) Allows Untrusted Applications to Access Webview Arbitrary Webpage Loading Vulnerability in Smart Touch Call Arbitrary Code Execution Vulnerability in libsapeextractor Library Path Traversal Vulnerability in FactoryAirCommnadManger: Remote File Write via Socket IMSI Data Exposure: PendingIntent Hijacking Vulnerability in NetworkPolicyManagerService Improper Input Validation Vulnerability in DSP Driver Allows Permanent Denial of Service Improper Access Control in Bluetooth APIs: Untrusted Application Access to Bluetooth Information Remote DoS Vulnerability in libsaacextractor.so Library Arbitrary Address Access Vulnerability in libsaviextractor.so Library Arbitrary Address Execution via OOB Read Vulnerability in libswmfextractor.so Improper Input Validation Vulnerability in DSP Driver Allows Local Attackers to Obtain Limited Kernel Memory Information Memory Corruption Exploit: NULL Pointer Dereference Vulnerability in ION Driver Improper Access Control Vulnerability in sspInit() in BlockchainTZService Improper Access Control Vulnerability in sspExit() Allows Attackers to Terminate BlockchainTZService Stack-Based Buffer Overflow in APAService prior to SMR Sep-2021 Release 1 due to Improper Length Check SMR Sep-2021 Release 1 NPU Driver Vulnerability: NULL Pointer Dereference Leading to Memory Corruption Arbitrary Webpage Loading Vulnerability in PENUP (prior to version 3.8.00.18) Sensitive Information Leak Vulnerability in SamsungCapture 4.8.02 and Earlier Samsung Themes Vulnerability: Improper Scheme Check Enables Man-in-the-Middle Attack Samsung Internet Vulnerability: Man-in-the-Middle Attack Exploiting Improper Scheme Check Privilege Escalation via Buffer Overflow in Vision DSP Kernel Driver Widevine Trustlet Vulnerability: Arbitrary Memory Address Read Stack-Based Buffer Overflow Vulnerability in Widevine Trustlet Allows Arbitrary Code Execution Improper Caller Check Logic Vulnerability in TEEGRIS Secure OS Replay Attack Vulnerability in Security Mode Command Process: Denial of Service and Battery Depletion Risk Improper Access Control Vulnerability in BluetoothSettingsProvider: Untrusted Applications Can Overwrite Bluetooth Information Improper Exception Handling in SystemUI Allows Permanent Denial of Service Before Factory Reset Improper Exception Handling in SystemUI Allows Permanent Denial of Service Before Factory Reset Heap-Based Buffer Overflow Vulnerability in DSP Kernel Driver Prior to SMR Oct-2021 Release 1 Widevine TA Log Information Disclosure Vulnerability Mediatek RRC Protocol Stack Vulnerability: Modem Crash and Remote Denial of Service Exynos CP Chipset Stack-Based Buffer Overflow Vulnerability: Arbitrary Memory Write and Code Execution Exynos CP Chipset Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Memory Write and Code Execution Remote Denial of Service Vulnerability in Qualcomm Modem: Lack of Replay Attack Protection in GUTI REALLOCATION COMMAND Message Process Exynos CP Booting Driver Vulnerability: Bypassing Secure Memory Protector CMFA Framework Prior to SMR Oct-2021 Release 1: SQL Injection Vulnerability Allows Unauthorized Information Overwrite Out-of-Bounds Read Vulnerability in livfivextractor Library Touch Event Monitoring Vulnerability in InputManagerService Path Traversal Vulnerability in FactoryAirCommnadManger: Unauthorized File Write via BT Remote Socket Information Leakage Vulnerability in ipcdump Prior to SMR Oct-2021 Release 1 Buffer Overflow Vulnerability in Modem Interface Driver (SMR Oct-2021 Release 1) Out-of-Bounds Read Vulnerability in Modem Interface Driver's recv_data() Function Format String Bug in Modem Interface Driver: Vulnerability Exploitation via Radio Permission Keymaster Keyblob Downgrade Attack: Exploiting IV Reuse Vulnerability in Pre-SMR Oct-2021 Release 1 Memory Corruption Vulnerability in MFC Driver: NULL-Pointer Dereference Out-of-Bounds Read Vulnerability in Samsung Notes Library Out-of-Bounds Read Vulnerability in Samsung Notes Library Buffer Overflow Vulnerability in libSPenBase Library of Samsung Notes Heap Buffer Overflow Vulnerability in libSPenBase Library of Samsung Notes Buffer Overflow Vulnerability in maetd_dec_slice of libSPenBase Library in Samsung Notes Buffer Overflow Vulnerability in maetd_cpy_slice of libSPenBase Library in Samsung Notes Buffer Overflow Vulnerability in maetd_eco_cb_mode of libSPenBase Library in Samsung Notes Intent Redirection Vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store HDCP LDFW Vulnerability: Overwriting TZASC for TEE Compromise Improper Access Control Vulnerability in SCloudBnRReceiver Allows Untrusted Application to Call Protected Providers Insecure Storage of Sensitive Information in Property Settings: Unauthorized Access to ESN Value Arbitrary Code Execution Vulnerability in HDCP (SMR Nov-2021 Release 1) Intent Redirection Vulnerability in Group Sharing: Unauthorized Access to Contact Information Samsung Pass Vulnerability: Unauthorized App Access without Authentication Samsung Health Prior to 6.19.1.0001 Vulnerability: Non-existent Provider Access and Denial of Service Unauthorized Access to Secure Folder Notifications in Samsung Flow Mobile Application API Key Privilege Escalation Vulnerability in SmartThings (prior to 1.7.73.22) Arbitrary File Overwrite Vulnerability in Samsung Flow Windows Application Improper Validation Vulnerability in FilterProvider Allows Local Arbitrary Code Execution Arbitrary File Write Vulnerability in FilterProvider (SMR Dec-2021 Release 1) Telephony Improper Validation Vulnerability in SMR Dec-2021 Release 1 Unauthorized Access to Device Data on Lockscreen in Apps Edge Application Improper Intent Redirection Handling in Tags: Accessing Sensitive Information Vulnerability Improper Implicit Intent Usage in SemRewardManager Allows Unauthorized Access to BSSID Location Tracking Vulnerability in Exynos Baseband Arbitrary Code Execution Vulnerability in LDFW Prior to SMR Dec-2021 Release 1 Arbitrary Memory Write and Code Execution Vulnerability in LDFW and BL31 Improper Access Control Vulnerability in CPLC Prior to SMR Dec-2021 Release 1 Insecure Caller Check and Input Validation Vulnerabilities in SearchKeyword Deeplink Logic Insecure Caller Check Vulnerability in Samsung Internet 16.0.2 Insecure Storage of Sensitive Images in Smart Capture: Unauthorized Access Vulnerability Samsung Dialer Vulnerability: Unauthorized Access to Samsung Account ID Samsung Contacts App Vulnerability: Unauthorized Access to Samsung Account ID NFC Bypass Vulnerability in Samsung Pay (US only) prior to version 4.0.65 Intent Redirection Vulnerability in Samsung Blockchain Wallet: Privileged Action Execution Unauthenticated Access to Bill Pay and Recharge Menu in Samsung Pay (India) Prior to Version 4.1.77 Privilege Escalation Vulnerability in loolforkit Denylist Bypass Vulnerability in LibreOffice 7-1 and 7-0 Series Improper Certificate Validation in LibreOffice Allows Manipulation of Digital Signatures Improper Certificate Validation in LibreOffice Allows Bogus Signature Timestamp Insertion Improper Certificate Validation in LibreOffice 7.2 versions prior to 7.2.5 Apache Dubbo Open Redirect and SSRF Vulnerability Dubbo Server Serialization ID Tampering Vulnerability Arbitrary Command Execution in Apache Hadoop YARN's ZKConfigurationStore Credentials Leakage in Couchbase Server Authentication Information Leakage in Couchbase Server REST API Credential Leakage in Couchbase Server Arbitrary Code Execution in Apache Druid Stored XSS Vulnerability in Testes de Codigo Mobile Application v11.3 and Prior Vulnerability: Unauthorized Access to Administrative Interface and Premium Features in Testes de Codigo Mobile Application Information Disclosure Vulnerability in Avaya Aura Utility Services: Unauthorized Access to System Functionality and Configuration Avaya Aura Utility Services Privilege Escalation Vulnerability Avaya Aura Utility Services Privilege Escalation Vulnerability Local User Information Disclosure Vulnerability in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in Avaya Aura Device Services (Versions 7.0-8.1.4.0) URL Redirection Vulnerability in Avaya Aura Experience Portal Service Menu Component Stored XSS Injection Vulnerabilities in Avaya Aura Experience Portal Web Management Privilege Escalation Vulnerability in Avaya IP Office Admin Lite and USB Creator Denial-of-Service Vulnerability in Automation License Manager Out-of-Bounds Memory Access Vulnerability in SIMATIC HMI and WinCC Runtime Out-of-Bounds Memory Access Vulnerability in SIMATIC HMI and WinCC Runtime Denial-of-Service Vulnerability in SIMATIC HMI and WinCC Runtime Software IPv6 Extension Header Length Validation Vulnerability IPv6 Hop-by-Hop Extension Header Length Field Vulnerability Out-of-Bounds Write Vulnerability in Simcenter STAR-CCM+ Viewer (ZDI-CAN-13700) ARP Packet Denial-of-Service Vulnerability in SCALANCE W780 and W740 (IEEE 802.11n) Family Stack-Based Buffer Overflow Vulnerability in RUGGEDCOM and SCALANCE Devices Allows for Remote Code Execution Heap Write Out-of-Bounds Vulnerability in SCALANCE X-Series Devices Stack Overflow Vulnerability in SCALANCE X Series Network Devices Out-of-Bounds Write Vulnerability in Tecnomatix RobotExpert (ZDI-CAN-12608) ARP Packet Denial-of-Service Vulnerability in RWG1.M12 and RWG1.M8 (All versions < V1.16.16) Account Takeover Vulnerability in Mendix Forgot Password Appstore Module (All Versions < V3.2.1) Denial-of-Service Vulnerability in SIMATIC S7-PLCSIM V5.4 Denial-of-Service Vulnerability in SIMATIC S7-PLCSIM V5.4 Denial-of-Service Vulnerability in SIMATIC S7-PLCSIM V5.4 Multiple Failed SSH Authentication Attempts Vulnerability Leading to Temporary Denial-of-Service and Automatic Reboot Vulnerability: DNS Transaction ID Randomization Issue Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 (ZDI-CAN-12529) Vulnerability: Authenticated Stored XSS in AdTran Personal Phone Manager Software Vulnerability: Reflected Cross-Site Scripting (XSS) in AdTran Personal Phone Manager Software AdTran Personal Phone Manager 10.8.1 Software DNS Exfiltration Vulnerability Improper Parsing of /proc/pid/status File in get_pid_info() Function Improper Parsing of /proc/pid/stat File in get_starttime() Function FIFO Hanging Read Vulnerability in Apport Sensitive Password Logging in Teradici PCoIP Agents Remote Code Execution Vulnerability in Teradici PCoIP Soft Client Null Pointer Dereference Vulnerability in Teradici PCoIP Soft Client Insecure Logging of Sensitive Smart Card Data in Teradici's PCoIP Connection Manager and Security Gateway Null Pointer Dereference Vulnerability in Teradici PCoIP Agent Insecure DLL Validation in Teradici PCoIP Graphics Agent for Windows prior to 21.03 Privilege Escalation Vulnerability in Teradici PCOIP Software Agent's USB vHub Privilege Escalation Vulnerability in Teradici PCoIP Standard Agent Privilege Escalation Vulnerability in Teradici PCoIP Software Client Denial of Service Vulnerability in fUSBHub Driver of PCoIP Software Client Vulnerability: Bypassing Validating Admission Webhook for Node Updates in kube-apiserver Kube-proxy Vulnerability: Unintentional Traffic Forwarding to Local Processes Vulnerability: Pod Traffic Redirection to Private Networks in Kubernetes Kubernetes Java Client Library YAML Code Execution Vulnerability Kubernetes Vulnerability: Exploiting Confused Deputy Attack for Unauthorized Network Traffic Kubernetes Subpath Volume Mount Vulnerability Ingress-nginx Vulnerability: Unauthorized Access to Cluster Secrets via Custom Snippets Unsanitized Output Vulnerability in kubectl Ingress-nginx Vulnerability: Unauthorized Access to Ingress Controller Credentials Ingress-nginx Controller Credential Exposure Vulnerability Ingress-nginx Credential Exposure via Newline Bypass Privilege Escalation Vulnerability in Windows Container Workloads Session ID Exposure Vulnerability in JetBrains Code With Me Insecure HTTP Links in JetBrains IntelliJ IDEA: A Vulnerability Open Redirect Vulnerability in JetBrains Hub before 2020.1.12629 Insecure Deserialization in JetBrains IntelliJ IDEA: Local Code Execution Vulnerability Authentication Bypass Vulnerability in JetBrains Hub Allows Unauthorized Deletion of 2FA Settings Information Disclosure Vulnerability in JetBrains Hub Public API Birthday Attack Vulnerability in JetBrains Ktor SessionStorage Key HTTP Request Smuggling Vulnerability in JetBrains Ktor before 1.4.3 Default Weak Cipher Suites Enabled in JetBrains Ktor before 1.4.2 Code Injection Vulnerability in JetBrains PhpStorm before 2020.3 CSRF Vulnerability in JetBrains YouTrack before 2020.4.4701 via Attachment Upload Improper Resource Access Checks in JetBrains YouTrack before 2020.4.4701 Disclosure of Issue Existence in JetBrains YouTrack via Command Execution Improper Permissions Checking in JetBrains YouTrack Allows Unauthorized Attachment Actions YouTrack Administrator Attachment Access Vulnerability Server-Side Template Injection (SSTI) Vulnerability in JetBrains YouTrack before 2020.5.3123 Project Information Disclosure Vulnerability in JetBrains YouTrack Server Integration DoS Vulnerability in JetBrains TeamCity Reflected XSS Vulnerability in JetBrains TeamCity (pre-2020.2) GitHub Access Token Exposure in JetBrains TeamCity User Access Token Vulnerability in JetBrains TeamCity Exposure of ECR Token in JetBrains TeamCity Builds Parameters Improper Permission Check during Token Removal in JetBrains TeamCity (CVE-2020-26259) Improper Permission Checking in JetBrains TeamCity User Deletion SQL Injection Vulnerability in Baby Care System v1.0 via 'id' Parameter on contentsectionpage.php Arbitrary File Upload Vulnerability in Baby Care System 1.0 Allows Remote Command Execution Blind SQL Injection Vulnerability in Taocms v2.5Beta5's Article Search Function Blind SQL Injection Vulnerability in Taocms v2.5Beta5's Edit Article Function Cross-Site Scripting (XSS) Vulnerability in Taocms v2.5Beta5 via Component Management Column Remote Code Execution Vulnerability in QPDF 10.0.4 Multiple Stored XSS Vulnerabilities in House Rental and Property Listing 1.0 Register Module Stored XSS Vulnerabilities in Update Profile Module of Online Doctor Appointment System 1.0 Buffer Overflow Vulnerability in VideoLAN VLC Media Player 3.0.11's __Parse_indx Component Buffer Overflow Vulnerability in AVI_ExtractSubtitle Component of VideoLAN VLC Media Player 3.0.11 Out-of-Bounds Read Vulnerability in VideoLAN VLC Media Player 3.0.11 via Crafted .avi File NULL-pointer dereference vulnerability in Open function in avi.c of VideoLAN VLC Media Player 3.0.11 leading to denial of service (DOS) Arbitrary Code Execution Vulnerability in Bludit 3.13.1 Backup Plugin Physical Path Leakage Vulnerability in UCMS 1.5.0 XSS Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices via Crafted Values in 'src_dport_start', 'src_dport_end', and 'dest_port' Parameters Denial of Service Vulnerability in MERCUSYS Mercury X18G 1.0.5 Devices China Mobile An Lianbao WF-1 1.01 Command Injection Vulnerability Emby Server < 4.7.12.0 Login Bypass Vulnerability Emby Server < 4.6.0.50 XSS Vulnerability via Crafted GET Request Denial of Service Vulnerability in ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3 Remote Code Execution Vulnerability in ONLYOFFICE DocumentServer Remote Code Execution Vulnerability in ONLYOFFICE DocumentServer Heap Buffer Overflow Vulnerability in BMP Image Processing of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0 Arbitrary File Overwriting and Remote Code Execution in ONLYOFFICE DocumentServer Transaction Replay Vulnerability in Cosmos Network Ethermint <= v0.4.0 EVM Module Cross-Chain Transaction Replay Vulnerability in Cosmos Network Ethermint <= v0.4.0 Cache Lifecycle Inconsistency in Cosmos Network Ethermint <= v0.4.0: Exploitable Honeypot Contract Vulnerability Cache Lifecycle Inconsistency in Cosmos Network Ethermint <= v0.4.0: Enabling Arbitrary Mint Token Attacks Cross-Site Scripting (XSS) Vulnerability in MintHCM RELEASE 3.0.8 Import Function Weak Password Requirement Vulnerability in MintHCM RELEASE 3.0.8 Denial of Service Vulnerability in Moxa Camera VPort 06EC-2V Series Denial of Service Vulnerability in Moxa Camera VPort 06EC-2V Series Information Disclosure Vulnerability in Moxa Camera VPort 06EC-2V Series Information Disclosure Vulnerability in Moxa Camera VPort 06EC-2V Series Integer Underflow Vulnerability in Moxa Camera VPort 06EC-2V Series File Deletion Vulnerability in pcmt superMicro-CMS 3.11 via Crafted Image File Arbitrary Code Execution Vulnerability in pcmt superMicro-CMS 3.11 Default Password Vulnerability in Open5GS 2.1.3 Arbitrary File Fetch Vulnerability in node-red-contrib-huemagic 3.0.0 SQL Injection Vulnerability in AVideo/YouPHPTube 10.0 and Prior Reflected Cross-Site Scripting Vulnerabilities in AVideo/YouPHPTube 10.0 and Prior Reflected Cross-Site Scripting Vulnerabilities in AVideo/YouPHPTube 10.0 and Prior Insecure File Write Vulnerability in AVideo/YouPHPTube 10.0 and Prior Reflected Cross-Site Scripting Vulnerabilities in AVideo/YouPHPTube 10.0 and Prior Stored Cross-Site Scripting (XSS) Vulnerability in Magnolia CMS 6.1.3 to 6.2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magnolia CMS 6.1.3 - 6.2.3 Unencrypted Password Storage in Void Aural Rec Monitor 9.0.0.1 Blind Time-Based SQL Injection in Void Aural Rec Monitor 9.0.0.1 Heap-based Buffer Overflow in SmallVec::insert_many Data Race Vulnerability in Rust's Lazy-Init Crate Double Drop Panic Vulnerability in glsl-layout Crate Dereferencing Raw Pointer Vulnerability in Cache Crate Dereferencing Raw Pointer Vulnerability in av-data Crate Uninitialized Memory Read Vulnerability in bra crate Double Drop Vulnerability in basic_dsp_matrix Crate Double Drop Panic Vulnerability in Containers Crate Double Free Vulnerability in fil-ocl Crate Denial of Service Vulnerability in ZIV Automation 4CCT-EA6-334126BF Firmware Version 3.23.80.27.36371 Cookie Parameter Authentication Bypass Vulnerability in ZIV AUTOMATION 4CCT-EA6-334126BF Title: Critical Prototype Pollution Vulnerability in 'dotty' Versions 0.0.1 - 0.1.0: Remote Code Execution and Denial of Service Prototype Pollution Vulnerability in 'set-or-get' Version 1.0.0 through 1.2.10: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'object-collider' Versions 1.0.0 - 1.0.3: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'changeset' Versions 0.0.1 - 0.2.5: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'patchmerge' Versions 1.0.0 - 1.0.1: Denial of Service and Remote Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR Versions 5.0.2 to 6.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR 5.0.2 to 6.0.0 Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR Versions 5.0.2 to 6.0.0 OpenEMR Improper Access Control Vulnerability: Unauthorized Message Reading and Sending Stored Cross-Site Scripting (XSS) Vulnerability in OpenEMR Versions 2.7.3-rc1 to 6.0.0 Reflected Cross-Site Scripting (XSS) Vulnerability in OpenEMR 4.2.0 to 6.0.0 Weak Password Requirements in OpenEMR Versions 5.0.0 to 6.0.0.1 Allow for Account Takeover CSRF Vulnerability in GoCD Versions 19.6.0 to 21.1.0 at /go/api/config/backup Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in SiCKRAGE Versions 4.2.0 to 10.0.11.dev1 Reflected Cross-Site Scripting (XSS) Vulnerability in SiCKRAGE's quicksearch Feature Prototype Pollution Vulnerability in 'safe-flat' Versions 2.0.0 - 2.0.1: Denial of Service and Remote Code Execution Critical Prototype Pollution Vulnerability in 'safe-obj' Versions 1.0.0 - 1.0.2: Remote Code Execution and Denial of Service Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian CSRF Vulnerability in OpenNMS Horizon and OpenNMS Meridian CSRF Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian Stored Cross-Site Scripting Vulnerability in OpenNMS Horizon and OpenNMS Meridian ArangoDB Cross-Site Scripting (XSS) Vulnerability ArangoDB SSRF Vulnerability in Foxx Service Download Feature ArangoDB Insufficient Session Expiration Vulnerability Prototype Pollution Vulnerability in 'deep-override' Versions 1.0.0 - 1.0.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in '101' Versions 1.0.0 - 1.6.3: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'deep-defaults' Versions 1.0.0 - 1.0.5: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'js-extend' Versions 0.0.1 - 1.0.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in nconf-toml 0.0.1 - 0.0.2: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'nestie' Versions 0.0.0 through 1.0.0: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'expand-hash' Versions 0.1.0 through 1.0.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'set-getter' Version 0.1.0: Denial of Service and Remote Code Execution Denial of Service Vulnerability in XML2Dict 0.2.2 Prototype Pollution Vulnerability in 'just-safe-set' Versions 1.0.0 - 2.2.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'putil-merge' Versions 1.0.0 through 3.6.6: Denial of Service and Remote Code Execution Unrestricted Access to Private Note Modification in Dolibarr Application Stored XSS Vulnerability in Dolibarr ERP CRM WYSIWYG Editor Module Allows Account Takeover and Privilege Escalation Account Takeover Vulnerability in Dolibarr Application Account Takeover via Password Reset Functionality in Dolibarr Application Sensitive Table Information Leakage in Apache Ofbiz Reflected Cross-site Scripting (XSS) Vulnerability in OpenCRX Password Reset Functionality CSV Injection Vulnerability in SuiteCRM Account Takeover Vulnerability in SuiteCRM Formula Injection Vulnerability in Shuup Application Reflected Cross-Site Scripting (XSS) Vulnerability in Shuup Versions 1.6.0 - 2.10.8 Stored XSS Vulnerability in Calibre-web Application CSRF Vulnerability in Calibre-web Allows Unauthorized User Role Creation and Application Takeover Improper Session Termination Vulnerability in Orchard Core CMS Stored XSS Vulnerability in CKAN via SVG Profile Picture Upload Stored XSS Vulnerability in OpenCMS Sitemap Functionality Stored XSS Vulnerability in Camaleon CMS Application Session Hijacking Vulnerability in Camaleon CMS 0.1.7 to 2.6.0 Uncaught Exception Vulnerability in Camaleon CMS Media Upload Feature Camaleon CMS 2.1.2.0 to 2.6.0 - Server-Side Request Forgery (SSRF) in Media Upload Feature Improper Access Control in Publify Allows Unauthorized Self-Registration Stored XSS Vulnerability in Publify Versions v8.0 to v9.2.4 Unrestricted File Upload Vulnerability in Publify v8.0 to v9.2.4 Allows for Stored XSS CSRF Vulnerability in PiranhaCMS: Unauthorized Actions via Known ID Stored XSS Vulnerability in PiranhaCMS Versions 7.0.0 to 9.1.1: Improper Sanitization of Page Titles Stored XSS Vulnerability in Apostrophe CMS Versions 2.63.0 to 3.3.1 via Malicious SVG Upload Apostrophe CMS Prior to 3.3.1: Inadequate Session Invalidation Host Header Injection Vulnerability in Talkyard Insufficient Session Expiration in Talkyard: Admin Privilege Escalation Reflected Cross-Site Scripting (XSS) Vulnerability in Factor Forum Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Factor Forum Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Factor Forum Plugin Session Hijacking Vulnerability in Factor (App Framework & Headless CMS) Stored Cross-Site Scripting (XSS) Vulnerability in Django-wiki Notifications Section Stored XSS Vulnerability in Hexo Versions 0.0.1 to 5.4.0 Stored XSS Vulnerability in ifme Versions 1.0.0 to v7.31.4 via Ally Request in Notifications Section Stored XSS Vulnerability in ifme Markdown Editor Self-Stored XSS Vulnerability in ifme Contacts Field Allows Loading XSS Payloads via Iframe Improper Access Control Vulnerability in Ifme: Admin Self-Ban and Account Deactivation Session Hijacking Vulnerability in Ifme Versions 1.0.0 to v.7.33.2 Stored XSS Vulnerability in Requarks wiki.js Allows Account Takeover Host Header Injection Vulnerability in Userfrosting: Account Takeover via Forgot Password Functionality XSS Vulnerability in Nagios XI 5.8.0 Favorites Component Insecure Direct Object Reference vulnerability in Nagios XI 5.8.0 Favorites Component User Mode Write Access Violation in ACDSee Professional 2021 14.0 1721 via Crafted BMP Image User Mode Write Access Violation in ACDSee Professional 2021 14.0 1721 via Crafted BMP Image Unauthenticated Category Change Vulnerability in Joomla! 3.0.0 through 3.9.24 Arbitrary File Write Vulnerability in Joomla! 3.0.0 through 3.9.24 Form Content Overwrite Vulnerability in Joomla! 1.6.0 through 3.9.24 XSS Vulnerability in Joomla! Default Templates' Logo Parameter on Error Page Inadequate Filters in Joomla! Module Layout Settings Lead to Local File Inclusion (LFI) Vulnerability XSS Vulnerability in Joomla! MediaHelper::canUpload Allows HTML Injection CSRF Vulnerability in Joomla! AJAX Reordering Endpoint CSRF Vulnerability in Joomla! com_banners and com_sysinfo Data Download Endpoints XSS Vulnerability in Joomla! JForm API's Rules Field Input Validation Vulnerability in Joomla! Usergroups Table Session Termination Vulnerability in Joomla! CMS Vulnerability: Lack of ACL Checks in Joomla! com_installer Install Action XSS Vulnerability in Joomla! com_media Imagelist View Insecure File Deletion in Joomla! 4.0.0 Media Manager Sensitive Data Exposure in Atlassian Bamboo /chart Endpoint Template Injection Vulnerability in Atlassian Jira Server for Slack Plugin Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Broken Authentication Vulnerability in Atlassian Jira Server and Data Center Jira Server and Data Center CSRF Vulnerability in SetFeatureEnabled.jspa Resource Blind Server-Side Request Forgery (SSRF) Vulnerability in WidgetConnector Plugin Authentication Bypass in Atlassian Connect Express (ACE) Versions 3.0.2 - 6.6.0 Authentication Bypass in Atlassian Connect Spring Boot (ACSB) Information Disclosure Vulnerability in Jira Importers Plugin Allows Path Disclosure Insecure Cookie Handling in Jira Editor Plugin Allows User Mode Disclosure Authentication Bypass Vulnerability in Atlassian Connect Spring Boot (ACSB) Cross-Site Scripting (XSS) Vulnerability in Jira Server and Jira Data Center Cross-Site Scripting (XSS) Vulnerability in Jira Server and Jira Data Center Cross-Site Scripting (XSS) Vulnerability in EditworkflowScheme.jspa in Jira Server and Jira Data Center Sensitive Data Exposure in Jira Server and Jira Data Center REST API Stored Cross-Site Scripting Vulnerability in Atlassian Jira Server and Jira Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Jira Data Center OGNL Injection Vulnerability in Confluence Server and Data Center Pre-Authorization Arbitrary File Read Vulnerability in Atlassian Confluence Server Path Traversal Vulnerability in Atlassian Jira Server and Data Center FSSO Collector Version 5.0.295 and Below: Improper Authentication Vulnerability Privilege Escalation via Improper Symlink Following in FortiClient for Mac 6.4.3 and Below Memory Exhaustion Vulnerability in FortiMail Webmail Reflected Cross-site Scripting (XSS) Vulnerability in FortiOS and FortiProxy Session Management Vulnerability in FortiMail 6.4.0 - 6.4.4 and 6.2.0 - 6.2.6 Heap-based Buffer Overflow in FortiSandbox Command Shell Command Injection Vulnerability in FortiSandbox Web GUI Predictable Session IDs in FortiSandbox RPC API Cryptographic Vulnerability in FortiMail Identity-Based Encryption Service Identity-Based Encryption Vulnerability in FortiMail Cross-Site Request Forgery (CSRF) Vulnerability in FortiProxy and FortiGate SSL VPN Portal Multiple OS Command Injection Vulnerabilities in Fortinet Products Command Injection Vulnerability in FortiAP's Console (Versions 6.2.4 - 6.2.5 and 6.4.1 - 6.4.5) Improper Access Control Vulnerability in FortiManager: Unauthorized Modification of VPN Tunnel Status FortiOS SSLVPN Vulnerability: Retrieval of Hard-Coded Cryptographic Key through Reverse Engineering Integer Overflow Vulnerability in FortiOS SSLVPN Memory Allocator Privilege Escalation Vulnerability in FortiOS Autod Daemon and FortiProxy Memory Exhaustion Vulnerability in FortiSwitch Stack-based Buffer Overflow Vulnerabilities in FortiWAN Network Daemons and Command Line Interpreter Predictable Salt Vulnerability in FortiWAN before 4.5.9 SQL Injection Vulnerabilities in FortiWAN before 4.5.9 Command Injection Vulnerability in FortiAuthenticator Vulnerability: Anonymous Access Bypass in ActiveMQ LDAP Login Module OpenWire Protocol Advisory Message Bypass Vulnerability in Apache ActiveMQ Artemis 2.15.0 Sandbox Escape Vulnerability in Smarty before 3.1.39 Code Injection Vulnerability in Smarty before 3.1.39 via Unexpected Function Name Cross-Site Scripting (XSS) Vulnerability in LivingLogic XIST4C before 0.107.8 via feedback.htm or feedback.wihtm Cross-Site Scripting (XSS) Vulnerability in LivingLogic XIST4C before 0.107.8 via login pages Heap-use-after-free vulnerability in ecma_is_lexical_environment in JerryScript 2.4.0 Heap Buffer Overflow in lexer_parse_number in JerryScript 2.4.0 SEGV Vulnerability in JerryScript 2.4.0: main_print_unhandled_exception in main-utils.c SEVG Vulnerability in JerryScript 2.4.0: ecma_deref_bigint in ecma-helpers.c Heap-use-after-free vulnerability in JerryScript 2.4.0: ecma_bytecode_ref in ecma-helpers.c SQL Injection Vulnerability in Library System 1.0 Allows Unauthorized Access as Admin User SQL Injection Vulnerability in CASAP Automated Enrollment System 1.0 Login Panel Allows for Admin Panel Access Cross-Site Request Forgery (CSRF) Vulnerability in SeedDMS 5.1.x's out.EditDocument.php Cross-Site Request Forgery (CSRF) Vulnerability in SeedDMS 5.1.x's out.EditFolder.php Out-of-Bounds Write Vulnerability in ezxml_toxml Function Out-of-Bounds Write Vulnerability in ezXML's ezxml_new Function Out-of-Bounds Write Vulnerability in ezXML's ezxml_new Function SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in view_pay.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 via search.php SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in edit_user.php Arbitrary Web Script Injection in SourceCodester CASAP Automated Enrollment System v 1.0 SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in edit_class1.php SQL Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v1.0 via id parameter in edit_stud.php Arbitrary Web Script Injection Vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 SQL Injection Vulnerability in SourceCodester Fantastic Blog CMS v1.0 via category.php SQL Injection Vulnerability in SourceCodester Simple College Website v1.0 User Mode Write Access Violation Vulnerability in FastStone Image Viewer <= 7.5 User Mode Write Access Violation in FastStone Image Viewer <= 7.5 User Mode Write Access Violation Vulnerability in FastStone Image Viewer <= 7.5 Stack-based Buffer Overflow in FastStone Image Viewer v.<= 7.5 CUR File Parsing Functionality User Mode Write Access Violation in FastStone Image Viewer <= 7.5 Cross-Site Scripting (XSS) Vulnerability in Cacti's Password Change Functionality Unauthorized Owner Assignment Vulnerability in Philips MRI 1.5T and MRI 3T Version 5.x.x Denial of Service Vulnerability in Intel(R) Distribution of OpenVINO(TM) Toolkit Heap Buffer Overflow in htmldoc v1.9.12: Arbitrary Code Execution and Denial of Service Vulnerability DUO MFA Bypass Vulnerability in Splunk Enterprise Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Critical Unauthenticated Stored XSS Vulnerability in Survey Maker WordPress Plugin (<= 2.0.6) Buffer Overflow Vulnerability in Intel(R) and Killer(TM) Bluetooth Firmware Escalation of Privilege Vulnerability in Intel(R) Killer(TM) Control Center Software Heap Buffer Overflow in htmldoc v1.9.12: Arbitrary Code Execution and Denial of Service Vulnerability Integer Overflow and Heap-Buffer Overflow Vulnerability in OpenEXR's DwaCompressor (Versions before 3.0.1) Unrestricted Access Vulnerability in Philips MRI 1.5T and MRI 3T Version 5.x.x Arbitrary Web Script Injection in Odoo Community and Enterprise Discuss App DeltaV Distributed Control System Controllers Denial-of-Service Vulnerability Reseller Bypasses Suspension Lock in cPanel (SEC-578) Bypassing Suspension in cPanel (SEC-579) CKEditor 4 before 4.16 Vulnerability: ReDoS Attack via Crafted Text in Styles Input CKEditor 4 Autolink Plugin ReDoS Vulnerability NinjaRMM 5.0.909 Agent Incorrect Access Control Vulnerability Insecure Permissions Vulnerability in NinjaRMM 5.0.909 Agent Command Injection Vulnerability in eslint-fixer Package (CVE-2021-XXXX) Potential Remote Code Execution in GoDaddy node-config-shield Package Improper Handling of PendingIntents in Framework Service: Privilege Escalation Vulnerability Apache Maven Vulnerability: Default Behavior Allows Following of Potentially Malicious Repositories Directory Traversal Vulnerability in AfterLogic Aurora and WebMail Pro Directory Traversal Vulnerability in AfterLogic Aurora and WebMail Pro Apache OFBiz Unsafe Deserialization Vulnerability Cryptographically Weak CSRF Tokens in Apache MyFaces Core Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 via user-profile.php Full Name Field Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 via add-expense.php Item Parameter Heap Memory Access Violation in Deserializer::read_vec Unsound Transmute Calls in raw-cpuid Crate's as_string() Methods Unsound CPUID Instruction Support in raw-cpuid Crate Memory Access Violation in marc Crate Insecure Permissions in TeamCity Plugin for IntelliJ: Information Disclosure Vulnerability TeamCity IntelliJ Plugin DoS Vulnerability Memory Rearrangement Vulnerability in AMD SEV/SEV-ES: Exploiting Hypervisor Access for Arbitrary Code Execution IOMMU TLB Flushing Vulnerability Speculative Code Store Bypass: A Potential Data Leakage Vulnerability Floating Point Value Injection: Exploiting Speculative Execution for Data Leakage Insufficient Verification of Decrypted Firmware Images in AMD Platform Security Processor (PSP) Allows Arbitrary Code Execution Buffer Tampering Vulnerability in BIOS Communication Service Allows Arbitrary Code Execution in SMM Protocol Verification Failure in SMM: Exploiting SPI Flash for Arbitrary Code Execution PREFETCH Side Channel Attack: Unveiling Kernel Address Space Information on AMD CPUs AMD SEV Firmware Denial of Service Vulnerability SEV Firmware Vulnerability: Insufficient ID Command Validation Enables Denial of Service Attack on PSP Vulnerability: Lack of Random IV Protection for Persistent Platform Private Key Memory Integrity Vulnerability in SEV Commands with Active SNP SEV-ES TMR Bug: Memory Integrity Vulnerability for SNP-Active VMs SNP_GUEST_REQUEST Command Vulnerability: Insufficient Input Validation Leading to Data Abort Error and Denial of Service VM_HSAVE_PA Validation Vulnerability Guest Context Validation Vulnerability in SNP Firmware Unverified CPU Execution Mode in SNP_INIT Leads to Memory Integrity Loss in SNP Guests Integer Overflow Vulnerability in AMD System Management Unit (SMU) Heap-based Overflow Vulnerability in AMD System Management Unit (SMU) SMU Mailbox Manipulation Vulnerability SEV-ES FW Vulnerability: Failure to Verify TMR in MMIO Space AMD Platform Security Processor (PSP) Chipset Driver Information Disclosure Vulnerability Privilege Escalation and Ring-0 Code Execution Vulnerability in AMDPowerProfiler.sys Driver Vulnerability: Improper Input and Range Checking in AMD Secure Processor (ASP) Boot Loader Image Header SMU Insufficient Bounds Checking Vulnerability DRAM Address Validation Vulnerability in SMU Leads to SMU Service Disruption SMU Access Control Vulnerability: Exploiting Performance Control Tables in DRAM AMD CPU Core Logic Vulnerability: Potential Denial of Service Exploit TLB Flushing Vulnerability in SEV/SEV-ES Guest VMs Transient Execution Vulnerability in AMD CPUs: Potential Data Leakage through Unconditional Direct Branches TLB Flushing Vulnerability in SEV Guest VMs Insufficient Validation in ASP BIOS and DRTM Commands: A Potential Gateway for Memory Disclosure APCB Token Tampering Vulnerability Integer Overflow Vulnerability in ASP Bootloader Leading to Denial of Service Integer Overflow Vulnerability in ASP Bootloader Leading to Denial of Service IOMMU TLB Flushing Vulnerability Insecure Report ID Assignment Vulnerability TOCTOU Race Condition in SMU: Exploiting Message Port Register for Denial of Service Insufficient DRAM Address Validation in SMU: A Potential Denial of Service Vulnerability SMU PCIe Hot Plug Table Vulnerability: Insufficient Bound Checks SMM Input Validation Failure Leading to Memory Integrity Loss Insufficient Bounds Checking in ASP Allows Arbitrary Memory Initialization SMU Vulnerability: Insufficient Fencing and Checks Leading to Denial-of-Service TOCTOU Vulnerability in ASP Bootloader: Potential for S3 Data Corruption and Information Disclosure Local Access Vulnerability: Unauthorized Modification of SOC Register Security Configuration Memory Exfiltration Vulnerability in ASP Stage 2 Bootloader SMN Register Mapping Vulnerability Vulnerability: Unauthorized Value Manipulation of ASP's Reserved DRAM Leading to Data Exposure SMU Mailbox Register Vulnerability: Potential Denial of Service through Insufficient Bounds Checking Firmware Binary Header Size Values Vulnerability Boot ROM Data Leakage Vulnerability Process Type Check Vulnerability in Trusted OS (TOS) Allows Privilege Escalation and Denial of Service Bootloader Exploit: Out-of-Bounds Memory Access via Malicious UApp or ABL Memory Overwrite Vulnerability in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB Information Disclosure Vulnerability via Compromised ABL or UApp PCIE Bound Check Vulnerability in SMU Leading to Denial of Service SMU Insufficient Bound Checks Vulnerability SMU GPIO Bounds Check Vulnerability SMU FeatureConfig Vulnerability: Potential Denial of Resources and Service SMU Insufficient Bound Checks Vulnerability SMU Mailbox Data Input Validation Vulnerability Root Account Privileges Allow Unauthorized Firmware Loading into ACP, Leading to Denial of Service SMI Trigger Info Corruption Vulnerability Stage 2 Bootloader Vulnerability: Memory Corruption and Code Execution via Malformed System Call BIOS Directory Validation Vulnerability Bootloader Memory Corruption Vulnerability Multiple Header Signature Verification Vulnerability Vulnerability: Out-of-Bounds Write in 'LoadModule' Allows Privilege Escalation and Code Execution Memory Poisoning Vulnerability in AMD Secure Processor (ASP) Trusted Execution Environment (TEE) Address Mapping Vulnerability in ASP (AMD Secure Processor) Leads to Memory Integrity Loss in SNP Guest Address Validation Vulnerability Insufficient Input Validation in SYS_KEY_DERIVE System Call: Potential Arbitrary Code Execution Speculative Load Vulnerability in AMD Processors: Potential Data Leakage through Memory Re-ordering Insufficient Mitigation of CVE-2017-5715 on Certain AMD CPUs ASP Firmware Vulnerability: Out-of-Bounds Write in BIOS Mailbox Commands Handling SEV Vulnerability: Malicious Hypervisor Disclosure of Launch Secret SEV Firmware Vulnerability: Information Disclosure via Scratch Buffer Leakage Insufficient Validation in Parsing OCA Certificates in SEV and SEV-ES: Potential Host Crash and Denial of Service Vulnerability Random Initialization Vector (IV) Collision Vulnerability: Risk of Information Disclosure SEV-Legacy Firmware Vulnerability: Compromised Guest Migration and Data Loss SEV-ES Vulnerability: Corrupting Reverse Map Table (RMP) Memory and Compromising SNP Memory Integrity Exploiting Internet Explorer's Memory Corruption Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Windows Installer Impersonation Vulnerability DCOM Server Security Feature Bypass Vulnerability Windows Installer Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows Overlay Filter Information Leakage Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Exploiting the Scripting Engine Memory Corruption Vulnerability SharePoint Server Remote Code Execution Vulnerability Identity Spoofing Vulnerability in Skype for Business and Lync Critical Remote Code Execution Vulnerability in Skype for Business and Lync .NET Core and Visual Studio Denial of Service Vulnerability: Exploiting Software to Overwhelm and Disable Systems Critical Windows TCP/IP Remote Code Execution Vulnerability Discovered Windows Event Tracing Privilege Escalation Vulnerability Profile Picture Privilege Escalation Vulnerability in Windows User Accounts Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Azure Sphere Information Leakage Vulnerability Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Azure Sphere DoS Vulnerability: Disrupting Service Availability Windows Recovery Environment Agent Privilege Escalation Vulnerability Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Exploiting Visual Studio's Elevation of Privilege Vulnerability Windows Scripting Engine Memory Corruption Vulnerability: A Critical Security Risk Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Visual Studio Code URL Spoofing Vulnerability Microsoft Edge for Android Information Leakage Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Windows HTTP.sys Privilege Escalation Vulnerability Exploiting the Microsoft Virtual Machine Bus (VMBus) for Remote Code Execution Azure RTOS Information Disclosure Vulnerability: Exposing Sensitive Data Integer Wrap-Around Vulnerability in Apache Nuttx Versions prior to 10.1.0 Arbitrary Command Execution in VembuBDR and VembuOffsiteDR API Arbitrary OS Command Execution Vulnerability in VembuBDR and VembuOffsiteDR Arbitrary File Write and Remote Code Execution Vulnerability in VembuBDR and VembuOffsiteDR Vulnerability: Non-Blind HTTP-Only Cross Site Request Forgery in Vembu Products Reflected XSS Vulnerability in EPrints 3.4.2 via cgi/cal URI Remote Code Execution in EPrints 3.4.2 via Crafted LaTeX Input Directory Traversal Vulnerability in Foddy node-red-contrib-huemagic 3.0.0: Information Disclosure via hue-magic.js Prototype Pollution Vulnerability in MrSwitch hello.js Version 1.18.6 Remote OOB Write Vulnerability in Cesanta Mongoose HTTP Server 7.0 Remote OOB Write Vulnerability in Cesanta Mongoose HTTPS Server Remote OOB Write Vulnerability in Cesanta Mongoose HTTPS Server 7.0 Internationalized Domain Name (IDN) Bypass in Apostrophe Technologies sanitize-html Bypassing Hostname Whitelist in Apostrophe Technologies sanitize-html Command Injection Vulnerability in gitlog 4.0.4 Command Injection Vulnerability in Wayfair git-parse <=1.0.4 Cross-Site Scripting Vulnerability in Livy Server 0.7.0-incubating Cross-Site Scripting (XSS) Vulnerability in SmartFoxServer 2.17.0 AdminTool Console Cleartext Password Disclosure in SmartFoxServer 2.17.0 via /config/server.xml Arbitrary Python Code Execution and Bypass of Console Module Protection in SmartFoxServer 2.17.0 Octopus Server DLL Side-loading Vulnerability Octopus Tentacle Custom Folder ACL Vulnerability Apache ShardingSphere-UI Deserialization of Untrusted Data Vulnerability Improper Access Control on Configurations Endpoint in Apache Airflow 2.0.0 Cleartext Transmission of Sensitive Information Vulnerability in Synoagentregisterd Arbitrary Code Execution Vulnerability in Synology DiskStation Manager (DSM) Arbitrary Code Execution via syno_finder_site HTTP Header in Synology DiskStation Manager (DSM) Local Privilege Escalation Vulnerability in Synology DiskStation Manager (DSM) before 6.2.4-25553 Cleartext Transmission of Sensitive Information Vulnerability in Synorelayd Cleartext Transmission of Sensitive Information Vulnerability in Synorelayd Insecure Data Insertion Vulnerability in Synorelayd in Synology DiskStation Manager (DSM) Stack-based Buffer Overflow Vulnerability in faad2 2.2.7.1: Arbitrary Code Execution via Filename and Pathname Options Race Condition Vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Path Traversal Vulnerability in HPE Apollo 70 System BMC Firmware Path Traversal Vulnerability in HPE Apollo 70 System BMC Firmware Command Injection Vulnerability in HPE Apollo 70 System BMC Firmware Local Buffer Overflow in HPE Apollo 70 System BMC Firmware Remote SQL Injection Vulnerability in HPE Network Orchestrator (NetO) Prior to 2.5 Local Disclosure of Privileged Information in HPE Unified Data Management (UDM) due to Hard-coded Cryptographic Key Remote Cross-Site Scripting (XSS) Vulnerability in HPE iLO Amplifier Pack Remote Denial of Service Vulnerability in HPE Superdome Flex Server Remote Cross-Site Scripting (XSS) Vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) Remote Code Execution Vulnerability in HPE iLO Amplifier Pack Remote Cross-Site Scripting Vulnerability in HPE OneView for VMware vCenter (OV4VC) Local Disclosure of Privileged Information Vulnerability in HPE OneView Global Dashboard 2.31 Remote Information Disclosure Vulnerability in HPE Edgeline Infrastructure Manager DOM-based Cross Site Scripting Vulnerability in HPE StoreOnce Remote Code Execution Vulnerability in HPE 3PAR StoreServ, Primera, and Alletra 9000 Storage Array Firmware Remote Cross Site Scripting (XSS) Vulnerability in HPE Superdome Flex Servers Information Disclosure and 2FA Secret Exposure in Directus CMS (Versions 8.x through 8.8.1) Unauthenticated Administrator Role Switching in Directus 8.x through 8.8.1 Information Disclosure Vulnerability in Unsupported Directus CMS Versions Arbitrary Code Execution via Filename Manipulation in Nokia NetAct 18A Arbitrary File Upload Vulnerability in Nokia NetAct 18A Incorrect Access Control in ImpressCMS before 1.4.3: Unauthenticated Attackers Can Access include/findusers.php SQL Injection Vulnerability in ImpressCMS before 1.4.3 via include/findusers.php Authentication Bypass Vulnerability in ImpressCMS before 1.4.3 Directory Traversal Vulnerability in ImpressCMS before 1.4.3 Heap Overflow Vulnerability in ARK Library of Bandisoft Co., Ltd Arbitrary Command Execution Vulnerability in ezPDFReader's JSON-RPC Communication Arbitrary Command Execution Vulnerability in Dream Security's PKI Security Solution Arbitrary Command Execution Vulnerability in NEXACRO17's execDefaultBrowser Method Arbitrary File Download and Execution Vulnerability in HShell.dll SQL-Injection Vulnerability in Mangboard WordPress Plugin Allows Remote User Information Theft Unvalidated File Upload Vulnerability in godomall5 Allows Remote Code Execution Hard-coded Credentials Vulnerability in HejHome GKW-IC052 IP Camera Allows Remote Control Arbitrary File Creation Vulnerability in Nexacro Platform's Copy Method File Copy to Startup Folder Vulnerability in Nexacro Remote Code Execution Vulnerability in IpTime C200 Camera ARK Library Integer Overflow Vulnerability in Ark_NormalizeAndDupPAthNameW Function SecuwaySSL Vulnerability: OS Command Injection via Special Characters Injection Remote Code Execution Vulnerability in Firstmall's navercheckout_add Function Arbitrary File Creation Vulnerability in ToWord of ToOffice Path Traversal Vulnerability in BigFileAgent Allows Remote File Deletion Critical Information Leakage Vulnerability in iptime NAS2dual: Exploiting Insufficient Authentication Buffer Overflow Vulnerability in MEX01 Allows Remote Code Execution Critical Remote Code Execution Vulnerability in Genian NAC Allows Attackers to Execute Arbitrary Code with SYSTEM Privileges Incomplete Parameter Length Check in 'xheader_decode_path_record' Function Leads to Remote Code Execution Vulnerability in Ark Library eScan Anti-Virus Local Privilege Escalation Vulnerability via 'runasroot' Command Arbitrary File Download and Execution Vulnerability in Nexacro Platform Arbitrary Code Execution Vulnerability in XPLATFORM's execBrowser Method Insufficient Authentication on RTSP Port Allows Remote Image Leakage Insufficient Script Validation and File Upload Vulnerability Arbitrary File Creation Vulnerability in XPLATFORM's Runtime Archive Function Arbitrary File Download and Execution Vulnerability in HANDY Groupware’s ActiveX Module Negative Order Amount Manipulation Vulnerability in Mangboard Commerce Package MaxBoard Vulnerabilities: SQL Injection and Local File Inclusion (LFI) - Information Leakage and Privilege Escalation Insufficient Input Validation in Maxboard Allows SQL Injection and File Upload Attacks Stack Buffer Overflow Vulnerability in Ark Library's File Size Verification MaxBoard: Critical Stored XSS and SQL Injection Vulnerability Enables Remote Code Execution and Privilege Escalation Remote Control Vulnerability in SiHAS SGW-300, ACM-300, GCM-300 Firmware and Apps Authentication Bypass and Information Exposure Vulnerability in S&D SmartHome (SmartCare) Application Unauthenticated File Leakage Vulnerability in WISA Smart Wing CMS Arbitrary File Upload Vulnerability in XpressEngine Bulletin Board SQL-Injection Vulnerability in Mangboard Bulletin Board Allows Remote Code Execution Stack-Based Buffer Overflow in dnsproxy in ConnMan: Remote Code Execution Vulnerability Vulnerability: Information Leakage in gdhcp of ConnMan Aruba ClearPass Policy Manager Local Authenticated Privilege Escalation Vulnerability Aruba ClearPass Policy Manager Remote Unauthenticated Stored XSS Vulnerability Aruba ClearPass Policy Manager Remote Authenticated Command Injection Vulnerability Aruba ClearPass Policy Manager Remote Authenticated Command Injection Vulnerability Aruba ClearPass Policy Manager Remote Authenticated Command Injection Vulnerability Aruba ClearPass Policy Manager Remote Reflected XSS Vulnerability Aruba ClearPass Policy Manager Remote Authenticated Command Injection Vulnerability Aruba ClearPass Policy Manager Remote Authenticated Command Injection Vulnerability Aruba ClearPass Policy Manager Remote Authenticated SQL Injection Vulnerability Aruba ClearPass Policy Manager Remote Authenticated SQL Injection Vulnerability Default Mishandling of HostnameVerified in Preloaded Applications on LG Mobile Devices Weak Biometric Sensor Security on LG Wing Mobile Devices with Android OS 10 LG Mobile Devices USB Laf Gadget Use-After-Free Vulnerability Apache HTTP Server mod_session NULL Pointer Dereference Vulnerability Apache HTTP Server Heap Overflow Vulnerability Unauthenticated Access to Lineage Endpoint in Airflow 2.0.0 Cross-Site Scripting (XSS) Vulnerability in OX App Suite SSRF Vulnerability in OX App Suite Imageconverter Component VS Code npm-script Extension RCE Vulnerability .NET Core Remote Code Execution: A Critical Vulnerability Exploiting the Framework Reflected XSS Vulnerability in EPrints 3.4.2 Dataset Parameter Arbitrary File Read and Possible Command Execution in EPrints 3.4.2 Arbitrary Command Execution in EPrints 3.4.2 via verb Parameter in cgi/toolbox/toolbox URI Unauthenticated RMI Method Invocation in SquareBox CatDV Server Integer Overflow in Memory Allocation Functions in Micrium uC/OS uC/LIB Prototype Pollution Vulnerability in merge-deep Library Race conditions in AF_VSOCK implementation leading to local privilege escalation in Linux kernel Stack-Based Buffer Overflows in Unsupported D-Link DSL-320B-D1 Devices Cross-Site Scripting (XSS) Vulnerability in Redwood Report2Web Login Panel Frame-Injection Vulnerability in Redwood Report2Web 4.3.4.5 Online Help Insecure Access Controls in Sangoma Asterisk and Certified Asterisk Allow Remote Call Termination Stack-based Buffer Overflow in res_rtp_asterisk.c in Sangoma Asterisk Directory Traversal Vulnerability in Mitel MiContact Center Enterprise License Manager Portal OpenID Connect Server Implementation in MITREid Connect 1.3.3: Server Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Emoncms Modules/input/Views/schedule.php Remote Crash Vulnerability in Sangoma Asterisk AV Bypass Vulnerability in KIS for macOS: Disabling Anti-Virus Protection Arbitrary File Extraction Vulnerability in Gradle Enterprise Local Privilege Escalation via Symlink Attack in avahi-daemon Reflected XSS Vulnerability in LinkedIn Oncall 1.4.0 via /query Endpoint Cross-Site Scripting (XSS) Vulnerability in Jenzabar 9.2.x through 9.2.2 Remote Code Execution via OS Command Injection in Nozomi Networks Guardian and CMC Path Traversal Vulnerability in Nozomi Networks Guardian and CMC Critical Remote Code Execution Vulnerability in Valmet DNA Service (TCP Port 1517) Multiple Command Injections and Stack-Based Buffer Overflows in SubNet_handler_func Function of spx_restservice in Lanner Inc IAC-AST2500A Firmware v1.10.0 Arbitrary Code Execution Vulnerabilities in Lanner Inc IAC-AST2500A Firmware Multiple Critical Vulnerabilities in Login_handler_func Function of Lanner Inc IAC-AST2500A Firmware v1.10.0 Stack-based Buffer Overflow Vulnerability in Login_handler_func Function of spx_restservice Multiple Critical Vulnerabilities in Lanner Inc IAC-AST2500A Firmware v1.10.0: Command Injection and Stack-based Buffer Overflows in modifyUserb_func Arbitrary Network Configuration Change Vulnerability in Lanner Inc IAC-AST2500A BMC Firmware v1.10.0 Arbitrary Reboot Command Injection Vulnerability in Lanner Inc IAC-AST2500A Firmware 1.10.0 Improper Handling of Directory Junctions in Zscaler Client Connector Installer on Windows Unquoted Search Path Vulnerability in Zscaler Client Connector Installer and Uninstallers for Windows Privilege Escalation Vulnerability in Zscaler Client Connector Installer and Uninstaller for Windows Race condition vulnerability in Zscaler Client Connector for macOS prior to 3.6 allows local adversary to shutdown tunnel Unquoted Search Path Vulnerability in Zscaler Client Connector for macOS Arbitrary Code Execution via SQL Injection in Millken Doyocms 2.3 pay.php Arbitrary Code Execution via Arbitrary File Upload in Millken Doyocms 2.3 Cross-Site Scripting (XSS) Vulnerability in Chamilo 1.11.14 via main/calendar/agenda_list.php?type= URI Shell Metacharacter Injection in Netis WF2780 and WF2411 Devices: Remote Code Execution Vulnerability Privilege Escalation via DLL Hijacking in Panda Agent and Panda Adaptive Defense 360 SQL Injection Vulnerability in NeDi 1.9C Monitoring History Function Remote Command Execution in NeDi 1.9C via Nodes Traffic Function NeDi 1.9C Authenticated PHP Code Injection in System Files Function SQL Injection in wpDataTables Plugin (before version 3.4.1) via admin-ajax.php?action=get_wdtable order[0][dir] parameter Root Terminal Access and Command Execution Vulnerability in OpenLiteSpeed Web Server 1.7.8 SQL Injection Vulnerability in PHPGurukul Student Record System 4.0 SQL Injection Vulnerability in PHPGurukul Student Record System v4.0 SQL Injection Vulnerability in PHPGurukul Student Record System 4.0 CSZ CMS 1.2.9 Multiple Pages Cross-Site Scripting (XSS) Vulnerability through Field Name Buffer Overflow Vulnerability in SetFirewall Function of CIRCUTOR COMPACT DC-S BASIC Smart Metering Concentrator Firmware (Version CIR_CDC_v1.2.17) Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in PlayTube's CustomerCentric-Selling-Poland Cross-Site Scripting (XSS) Vulnerability in Genesys Workforce Management 8.5.214.20 via Time-off Parameter Denial of Service (DoS) Vulnerability in Oryx Embedded CycloneTCP 1.7.6 to 2.0.0 Arbitrary Code Execution via Privilege Escalation in FrogCMS SentCMS v0.9.5 'upload.php' SQL Injection Vulnerability in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 System Administrator Access Control Vulnerability in Hame SD1 Wi-Fi Firmware Arbitrary Code Injection through Cross-Site Scripting (XSS) in Omeka Classic <=2.7 CSRF Vulnerability in phpgurukul User Management System Allows Arbitrary Account Password Change Insecure Permissions Allow Remote File Upload in Centreon Web Versions 19.10.18, 20.04.8, and 20.10.2 Buffer Overflow Vulnerability in tsMuxer 2.6.16: Denial of Service (DoS) via Malicious WAV File Unsigned DLL Loading Vulnerability in GalaxyClient version 2.0.28.9 Remote Shell Upload Vulnerability in PHPGurukul Car Rental Project Version 2.0 Remote Code Injection Vulnerability in D-link DIR-816 A2 v1.10 XSS Vulnerability in Jitsi Meet Moodle Plugin via sessionpriv.php Module Regular Expression Denial of Service (ReDoS) Vulnerability in markdown2 Arbitrary Code Execution via Wazuh API in Wazuh 4.0.0 to 4.0.3 SQL Injection Vulnerability in Teachers Record Management System 1.0 Replay Attack Vulnerability in DM FingerTool v1.19 Integer Overflow Vulnerability in Godot Engine v3.2 ImageLoaderTGA::load_image() Function Stack Overflow Vulnerability in Godot Engine v3.2: Improper Boundary Checks in .TGA Image File Loading Buffer Overflow Vulnerability in TP-Link WR2041 v1 Firmware for TL-WR2041+ Router Arbitrary JSP File Upload and Execution in OpenPLC ScadaBR Stored XSS Vulnerability in OpenPLC ScadaBR SQL Injection in Zenario CMS 8.8.52729: Remote Database Access and Plugin Deletion XSS Vulnerability in Priority Enterprise Management System v8.00 Reset Password Page Form Cleartext Storage of JWT Tokens in TimelyBills Mobile App Znote 0.5.2 XSS Vulnerability Allows Immediate Code Execution on Markdown View Mode Unfiltered Cross-Site Scripting (XSS) Payloads in Zettlr 1.8.7 Markdown Editor Enable Remote Code Execution SQL Injection Vulnerability in Fortra DeliverNow (Formerly HelpSystems) Allows Arbitrary Code Execution and Privilege Escalation Denial-of-Service Vulnerability in sthttpd through 2.27.1 Cross-Site Scripting (XSS) Vulnerability in Power Admin PA Server Monitor 8.2.1.1 via Console.exe Information Exposure in Hitachi ABB Power Grids eSOMS: Unauthorized Access to Report Data Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Power BI Data Exposure Vulnerability Windows App-V Overlay Filter Elevation of Privilege Vulnerability Exploiting the Windows Graphics Component for Remote Code Execution Windows Installer Privilege Escalation Vulnerability Windows Win32k Privilege Escalation Vulnerability Windows Virtual Registry Provider Privilege Escalation Vulnerability Windows Container Execution Agent Privilege Escalation Vulnerability Windows Update Service Privilege Escalation Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows Windows Graphics Component Privilege Escalation Vulnerability Windows ActiveX Installer Service Information Disclosure Vulnerability Exposes Sensitive Data Windows Projected File System Privilege Escalation Vulnerability Windows WalletService Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Windows User Profile Service Privilege Escalation Vulnerability Windows Overlay Filter Privilege Escalation Vulnerability Windows Win32k Privilege Escalation Vulnerability FontFragility: Exploiting OpenType Font Parsing for Remote Code Execution Critical Remote Code Execution Vulnerability in Windows DNS Server Print Spooler Privilege Escalation Vulnerability in Windows Windows NAT DoS Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Windows Media Foundation Remote Code Execution Vulnerability Remote Access API Privilege Escalation Vulnerability Windows Media Photo Codec Information Disclosure Vulnerability Exposes Sensitive Data Windows WalletService Privilege Escalation Vulnerability User Profile Service Denial of Service Vulnerability Elevation of Privilege Vulnerability in Microsoft Windows Folder Redirection Windows Update Stack Privilege Escalation Vulnerability Virtual Application Remote Code Execution Vulnerability Windows Container Execution Agent Privilege Escalation Vulnerability Windows EFI Security Bypass Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Windows DNS Server DoS Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Windows Event Tracing Privilege Escalation Vulnerability Windows UPnP Device Host Elevation of Privilege Vulnerability Windows Win32k Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions XSS Vulnerability in LMA ISIDA Retriever 5.2 via query['text'] SQL Injection Vulnerability in LMA ISIDA Retriever 5.2 Disclosure of TLS Private Key in 1Password SCIM Bridge before 1.6.2 SDP Negotiation Vulnerability in Digium Asterisk Sensitive Information Exposure in Automox Agent Prior to Version 31 Insufficiently Protected S3 Bucket Endpoint in Automox Agent Prior to Version 31 TOCTOU Race Condition in Firejail Allows Access Restriction Bypass Missing SSL Certificate Validation in Canary Mail 3.22 for IMAP in STARTTLS Mode Remote Code Execution Vulnerability in NetMotion Mobility Remote Code Execution Vulnerability in NetMotion Mobility Remote Code Execution Vulnerability in NetMotion Mobility Arbitrary Code Execution Vulnerability in NetMotion Mobility Reflected XSS Vulnerability in nopCommerce 4.30 Discount Coupon Component PyBitmessage 0.6.3.2 Vulnerability: Unauthorized Screen Capture Writing Double Extension File Upload Vulnerability in ProBot Discord Bot Arbitrary Code Execution Vulnerability in Apache Druid 0.20.2 HTTP InputSource allows unauthorized access to data from unintended sources Token Persistence in Disabled User Accounts Vulnerability Unauthenticated Information Disclosure in Argo CD Missing XSS Protection Header in Argo CD Cross-Site Scripting (XSS) Vulnerability in Roundcube Email Client Out of Bounds Read Vulnerability in Jasper before 2.0.25 Null Pointer Dereference in jp2_decode Function Leads to Program Crash and Denial of Service in Jasper Vulnerability: Lack of Password Authentication for BGP Peers in BIRD through 2.0.7 XSS Vulnerability in Horde Groupware Webmail Edition through 5.2.22 Vulnerability: Inadequate Error Handling in Xen Linux Kernel Driver Kernel Crash Vulnerability in Xen Block and SCSI Backends Linux Kernel Grant Mapping Operations Vulnerability Cache Bypass Control Vulnerability in Xen on Arm Unintended Support for Backend Allocation Mode in Linux Kernel SQL Injection Vulnerability in WoWonder < 3.1 via event_id Parameter in requests.php?f=search-my-followers Privilege Escalation via Video Output Paths in ReplaySorcery Denial of Service and Application Crash Vulnerability in GNU Screen through 4.8.0 Stored XSS Vulnerability in Henriquedornas 5.2.17 Online Live Chat Information Disclosure Vulnerability in henriquedornas 5.2.17 Allows Unauthorized Access to phpMyAdmin SQL Content Arbitrary Code Execution in SMM via UX360CA BIOS Vulnerability Integer Overflow and Heap-Buffer Overflow Vulnerability in OpenEXR (Versions before 3.0.1) Arbitrary Web Script Injection Vulnerability in Odoo Community and Enterprise 15.0 and Earlier Null Pointer Dereference Vulnerability in htmldoc v1.9.11 and Earlier: Arbitrary Code Execution and Denial of Service Denial of Service Vulnerability in Intel and Killer Bluetooth Firmware Heap-memory Overwrite Vulnerability in Calamine Crate Uninitialized Memory Disclosure Vulnerability in ms3d Crate Uninitialized Memory Disclosure Vulnerability in postscript crate Double Drop Vulnerability in qwutils Crate Soundness Violation in xcb::xproto::GetAtomNameReply::name() Allows Unvalidated Bytes from X Server XCB Crate Soundness Violation: Arbitrary Data Interpretation Vulnerability Out-of-Bounds Read Vulnerability in xcb crate for Rust Soundness Violation in xcb Crate: Arbitrary Type Transmutation Vulnerability Aruba AirWave Management Platform CSRF Vulnerability Aruba AirWave Management Platform CSRF Vulnerability Aruba AirWave Management Platform Remote Authenticated Command Execution Vulnerability Aruba AirWave Management Platform Remote Authenticated Command Execution Vulnerability Aruba AirWave Management Platform Remote Authentication Restriction Bypass Vulnerability Aruba AirWave Management Platform: Authenticated Remote SQL Injection Vulnerability Aruba AirWave Management Platform: Authenticated Remote SQL Injection Vulnerability Aruba AirWave Management Platform Remote Reflected XSS Vulnerability Aruba AirWave Management Platform Stored XSS Vulnerability Aruba AirWave Management Platform XXE Vulnerability Aruba AirWave Management Platform Remote Authenticated Command Execution Vulnerability Aruba AirWave Management Platform Remote Authenticated Command Execution Vulnerability Remote Code Execution Vulnerability in Element Plug-in for vCenter Server Information Disclosure Vulnerability in Clustered Data ONTAP Denial of Service Vulnerability in Clustered Data ONTAP Arbitrary System File Overwrite Vulnerability in Cloud Manager Versions Prior to 3.9.4 Insecure Cross-Origin Resource Sharing (CORS) Policy in Cloud Manager Versions Prior to 3.9.4 Denial of Service (DoS) Vulnerability in Cloud Manager versions prior to 3.9.4 Remote Denial of Service (DoS) Vulnerability in E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 Denial of Service (DoS) Vulnerability in Clustered Data ONTAP Arbitrary Code Execution Vulnerability in E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 Information Disclosure Vulnerability in E-Series SANtricity OS Controller Software Information Disclosure Vulnerability in E-Series SANtricity OS Controller Software Sensitive Information Exposure in NetApp Cloud Manager Sensitive Information Leakage in NetApp Cloud Manager Arbitrary Modification of Compliance-mode WORM Data in Clustered Data ONTAP Vulnerability in NetApp Cloud Manager Allows Remote Data Retrieval via Web Proxy Missing X-Frame-Options Header Vulnerability in Clustered Data ONTAP Versions Plaintext iSCSI CHAP Credential Disclosure Vulnerability Remote Crash Vulnerability in Clustered Data ONTAP Versions 9.6 and Higher Privilege Escalation Vulnerability in StorageGRID HTML5 Gateway Remote Desktop Session Takeover Vulnerability Certificate Validation Flaw in Tenable.sc Client Configuration PuppetDB Logging Vulnerability CSV Export Vulnerability in Puppet Enterprise Puppet DB Privilege Escalation Vulnerability: SQL Query Exploitation Sensitive Parameters Logging Vulnerability in bolt-server and ace Vulnerability in Puppet Agent and Puppet Server: HTTP Redirect Credential Leak Privilege Escalation Vulnerability in Continuous Delivery for Puppet Enterprise (CD4PE) Puppet Agent Vulnerability: Silent Ignoring of Augeas Settings and Denial of Service Risk Sensitive Plan Parameters Logging Vulnerability in Puppet Enterprise and Other Puppet Products Autodesk FBX Review Out-Of-Bounds Read Vulnerability Remote Code Execution Vulnerability in Autodesk FBX Review FBX Review Null Pointer Dereference Vulnerability FBX Review Directory Traversal Remote Code Execution Vulnerability FBX Review Use-After-Free Vulnerability Exploitation via Malicious FBX File Privilege Escalation Vulnerability in Autodesk Licensing Installer Remote Code Execution via Double Free Vulnerability in Autodesk Design Review Autodesk Design Review Multiple File Parsing Heap-Based Buffer Overflow Vulnerability Boundary Read Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 Buffer Overflow Vulnerability in PCX, PICT, RCL, TIF, BMP, PSD, and TIFF File Parsing Arbitrary Code Execution Vulnerability in Autodesk Design Review Type Confusion Vulnerability in Autodesk Design Review Allows Arbitrary Code Execution Arbitrary Code Execution via TIFF and PCX File Buffer Overflow Arbitrary Code Execution Vulnerability in DWG File Parsing Buffer Overflow Vulnerability in DWG File Parsing Buffer Overflow Vulnerability in DWG File Parsing Arbitrary Address Write Vulnerability in Autodesk DWG Application Remote Code Execution and Information Disclosure Vulnerability in Autodesk FBX Review 1.4.0 Arbitrary Code Execution Vulnerability in Autodesk Navisworks PDF Parsing Memory Corruption Vulnerability in Autodesk Navisworks Allows Code Execution via Malicious DLL Files Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Visio Security Feature Bypass Vulnerability PowerPoint Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft PowerPoint Exploiting the Microsoft Office Remote Code Execution Vulnerability ClickToRun Remote Code Execution Vulnerability in Microsoft Office Exploiting the Microsoft Office Remote Code Execution Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows DNS Server DoS Vulnerability Exploiting Visual Studio Installer for Privilege Escalation Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Windows Admin Center Security Bypass Vulnerability Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Windows 10 Update Assistant Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Exposed Azure Virtual Machine Information Vulnerability SharePoint Server Remote Code Execution Vulnerability Windows Win32k Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Windows Media Photo Codec Information Disclosure Vulnerability Exposes Sensitive Data Exploiting Azure Sphere's Unsigned Code Execution Vulnerability ESLint Extension Remote Code Execution Vulnerability in Visual Studio Code Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability VS Code Remote Development Extension RCE Vulnerability Visual Studio Code Java Extension Pack RCE Vulnerability Critical Remote Code Execution Vulnerability in Internet Explorer Windows Services and Controller App Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Internet Messaging API Windows Secure Kernel Mode Elevation of Privilege Vulnerability: A Critical Security Flaw in Windows Operating System RPC Endpoint Mapper Service Privilege Escalation Vulnerability Azure AD Web Sign-in Security Feature Bypass Vulnerability Windows Kernel Information Leakage Vulnerability Windows Early Launch Antimalware Driver Security Bypass Vulnerability Windows Media Video Decoder RCE Vulnerability NTFS Privilege Escalation Vulnerability Vulnerability: Mishandling of Modified FIT in Das U-Boot Unauthorized Issuance of X.509 Certificates in SPIRE Server's Legacy Node API Improper Path Normalization in aws_iid Node Attestor in SPIRE SQL Injection Vulnerability in Accellion FTA 9_12_370 and Earlier via Crafted Host Header Accellion FTA Local Web Service Command Execution Vulnerability SSRF Vulnerability in Accellion FTA 9_12_411 and Earlier via wmProgressstat.html Accellion FTA 9_12_370 and earlier OS Command Execution Vulnerability Remote Code Execution Vulnerability in LightCMS v1.3.5: Exploiting Image Download in NEditorController.php Command Injection via Shell Metacharacters in D-Link DIR-816 A2 1.10 B05 Stack-Based Buffer Overflow in D-Link DIR-816 A2 1.10 B05 Devices Local Symlink Attack Vulnerability in beego through 2.0.2 Local Symlink Attack Vulnerability in beego through 2.0.2 SQL Injection Vulnerability in Expertise Parameter in Doctor Appointment System v1.0 Cross-Site Scripting (XSS) Vulnerability in CASAP Automated Enrollment System v1.0 SQL Injection Vulnerability in Online Reviewer System 1.0: Authentication Bypass and Reverse Shell Upload Persistent/Stored Cross-Site Scripting (XSS) in Moodle 3.10.1 via Additional HTML Section CRLF Injection Vulnerability in SerComm AG Combo VD625 AGSOT_2.1.0 Devices Remote Code Execution and Denial of Service Vulnerability in xterm Unit Address Mishandling Vulnerability in Das U-Boot Unauthenticated Information Extraction Vulnerability in FiberHome HG6245D Devices Clear-text Storage of Passwords and Authentication Cookies in FiberHome HG6245D Devices Obfuscated Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Private Key with Insecure Permissions in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials in FiberHome HG6245D Devices Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Root Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials in FiberHome HG6245D Devices FiberHome HG6245D Devices: Web Daemon Credentials Vulnerability Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Hardcoded Admin Credentials Vulnerability in FiberHome HG6245D Devices Vulnerability: Unauthorized Access to FiberHome HG6245D Devices via Telnet Daemon Vulnerability: Default Enable Command Password on FiberHome HG6245D Devices Weak Admin Password Vulnerability in FiberHome HG6245D Devices Weak Default Password for rdsadmin Account on FiberHome HG6245D Devices FiberHome AN5506-04-FA Firmware RP2631 Gepon Account Password Vulnerability Default Firewall Rules Absent for IPv6 Connectivity on FiberHome HG6245D Devices Root-level Telnetd Vulnerability on FiberHome HG6245D Devices Hardcoded GEPON Password Vulnerability in FiberHome HG6245D Devices FiberHome HG6245D Telnet Backdoor Vulnerability Cleartext Passwords and Insecure Permissions in FiberHome HG6245D Devices Cleartext Passwords and Insecure Permissions in FiberHome HG6245D Devices Cleartext Passwords and Insecure Permissions in FiberHome HG6245D Devices Authentication Bypass Vulnerability in FiberHome HG6245D Devices Clear-text Password Storage Vulnerability in FiberHome HG6245D Devices FiberHome HG6245D Telnet Daemon Crash Vulnerability Reflected XSS Vulnerability in MDaemon Webmail (WorldClient) Allows Privilege Escalation Remote Administration Anti-CSRF Token Fixation Vulnerability IFRAME Injection Vulnerability in MDaemon Webmail (WorldClient) Allows Privilege Escalation Arbitrary File Write Vulnerability in MDaemon Allows Remote Code Execution XML External Entity (XXE) Vulnerability in Pelco Digital Sentry Server 7.18.72.11464 Command Injection Vulnerability in Samba-Client Package for Node.js NULL Pointer Dereference Vulnerability in Fluent Bit 1.6.10 Cleartext Storage of Authentication Credentials in Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 Denial of Service Vulnerability in Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 SSL Certificate Validation Vulnerability in CIRA Canadian Shield App for iOS Stored Cross Site Scripting (XSS) Vulnerability in PEEL SHOPPING 9.3.0 and 9.4.0 Denial of Service (DoS) Vulnerability in get-ip-range Package for Node.js Windows Client Privilege Escalation Vulnerability in Netop Vision Pro 9.7.1 and Earlier Privilege Escalation via Incorrect Default Permissions in Netop Vision Pro API Cleartext Transmission Vulnerability in Netop Vision Pro 9.7.1: Remote Credential Gathering Replay Attack Vulnerability in Netop Vision Pro up to and including version 9.7.1 Reboot Vulnerability in Hitachi ABB Power Grids IEC 61850 Interfaces Arbitrary File Write Vulnerability in DSUtility.dll Unauthenticated Remote Code Execution via Arbitrary File Upload in Visualware MyConnection Server Predictable Code Parameter in WoWonder 3.0.4's recover.php Allows Remote Account Takeover Arbitrary OS Command Execution in Endian Firewall Community 3.3.2 Arbitrary Memory Dereferencing Vulnerability in Dekart Private Disk 2.15 Clear-text Storage of Local Passcode in Telegram (macOS) - Information Disclosure Vulnerability Sensitive Information Disclosure in Telegram before 7.4 (212543) Stable on macOS Buffer Overflow Vulnerability in Zynq-7000 SoC NAND Flash Driver Cleartext Transmission of Credentials in TP-Link Archer C5v 1.7_181221 Management Interface Cleartext Credential Retrieval Vulnerability in TP-Link Archer C5v 1.7_181221 Devices Steghide 0.5.1 Vulnerability: Weak 32-bit Seed Value Enables Detection of Hidden Data Denial of Service Vulnerability in OpenLDAP via Crafted Packet Code Execution via YAML Deserialization in pystemon's config.py (before 2021-02-13) Server-side Request Forgery (SSRF) Vulnerability in Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability in genua genugate Exim 4 before 4.94.2 Local Privilege Escalation via delete_pid_file Race Condition Out-of-Bounds Read Vulnerability in Yubico yubihsm-shell Vulnerability: Length Truncation in g_byte_array_new_take() Function Integer Overflow in g_bytes_new Leading to Memory Corruption File Existence Verification Vulnerability in PRTG Network Monitor Arbitrary .rsc File Creation and Overwrite Vulnerability in MikroTik RouterOS 6.47.9 Stored XSS Vulnerability in Time in Status App for Jira (Versions prior to 4.13.0) Denial-of-Service Vulnerability in Kaspersky Anti-Virus Products Remote Code Execution Vulnerability in IrfanView WPG Plugin Insufficient Access Control in Jupyter Notebooks Integration in Dataiku DSS before 8.0.6 Incorrect Access Control in Shinobi's lib/auth.js Allows Complete Access to User/Admin/Super API Functions Remote Code Execution in Mumble before 1.3.4 via Crafted URL on Server List PHP Code Injection via Translate::save() in ExpressionEngine Subdomain Spoofing Vulnerability in Hestia Control Panel 1.3.5 and Below Stack-based Buffer Overflow in RTSPLive555.dll ActiveX Control in Pelco Digital Sentry Server 7.18.72.11464 Cleartext Password Exposure in Mutare Voice (EVM) 3.x SQL Injection Vulnerability in Mutare Voice (EVM) 3.x Unauthenticated Database Table Export Vulnerability in Mutare Voice (EVM) 3.x Unauthenticated Local File Inclusion Vulnerability in Mutare Voice (EVM) 3.x Stored XSS Vulnerability in BlackCat CMS 1.3.6 Admin Panel Arbitrary Code Execution Vulnerability in NETGEAR R6400 and R6700 Routers Privilege Escalation via Unvalidated Data Deserialization in SolarWinds Patch Manager 2020.2.1 Arbitrary Directory Deletion Vulnerability in Avast Premium Security 20.8.2429 Privilege Escalation Vulnerability in Parallels Desktop 16.0.1-48919 Privilege Escalation via Integer Overflow in Parallels Desktop 16.0.1-48919 Parallels Desktop 16.0.1-48919 Toolgate Component Information Disclosure Vulnerability Firewall Bypass Vulnerability in TP-Link Archer A7 Routers Archer A7 AC1750 Router: Unauthenticated Remote Code Execution via MAC Address Handling (ZDI-CAN-12306) Remote Code Execution Vulnerability in Tencent WeChat 2.9.5 Desktop Version Unauthenticated Remote Code Execution in D-Link DAP-2020 v1.01rc001 Wi-Fi Access Points Arbitrary Code Execution Vulnerability in D-Link DAP-2020 v1.01rc001 Wi-Fi Access Points Unauthenticated Disclosure of Sensitive Information in D-Link DAP-2020 v1.01rc001 Wi-Fi Access Points Insecure Firmware Update Protocol Allows Remote Code Execution on NETGEAR Nighthawk R7800 (ZDI-CAN-12308) Arbitrary Code Execution Vulnerability in NETGEAR R7800 Firmware Version 1.0.2.76 Authentication Bypass and Remote Code Execution in NETGEAR Nighthawk R7800 (ZDI-CAN-12303) Authentication Bypass Vulnerability in NETGEAR R7800 (ZDI-CAN-12287) Unauthenticated Remote Code Execution in NETGEAR R7800 Firmware Version 1.0.2.76 Authentication Bypass and Remote Code Execution in NETGEAR R7800 Firmware Version 1.0.2.76 Unauthenticated Remote Code Execution via FTP in NETGEAR R7800 Firmware 1.0.2.76 Unauthenticated Privilege Escalation in SolarWinds Orion Platform 2020.2 Privilege Escalation via Integer Overflow in Parallels Desktop 16.0.1-48919 Parallels Desktop 16.0.1-48919 Toolgate Component Local Information Disclosure Vulnerability Arbitrary Code Execution via U3D Handling in Foxit PhantomPDF 10.1.0.37527 Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via U3D Object Handling Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via U3D Object Handling Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via U3D Object Handling Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via U3D Object Handling Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via U3D Object Handling Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via U3D Objects in PDF Files Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via U3D Objects in PDF Files Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 10.1.0.37527 Remote Code Execution Vulnerability in Foxit PhantomPDF 10.1.0.37527 via JPEG2000 Image Parsing Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 10.1.0.37527 Arbitrary File Deletion Vulnerability in NETGEAR ProSAFE Network Management System 1.6.0.26 Arbitrary Code Execution Vulnerability in NETGEAR ProSAFE Network Management System 1.6.0.26 Arbitrary Code Execution in NETGEAR ProSAFE Network Management System 1.6.0.26 Arbitrary File Deletion and Information Disclosure Vulnerability in NETGEAR ProSAFE Network Management System 1.6.0.26 Arbitrary File Deletion Vulnerability in NETGEAR ProSAFE Network Management System 1.6.0.26 Privilege Escalation via Unvalidated Data Deserialization in SolarWinds Orion Virtual Infrastructure Monitor 2020.2 Privilege Escalation in Parallels Desktop 16.1.1-49141 via Toolgate Component Stored XSS Vulnerability in MyBB 1.8.25 via Nested [email] Tags with MyCode Arbitrary Code Execution Vulnerability in mblog 3.5.0 via Crafted Theme Selection X2Engine X2CRM v7.1 Cross Site Scripting (XSS) Vulnerability in Comment Field Denial of Service Vulnerability in SSRI 5.2.2-8.0.0 Regular Expression Denial of Service (ReDoS) Vulnerability in Pygments Denial of Service Vulnerability in ua-parser-js <= 0.7.14 RestSharp Regular Expression Denial of Service (ReDoS) Vulnerability Improper Access Control Vulnerability in Kong Gateway JWT Plugin Cross-Site Scripting (XSS) Vulnerability in 4images Version 1.8 Admin Login Panel Unauthenticated Reflected XSS Vulnerability in Clansphere CMS 2011.4 via module Parameter Unauthenticated Reflected XSS Vulnerability in Clansphere CMS 2011.4 via language Parameter SQL Injection Vulnerability in Admin Login Page of Doctor Appointment System 1.0 Blind SQL Injection Vulnerability in Doctor Appointment System 1.0's contactus.php Blind SQL Injection Vulnerability in Contactus.php of Doctor Appointment System 1.0 Arbitrary Code Injection through comment parameter in Doctor Appointment System 1.0 Arbitrary Web Script Injection Vulnerability in Doctor Appointment System 1.0 Blind SQL Injection in Contact Us Form of Doctor Appointment System 1.0 Blind SQL Injection Vulnerability in Doctor Appointment System 1.0's contactus.php Directory Traversal Vulnerability in Yeastar NeoGate TG400 91.3.0.3 Devices Allows Unauthorized Access to Sensitive Information SSRF Vulnerability in Friendica 2021.01 via parse_url?binurl= Parameter Cross-Site Scripting (XSS) Vulnerability in Triconsole Datepicker Calendar <3.77 Arbitrary Code Injection in SourceCodester CASAP Automated Enrollment System v 1.0 Insecure Java Deserialization in KollectApps before 4.8.16c: Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Faraday Edge before 3.7 via network/create/ page and network name parameter. Reflected XSS Vulnerability in OpenSIS Community Edition <= 7.6 via opt Parameter in EmailCheck.php Local File Inclusion Vulnerability in OpenSIS Community Edition <= 7.6 via DownloadWindow.php Timing-based side-channel attack bypasses anti-brute-force delay in D-Link Router model DIR-842 firmware version 3.0.2 Buffer Overflow in Crypto::der_decode_sequence() function in SerenityOS Null Pointer Dereference Vulnerability in Irzip 0.631 Irzip 0.631 Use After Free Vulnerability in lzma_decompress_buf Function Cross-Site Scripting (XSS) Vulnerability in Advanced Order Export Plugin for WooCommerce (Versions prior to 3.1.8) Failure to Invalidate Recently Active Session in Telegram Application Open Redirect Vulnerability in Ilch CMS 2.1.42: Unauthorized Site Redirection After Login Buffer Overflow Vulnerability in RIOT-OS 2020.01's gnrc_rpl_control_messages.c Denial of Service Vulnerability in Grafana Snapshot Feature Remote Code Execution Vulnerability in IrfanView WPG Plugin Kernel Pointer Leak in iSCSI Transport Registration Vulnerability: Privilege Escalation via Crafted Netlink Messages in drivers/scsi/scsi_transport_iscsi.c Linux Kernel iSCSI Netlink Message Length Vulnerability Directory Traversal Vulnerability in Bolt CMS 4.1.13 and earlier Stored XSS Vulnerability in Monica 2.19.1 Contact Page Stored XSS Vulnerability in Monica 2.19.1 Contact Page via Middle Name Field Stored XSS Vulnerability in Monica 2.19.1 Contact Page Stored XSS Vulnerability in Monica 2.19.1 Contact Page Description Field Plaintext Password Storage Vulnerability in Realtek xPON RTL9601D SDK 1.9 Unauthenticated Access to WebOffice Application Content in VertiGIS WebOffice 10.7 SP1 and 10.8 SP1 Cross-Origin IFRAME Loading Vulnerability in Traefik before 2.4.5 Invalid Memory Access in nb-connect Crate for Rust Use-after-free vulnerability in yottadb crate before 1.2.0 for Rust Insufficient Buffer-Length Checks in rand_core Crate Lead to Inadequate Seeding of Random Number Generator Incomplete Fix for CVE-2020-15565 Allows Unintended DMA Access in Xen Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 (ZDI-CAN-12532) Out-of-Bounds Read Vulnerability in Solid Edge SE2020 and SE2021 (ZDI-CAN-12534) Stack-based Buffer Overflow in Solid Edge SE2020 and SE2021 (ZDI-CAN-13040) Heap Allocation Leak Vulnerability in SmartVNC Server Tight Encoder Leading to Denial-of-Service Out-of-Bounds Memory Access Vulnerability in SIMATIC HMI and SINAMICS Devices Denial-of-Service Vulnerability in SIMATIC HMI and SINAMICS Devices Heap Allocation Leak Vulnerability in SIMATIC HMI and SINAMICS Devices Out-of-Bounds Write Vulnerability in Simcenter Femap Vulnerability in Sm@rtServer Component of SINAMICS Medium Voltage Routable Products Allows for Unauthorized Control and Denial-of-Service Attacks Insecure Shipment of Private Sign Key in Opcenter Quality and QMS Automotive Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13131) Buffer Overflow Vulnerability in APOGEE and TALON Building Automation Systems Hard-coded Key Vulnerability in Siveillance Video Open Network Bridge Improper UDP Port Randomization in Nucleus NET and Nucleus ReadyStart: DNS Cache Poisoning and Spoofing Vulnerability Privilege Escalation Vulnerability in Mendix Applications Authentication Bypass Vulnerability in SIMATIC Process Historian Software Stack-based Buffer Overflow in Tecnomatix Plant Simulation (All versions < V16.0.5) Memory Corruption Vulnerability in Tecnomatix Plant Simulation (All versions < V16.0.5) Stack-based Buffer Overflow in Tecnomatix Plant Simulation (All versions < V16.0.5) Out-of-Bounds Write Vulnerability in Simcenter Femap TLS Certificate Validation Bypass in HashiCorp Vault and Vault Enterprise Cassandra Integrations Cross-Site Scripting (XSS) Vulnerability in Mitel MiCollab Web Client before 9.2 FP2 Directory Traversal Vulnerability in Mitel MiCollab SAS Admin Portal Cross-Site Scripting (XSS) Vulnerability in Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 Devices Host Header Injection Vulnerability in Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 Devices ReDoS Vulnerability in @progfay/scrapbox-parser Package Arbitrary OpenVPN Configuration Injection Vulnerability in PerFact OpenVPN-Client Out-of-Bounds Read Vulnerability in Welch Allyn Medical Device Management Tools Out-of-Bounds Write Vulnerability in Welch Allyn Medical Device Management Tools Integer Wrap-Around Vulnerability in Micrium OS Versions 5.10.1 and Prior Out-of-Bounds Read Vulnerability in Delta Electronics DOPSoft Versions 4.0.10.17 and Prior Stack-Based Buffer Overflow in Omron CX-One and CX-Server Software Versions 4.60 and Prior Phishing Vulnerability in Hitachi ABB Power Grids Ellipse EAM Versions Prior to 9.0.25 Remote Code Execution Vulnerability in Hitachi ABB Power Grids Ellipse EAM Integer Wraparound in calloc Function Leading to Heap-Based Buffer Overflow in eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 Cross-Site Scripting (XSS) Vulnerability in GE UR Firmware Web Interface Integer Wrap-around Vulnerability in uClibc-ng's malloc-simple Function Web Server Unresponsiveness Vulnerability in GE UR Firmware Versions Prior to 8.1x Integer Overflow Vulnerability in NXP MCUXpresso SDK Malloc Function Unauthenticated Sensitive Information Exposure in GE UR Firmware Versions Prior to 8.1x Unauthorized Information Disclosure Vulnerability in GE UR Firmware Versions Prior to 8.1x Integer Wrap-Around Vulnerability in mm_malloc Function of Cesanta Software Mongoose-OS v2.17.0 Vulnerability: Inability to Disable Factory Mode in GE UR IED Firmware Versions Prior to 8.1x Integer Wrap-Around Vulnerability in RIOT OS 2020.01.1's calloc Implementation Firmware Upgrade Vulnerability in GE UR IED Versions Prior to 8.10 Integer Overflow Vulnerability in Texas Instruments TI-RTOS HeapTrack_alloc Function Hardcoded Credentials and Boot Sequence Interruption Vulnerability in GE UR Bootloader Binary Integer Wrap-Around Vulnerability in ARM CMSIS RTOS2 Uncontrolled Recursion Vulnerability in OPC Foundation UA .NET Standard and Legacy Integer Wrap-Around Vulnerability in ARM mbed-ualloc Memory Library v1.3.0 Stack Overflow Vulnerability in Unified Automation .NET based OPC UA Client/Server SDK Bundle Integer Wrap-around Vulnerability in malloc_wrapper Function in ARM mbed Product Version 6.3.0 Cross-Site Scripting (XSS) Vulnerability in WebAccess/SCADA Versions 9.0 and Prior Hard-coded Administrator Credentials in WISE-PaaS/RMM Enable Unauthorized Access to Grafana APIs Hard-coded Password Vulnerability in Reason DR60 Firmware Integer Wrap-Around Vulnerability in TencentOS-tiny 3.1.0: Arbitrary Memory Allocation and Remote Code Execution Hard-coded Password Vulnerability in Reason DR60 Firmware CMT Product Line Cross-Site Scripting Vulnerability Remote Access and Unauthorized Administrative Actions Vulnerability in Weintek cMT Product Line Insecure File Permissions in Mesa Labs AmegaView Versions 3.0 and Prior: Privilege Escalation Vulnerability Code Injection Vulnerability in Weintek cMT Product Line Command Injection Vulnerability in Mesa Labs AmegaView Version 3.0 File System Miscommunication Vulnerability in MU320E Firmware (prior to v04A00.1) Allows Privilege Escalation Command Injection Vulnerability in Mesa Labs AmegaView Versions 3.0 and Prior Insecure SSH Server Configuration on MU320E (Firmware Versions Prior to v04A00.1) Reversible Passcode Algorithm Vulnerability in Mesa Labs AmegaView Versions 3.0 and Prior Hard-coded Password Vulnerability in MU320E Firmware Default Cookie Bypass Vulnerability in Mesa Labs AmegaView Versions 3.0 Privilege Escalation Vulnerability in Reason DR60 Firmware (Versions prior to 02A04.1) Out-of-Bounds Read Vulnerability in Delta Electronics DOPSoft Versions 4.0.10.17 and Prior Lack of Access Control in Philips Gemini PET/CT Software Puts Sensitive Data at Risk Weak Encryption Algorithm in Emerson Rosemount X-STREAM Gas Analyzer Exposes Sensitive Data Vulnerability: Denial of Ethernet Communication in JTEKT Corporation TOYOPUC Product Series Arbitrary Code Execution Vulnerability in Emerson Rosemount X-STREAM Gas Analyzer Deserialization Vulnerability in Rockwell Automation FactoryTalk AssetCentre Emerson Rosemount X-STREAM Gas Analyzer Webserver Data Exposure Vulnerability Deserialization Vulnerability in Rockwell Automation FactoryTalk AssetCentre Persistent Cookie Session Hijacking Vulnerability in Emerson Rosemount X-STREAM Gas Analyzer Unauthenticated Remote SQL Injection in Rockwell Automation FactoryTalk AssetCentre Arbitrary HTML Injection Vulnerability in Emerson Rosemount X-STREAM Gas Analyzer Deserialization Vulnerability in Rockwell Automation FactoryTalk AssetCentre Emerson Rosemount X-STREAM Gas Analyzer Web Interface Clickjacking Vulnerability Unauthenticated Remote SQL Injection in Rockwell Automation FactoryTalk AssetCentre Deserialization Vulnerability in Rockwell Automation FactoryTalk AssetCentre File Path Traversal Vulnerability in Rockwell Automation Connected Components Workbench v12.00.00 and Prior Remote Unauthenticated SQL Injection Vulnerability in Rockwell Automation FactoryTalk AssetCentre Zip Slip Vulnerability in Rockwell Automation Connected Components Workbench v12.00.00 and Prior Remote Code Execution in Rockwell Automation FactoryTalk AssetCentre Deserialization-based Remote Code Execution in Rockwell Automation Connected Components Workbench OS Command Injection Vulnerability in Rockwell Automation FactoryTalk AssetCentre v10.00 and Earlier Buffer Overflow Vulnerability in JTEKT Corporation TOYOPUC PLC Versions Denial-of-Service Vulnerability in EIPStackGroup OpENer EtherNet/IP Injection Vulnerability in ZOLL Defibrillator Dashboard Stack-Based Buffer Overflow in Delta Industrial Automation COMMGR Versions 1.12 and Prior Hardcoded Encryption Key Vulnerability in ZOLL Defibrillator Dashboard Arbitrary Data Read Vulnerability in EIPStackGroup OpENer EtherNet/IP Insecure Filesystem Permissions in ZOLL Defibrillator Dashboard v2.2 and prior Password Storage Vulnerability in ZOLL Defibrillator Dashboard Integer Underflow Vulnerability in FATEK Automation WinProladder Versions 3.30 and Prior Plaintext Storage of Credentials in ZOLL Defibrillator Dashboard (v prior to 2.2) Out-of-Bounds Write Vulnerability in KeyShot Versions v10.1 and Prior Arbitrary Command Execution via File Upload in ZOLL Defibrillator Dashboard Out-of-Bounds Read Vulnerability in KeyShot Versions v10.1 and Prior Password Hash Disclosure in Ypsomed mylife Cloud Registration Process Arbitrary File Disclosure Vulnerability in KeyShot Versions v10.1 and Prior Improper Input Validation in Philips Vue PACS Versions 12.2.x.x and Prior Stack-based Buffer Overflow in KeyShot Versions v10.1 and Prior: Parsing STP Files Vulnerability Insecure Password Reflection in Ypsomed mylife Cloud and Mobile App Unvalidated User Input Parsing Vulnerability in KeyShot Versions v10.1 and Prior Insufficient Protection Mechanism in Philips Vue PACS Versions 12.2.x.x and Prior Denial-of-Service Vulnerability in EIPStackGroup OpENer EtherNet/IP Non-Random IVs in Ypsomed mylife Cloud and Mobile App Communication Protocol Allows Message Tampering Denial-of-Service Vulnerability in EIPStackGroup OpENer EtherNet/IP Coding Rule Violations in Philips Vue PACS Versions 12.2.x.x and Prior: Increasing Vulnerability Severity Integer Overflow Vulnerability in Texas Instruments TI-RTOS HeapMem_allocUnprotected Function Insecure Encryption of Credentials in Ypsomed mylife Cloud and Mobile App Integer Overflow Vulnerability in malloc for FreeRTOS on Texas Instruments Devices Unrestricted Directory Listing Vulnerability in mySCADA myPRO Versions Prior to 8.20.0 ClamAV Engine DoS Vulnerability in Storsmshield Network Security Lack of Access Code Association in Visualware MyConnection Server Arbitrary .xml.php File Upload Vulnerability in EyesOfNetwork 5.3-10 Brute-Force Authentication Bypass in EyesOfNetwork 5.3-10 (CVE-2021-27513) Improper Handling of Backslashes in url-parse (CVE-2021-12345) Improper Handling of Backslashes in URI.js (aka urijs) Leads to Relative Path Interpretation Arbitrary JavaScript Execution in Foxit PDF SDK For Web through 7.5.0 via Malicious PDF Upload Cross-Site Scripting (XSS) Vulnerability in FUDForum 3.1.0 via srch Parameter in index.php Cross-Site Scripting (XSS) Vulnerability in FUDForum 3.1.0 via author Parameter in index.php Remote Privilege Escalation Vulnerability in Learnsite 1.2.5.0 via JudgIsAdmin() Function Remote Code Execution Vulnerability in Open-Falcon Dashboard 0.2.0 Arbitrary Code Execution via Embed Media Feature in margox braft-editor 2.3.8 Cross-Site Scripting (XSS) Vulnerability in DynPG 4.9.2 via 'page' Parameter Cross-Site Scripting (XSS) Vulnerability in DynPG 4.9.2 via valueID Parameter Cross-Site Scripting (XSS) Vulnerability in DynPG 4.9.2 via 'refID' Parameter Remote Code Injection via 'limit' Parameter in DynPG 4.9.2 Cross-Site Scripting (XSS) Vulnerability in DynPG 4.9.2 via URI Injection in index.php Cross-Site Scripting (XSS) Vulnerability in DynPG 4.9.2 via 'query' Parameter Arbitrary Code Execution via Cross Site Scripting (XSS) in PHPGurukul Beauty Parlour Management System v1.0 SQL Injection in add-services.php component of PHPGurukul Beauty Parlour Management System v1.0 Null Pointer Dereference Vulnerability in XFAScanner::scanNode() Function in xpdf 4.03 Clipboard Data Leakage in Genymotion Desktop through 3.2.0 Divide-by-Zero Denial of Service Vulnerability in Polaris Office v9.102.66 Arbitrary Code Execution Vulnerability in EasyCorp ZenTao 12.5.3 Cron Job Tab CSRF Vulnerability in EasyCorp ZenTao 12.5.3 Cron Job Tab Allows Unauthorized Field Updates Cross-Site Scripting (XSS) Vulnerability in EasyCorp ZenTao 12.5.3 Stored XSS Vulnerability in Monica 2.19.1 Contact Page via Nickname Field Command Injection Vulnerability in Yealink Device Management (DM) 3.6.0.20 Vulnerability: Arm Trusted Firmware M through 1.2 - Insecure Handling of Secure Functions in NSPE Handler Mode Stored XSS Vulnerability in Appspace 6.2.4: Group Name Execution Denial of Service Vulnerability in InterNiche NicheStack Web Server Uncaught Exception in netplex json-smart Library Leads to Program Crash and Potential Data Exposure Unauthenticated Remote Window Manipulation in Emote Remote Mouse Unauthenticated Remote Process Termination Vulnerability in Emote Remote Mouse Cleartext Transmission of Recently Used and Running Applications in Emote Remote Mouse Authentication Bypass via Packet Replay in Emote Remote Mouse Remote Code Execution Vulnerability in Emote Remote Mouse Cleartext HTTP Update Vulnerability in Emote Remote Mouse NetTest Web Service Bandwidth Overload Vulnerability in Apache OpenMeetings 6.0.0 Apache Traffic Server URL Fragment Cache Poisoning Vulnerability Cross Site Scripting (XSS) Vulnerability in Apache Zeppelin Markdown Interpreter Privilege Escalation Vulnerability in Snow Inventory Agent through 6.7.0 on Windows SQL Injection Vulnerability in Kentico CMS 5.5 R2 Build 5.5.3996 Blog Module Mass Assignment Vulnerability in OAuthConfirmationController.java User Presence Disclosure in Directus 8.x through 8.8.1 via Password Reset Feature Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer 9 when Opening Manipulated PSD Files SAP 3D Visual Enterprise Viewer Version 9 CGM File Format Vulnerability Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer 9 when Opening Manipulated IFF Files Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer 9 when Opening Manipulated Jupiter Tessellation (.JT) Files HPGL Format File Vulnerability in SAP 3D Visual Enterprise Viewer v9 SAP 3D Visual Enterprise Viewer Version 9 SVG File Crash Vulnerability TIFF File Format Vulnerability in SAP 3D Visual Enterprise Viewer v9 SAP 3D Visual Enterprise Viewer Version 9 PDF File Crash Vulnerability Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer when Opening Manipulated U3D Files SAP 3D Visual Enterprise Viewer GIF File Crash Vulnerability SAP 3D Visual Enterprise Viewer Crash Vulnerability PDF File Vulnerability in SAP 3D Visual Enterprise Viewer Autodesk 3D Studio for MS-DOS (.3DS) File Crash Vulnerability in SAP 3D Visual Enterprise Viewer SAP NetWeaver AS for ABAP (RFC Gateway) Denial of Service Vulnerability Missing Authorization Check in SAP NetWeaver AS JAVA Customer Usage Provisioning Servlet Information Disclosure Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Stored Cross-Site Scripting (XSS) Vulnerability in SAP Manufacturing Execution (System Rules) SAP NetWeaver AS Java HTMLB-based Applications Cross-Site Scripting (XSS) Vulnerability Remote Code Execution Vulnerability in SAP Commerce Backoffice Application Denial of Service Vulnerability in SAP NetWeaver AS ABAP: SPI_WAIT_MILLIS Function Module Mitigating XML External Entity Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Unauthorized Access to Employee Personnel Numbers in SAP's HCM Travel Management Fiori Apps V2 SAP NetWeaver ABAP Server and ABAP Platform Denial of Service Vulnerability SAP NetWeaver ABAP Server and ABAP Platform Denial of Service Vulnerability Unquoted Service Path Vulnerability in SAPSetup 9.0: Privilege Escalation and Complete Compromise Unauthenticated User Can Manipulate SAP EarlyWatch Alert Service Activation Inconsistent and Distinguished Format Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform SAP NetWeaver AS ABAP Local Code Injection Vulnerability SAP GUI for Windows Vulnerability: Malicious Website Redirection Insecure Temporary Folder Vulnerability in SAP Business One Chef Cookbook Code Injection Vulnerability in SAP Business One Hana Chef Cookbook Missing HTTP Security Headers in SAP Manufacturing Execution Versions - 15.1, 1.5.2, 15.3, 15.4: Exploitable Cross-Site Scripting (XSS) Vulnerability Insecure Temporary Backup Path Allows Information Disclosure in SAP Business One Hana Chef Cookbook XML Document Upload Vulnerability in SAP Process Integration Integration Builder Framework File Type Extension Bypass Vulnerability in SAP Process Integration Integration Builder Framework SAP Commerce (Backoffice Search) Information Disclosure Vulnerability SAP Internet Graphics Service Remote Crash Vulnerability UserAdmin Application Information Disclosure Vulnerability in SAP NetWeaver Application Server for Java SAP Internet Graphics Service Remote Crash Vulnerability SAP Internet Graphics Service Remote Crash Vulnerability SAP Internet Graphics Service Remote Crash Vulnerability SAP Internet Graphics Service Remote Crash Vulnerability SAP Internet Graphics Service Remote Crash Vulnerability SAP Internet Graphics Service Remote Crash Vulnerability SAP NetWeaver ABAP Server and ABAP Platform Denial of Service Vulnerability SAP NetWeaver ABAP Server and ABAP Platform Denial of Service Vulnerability SAP NetWeaver ABAP Server and ABAP Platform Denial of Service Vulnerability SAP NetWeaver ABAP Server and ABAP Platform Denial of Service Vulnerability SAP NetWeaver ABAP Server and ABAP Platform Denial of Service Vulnerability SAP NetWeaver AS for ABAP (RFC Gateway) Denial of Service Vulnerability SAP NetWeaver AS for ABAP (RFC Gateway) Denial of Service Vulnerability XML External Entity (XXE) Injection Vulnerability in SAP NetWeaver AS for JAVA Information Disclosure Vulnerability in SAP Enable Now (SAP Workforce Performance Builder - Manager) Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated PSD File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash SQL Injection Vulnerability in Apache DolphinScheduler Double-Free Vulnerability in GNU C Library's Nameserver Caching Daemon (nscd) Leads to Local Denial of Service Remote Code Execution Vulnerability in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 Arbitrary Code Execution via Crafted Web Requests in Synology DiskStation Manager (DSM) Privilege Escalation via External Resource Reference in Synology Antivirus Essential Remote Code Execution Vulnerability in Synology DiskStation Manager (DSM) File Transfer Protocol Component Password Reset Bypass Vulnerability in Pega Infinity (Versions 8.2.1 - 8.5.2) Pega Chat Access Group Portal Misconfiguration Vulnerability Forgotten Password Reset: A Gateway to Bypass Local Authentication Checks ExacqVision Web Service Information Disclosure Vulnerability Unintended Server File System Access in Johnson Controls Metasys Version 11.0 and Prior Cross-Site Scripting (XSS) Vulnerability in exacqVision Enterprise Manager 20.12 Insufficient Input Validation in exacqVision Web Service 21.03 Remote Code Execution Vulnerability in C-CURE 9000 Auto Update Feature Unintended File System Access Vulnerability in Facility Explorer SNC Series Supervisory Controller (F4-SNC) Vulnerability: Replay and Man-in-the-Middle Attacks on Johnson Controls KT-1 Door Controller Unauthorized Remote Access Vulnerability in Johnson Controls CEM Systems AC2000 (Versions 10.1-10.5) Unauthenticated Remote Access Vulnerability in exacqVision Server Allows Unauthorized Access to Stored Credentials Potential Integer Overflow Vulnerability in exacqVision Server Allows for Remote Denial-of-Service Attacks Unauthenticated License Metadata Read Vulnerability in HashiCorp Vault Enterprise SSRF Vulnerability in Appspace 6.2.4 via api/v1/core/proxy/jsonprequest URL Parameter Case-Sensitive Protection Mechanism in comrak Crate Allows XSS via Data: and javascript: URIs SQL Injection in admin_boxes.ajax.php component of Tribal Systems Zenario CMS v8.8.52729 Arbitrary Code Execution via Cross Site Scripting (XSS) in Tribal Systems Zenario CMS v8.8.52729 Stored XSS Vulnerability in Centreon Version 20.10.2: Configuration > Notifications > Hosts Page Arbitrary Script Injection in Batflat CMS 1.3.6 Galleries Arbitrary Script Injection in Snippets Field Name in Batflat CMS 1.3.6 Arbitrary Script Injection in Batflat CMS 1.3.6 Navigation Field Remote Command Execution in Tenda G0, G1, and G3 Routers with Firmware Versions v15.11.0.6(9039)_CN, v15.11.0.5(5876)_CN, v15.11.0.17(9502)_CN, and v15.11.0.16(9024)_CN Remote Command Execution in Tenda G1 and G3 Routers with Firmware Versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN SSRF Vulnerability in PublicCMS 4.0.202011.b via /publiccms/admin/ueditor (action: catchimage) Multiple Stored XSS Vulnerabilities in openMAINT 2.1-3.3-b Buffer Overflow Vulnerability in gnrc_rpl_validation_options() Function of RIOT-OS 2021.01 Buffer Overflow Vulnerability in RIOT-OS 2021.01's _parse_options() Function Remote Code Execution Vulnerability in Tenda G1 and G3 Routers with Firmware v15.11.0.17(9502)_CN Remote Code Execution Vulnerability in Tenda G1 and G3 Routers with Firmware Version V15.11.0.17(9502)_CN Remote Code Execution Vulnerability in Tenda G1 and G3 Routers with Firmware v15.11.0.17(9502)_CN Remote Command Injection in TOTOLINK X5000R and A720R Routers Remote Command Injection in TOTOLINK X5000R and A720R Routers Authentication Bypass and Arbitrary Code Execution in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 Buffer Overflow Vulnerability in SpotAuditor 5.3.5 Accellion FTA 9_12_432 and earlier Vulnerability: Argument Injection via Crafted POST Request Stored XSS Vulnerability in Accellion FTA 9_12_432 and Earlier Stored XSS Vulnerability in JetBrains YouTrack via Issue Attachment Remote Credential Change Vulnerability in Hirschmann HiOS and HiSecOS XXE Vulnerability in FusionAuth SAMLv2 (CVE-2021-12345) Remote Denial of Service (DOS) Vulnerability in Apache Traffic Server 9.0.0 Experimental Slicer Plugin Unauthenticated Arbitrary Request and SSRF Vulnerability in StreamingCoordinatorController Critical XXE Injection Vulnerability in HCL Commerce Management Center Critical XSS Vulnerability Discovered in HCL Connections: Immediate Security Update Required Insufficient Session Expiration in HCL Commerce Allows Unauthorized Access Android PathTraversal Vulnerability in Sametime App Sametime Android File Class Path Traversal Vulnerability Vulnerability: Insecure TLS-RSA Cipher Suites in BigFix Compliance v2.0.5 Cleartext Password Storage Vulnerability Cross-Site Request Forgery Vulnerability in Login Form Leads to Account Lockout Unvalidated Request Vulnerability Remote Code Execution Vulnerability in Sametime Chat Feature such as man-in-the-middle or brute force. Critical Security Oversight: Misconfigured HTTP Headers Pose Serious Vulnerability Missing HTTPOnly Flag for NUMBER Cookie(s) in WebUI CVE-2021-41526: Privilege Escalation Vulnerability in BigFix Server API Installer CVE-2021-41526: Privilege Escalation Vulnerability in InstallShield CVE-2021-41526: Privilege Escalation Vulnerability in BigFix Console Installer Vulnerability: Lack of Hostname Verification in Android Application Allows Intercepting Sensitive Account Information Title: Mitigating Information Leakage: Safeguarding Website Vulnerabilities Remote Code Execution Vulnerability in FaviconService Arbitrary File Upload and Directory Deletion via User SID Manipulation in Sametime Chat Application Group Conversation Eavesdropping Vulnerability Clickjacking Vulnerability Exploitable in Meeting Chat Error Response Exposes User Input, Posing Phishing Risk XML External Entity (XXE) Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in HCL Traveler Administration Web Pages VersionVault Express: Sensitive Information Exposure Vulnerability Un-Auth XML Interaction and Unauthenticated Device Enrollment Vulnerability Cross-Site Scripting (XSS) Vulnerability: Alert Pop-up Display Cookie Brute-Force Vulnerability in HCL BigFix Mobile / Modern Client Management Admin and Config UI Unencrypted Sensitive Information Exposure in User-Generated PPKG Files for Bulk Enroll Vulnerability: Non-Unique HTTPS Certificates and Database Encryption Key in HCL Launch Container Images Sensitive Personal Information Exposure in HCL Commerce's Remote Store Server CORS Misconfiguration Allows for Privileged Actions and Information Disclosure Cross Site Scripting (XSS) Vulnerability in HCL Verse Allows Remote Code Execution and Data Theft Debug Statements Expose Sensitive Information in Brocade Fabric OS Stack-based Buffer Overflow in Brocade Fabric OS Allows Arbitrary Code Execution Authentication Bypass Vulnerability in Brocade Fabric OS Web Application Service Vulnerability: Denial of Service in Brocade Fabric OS Web Management Interface Intermittent Authorization Failure in AAA Tacacs+ in Brocade Fabric OS Versions Authentication Bypass Vulnerability in Brocade Fabric OS Vulnerability: Cryptographic Issues Allowing Installation of Forged License Keys in Brocade Fabric OS File System Read Vulnerability in Brocade Fabric OS Hard-coded Credentials Vulnerability in Brocade Fabric OS Privileged Directory Traversal Vulnerability in Brocade Fabric OS Versions v7.4.1b and v7.3.1d Stack-based Buffer Overflow in Zint Barcode Generator 2.9.1 P2P Provision Discovery Request Vulnerability in wpa_supplicant Writable Memory Corruption in JPEG XL (aka jpeg-xl) 0.3.2 Infinite Loop Vulnerability in Apache PDFBox 2.0.22 and Prior Versions Code Injection Vulnerability in QibosoftX1 v1.0 Upgrade Function NULL Pointer Dereference Vulnerability in exif Command Line Tool Remote Command Execution Vulnerability in ShopXO 1.9.3 via Modified Phar Suffix Upload Cross-Site Scripting (XSS) Vulnerability in OpenWRT LuCI Web Interface (Version 19.07 and lower) Allows Arbitrary Code Execution Persistent XSS Vulnerability in Vehicle Parking Management System 1.0's Add Categories Module NetWave System 1.0 Unauthenticated Information Disclosure Vulnerability Mercury MAC1200R Directory Traversal Vulnerability: Arbitrary File Read via web-static/ URL SQL Injection Vulnerability in In4Suite ERP 3.2.74.1370: Persistent Data Modification and Deletion Denial of Service Vulnerability in libxls 1.6.2 via Crafted XLS File CSV Injection Vulnerability in Online Invoicing System (OIS) 4.3 and Below Divide-by-zero vulnerability in JasPer Image Coding Toolkit 2.0 Division-By-Zero vulnerability in Libvips 8.10.5 in vips_eye_point and vips_mask_point functions Unauthenticated Remote Code Execution Vulnerability in Apache Tapestry Local Privilege Escalation Vulnerability in 'guix-daemon' Arbitrary Code Execution Vulnerability in CheckboxWeb.dll of Checkbox Survey Bypassing Layer 2 Network Filtering with VLAN 0 and LLC/SNAP Headers Bypassing Layer 2 Network Filtering with VLAN 0 Headers, LLC/SNAP Headers, and Ethernet-Wifi Conversion Privilege Escalation Vulnerability in FatPipe WARP, IPVPN, and MPVPN Software Unauthenticated Administrative Access in FatPipe WARP, IPVPN, and MPVPN Software Unauthenticated Remote Download of Configuration Archive in FatPipe WARP, IPVPN, and MPVPN Software Missing Authorization Vulnerability in FatPipe WARP, IPVPN, and MPVPN Software (FPSA004) Account Privilege Escalation Vulnerability in FatPipe WARP, IPVPN, and MPVPN Software File Upload Vulnerability in FatPipe WARP, IPVPN, and MPVPN Software (FPSA006) Bypassing Layer 2 Network Filtering with Invalid LLC/SNAP Headers Bypassing Layer 2 Network Filtering with Invalid LLC/SNAP Headers and Ethernet to WiFi Frame Conversion Vulnerability in Veritas Backup Exec Allows Unauthorized Access and File System Manipulation Remote Code Execution via SHA Authentication in Veritas Backup Exec Vulnerability in Veritas Backup Exec Allows Unauthorized System Command Execution Insecure JWT Token Generation in YMFE YApi through 1.9.2 Lack of e_TOKEN Protection in usersettings.php in e107 through 2.3.0 Command Injection Vulnerability in rakibtg Docker Dashboard XSS Vulnerability in Ellipse APM Dashboard Cross-Site Scripting (XSS) Vulnerability in ZendTo before 6.06-4 Beta MyBB Nested Auto URL Cross-site Scripting (XSS) Vulnerability MyBB 1.8.26 SQL Injection Vulnerability via Theme XML Files Weak Key Generation Vulnerability in SSH Tectia Client and Server on Windows Local Privilege Escalation Vulnerability in SSH Tectia Client and Server on Windows Local Privilege Escalation Vulnerability in SSH Tectia Client and Server on Windows Improper Certificate Validation in Proofpoint Insider Threat Management Agents for MacOS and Linux Authorization Bypass Vulnerability in Proofpoint Insider Threat Management Server LG Mobile Devices with Android OS 11 Software: Fingerprint Recognition Vulnerability in Bright Illumination Craft CMS 3.6.0 XSS Vulnerability in Front-End Form Uploads Craft CMS Remote Code Execution Vulnerability Unintended View Access Vulnerability in MISP 2.4.139 Sharing Groups Implementation SSRF Vulnerability in Apache Solr's ReplicationHandler Apache PDFBox OutOfMemory-Exception Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Apache Superset Exposure of Secret Parameters in Mautic Configuration Fields XSS Vulnerability in Mautic Password Reset Page Arbitrary JavaScript Injection in Mautic via Bounce Management Callback Inline JS XSS Vulnerability in Mautic Contact Details Page Inline JS XSS Vulnerability in Mautic Assets Cryptographic Vulnerability in mt_rand Function in Mautic Critical Cross-Site Scripting (XSS) Vulnerability in Mautic Installer Component Infinite Loop Vulnerability in encoding/xml Package Denial of Service Vulnerability in Go 1.16.x before 1.16.1 via ZIP Archive Filename Manipulation Memory Consumption Denial of Service Vulnerability in Pillow (before 8.1.1) Memory Consumption Denial of Service Vulnerability in Pillow (CVE-2021-25289) Memory Consumption Denial of Service Vulnerability in Pillow (before 8.1.1) Insecure Logging of Session Cookies in Couchbase Server UI Couchbase Server Information Disclosure Vulnerability CSRF Vulnerability in Zabbix CControllerAuthenticationUpdate Controller Remote Code Execution Vulnerability in MariaDB, Percona Server, and MySQL Multiple Stored XSS Vulnerabilities in IrisNext Edition 9.5.16: Exploiting Folder/File Names for Session Hijacking and Remote Code Execution Unauthenticated Blind XXE Vulnerability in LumisXP (aka Lumis Experience Platform) before 10.0.0 Insecure Permissions in Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 Cross-Site Scripting (XSS) Vulnerability in pfSense 2.5.0 via services_wol_edit.php Description Field Offline Brute Force Attack on AdGuard Passwords via Cookie Vulnerability Cross Site Scripting Vulnerability in Silverstripe CMS QueuedJobs Module Cross-Site Scripting (XSS) Vulnerability in openark orchestrator before 3.2.4 via orchestrator-msg Parameter QR Code Pairing Vulnerability in eWeLink Mobile App Allows Eavesdropping on Wi-Fi Credentials Arbitrary Code Execution via USB Drive in Vizio Smart TVs Vulnerability: Brute-Force Attack on Vizio Smart TVs' Pairing Procedure Unauthenticated OS Command Execution via File Upload on Vizio Smart TVs Reflected Cross-Site Scripting (XSS) Vulnerability in Squirro Insights Engine (Versions 2.0.0 - 3.2.4) SQL Injection Vulnerability in MyBB Poll Vote Count (Issue 1 of 3) SQL Injection Vulnerability in MyBB 1.8.26: Copy Forum Feature in Forum Management (Issue 2 of 3) SQL Injection Vulnerability in MyBB User Groups (Issue 3 of 3) Cross-site Scripting Vulnerability in MyBB Custom Moderator Tools SQL Injection Vulnerability in azurWebEngine Allows Arbitrary SQL Command Execution Vulnerability: Hardcoded Default Root Credentials on ecobee3 lite 4.5.81.200 NULL Pointer Dereference Vulnerability in ecobee3 lite 4.5.81.200 HomeKit Wireless Access Control Setup Process Heap-based Buffer Overflow Vulnerability in ecobee3 lite 4.5.81.200 HomeKit Wireless Access Control Setup Process Stored XSS Vulnerability in Zoho ManageEngine ADSelfService Plus Bypassing Data Source Access Permission Check in Grafana Enterprise Unauthenticated User Creation Vulnerability in SonLogger Unauthenticated Arbitrary File Upload in SonLogger before 6.4.1 Buffer Overflow Vulnerability in MsIo64.sys Driver in MSI Dragon Center Stored XSS Vulnerability in Dolphin CMS 7.4.2 via Page Builder width Parameter Alps Alpine Touchpad Driver 10.3201.101.215 DLL Injection Vulnerability SQL Injection in Piwigo before 11.4.0 via language parameter in admin.php?page=languages MaxSite CMS v107.5 Documents Page Remote Code Execution (RCE) Vulnerability Remote Command Execution Vulnerability in Pluck-4.7.15 Admin Background File Upload Stored Cross-Site Scripting (XSS) Vulnerability in Appspace 6.2.4 Broken Authentication in Appspace 6.2.4: Exposed Framework and Functionality via Direct Page Access Critical SQL Injection Vulnerability in Local Services Search Engine Management System Project 1.0 Allows Unauthorized Data Dump Persistent Cross-Site Scripting Vulnerability in Local Services Search Engine Management System Project 1.0 Cross-Site Scripting (XSS) Vulnerability in Textpattern CMS 4.8.4 Comments Parameter Persistent Cross-Site Scripting Vulnerability in Textpattern CMS 4.9.0 Cross-Site Scripting (XSS) Vulnerability in Web Based Quiz System 1.0 Cross-Site Scripting (XSS) Vulnerability in Web Based Quiz System 1.0's register.php Buffer Overflow Vulnerability in stb_image.h: Exploiting stbi__extend_receive Function via Crafted JPEG File Blind SQL Injection in ServiceTonic Helpdesk Software < 9.0.35937: Exfiltrating Information via Time-Based SQL Queries Arbitrary File Upload Vulnerability in ServiceTonic Helpdesk Software Version < 9.0.35937 Unauthorized System Access in ServiceTonic Helpdesk Software Version < 9.0.35937: Login Bypass Vulnerability Qt qtsvg Integer Overflow Denial of Service Vulnerability Heap Buffer Overflow in JPEG-XL v0.3.2: Arbitrary Code Execution and Denial of Service Vulnerability Integer Underflow and Out-of-Bounds Write Vulnerability in bam crate Double Free Vulnerability in toodee Crate Uninitialized Memory Read Vulnerability in toodee Crate Uninitialized Memory Read Vulnerability in truetype Crate Double-Free Vulnerability in Scratchpad Crate: Panic-Induced Move Elements Function Alias Violation in split_at Function Leading to Out-of-Bounds Write or Use-After-Free Vulnerability Uninitialized Memory Drop Vulnerability in byte_struct Crate Double Free Vulnerability in stack_dst Crate Uninitialized Memory Drop Vulnerability in stack_dst Crate Invalid Memory Access in Quinn Crate for Rust Unconditional Sync Implementation in Internment Crate Leads to Memory Corruption Incomplete Fix for Memory Allocation Error in Linux Kernel Xen PV Netback Driver Denial of Service Vulnerability in Linux Kernel with Xen Configuration Uncontrolled Recursion Vulnerability in OSSEC 3.6.0 Double Free Vulnerability in OpenSSH's ssh-agent Remote Code Execution via Directory Traversal in Deutsche Post Mailoptimizer 4.3 Arbitrary Code Injection in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 Cross-Origin Data Leakage via Overly Permissive CORS Policy in Devolutions Server Unauthorized Access to Tenant Configurations in Hitachi Content Platform (HCP) SQL Injection Vulnerability in Centreon-Web's Users and Contacts Configuration Stored Cross-Site Scripting (XSS) Vulnerability in Centreon-Web Predictable Anti-CSRF Token Generation in Centreon-Web Allows CSRF Attacks to Add Admin User Server-Side Request Forgery (SSRF) Vulnerability in Group Office 6.4.196 Allows Remote URL Forging CSRF Vulnerability in PopojiCMS 2.0.1 - po-admin/route.php?mod=user&act=multidelete Arbitrary File Download Vulnerability in iKuaiOS 3.4.8 Build 202012291059 Cross-Site Scripting (XSS) Vulnerability in Jamovi <=1.6.18 Allows Remote Code Execution via ElectronJS Framework Arbitrary Script Injection through Display Name Field in ImpressCMS Profile 1.4.2 CPU Resource Exhaustion Vulnerability in Tor Directory Protocol (TROVE-2021-001) Remote Code Execution Vulnerability in Tor (TROVE-2021-002) Improper Verification of Cryptographic Signature in Lasso Versions Prior to 2.7.0 Regular Expression Denial of Service (ReDoS) Vulnerability in is-svg Package Incorrect Access Control of Converted Images in OX Documents before 7.10.5-rev5 Incorrect Access Control for Converted Documents in OX Documents before 7.10.5-rev7 Incorrect Access Control for XML Documents in OX Documents before 7.10.5-rev5 Proxy Connection Table Saturation Vulnerability Local Privilege Escalation Vulnerability in Forescout CounterACT Logging Function Vulnerability: Insecure Directory Creation and Predictable File Names in Netflix OSS Hollow File Permission Vulnerability in Priam TranzWare (POI) FIMI before 4.2.20.4.2 Reflected XSS in login_tw.php XML Parser Vulnerability in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 Hard-Coded Credentials in Draeger X-Dock Firmware: Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Draeger X-Dock Firmware Command Injection Vulnerability in Okta Access Gateway XSS Vulnerability in Froala WYSIWYG Editor 3.2.6-1 due to Namespace Confusion Cross-Site Scripting (XSS) Vulnerability in OUGC Feedback Plugin for MyBB 1.8.23 and earlier Out-of-Bounds Read Vulnerability in Squid Proxy Server Allows Information Disclosure and Remote Code Execution Automatic Creation of Potentially Dangerous Links in KDE Discover Remote Command Execution in Twinkle Tray (aka twinkle-tray) through 1.13.3 HTML tags not blocked in Virtual Robots.txt before 1.10 Unauthenticated Access to Subscriber Database in Open5GS WebUI Cohesity DataPlatform SSH Key Vulnerability Man-in-the-Middle Vulnerability in Cohesity DataPlatform Support Channel Open Redirect Vulnerability in Apache Superset Stored Cross-Site Scripting (XSS) Vulnerability in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 Brute-Force Attack Vulnerability in Stormshield SNS through 4.2.1 Unauthenticated Password Change Vulnerability in Strapi Admin Panel Insecure Installation Permissions in Apache OpenOffice 4.1.8 DEB Package Bypassing Dr.Web Firewall 12.5.2.4160 on Windows via DLL Injection Vulnerability Impala Session Hijacking Vulnerability Unauthenticated Remote Code Execution in LUCY Security Awareness Software Zoom Screen Sharing Vulnerability: Unintentional Exposure of Private Information Remote Command Execution via IPC Interface in Clipper before 1.0.5 Denial of Service Vulnerability in Espressif ESP-IDF Bluetooth Classic Implementation Bluetooth Classic Implementation in Espressif ESP-IDF 4.4 and Earlier: Multiple LMP IO Capability Request Packet Vulnerability Arbitrary Code Execution Vulnerability in Espressif ESP-IDF Bluetooth Classic Implementation Unauthorized Access to MicrosoftAjax.js through Telerik.Web.UI.WebResource.axd CITSmart Autocomplete Filter Vulnerability Authenticated Command Injection via /jsonrpc on D-Link DIR-841 3.03 and 3.04 Devices Arbitrary Command Injection in D-Link DIR-3060 Devices XSS Vulnerability in Concrete CMS Survey Block Incorrect Access Control in Grafana Enterprise 7.4.x: Unauthorized Addition of External Groups to Teams Incorrect Access Control in Grafana Enterprise 6.x, 7.x, and 7.4.x Unauthenticated Denial of Service (DoS) Attack in Grafana Enterprise Directory Traversal Vulnerability in Hongdian H8922 3.0.5 Devices Unprivileged Guest User Access to Administrator Password and Sensitive Data in Hongdian H8922 3.0.5 Devices OS Command Injection in Hongdian H8922 3.0.5 Devices via tools.cgi Ping Command Undocumented Superuser Shell Access Vulnerability in Hongdian H8922 3.0.5 Devices Vulnerability: Incorrect Creation of Empty File when Replacing Dangling Symlink in GNOME GLib Arbitrary File Access Vulnerability in Camunda Modeler (aka camunda-modeler) through 4.6.0 Denial of Service Vulnerability in JBL TUNE500BT Bluetooth Classic Implementation Bypassing Audit Log in HashiCorp Consul Enterprise Versions 1.8.0 to 1.9.4 Arbitrary SQL Command Execution in Devolutions Server API Reflected XSS Vulnerability in Wireless-N WiFi Repeater REV 1.0 Arbitrary JavaScript Code Injection in Eclipse Theia Debug Console Unescaped HTML in Notification Messages in Eclipse Theia (up to version 0.16.0) Allows for Javascript Code Execution Symlink Vulnerability in Eclipse Jetty: Unintended Deployment of Webapps Directory Directory Traversal Vulnerability in Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 High CPU Usage Vulnerability in Eclipse Jetty NULL Pointer Dereference Vulnerability in Eclipse Mosquitto 2.0.0 to 2.0.9 Pre-resolving Constant Pool Entries in Eclipse Openj9 0.25.0: A Vulnerability Allowing Unauthorized Access and Observation Local Information Disclosure Vulnerability in Eclipse Jersey 2.28 to 2.33 and 3.0.0 to 3.0.1 Vulnerability: Path Traversal in ConcatServlet of Eclipse Jetty ELParserTokenManager Bug Allows Evaluation of Invalid EL Expressions in Jakarta Expression Language Implementation 3.0.3 and Earlier Remote Privilege Escalation Vulnerability in Vangene deltaFlow E-platform Path Traversal Vulnerability in Vangene deltaFlow E-platform Allows Remote Credential Data Leakage Unauthenticated Remote File Upload Vulnerability in Vangene deltaFlow E-platform Broken Authentication: Unauthorized Access to Transaction Records and Fraudulent Trading in Mitake Smart Stock Selection System Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Service Configuration Function Buffer Overflow Vulnerability in ASUS BMC Firmware Web License Configuration Setting Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Update Function Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Buffer Overflow Vulnerability in ASUS BMC Firmware Web Management Page Command Injection Vulnerability in ASUS BMC Firmware Web Management Page Command Injection Vulnerability in ASUS BMC Firmware Web Management Page Path Traversal Vulnerability in ASUS BMC Firmware Web Management Page Path Traversal Vulnerability in ASUS BMC Firmware Web Management Page Path Traversal Vulnerability in ASUS BMC Firmware Web Management Page Path Traversal Vulnerability in ASUS BMC Firmware Web Management Page Path Traversal Vulnerability in ASUS BMC Firmware Web Management Page The Infinite Recursion Vulnerability in DxeCore of EDK II Heap Overflow Vulnerability in LzmaUefiDecompressGetInfo Function in EDK II EDK2 Encrypted Private Key in IpSecDxe.efi: A Potential Security Risk Potential Information Disclosure Vulnerability in BootPerformanceTable Pointer Retrieval Heap-based Buffer Overflow in ok-file-formats 1: ok_jpg_generate_huffman_table function in ok_jpg.c Etcd-io v.3.4.10 Authentication Privilege Escalation via Debug Function Vulnerability LibreDWG v0.12.3: NULL Pointer Dereference in out_dxfb.c Heap-Buffer Overflow Vulnerability in LibreDWG v0.12.3 via decode_preR13 SQL Injection in evoadm.php component of b2evolution v7.2.2-stable: Remote Database Information Disclosure SQL Injection Vulnerability in PbootCMS 3.0.4 via index.php Search Parameter Privilege Escalation via Dynamically Linked Shared Object Library in Unsupported CA eHealth Performance Manager Cross Site Scripting (XSS) Vulnerability in CA eHealth Performance Manager through 6.3.2.12 Improper Restriction of Excessive Authentication Attempts in Unsupported CA eHealth Performance Manager Privilege Escalation via Dynamically Linked Shared Object Library in CA eHealth Performance Manager (CVE-2021-XXXX) Privilege Escalation via setuid/setgid File in CA eHealth Performance Manager (Versions 6.3.2.12 and below) Laravel v8.5.9 Destruct() Function Deserialization Vulnerability Insecure Permissions in Soyal Technology 701Client 9.0.1 Elevation of Privileges Vulnerability in SOYAL 701Server 9.0.1 Denial of Service Vulnerability in jhead 3.04 and 3.05: Wild Address Read in Get16u Function Denial of Service Vulnerability in jhead 3.04 and 3.05: Wild Address Read in ProcessCanonMakerNoteDir Function Heap-based Buffer Overflow in jhead 3.04 and 3.05: RemoveUnknownSections Function in jpgfile.c Heap-based Buffer Overflow in jhead's RemoveSectionType function Arbitrary Web Script Injection via CSRF and XSS in PHPFusion 9.03.110 search.php Unencoded Value XSS Vulnerability in Skoruba IdentityServer4.Admin Unauthenticated Account Takeover Vulnerability in Seceon aiSIEM Arbitrary File Upload Vulnerability in Online Ordering System 1.0 Unauthenticated SQL Injection Vulnerability in Online Ordering System 1.0 NULL Pointer Dereference in GPAC v0.5.2's MergeTrack() Function Allows Arbitrary Code Execution or DoS Stack Overflow Vulnerability in pupnp (<=1.14.5) via Parser_parseDocument() Function Use-after-free vulnerability in diesel crate for Rust: SQLite backend allows for unauthorized access NULL Pointer Dereference in fltk Crate: Multi Label Type Image Nonexistent NULL Pointer Dereference in fltk Crate: Non-Raster Image Window Icon Vulnerability Out-of Bounds Read Vulnerability in fltk Crate Windows Kernel Information Leakage Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Application Compatibility Cache Denial of Service Vulnerability NTFS File System Denial of Service Vulnerability in Windows Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Hyper-V Privilege Escalation Vulnerability in Windows Windows Media Video Decoder RCE Vulnerability Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability: A Potential Breach in Wireless Network Security Windows Codecs Library Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data BlueKeep: Windows TCP/IP Driver Denial of Service Vulnerability Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Windows DNS Server Information Disclosure Vulnerability Windows SMB Information Leakage Vulnerability Windows SMB Information Leakage Vulnerability AppX Deployment Server Denial of Service Vulnerability in Windows RPC Runtime RCE Vulnerability Windows DNS Server Information Disclosure Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability Windows Speech Runtime Privilege Escalation Vulnerability Exploiting the Windows GDI+ Remote Code Execution Vulnerability Exploiting the Windows GDI+ Remote Code Execution Vulnerability Exploiting the Windows GDI+ Remote Code Execution Vulnerability Windows Speech Runtime Privilege Escalation Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability RPC Runtime RCE Vulnerability XSS Vulnerability in Apache Airflow's origin Parameter Null Pointer Dereference Vulnerability in SPDK iSCSI Target Contiki 3.0 ICMPv6 Invalid Extension Header Memory Corruption Vulnerability SSL Certificate Validation Bypass in urllib3 Library Impersonation Vulnerability in ThroughTek's Kalay Platform 2.0 Allows Hijacking of TUTK Devices Authentication Bypass via OTP Code in Tiny Tiny RSS Weak Permissions in Debian courier-authlib Package Linux Kernel FastRPC Message Injection Vulnerability Directory Traversal Vulnerability in ChronoForms 7.0.7 Allows Arbitrary File Reading Directory Traversal Vulnerability in ChronoForums 2.0.11 Allows Unauthorized File Access Cross-Site Scripting (XSS) Vulnerability in Gitea 1.12.x and 1.13.x before 1.13.4 Cross-Origin File Upload Vulnerability in Vesta Control Panel (VestaCP) and myVesta Cross-Site Scripting (XSS) Vulnerability in Aimeos Shop and E-commerce Framework for TYPO3 SQL Injection Vulnerability in TYPO3 VHS Extension (CVE-2021-12345) Stored XSS Vulnerability in Zoho ManageEngine Key Manager Plus Allows Injection of Malicious User Details from AD Arbitrary OS Command Execution in GeoNetwork Harvesting Infrastructure Unauthenticated User Enumeration in OrangeHRM 4.7 via Forgot Password Function Privilege Escalation Vulnerability in RuoYi Version 3.4.0 Cross-Site Scripting (XSS) Vulnerability in Seo Panel 4.8.0 via archive.php and search_name Parameter Cross-Site Scripting (XSS) Vulnerability in Seo Panel 4.8.0 Time-Based Blind SQL Injection Vulnerability in SEO Panel 4.8.0's order_col Parameter Cross-Site Scripting (XSS) Vulnerability in Seo Panel 4.8.0 via alerts.php and from_time Parameter SQL Injection Vulnerabilities in Teachers Record Management System 1.0 Stored XSS Vulnerability in Teachers Record Management System 1.0 via 'email' Parameter in adminprofile.php Buffer Overflow Vulnerability in XNView 2.49.3: Arbitrary Code Execution via Crafted TIFF File Arbitrary File Upload Vulnerability in HorizontCMS before 1.0.0-beta.3 Integer Overflow Vulnerability in av_timecode_make_string in FFmpeg 4.3.2 RPC Runtime RCE Vulnerability Windows Event Tracing Data Exposure Vulnerability Windows Speech Runtime Privilege Escalation Vulnerability Windows Installer Data Exposure Vulnerability Windows Console Driver DoS Vulnerability BlueKeep: Windows TCP/IP Driver Denial of Service Vulnerability Windows Installer Privilege Escalation Vulnerability Windows Hyper-V Data Exposure Vulnerability Windows TCP/IP Information Leakage Vulnerability Windows Console Driver DoS Vulnerability Hyper-V Security Feature Bypass Vulnerability in Windows Windows Network File System RCE Vulnerability Windows Portmapping Information Leakage Vulnerability Windows Early Launch Antimalware Driver Security Bypass Vulnerability Kubernetes Tools Remote Code Execution Vulnerability in Visual Studio Code Exploiting the Microsoft Office Remote Code Execution Vulnerability SharePoint DoS Vulnerability: Disrupting Microsoft's Collaboration Platform Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Outlook Memory Corruption Vulnerability: A Potential Breach in Microsoft's Email Client Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Excel Data Leakage Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Dynamics Finance and Operations XSS Vulnerability VP9 Video Extensions RCE Vulnerability Web Media Extensions RCE Vulnerability Raw Image Extension RCE Vulnerability Raw Image Extension RCE Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access VS Code GitHub Pull Requests and Issues Extension RCE Vulnerability VS Code Remote Development Extension RCE Vulnerability Code Execution Vulnerability in Visual Studio Code Maven for Java Extension Code Execution Vulnerability in Visual Studio Code Remote Access SharePoint Server Remote Code Execution Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Hyper-V Remote Code Execution Vulnerability in Windows Code Execution Vulnerability in Visual Studio Code Remote Access Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Windows CSC Service Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Denial of Service Vulnerability in Yubico yubihsm-connector Relative Path Traversal Vulnerability in Ericsson Mobile Switching Center Server (MSC-S) Incorrect Access-Control Behavior in Ericsson Network Manager (ENM) Allows Unauthorized Data Retrieval CSRF Vulnerability in OWASP CSRFGuard through 3.1.0: Session Token Allows Retrieval of CSRF Cookie Unisys Stealth Vulnerability: Passwords Stored in Recoverable Format Privilege Escalation Vulnerability in Arista's MOS Software Authentication Bypass Vulnerability in Arista's MOS Software Authentication Bypass Vulnerability in Arista's MOS Software Password Leakage in Arista EOS and CloudEOS with Shared Secret Profiles Bash Shell Access Vulnerability in Arista's MOS Software Clear Text Password Vulnerability in Arista's MOS Software Clear Text Password Leakage in Arista's MOS Software Unrestricted Access Vulnerability in Arista EOS AAA API Unrestricted Access Vulnerability in Arista EOS AAA API Remote Access Vulnerability in Arista's EOS eAPI Allows Unauthorized Device Access Vulnerability: Inconsistent IP Protocol Matching in Arista Strata Family Products with TCAM Profile Enabled Vulnerability: VXLAN Match Rule Bypasses IP Protocol Specification in Arista EOS Platforms Unauthorized Factory Reset Vulnerability in Arista EOS Vulnerability: Bypass of Service ACL in Arista EOS for OpenConfig gNOI and OpenConfig RESTCONF Vulnerability: IPsec Sensitive Data Leakage in Arista EOS State Streaming Telemetry Agent Vulnerability: Leakage of MACsec Sensitive Data in Arista EOS State Streaming Telemetry Agent EOS Precision Time Protocol (PTP) Agent Restart Vulnerability Title: Arista EOS Security ACL Bypass Vulnerability Varnish varnish-modules Remote Denial of Service Vulnerability Apache Subversion SVN Authz Protected Copyfrom Paths Vulnerability Integrity Check Bypass Vulnerability in Acrobat Reader DC Integrity Check Bypass Vulnerability in Acrobat Reader DC Privilege Escalation Vulnerability in Adobe Creative Cloud Desktop Application for macOS Buffer Overflow Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Use After Free Vulnerability in Acrobat Reader DC Versions Out-of-bounds Read Vulnerability in Acrobat Reader DC Versions Use After Free Vulnerability in Acrobat Reader DC Versions Use After Free Vulnerability in Acrobat Reader DC Versions Out-of-bounds Read Vulnerability in Acrobat Reader DC Versions Out-of-bounds Read Vulnerability in Acrobat Reader DC DOM-based Cross-Site Scripting Vulnerability in Magento Versions 2.4.2 and Earlier Out-of-bounds Read Vulnerability in Acrobat Reader DC Heap-based Buffer Overflow Vulnerability in PDFLibTool Component of Acrobat Reader DC Information Exposure Vulnerability in Acrobat Reader DC Heap-based Buffer Overflow Vulnerability in Acrobat Reader DC Memory Corruption Vulnerability in Acrobat Reader DC Use After Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Improper Authorization Vulnerability in Magento's 'Create Customer' Endpoint Allows Unauthorized Modification of Customer Data Out-of-bounds Write Vulnerability in Acrobat Reader DC ImageTool Component Out-of-bounds Read Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Information Disclosure Vulnerability in Magento Product Image Upload Improper Authorization Vulnerability in Magento Customers Module Allows Unauthorized Modification of Customer Data Insecure File Permission Vulnerability in Adobe Genuine Services Installation Process Allows Privilege Escalation Out-of-bounds Read Vulnerability in Adobe Media Encoder 15.1 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe After Effects 18.1 and Earlier Command Injection Vulnerability in Adobe After Effects 18.1 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.5 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.5 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.5 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.5 and Earlier Improper Access Control Vulnerability in Adobe Connect Allows Unauthorized Access to Event Participant List Buffer Overflow Vulnerability in Medium by Adobe Allows Remote Code Execution Uncontrolled Search Path Vulnerability in Adobe Creative Cloud Desktop 3.5 (and earlier) Allows Privilege Elevation RMA PDF Filename Format Vulnerability in Magento Versions 2.4.2 and Earlier Path Traversal Vulnerability in Magento Allows Arbitrary File System Write Improper Input Validation in Magento WebAPI Allows for Unsolicited Spam E-mails Out-of-Bounds Write Vulnerability in Adobe After Effects (Versions 18.0 and Earlier) Out-of-Bounds Read Vulnerability in Adobe After Effects Versions 18.0 and Earlier Path Traversal Vulnerability in Adobe RoboHelp Server 2019.0.9 and Earlier Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe Media Encoder 15.2 and Earlier Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe Media Encoder 15.2 and Earlier Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Illustrator Allows Information Disclosure Uncontrolled Search Path Element Vulnerability in Adobe Creative Cloud Desktop Application (Installer) Version 2.4 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Dimension Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Framemaker Insecure Temporary File Creation Vulnerability in Adobe Photoshop Elements 5.2 and Earlier Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure Null Pointer Dereference Vulnerability in Adobe After Effects 18.2 and Earlier Memory Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Stack-based Buffer Overflow in Adobe After Effects Allows Arbitrary Code Execution Heap Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure Heap-based Buffer Overflow Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure and Denial of Service Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure and Denial of Service Arbitrary File Overwrite Vulnerability in Adobe Creative Cloud Desktop Application Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure and Denial of Service Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure and Denial of Service Out-of-bounds Read Vulnerability in Adobe Animate 21.0.6 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.6 and Earlier Out-of-bounds Read Vulnerability in Adobe Animate 21.0.6 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Animate Allows Arbitrary Code Execution Insecure Temporary File Creation Vulnerability in Adobe Premiere Elements 5.2 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe Bridge (CVE-2021-12345) Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager Cloud Service and Version 6.5.8.0 (and below) Improper Authorization Vulnerability in Adobe Experience Manager Cloud Service and 6.5.8.0 (and below) Allows Unauthenticated Attackers to Cause Application Denial-of-Service Server-side Request Forgery in Adobe Experience Manager Cloud Service and versions 6.5.8.0 and below: Unauthorized Access to Blocked Systems Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager Cloud Service and Version 6.5.8.0 (and below) Heap-based Buffer Overflow Vulnerability in Adobe Animate Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe Animate 21.0.6 and Earlier Use After Free Vulnerability in Acrobat Reader DC Versions Use After Free Vulnerability in Acrobat Reader DC Versions Insecure Temporary File Creation Vulnerability in Adobe Creative Cloud Desktop Application Arbitrary Code Execution via OS Command Injection in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Uncontrolled Search Path Element Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions 2021.005.20054 and Earlier Heap-based Buffer Overflow Vulnerability in Acrobat Reader DC Use-after-free vulnerability in Acrobat Reader DC allows arbitrary code execution Use-after-free vulnerability in Acrobat Reader DC allows arbitrary code execution Use-after-free vulnerability in Acrobat Reader DC allows arbitrary code execution Out-of-bounds Write Vulnerability in Acrobat Reader DC Versions 2021.005.20054 and Earlier Type Confusion Vulnerability in Acrobat Reader DC Versions 2021.005.20054 and Earlier Path Traversal Vulnerability in Acrobat Reader DC Versions 2021.005.20054 and Earlier Privilege Escalation Vulnerability in Trend Micro Apex One, Apex One as a Service, and OfficeScan XG SP1 Insecure File Permissions Vulnerability in Trend Micro Apex One, Apex One as a Service, and OfficeScan XG SP1 DLL Hijacking Vulnerability in Trend Micro Password Manager Version 5 Improper Access Control Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac 2020 and 2021 Privilege Escalation Vulnerability in Trend Micro HouseCall for Home Networks Installer Directory Traversal Vulnerability in GNOME gnome-autoar before 0.3.1 Denial of Service Vulnerability in Squid's URN Scheme Parser Denial of Service Vulnerability in Squid Cache Manager API Insecure Key Storage in Western Digital G-Technology ArmorLock NVMe SSD Apps Arbitrary File Deletion Vulnerability in Apache Zeppelin's Move folder to Trash Feature Infinite Loop Vulnerability in Tika's MP3Parser (CVE-2021-25646) Directory Traversal Vulnerability in Django MultiPartParser Buffer Overflow in rtw_wx_set_scan in Linux Kernel through 5.11.6 Inherited Permission Check Vulnerability in SilverStripe GraphQL Server Denial of Service Vulnerability in Squid 4.x and 5.x GPU Memory Operations Mishandling in Arm Mali GPU Kernel Driver: Privilege Escalation and Information Disclosure Vulnerability Arm Mali GPU Kernel Driver Privilege Escalation and Memory Corruption Vulnerability Memory-Management Defect in Stormshield SNS SNMP Plugin Leading to Denial of Service Infinite Loop Vulnerability in StackStorm Multiple SQL Injection Vulnerabilities in Xerox AltaLink B80xx, C8030/C8035, C8045/C8055, and C8070 Unauthenticated Configuration Attribute Modification in Xerox AltaLink B80xx and C80xx Series Unauthorized File Deletion Vulnerability in Xerox AltaLink Printers Remote Command Execution Vulnerability in Xerox Phaser and WorkCentre Printers Buffer Overflow Vulnerability in Xerox Phaser and WorkCentre Printers Arbitrary Command Execution in Xerox Phaser and WorkCentre Printers Predictable Node IDs and Incorrect Access Control in SolarWinds Orion Platform Allow Unauthorized Node Creation and Deletion Denial of Service Vulnerability in Pillow's PSDImagePlugin Infinite Loop Vulnerability in Pillow's FliDecode for FLI Data Quadratic Accumulation DoS Vulnerability in Pillow EPSImageFile Denial of Service Vulnerability in Pillow's BlpImagePlugin Vulnerability: Unauthorized User Masquerading in devise_masquerade Gem Insecure DTLS Connection Termination in Pion WebRTC Remotely Exploitable Integer Overflow in Envoy: Unexpected Timeout Calculations Remote NULL Pointer Dereference and Crash in Envoy TLS XXE Vulnerability in ConeXware PowerArchiver Privilege Escalation via ASUS GPUTweak II Driver (CVE-2021-XXXX) Stack-based Buffer Overflow in ASUS GPUTweak II Allows for Denial of Service Uninitialized Data Structure Vulnerability in libxl Soft Reset Feature Vulnerability: Pointer Overwrite in XSA-365 Leads to Persistent Grant Leakage Speculative Execution Vulnerability in x86 PV Guests Vulnerability: TSX Async Abort Protections Not Restored After S3 Suspend Use-After-Free Vulnerability in Linux xen-netback Inadequate Timeout Handling in x86 IOMMU Operations Unscrubbed Boot Modules Vulnerability in Xen/ARM IOMMU Page Mapping Vulnerabilities on x86 Systems IOMMU Page Mapping Vulnerabilities on x86 Systems IOMMU Page Mapping Vulnerabilities on x86 Systems Vulnerability: Access to De-allocated Grant Table v2 Status Pages Grant Table Handling Vulnerability: CPU Starvation and Hypervisor Issues due to Long Running Loops Inadequate Bounds Check in Grant-v2 Status Frames Array Unlimited Memory Allocation Vulnerability in Xen/ARM Dom0less DomUs Insecure Handling of Deallocated Grant Table v2 Status Pages Unpredictable Behavior and Memory Corruption Due to Improper Deassignment of PCI Devices with RMRRs Vulnerability: Access to De-allocated Grant Table v2 Status Pages Misaligned GFNs in PoD Operations Vulnerability Insufficient Error Handling in Partially Successful P2M Updates on x86 Memory Limit Overflow Vulnerability Misaligned GFNs in PoD Operations Vulnerability Misaligned GFNs in PoD Operations Vulnerability Insufficient Error Handling in Partially Successful P2M Updates on x86 Vulnerability: Guest Write Access to Leaf Page Table Entries in Shared Page Table Mode Denial of Service (DoS) Vulnerability in Xen PV Backends via High Frequency Events Denial of Service (DoS) Vulnerability in Xen PV Backends via High Frequency Events Denial of Service (DoS) Vulnerability in Xen PV Backends via High Frequency Events Linux netback driver vulnerability allows guest to hog kernel memory Linux netback driver vulnerability allows guest to hog kernel memory Arbitrary Code Execution Vulnerability in Unofficial Apple/Swift-Format Extension for Visual Studio Code Arbitrary Code Execution in SwiftLint Extension for Visual Studio Code Arbitrary Code Execution in Unofficial SwiftFormat Extension for Visual Studio Code Arbitrary Code Execution Vulnerability in Swift Development Environment Extension for Visual Studio Code Arbitrary Binary Execution Vulnerability in vscode-restructuredtext ShellCheck Extension for Visual Studio Code: Insecure Handling of shellcheck.executablePath XSS Vulnerability in Increments Qiita::Markdown Transformers Stack-based Buffer Overflow Vulnerability in QNAP NAS Surveillance Station Relative Path Traversal Vulnerability in QNAP NAS Running QTS and QuTS hero Improper Authorization Vulnerability in QNAP NAS HBS 3 Command Injection Vulnerability in Legacy Versions of QNAP NAS QTS QNAP QSS Out-of-Bounds Read Vulnerability Command Injection Vulnerability in QTS and QuTS Hero Unauthenticated Remote Code Execution Vulnerability in QNAP Q'center Command Injection Vulnerability in QTS and QuTS Hero Sensitive Information Exposure in QNAP QSS Switches DOM-based XSS Vulnerability in QNAP NAS: Exploiting Code Injection in QTS and QuTS Hero Post-Authentication Reflected XSS Vulnerability in QNAP NAS Q’center Legacy versions of HBS 3: Improper Access Control Vulnerability Unauthorized Access Vulnerability in Roon Labs Server Versions 2021-05-18 and Earlier Command Injection Vulnerability in Roon Labs' Roon Server 2021-05-18 and Later Versions Command Injection Vulnerability in QNAP Video Station Versions Prior to 5.5.4 Insecure Storage Vulnerability in QSW-M2116P-2T2S and QuNetSwitch Remote Code Execution Vulnerability in QNAP NAS Helpdesk Software Insecure Storage of Sensitive Information in QNAP NAS myQNAPcloud Link Stack Buffer Overflow Vulnerability in QNAP QTS, QuTScloud, and QuTS hero Privilege Escalation Vulnerability in TIBCO Rendezvous Installation Component Privilege Escalation Vulnerability in TIBCO Rendezvous Components Privilege Escalation Vulnerability in TIBCO FTL - Community, Developer, and Enterprise Editions TIBCO FTL Component Privilege Escalation Vulnerability Privilege Escalation Vulnerability in TIBCO Enterprise Message Service for Windows Local Privilege Escalation Vulnerability in TIBCO Enterprise Message Service Privilege Escalation Vulnerability in TIBCO eFTL Installation Component on Windows Privilege Escalation Vulnerability in TIBCO ActiveSpaces - Windows Installation Component Privilege Escalation Vulnerability in TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community and Enterprise Editions Privilege Escalation Vulnerability in TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge Stored XSS Vulnerability in TIBCO Administrator - Enterprise Edition and TIBCO Runtime Agent SQL Injection Vulnerability in TIBCO Administrator - Enterprise Edition Persistent CSV Injection Vulnerability in TIBCO Administrator - Enterprise Edition Vulnerability: Local Privilege Escalation in TIBCO Spotfire Server and TIBCO Enterprise Runtime for R Invalid Free or Segmentation Fault in decompress_gunzip.c in BusyBox through 1.32.1 Arbitrary Code Execution in VSCodeVim Workspace Configuration XSS Vulnerability in Increments Qiita::Markdown before 0.34.0 via Crafted Gist Link Arbitrary Class Instantiation Vulnerability in Kramdown before 2.3.1 Buffer Overflow Vulnerability in XNView 2.50 and Earlier: Arbitrary Code Execution via Crafted GEM Bitmap File Null Pointer Dereference Vulnerability in D-Link DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2660, DAP-2690, DAP-2695, DAP-3320, and DAP-3662 sbin/httpd Binary Null Pointer Dereference Vulnerability in D-Link DAP Series Routers Null Pointer Dereference Vulnerability in D-Link DAP Series Null Pointer Dereference Vulnerability in TRENDnet Wireless Access Points Null Pointer Dereference Vulnerability in TRENDnet TEW-755AP, TEW-755AP2KAC, TEW-821DAP2KAC, and TEW-825DAP Null Pointer Dereference Vulnerability in TRENDnet TEW-755AP, TEW-755AP2KAC, TEW-821DAP2KAC, and TEW-825DAP Null Pointer Dereference Vulnerability in TRENDnet TEW-755AP, TEW-755AP2KAC, TEW-821DAP2KAC, and TEW-825DAP Null Pointer Dereference Vulnerability in TRENDnet Wireless Access Points Format String Vulnerability in TRENDnet TEW-755AP, TEW-755AP2KAC, TEW-821DAP2KAC, and TEW-825DAP Denial of Service Vulnerability in MobaXterm 20.0 and earlier Title: Denial of Service Vulnerability in Mintty before 3.4.5 NULL Pointer Dereference Vulnerability in Deark 1.5.8 and Earlier Division by Zero Vulnerability in Deark (src/fmtutil.c) Insecure Transmission of Credentials in TP-Link TL-WPA4220 4.0.2 Build 20180308 Rel.37064 Unencrypted Traffic Vulnerability in TP-Link TL-WPA4220 4.0.2 Build 20180308 Rel.37064 Prototype Pollution Vulnerability in Node.js mixme v0.5.1 and earlier Open Redirection Vulnerability in Python 3.x through 3.10's lib/http/server.py Buffer Overflow Vulnerability in LibTextCode through Crafted File Opening Unsafe Validation in read_to_end() Function in Rust Standard Library Prior to 1.50.0 Leading to Buffer Overflow Panic Safety Issue in Rust's Zip Implementation: Multiple Calls to __iterator_get_unchecked() Nested Zip Iterator Memory Safety Violation Multiple Calls to __iterator_get_unchecked() in Rust Zip Implementation Leading to Memory Safety Violation Integer Overflow Vulnerability in Rust's Zip Implementation Leading to Buffer Overflow SQL Injection Vulnerability in J2eeFAST 2.2.1 Vulnerability in AudioFileServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16 Multiple Cross-Site Scripting (XSS) Vulnerabilities in SITA Software Azur CMS 1.2.3.1 and Earlier Null Pointer Dereference in read_yin_container() function in libyang <= v1.0.225 Stack Overflow Vulnerability in libyang <= v1.0.225: Denial of Service via lyxml_parse_mem() Null Pointer Dereference in ext_get_plugin() function in libyang <= v1.0.225 Reachable Assertion in libyang's lys_node_free() Function (CWE-617) Null Pointer Dereference in read_yin_leaf() function in libyang <= v1.0.225 Unauthenticated Brute Force Attack Vulnerability in BAB TECHNOLOGIE GmbH eibPort V3 eibPort V3 Prior Version 3.9.1 Basic SSRF Vulnerability Unauthenticated Access to Sensitive Data and Brute Force Attack Vulnerability in BAB TECHNOLOGIE GmbH eibPort V3 Hard-coded and Weak Root SSH Key Passphrase Vulnerability in BAB TECHNOLOGIE GmbH eibPort V3 Unauthenticated Access to eibPort V3 Prior Version 3.9.1 Allows SSH Root Access Weak Password Strength Enforcement in eibPort V3 Prior to Version 3.9.1 Octal String Input Validation Vulnerability in netmask npm Package v1.0.6 and Below Self-Authenticated XSS Vulnerability in Nagios Network Analyzer 2.4.2 SQL Injection Vulnerability in Nagios Network Analyzer 2.4.3 and Earlier via o[col] Parameter Command Injection Vulnerability in libretro RetroArch for Windows 1.9.0 Arbitrary File Upload Vulnerability in Fork CMS 5.9.2 Authenticated XSS in CMS Made Simple (CMSMS) 2.2.15 via /admin/addbookmark.php Title Field Unauthenticated Remote Password Change Vulnerability in Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Plaintext Password Exposure in Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web Management Interface Privilege Escalation via Concurrent Query Execution in Siren Federate Command Injection Vulnerability in MagpieRSS 0.72 Curl Command Validation Vulnerability in MagpieRSS 0.72 Stall on CPU Vulnerability in Linux Kernel (CID-775c5033a0d1) Denial of Service Vulnerability in Linux Kernel through 5.11.8 Buffer Overflow in Soundwire Device Driver in Linux Kernel Arbitrary Binary Execution Vulnerability in Unofficial C/C++ Advanced Lint Extension for Visual Studio Code Arbitrary Code Execution Vulnerability via Crafted Repository in Chris Walz Bit (Windows) Uncontrolled Search Path Element in git-bug before 0.7.2 Arbitrary Binary Execution Vulnerability in Unofficial vscode-sass-lint Extension XSS Vulnerability in python-lxml's clean Module Allows Arbitrary JS Code Execution Unauthenticated Remote Code Execution Vulnerability in Zoho ManageEngine ADSelfService Plus Unauthenticated Directory Traversal Vulnerability in Zoho ManageEngine Eventlog Analyzer Unauthenticated Command Injection in Zoho ManageEngine Desktop Central Arbitrary Command Injection in OpenWrt DDNS Package Privilege Escalation Vulnerability in Stormshield Network Security (SNS) before 4.2.2 Content Injection Vulnerability in Shibboleth Service Provider before 3.2.1 Race Condition in get_old_root Leads to Denial of Service in Linux Kernel (CVE-2021-28964) XML Round-Trip Issue in REXML Gem Remote Code Execution Vulnerability in Ruby on Windows via Crafted TmpDir Parameter Arbitrary Code Execution Vulnerability in Unofficial MATLAB Extension for Visual Studio Code XSS Vulnerability in PunBB [email] BBcode Tag SQL Injection Vulnerability in eMPS 9.0.1.923211 on FireEye EX 3500 Devices SQL Injection Vulnerability in eMPS 9.0.1.923211 on FireEye EX 3500 Central Management PEBS Status Mishandling Vulnerability in Linux Kernel on Haswell CPUs Buffer Overflow in RPA PCI Hotplug Driver Allows Userspace Write to Kernel Stack Frame XML External Entity (XXE) Vulnerability in Perforce Helix ALM 2020.3.1 Build 22 Cross-Site Scripting (XSS) Vulnerability in WP Mailster 1.6.18.0 via Crafted Server Details Remote Code Execution Vulnerability in GetSimpleCMS 3.3.16 and earlier versions via phar files in admin/upload.php Cross-Site Scripting Vulnerability in GetSimpleCMS 3.3.16 via File Header Injection in admin/upload.php SafeNet KeySecure Management Console 8.12.0 - HTTP Response Splitting Vulnerability Plixer Scrutinizer 19.0.2 SQL Injection Vulnerability Memory Exhaustion Vulnerability in kopano-ical and Zarafa CMS Made Simple File Upload Vulnerability Arbitrary Command Execution via SQL Injection in CMS Made Simple Stored XSS Vulnerability in Plone CMS 5.2.3 via site-controlpanel Remote Code Execution in Genexis PLATINUM 4410 2.1 P4410-V2-1.28 Devices via sys_config_valid.xgi SQL Injection Vulnerability in rConfig 3.9.6 Allows Remote Webshell Upload Insecure Permission Vulnerability in rConfig Server 3.9.6 Allows Unauthorized Root Access Local File Disclosure Vulnerability in rConfig 3.9.6 Allows Unauthorized File Downloads Cross-Site Scripting (XSS) Vulnerability in SEO Panel 4.8.0 via to_time Parameter in webmaster-tools.php Cross-Site Scripting (XSS) Vulnerability in SEO Panel 4.8.0 via archive.php type Parameter Cross-Site Scripting (XSS) Vulnerability in SEO Panel 4.8.0 via archive.php Cross Site Scripting (XSS) Vulnerability in DMA Softlab Radius Manager 4.4.0 Session Cookie Reuse Vulnerability in DMA Softlab Radius Manager 4.4.0 File Path Disclosure Vulnerability in InvoicePlane 1.5.11 Weak and Predictable Password Reset Token Generation in InvoicePlane 1.5.11 Unauthenticated Directory Listing and File Download Vulnerability in InvoicePlane 1.5.11 Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via /users/my_images.php URI Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via /users/admin/permissions.php URI Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via /users/index.php URI Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via user_activity.php Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via /users/edit_personal_page.php URI Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via /users/admin/index.php URI Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via users_import.php URI Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via /users/preferences.php URI Cross-Site Scripting (XSS) Vulnerability in Bitweaver 3.1.0 via /users/admin/edit_group.php URI Unobfuscated Password Reminder Answers Vulnerability in Liferay Portal and Liferay DXP Arbitrary Code Injection through XSS in Liferay Portal 7.3.4 Asset Module's Categories Administration Page Verbose Error Messages in Liferay Portal and Liferay DXP Denial-of-Service Vulnerability in Liferay DXP 7.3 Multi-Factor Authentication Module Insecure Proxy Password Handling in Liferay Portal and Liferay DXP Arbitrary Script Injection in Liferay Portal's Site Module Membership Request Administration Pages Arbitrary Script Injection in Liferay Portal's Redirect Module Arbitrary Script Injection in Liferay Portal's Asset Module Category Selector Reusability of CAPTCHA Answer in Liferay Portal 7.3.4, 7.3.5, and Liferay DXP 7.3 before Fix Pack 1 Arbitrary Script Injection in Liferay Portal's Layout Module Arbitrary Web Script Injection in Liferay DXP Portal Workflow Module CSRF Vulnerability in Liferay Portal and Liferay DXP Allows Unauthorized Acceptance of Terms of Use Arbitrary Script Injection in Liferay Portal's Asset Publisher App Unauthenticated Access to DDMStructures via GET API Calls in Liferay Portal SQL Injection Vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before Fix Pack 1 Title: Cross Site Request Forgery (CSRF) Vulnerability in Papoo CMS Allows Remote Privilege Escalation XSS Vulnerability in School File Management System 1.0 via Update Account Form in student_profile.php Cross Site Scripting (XSS) Vulnerability in Pixelimity 1.0 via admin/setting.php HTTP POST Parameter Denial of Service Vulnerability in StaticPool in SUCHMOKUO node-worker-threads-pool 1.4.3 Regular Expression Denial of Service (ReDOS) Vulnerability in IS-SVG Version 2.1.0 to 4.2.2 and Below Color-String 1.5.5 and Below: Regular Expression Denial of Service (ReDOS) Vulnerability Vfsjfilechooser2 Version 0.2.9 and Below: Regular Expression Denial of Service (ReDOS) Vulnerability Title: Mpmath v1.0.0 - v1.2.1: Regular Expression Denial of Service (ReDOS) Vulnerability in mpmathify Function Authentication Bypass Vulnerability in NETGEAR RBR850 Devices Authentication Bypass Vulnerability in NETGEAR RBK and RBR/RBS Series Routers Authentication Bypass Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in NETGEAR XR450, XR500, and WNR2000v5 Routers Command Injection Vulnerability in NETGEAR RBK Series Routers Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR RBK Series Routers Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in Certain NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Unauthenticated Password Reset Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Vulnerability: Disclosure of Sensitive Information in Certain NETGEAR Devices Arbitrary Code Execution Vulnerability in Synology DiskStation Manager (DSM) Arbitrary File Read Vulnerability in Synology DiskStation Manager (DSM) Arbitrary File Read Vulnerability in Synology DiskStation Manager (DSM) Sensitive Information Exposure Vulnerability in Synology DiskStation Manager (DSM) WebAPI Component Arbitrary File Write Vulnerability in Synology DiskStation Manager (DSM) WebAPI Path Traversal Vulnerability in Synology DiskStation Manager (DSM) Allows Arbitrary Code Execution SQL Injection Vulnerability in Synology Photo Station SQL Injection Vulnerability in Synology Photo Station Path Traversal Vulnerability in Synology Photo Station Allows Arbitrary File Write Arbitrary Code Execution Vulnerability in Synology Photo Station Arbitrary Code Execution via Use-After-Free Vulnerability in Esri ArcGIS Server 10.8.1 and Earlier Buffer Overflow Vulnerabilities in Esri ArcGIS Server 10.8.1 and Earlier: Achieving Arbitrary Code Execution Uninitialized Pointer Vulnerabilities in Esri ArcGIS Server 10.8.1 and Earlier: Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Esri ArcGIS Software Arbitrary Code Execution via Buffer Overflow in Esri ArcGIS Software Unauthenticated Arbitrary Code Execution via Uninitialized Pointers in Esri ArcGIS Software SQL Injection Vulnerability in ArcGIS Server Versions 10.8.1 and Earlier Arbitrary File Creation Vulnerability in Esri ArcGIS Earth ArcGIS GeoEvent Server Directory Traversal Vulnerability ArcGIS Server Manager SSRF Vulnerability Reflected Cross Site Scripting (XXS) Vulnerability in ArcGIS Server 10.8.1 and Below Stored Cross Site Scripting (XXS) Vulnerability in ArcGIS Server Manager 10.8.1 and Below Stored Cross Site Scripting (XSS) Vulnerability in Esri ArcGIS Server Services Directory 10.8.1 and Below Reflected Cross Site Scripting (XSS) Vulnerability in Esri ArcGIS Server 10.8.1 and Below Stored Cross Site Scripting (XXS) Vulnerability in ArcGIS Server Manager 10.8.1 and Below Privilege Escalation Vulnerability in Esri Portal for ArcGIS: XML Signature Wrapping Attack Reflected XSS Vulnerability in Esri Portal for ArcGIS 10.9 and Below Stored Cross-Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS Out-of-Bounds Read Vulnerability in Esri ArcReader 10.8.1 and Earlier Remote File Inclusion Vulnerability in ArcGIS Server Help Documentation Allows HTML Injection Critical SQL Injection Vulnerability in Esri ArcGIS Server 10.9 and Below ArcGIS Service Directory Information Disclosure Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in Esri ArcGIS Server Feature Services 10.8.1 and 10.9 (Only) Use-After-Free Vulnerability in Esri ArcReader 10.8.1 and Earlier Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Esri ArcReader 10.8.1 and Earlier Local File Disclosure Vulnerability in haserl Component of Alpine Linux Configuration Framework Directory Traversal Vulnerability in Gitea Avatar Middleware Symlink Traversal Vulnerability in Open Container Initiative umoci before 0.4.7 Aruba AirWave Management Platform Remote URL Redirection Vulnerability Aruba ClearPass Policy Manager Remote Disclosure of Privileged Information Vulnerability Aruba ClearPass Policy Manager Remote XSS Vulnerability Aruba ClearPass Policy Manager Remote XML External Entity (XXE) Vulnerability Aruba ClearPass Policy Manager Remote Disclosure of Sensitive Information Vulnerability Aruba ClearPass Policy Manager Remote XSS Vulnerability Aruba AOS-CX Firmware Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Disclosure of Sensitive Information Vulnerability Aruba ClearPass Policy Manager Remote Server Side Request Forgery (SSRF) Remote Code Execution Vulnerability Aruba ClearPass Policy Manager Remote XSS Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba AOS-CX Firmware Local Cross-Site Scripting (XSS) Vulnerability Aruba AOS-CX Firmware Local Bypass Security Restrictions Vulnerability Aruba ClearPass Policy Manager Remote Insecure Deserialization Vulnerability Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote DoS Vulnerability Arbitrary Code Execution Vulnerability in BPF JIT Compilers Out-of-Bounds Speculation Vulnerability in Linux Kernel Allows Side-Channel Attacks and Defeats Spectre Mitigations LDAP Injection Vulnerability in ForgeRock OpenAM via Webfinger Protocol Path Traversal Vulnerability in Dovecot OAuth2 Authentication Incorrect Access Control in Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 Arbitrary JavaScript Execution via Crafted Properties in Nexus Repository Manager 3.x before 3.30.1 Unsafe Deserialization Vulnerability in Apache OFBiz Prior to Version 17.12.07 Allows Unauthenticated RCE Attack Remote XSS Vulnerability in HPE Integrated Lights-Out and SimpliVity Systems Buffer Overflow Vulnerability in HPE Integrated Lights-Out and SimpliVity Systems Remote Authentication Bypass Vulnerability in HPE Edgeline Infrastructure Manager Remote XSS Vulnerability in HPE Integrated Lights-Out and SimpliVity Systems Remote XSS Vulnerability in HPE Integrated Lights-Out and SimpliVity Systems Remote XSS Vulnerability in HPE Integrated Lights-Out and SimpliVity Systems Remote XSS Vulnerability in HPE Integrated Lights-Out and SimpliVity Systems Remote DOM XSS and CRLF Injection Vulnerability in HPE Integrated Lights-Out and SimpliVity Remote DOM XSS and CRLF Injection Vulnerability in HPE Integrated Lights-Out and SimpliVity Remote DOM XSS and CRLF Injection Vulnerability in HPE Integrated Lights-Out and SimpliVity Remote XSS Vulnerability in HPE Integrated Lights-Out and SimpliVity Systems Critical Remote Unauthenticated Directory Traversal Vulnerability in HPE iLO Amplifier Pack Local Bypass of Security Restrictions in HPE ProLiant Servers: Sensitive Information Disclosure and System Compromise Privilege Escalation Vulnerability in HPE StoreServ Management Console (SSMC) Remote Access Restriction Bypass Vulnerability in HPE Ezmeral Data Fabric's TEZ MapR Ecosystem Component Remote Cross-Site Scripting Vulnerability in HPE OneView Global Dashboard (Prior to 2.5) Remote URL Redirection Vulnerability in HPE OneView Global Dashboard (Prior to 2.5) Unquoted Search Path Vulnerability in HPE Agentless Management Service for Windows Local Buffer Overflow Vulnerability in HPE FlexNetwork 5130 EL Switch Series Buffer Overflow Vulnerabilities in HPE iLO Amplifier Pack Prior to 2.12 Local Privilege Escalation Vulnerability in Erlang/OTP Prior to Version 23.2.3 CSRF Vulnerability in CODESYS Automation Server Unvalidated Execution of Embedded Files in CODESYS Development System 3 Insecure Package Installation in CODESYS Development System 3 NULL Pointer Dereference Vulnerability in CODESYS Gateway 3 before 3.5.16.70 Improper Input Validation in CODESYS Control Runtime System Allows Addressing Scheme Manipulation Cross-Site Scripting (XSS) Vulnerability in Cloudera Manager Weak Pseudo-Random Value Generation in BTCPay Server Legacy API Key Directory Traversal Vulnerability in BTCPay Server 1.0.7.0 Allows Code Execution HTTPOnly flag not set for cookie in BTCPay Server 1.0.7.0 allows remote information disclosure Insecure Cookie Handling in BTCPay Server 1.0.7.0 Privacy Vulnerability in BTCPay Server Payment Button Stored XSS Vulnerability in BTCPay Server POS Add Products Functionality User Registration Policy Misconfiguration in BTCPay Server Stored XSS Vulnerability in RSA Archer Insecure Credential Storage Vulnerability in RSA Archer Tableau Integration Cleartext Transmission of Admin Credentials in MicroSeven MYM71080i-B Devices Arm Mali GPU Kernel Driver Vulnerability: Memory Access and Privilege Escalation Remotely Exploitable Crash in Envoy 1.14.0: HTTP2 Metadata Reachable Assertion Vulnerability Arbitrary Code Execution Vulnerability in Unofficial Svelte Extension for Visual Studio Code Apache Solr ACL Bypass Vulnerability Insufficient Checks in VCS Project Retrieval Lead to Local Code Execution in JetBrains IntelliJ IDEA 2020.3.3 Freescale Gianfar Ethernet Driver Crash Vulnerability Race conditions in usbip_sockfd_store leading to denial of service (GPF) in Linux kernel before 5.11.7 Use-after-free vulnerability in Linux kernel's vhost/vdpa driver (CID-f6bbf0010ba0) Cross-Site Scripting (XSS) Vulnerability in SherlockIM's Chatbot Feature via api/Files/Attachment URI XSS Vulnerability in remark42 before 1.6.1 XSS Vulnerability in bluemonday before 1.0.5 due to Lowercasing of Cyrillic Characters Cross-Site Scripting (XSS) Vulnerability in Redmine 4.1.x before 4.1.2 Integer Overflow Vulnerability in GPAC 1.0.1: gf_props_assign_value in filter_core/filter_props.c ARP Poisoning Vulnerability Leading to Buffer Overflow in TP-Link Wireless N Router WR840N File Upload Vulnerability in GFI Mail Archiver Versions up to and Including 15.1 via Insecure Implementation of Telerik Web UI Plugin Null Pointer Dereference Vulnerability in D-Link DSL-2740R UK_1.01 Allows Remote Denial of Service Null Pointer Dereference Vulnerability in D-Link DSP-W215 1.10 Null Pointer Dereference Vulnerability in D-Link DIR-825 2.10b02: Remote Denial of Service Buffer Overflow Vulnerability in Emerson GE Automation Proficy Machine Edition v8.0 Denial of Service Vulnerability in Emerson GE Automation Proficy Machine Edition v8.0 Command Injection Vulnerability in @ronomon/opened Library Buffer Overflow Vulnerability in TP-Link TL-WR802N(US) and Archer_C50v5_US v4_200 <= 2020.06 Allows Remote Code Execution Cross Site Scripting (XSS) Vulnerability in SeaCMS 12.6 via v_company and v_tvs Parameters in /admin_video.php Heap Buffer Overflow in OpenSource Moddable v10.5.0 via modwifi.c Stack Overflow Vulnerability in OpenSource Moddable v10.5.0 via xsScript.c Component Heap Buffer Overflow in fx_String_prototype_repeat function in OpenSource Moddable v10.5.0 Heap Buffer Overflow in fxIDToString function in OpenSource Moddable v10.5.0 Heap Buffer Overflow in fx_ArrayBuffer function in OpenSource Moddable v10.5.0 Buffer Over-read Vulnerability in OpenSource Moddable v10.5.0 Stack Overflow Vulnerability in OpenSource Moddable v10.5.0 CSRF Vulnerability Allows Unauthorized Admin Account Creation in JIZHI CMS 1.9.4 Privilege Escalation via Crafted IOCTL Call in MSI Dragon Center 2.0.104.0 OpenJPEG v2.4.0 Integer Overflow Remote DoS Vulnerability SQL Injection Vulnerability in Ovidentia CMS 6.x index.php id Parameter CSRF Vulnerability in Mahara 20.10 Allows Remote Inbox-Mail Removal SQL Injection in getip function in 发货100-设计素材下载系统 1.1 SSRF Vulnerability in OutSystems Platform Server and LifeTime Management Console Buffer Overflow Vulnerability in Irfanview 4.57's FORMATS!ReadPVR_W+0xfa Allows DOS via Crafted PVR File Buffer Overflow Vulnerability in Irfanview 4.57: Execution of Arbitrary Code via Crafted RLE File Buffer Overflow Vulnerability in Irfanview 4.57: Arbitrary Code Execution via Crafted RLE File Buffer Overflow Vulnerability in Irfanview 4.57: Arbitrary Code Execution via Crafted RLE File Buffer Overflow Vulnerability in Irfanview 4.57's FORMATS!ReadRAS_W+0xa74 Allows Arbitrary Code Execution via Crafted RLE File Buffer Overflow Vulnerability in Irfanview 4.57's Formats!ReadRAS_W+0x1001 Allows Arbitrary Code Execution via Crafted RLE File Denial of Service Vulnerability in Irfanview 4.57's AutoCrop_W Component Buffer Overflow Vulnerability in Irfanview 4.57: Execution of Arbitrary Code via Crafted RLE File Buffer Overflow Vulnerability in Irfanview 4.57 WPG+0x1dda Allows Arbitrary Code Execution Session Fixation Vulnerability in CuppaCMS Allows Arbitrary User Session Access Shell Command Injection Vulnerability in gnuplot package for Node.js Title: Thanos-Soft Cheetah Browser Android 1.2.0 UXSS Vulnerability Allows Cross-Site Scripting Denial of Service Vulnerability in ircII (CVE-2021-XXXX) Arbitrary File Upload Vulnerability in Pear Admin Think through 2.1.2 SQL Injection in pear-admin-think version 2.1.2 allows for arbitrary code execution and privilege escalation via crafted GET request to Crud.php. Command Injection Vulnerability in D-Link DIR-802 A1 Devices Stored Cross-Site Scripting (XSS) Vulnerabilities in Sourcecodester Equipment Inventory System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in SourceCodester Budget Management System 1.0 via 'Budget Title' Field Heap-Based Buffer Over-Read Vulnerability in libjpeg-turbo 2.0.90 Remote Code Execution in NorthStar Club Management 6.3 via cominput.jsp and comoutput.jsp Account Hijacking via Unauthorized Password Change in NorthStar Club Management 6.3 Arbitrary File Download Vulnerability in NorthStar Club Management 6.3 Unauthenticated Access Vulnerability in NorthStar Club Management 6.3 Cleartext Transmission of Sensitive Information in NorthStar Club Management 6.3 Directory Traversal Vulnerability in NorthStar Club Management 6.3 XMB Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in My SMTP Contact v1.1.1 Plugin for GetSimple CMS Allows Unauthorized SMTP Setting Changes Incorrect Physical Access Control in STMicroelectronics STM32L4 Devices Non-Constant Time ECDSA Implementation Vulnerability in NordicSemiconductor nRF52840 NetNTLM Hash Leakage Vulnerability in PortSwigger Burp Suite Arbitrary Code Execution Vulnerability in gitjacker before 0.1.0 Incomplete Fix for IP Address Bypass Vulnerability in netmask Package XXE (XML External Entity) Vulnerability in pikepdf Package's models/metadata.py Extraneous Zero Characters in IP Address String Bypass Vulnerability Limited Path Traversal Vulnerability in Apache Commons IO before 2.7 Gradle Repository Content Filtering Bypass Vulnerability Privilege Escalation Vulnerability in Gradle Builds on Unix-like Systems Local Information Disclosure Vulnerability in Gradle Denial of Service Vulnerability in Sydent Server Sydent Vulnerability: Unvalidated Parameter and IP Address Induced HTTP Requests Arbitrary Email Sending Vulnerability in Sydent Resource Exhaustion Vulnerability in Sydent Versions 2.2.0 and Prior Unvalidated Protocol Vulnerability in Wagtail Content Management System CSRF Bypass Vulnerability in trestle-auth 0.4.0 and 0.4.1 CSRF Vulnerability in Anuko Time Tracker ScratchOAuth2 Vulnerability: Unauthorized Access and Data Manipulation Insufficient Input Escaping in Nextcloud Dialogs Library Leads to XSS Vulnerability Privilege Escalation in Grav Admin Plugin (CVE-2021-XXXX) Arbitrary Code Execution and Privilege Escalation in Grav Twig Processor Authentication Bypass Vulnerability in Nacos Server Unauthenticated Access to /derby Endpoint in Nacos ConfigOpsController Vulnerability: Timing-based Padding Oracle in jose npm library Timing-based Padding Oracle Vulnerability in jose-browser-runtime (CVE-2021-XXXX) Timing-based Padding Oracle Vulnerability in jose-node-esm-runtime (CVE-2021-XXXX) Timing-based Padding Oracle Vulnerability in jose-node-cjs-runtime (CVE-2021-12345) XML Parsing XXE Vulnerability in WordPress Media Library Stored XSS Vulnerability in Pi-hole Admin Portal Multiple Privilege Escalation Vulnerabilities in Pi-hole Core 5.2.4 Vulnerability: Password-Protected Posts and Pages Exposure in WordPress Editor JSON Web Token Signature Verification Bypass in Portofino Privilege Escalation Vulnerability in a12n-server v0.18.0 Denial of Service Vulnerability in matrix-media-repo 1.2.6 and earlier Arbitrary PHP Code Execution Vulnerability in Smarty Template Engine Improper Signature Verification in JSON Web Token Refresh Functionality in Grassroot Platform Open Redirect Vulnerability in Authelia 4.27.4 and Earlier Heap Buffer Overflow in Exiv2 v0.27.3 and Earlier Out-of-Bounds Read Vulnerability in Exiv2 v0.27.3 and Earlier Persistent Script Injection in XWiki Platform Versions Prior to 12.6.3 and 12.8 Critical Privilege Escalation Vulnerability in Kirby CMS Remote Code Execution Vulnerability in Discord Recon Server (CVE-XXXX-XXXX) Vulnerability: DNS Rebinding Attack in Portable SDK for UPnP Devices Out-of-Bounds Read Vulnerability in Exiv2 v0.27.3 and Earlier Heap Buffer Overflow in Exiv2 v0.27.3 and Earlier Discord-Recon 0.0.3 and Prior Remote Code Execution Vulnerability Remote File Disclosure Vulnerability in Discord-Recon 0.0.3 and Prior Versions Arbitrary JavaScript Execution Vulnerability in Wrongthink 2.4.0 and Earlier Vulnerability: Remote Code Execution via Symbolic Links and Backslash Characters in Cygwin Git Exponential Backtracking Denial of Service Vulnerability in Node-redis Out-of-Bounds Read Vulnerability in Exiv2 v0.27.3 and Earlier Denial-of-Service Vulnerability in Synapse Push Rules Remote Code Execution in Composer via Crafted URLs Out-of-Bounds Read Vulnerability in Exiv2 v0.27.3 and Earlier Arbitrary File Read Vulnerability in HedgeDoc (formerly CodiMD) Allows Path Traversal Arbitrary File Exfiltration Vulnerability in HedgeDoc/CodiMD Deserialization Vulnerability in Requests PHP Library Integer Overflow Vulnerability in Redis STRALGO LCS Command Integer Overflow Vulnerability in Redis 6.2 before 6.2.3 Cache Poisoning Vulnerability in Ratpack Toolkit (Versions Prior to 1.9.0) Insecure Default Signing Key in Ratpack Client Side Session Module Unencrypted Session Data Leakage in Ratpack Web Applications Vulnerability in readUvarint Function in xz Compression Library (CVE-2020-16845) Information Leakage Vulnerability in ManageWiki Extension Unauthenticated Remote Code Execution in Ghost CMS Remote Code Execution (RCE) via Java Deserialization in Ratpack Session Store Infinite-CPU-Loop Denial-of-Service Vulnerability in npm:cumulative-distribution-function Authentication Bypass and Account Takeover in October CMS Vulnerability in SABnzbd Allows Writing Files Outside Download Folder via Malicious PAR2 Files Unfiltered XSS Vulnerability in Highcharts JS Versions 8 and Earlier Unauthenticated Server-Side Request Forgery (SSRF) vulnerability in Jellyfin versions prior to 10.7.3 Path Escalation Vulnerability in Envoy Proxy RCE Exploit in Tickets Module of kennnyshiwa-cogs Default SSL/TLS Certificate Verification Disabled in Nim Standard Library Predictable UUID identifiers in SIF container images due to insecure randomness in `github.com/satori/go.uuid` Unverified Signature Vulnerability in Bubble Fireworks Vulnerability in Ticketer Cog Allows Exposure of Sensitive Information Vulnerability in WarnSystem Cog Allows Unauthorized Access to Sensible Information Cross-Site Scripting (XSS) Vulnerability in HedgeDoc 1.8.2 and Earlier Improper Error Handling in HTTPS Requests Management in WP-CLI Allows Remote Certificate Verification Disabling Remote Code Execution Vulnerability in XStream Versions Prior to 1.4.17 Regular Expression Injection Vulnerability in GraphHopper 2.0 to 2.4 GENIVI DLT Configuration File Crash Vulnerability Type Confusion Vulnerability in Wire Serialization Incomplete Fix for Denial of Service Vulnerability in Puma Server (CVE-2019-16770) Pydantic CPU Usage Vulnerability Memory over-allocation vulnerability in evm crate (CVE-2021-XXXX) Heap Buffer Overflow in TensorFlow's RaggedBincount due to Invalid SparseTensor Splits Argument Type Confusion Vulnerability in TensorFlow's Conversion from Python Array to C++ Array Heap Buffer Overflow in TensorFlow's RaggedBincount due to Invalid SparseTensor Splits Argument Unvalidated Tensor Arguments in `MatrixDiag*` Operations in TensorFlow Null Pointer Dereference in TensorFlow's `RaggedTensorToVariant` Operation Division by 0 and Eigen assertion vulnerability in TensorFlow's Conv3D implementation Null pointer dereference vulnerability in TensorFlow's eager mode session operations Vulnerability in TensorFlow API `tf.raw_ops.SparseCross` Allows Denial of Service Heap Buffer Overflow in TensorFlow Conv3DBackprop Operations Segmentation fault in `tf.raw_ops.SparseCountSparseOutput` due to negative dense shape specification Denial of Service via Division by Zero in TensorFlow's Conv3DBackprop Operations Denial of Service Vulnerability in TensorFlow's `AddManySparseToTensorsMap` Function Division by 0 vulnerability in TensorFlow's `tf.raw_ops.Conv2DBackpropFilter` Vulnerability: Division by 0 in tf.raw_ops.Conv2DBackpropInput Division by 0 vulnerability in TensorFlow's `tf.raw_ops.Conv2D` Vulnerability: Division by 0 in `tf.raw_ops.QuantizedConv2D` Division by 0 vulnerability in TensorFlow's `tf.raw_ops.QuantizedMul` Heap Buffer Overflow in TensorFlow's `tf.raw_ops.QuantizedResizeBilinear` due to Float Rounding Error Null Pointer Dereference Vulnerability in TensorFlow's SparseMatrixSparseCholesky Denial of Service Vulnerability in TensorFlow's PNG Encoding Out-of-Bounds Heap Read in TensorFlow's `tf.raw_ops.RaggedCross` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.DrawBoundingBoxes` Denial of Service Vulnerability in TensorFlow's SparseConcat Implementation Heap Buffer Overflow in `QuantizedMul` due to Invalid Thresholds in TensorFlow Heap Buffer Overflow in `QuantizedReshape` due to Invalid Thresholds in TensorFlow Heap Buffer Overflow in QuantizedResizeBilinear in TensorFlow Division by Zero Vulnerability in TensorFlow's Conv2DBackpropFilter Implementation Vulnerability: Segfault in TensorFlow's `tf.raw_ops.ImmutableConst` with `tf.resource` or `tf.variant` dtype Heap Buffer Overflow in TensorFlow's Conv2DBackpropFilter Implementation Null Pointer Dereference in tf.raw_ops.StringNGrams Heap Buffer Overflow in TensorFlow's `tf.raw_ops.StringNGrams` Denial of Service Vulnerability in TensorFlow's CTCGreedyDecoder Denial of Service Vulnerability in TensorFlow's QuantizeAndDequantizeV4Grad Denial of Service Vulnerability in TensorFlow's Sparse Tensor Conversion to CSR Sparse Matrices Integer Division by Zero Vulnerability in TensorFlow's `tf.raw_ops.QuantizedBiasAdd` Denial of Service Vulnerability in TensorFlow's QuantizedBatchNormWithGlobalNormalization Denial of Service Vulnerability in TensorFlow's QuantizedBatchNormWithGlobalNormalization Denial of Service Vulnerability in TensorFlow's QuantizedBatchNormWithGlobalNormalization Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.FractionalAvgPool` Failure to Terminate Kernel Execution in `MatrixTriangularSolve` Implementation in TensorFlow Denial of Service Vulnerability in TensorFlow's UnsortedSegmentJoin with `num_segments` Tensor Argument Out-of-Bounds Read Vulnerability in TensorFlow's `tf.raw_ops.QuantizeAndDequantizeV3` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.DenseCountSparseOutput` Denial of Service Vulnerability in TensorFlow's FusedBatchNorm Implementation Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.Reverse` Function Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.SparseMatMul` Heap Buffer Overflow in `tf.raw_ops.SparseSplit` in TensorFlow Out-of-bounds Heap Access in TensorFlow's `tf.raw_ops.UnicodeEncode` Vulnerability Heap Buffer Overflow in tf.raw_ops.RaggedTensorToTensor Denial of Service Vulnerability in TensorFlow's `LoadAndRemapMatrix` Function Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.IRFFT` Implementation Denial of Service Vulnerability in TensorFlow's RFFT Implementation Null Pointer Dereference Vulnerability in TensorFlow's `tf.raw_ops.EditDistance` Implementation Null Pointer Dereference in TensorFlow's `tf.raw_ops.SparseFillEmptyRows` Implementation Out-of-bounds Write Vulnerability in TensorFlow's Dilation2DBackpropInput Denial of Service and Out-of-Bounds Write Vulnerability in TensorFlow's `tf.raw_ops.SparseDenseCwiseMul` Null Pointer Dereference in tf.raw_ops.ParameterizedTruncatedNormal in TensorFlow Out-of-bounds read vulnerability in TensorFlow's `tf.raw_ops.MaxPoolGradWithArgmax` implementation Vulnerability: Out-of-bounds Read in TensorFlow's MaxPoolGradWithArgmax Implementation Memory corruption vulnerability in TensorFlow's `tf.raw_ops.MaxPoolGradWithArgmax` implementation Null pointer dereference vulnerability in TensorFlow's `tf.raw_ops.SdcaOptimizer` Division by 0 vulnerability in `tf.raw_ops.MaxPoolGradWithArgmax` implementation Null Pointer Dereference in `tf.raw_ops.MaxPool3DGradGrad` Implementation in TensorFlow Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.ReverseSequence` Implementation Heap Buffer Overflow in TensorFlow's `tf.raw_ops.MaxPool3DGradGrad` Implementation Heap Buffer Overflow in TensorFlow's `tf.raw_ops.AvgPool3DGrad` Implementation Heap Buffer Overflow in TensorFlow's `tf.raw_ops.FractionalAvgPoolGrad` Implementation Heap Buffer Overflow in TensorFlow's `tf.raw_ops.MaxPoolGrad` Implementation Vulnerability: Denial of Service and Undefined Behavior in TensorFlow's `tf.raw_ops.FractionalMaxPoolGrad` Implementation Denial of Service Vulnerability in TensorFlow's CTCBeamSearchDecoder Heap-based Buffer Overflow in TensorFlow's `tf.raw_ops.Dequantize` Heap Buffer Overflow and Null Pointer Dereference Vulnerability in TensorFlow's `tf.raw_ops.FusedBatchNorm` Implementation Integer Overflow Denial of Service Vulnerability in TensorFlow Vulnerability: Unchecked Stride Argument in TFLite Computation Division by Zero Vulnerability in TensorFlow's Optimized Pooling Implementations Vulnerability: Division by Zero in SpaceToDepth TFLite Operator Division by Zero Vulnerability in TensorFlow's TransposeConv TFLite Operator Division by Zero Vulnerability in TensorFlow's `GatherNd` TFLite Operator Vulnerability: Out-of-bounds Read in TensorFlow's Minimum and Maximum TFLite Operators Infinite Loop and Stack Overflow Vulnerability in TensorFlow TFlite Graph Evaluation Fix for vulnerability allowing null-buffer-backed tensor with 1D shape in TensorFlow Division by Zero Vulnerability in TensorFlow's `BatchToSpaceNd` TFLite Operator Divisor Control Vulnerability in TFLite's Convolution Code Division by Zero Vulnerability in TensorFlow's DepthToSpace TFLite Operator Division by Zero Vulnerability in TensorFlow's `EmbeddingLookup` TFLite Operator Division by Zero Vulnerability in TensorFlow's `SpaceToBatchNd` TFLite Operator Division by Zero Vulnerability in TensorFlow's SVDF TFLite Operator Division by Zero Vulnerability in TensorFlow's `Split` TFLite Operator Division by Zero Vulnerability in TensorFlow's OneHot TFLite Operator Integer Overflow Vulnerability in TFLite Concatenation Implementation Division by Zero Vulnerability in TensorFlow's DepthwiseConv TFLite Operator Out-of-Bounds Write Vulnerability in TensorFlow's TFLite ArgMin/ArgMax Implementation TFLite Hashtable Lookup Division by Zero Vulnerability Integer overflow vulnerability in TFLite code for allocating TFLiteIntArray Out-of-Bounds Read Vulnerability in TensorFlow's TFLite Split_V Implementation Incomplete Validation in TensorFlow's `SparseAdd` Allows for Exploiting Undefined Behavior and Writing Outside of Bounds Undefined Behavior in tf.raw_ops.RaggedTensorToTensor with Empty Input Arguments Incomplete Validation in SparseAdd Allows for Exploiting Undefined Behavior and Writing Outside of Bounds Vulnerability: Heap Underflow in TensorFlow's QuantizeAndDequantizeV2 Validation Incomplete Validation in `SparseReshape` Allows Denial of Service (DoS) in TensorFlow Heap Buffer Overflow in TensorFlow's `tf.raw_ops.BandedTriangularSolve` Implementation Incomplete Validation in `tf.raw_ops.CTCLoss` Allows OOB Read from Heap in TensorFlow Vulnerability: Out-of-Bounds Write in TensorFlow's `tf.io.decode_raw` Implementation Stack Overflow Vulnerability in TensorFlow's `ParseAttrValue` Implementation Null pointer dereference vulnerability in TensorFlow's TrySimplify implementation Denial of Service Vulnerability in TensorFlow's tf.strings.substr Crash vulnerability when passing complex argument with `conjugate=True` to `tf.transpose` in TensorFlow Segfault vulnerability in TensorFlow's tf.raw_ops.SparseCountSparseOutput XML External Entity (XXE) Vulnerability in Report Portal Service-API User Enumeration Vulnerability in Flask-AppBuilder <= 3.2.3 Open Redirect Vulnerability in Prometheus 2.23.0 Uninitialized Memory Read Vulnerability in Exiv2 v0.27.3 and Earlier CSRF Protection Bypass in fastify-csrf Plugin (Versions prior to 3.1.0) Cross-Site Scripting (XSS) Vulnerability in Adminer Versions 4.6.1 to 4.8.0 Copy-on-Write Logic Vulnerability in FreeBSD Double Free Vulnerability in FreeBSD Listening Socket Accept Filters SMAP Protections Bypass Vulnerability in FreeBSD Denial of Service Vulnerability in libradius(3) Buffer Overflow Vulnerability in FreeBSD ggatec Daemon Uninitialized I/O Vectors Vulnerability in VirtIO-based Device Models in bhyve Console Data Overwrite Vulnerability Arbitrary Code Execution via File Upload in Directus 8 GistPad before 0.2.7: GitHub Access Token Leakage via Crafted Workspace Folder Stored XSS Vulnerability in PRTG Network Monitor before 21.3.69.1333 via Active Directory Integration Remote Code Execution Vulnerability in Hitachi JP1/IT Desktop Management 2 Agent 9-12: Integer Overflow Exploit Local Privilege Escalation Vulnerability in Hitachi JP1/IT Desktop Management 2 Agent 9-12 Improper Data Size Validation in tipc_nl_retrieve_key Function in Linux Kernel (CVE-2021-33909) Partially Uninitialized Data Structure Vulnerability in Linux Kernel (CID-50535249f624) Uninitialized Variable Vulnerability in Linux Kernel BPF Subsystem (CID-350a5c4dd245) Memory Leak in Linux Kernel's User Mode Driver (UMD) Denial of Service Vulnerability in Linux Kernel's Netfilter Subsystem (CID-175e476b8cdf) Open Redirect Vulnerability in Pomerium before 0.13.4 Open Redirect Vulnerability in Pomerium User Sign-In/Out Process Certificate Revocation List (CRL) Exclusion Vulnerability in HashiCorp Vault Remote Code Execution via Deserialization in AjaxSearchPro Provisioning Authenticity Check Bypass in Pexip Infinity Connect TLS Certificate Validation Bypass in Pexip Infinity Connect before 1.8.0 Use-after-free vulnerability in nested_svm_vmrun allows bypassing access control on host OS MSRs Arbitrary Binary Execution Vulnerability in vscode-rufo Extension ownCloud 10.7 Incorrect Access Control Vulnerability: Remote Information Disclosure CSRF Vulnerability in Softing AG OPC Toolbox Allows Password Reset Stored XSS vulnerability in Softing AG OPC Toolbox through 4.10.1.13035 via /en/diag_values.html Extraneous Zero Characters in IP Address String Bypass Access Control Vulnerability Cross-Site Scripting (XSS) Vulnerability in CourseMS 2.1 Stack-Based Buffer Overflow in IBM Security Verify Access 20.07 Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in IBM Spectrum Scale Web UI CSV Injection in IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation and IBM Engineering Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 199408) Local Bypass of Filesystem Audit Logging in IBM Spectrum Scale 5.1.0.1 Stack-based Buffer Overflow in IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 Cross-Site Scripting Vulnerability in IBM Jazz Team Server Products (IBM X-Force ID: 199482) Link Injection Vulnerability in IBM Security Verify Privilege Vault 10.9.66 Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Privilege Vault 10.9.66 Privilege Escalation Vulnerability in IBM Db2 for Linux, UNIX and Windows Remote Code Execution Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 HTML Injection Vulnerability in IBM InfoSphere Information Server 11.7 Sensitive Information Disclosure in IBM Security Identity Manager 7.0.2 Clear Text Storage of User Credentials in IBM Security Identity Manager 7.0.2 Authentication Bypass Vulnerability in IBM Security Identity Manager 7.0.2 User Enumeration Vulnerability in IBM Security Identity Manager 7.0.2 Sensitive Information Disclosure in IBM Security Identity Manager 7.0.2 Hard-coded Credentials Vulnerability in IBM Security Identity Manager 7.0.2 IBM Security Identity Manager 7.0.2: Remote Information Disclosure Vulnerability Local Privilege Escalation Vulnerability in IBM AIX and VIOS Weak Cryptographic Algorithms in IBM Spectrum Protect Plus 10.1.0 through 10.1.7: A Critical Vulnerability Directory Traversal and Arbitrary File Deletion Vulnerability in IBM Host Firmware for LC-class Systems Arbitrary Command Execution Vulnerability in IBM Cloud Pak for Security (CP4S) Sensitive Information Disclosure in IBM Cloud Pak for Security (CP4S) Versions 1.5.0.0 - 1.7.1.0 Arbitrary File Upload Vulnerability in IBM Security Verify Access Docker 10.0.0 Information Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 Information Disclosure in IBM Engineering Workflow Management and Rational Team Concert Denial of Service Vulnerability in Db2 for Linux, UNIX, and Windows Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) Denial of Service Vulnerability Weak Cryptographic Algorithms in IBM Security SOAR: A Gateway to Decrypt Sensitive Data Vulnerability in IBM AIX 7.1 Trace Facility Allows Information Exposure and Denial of Service Privilege Escalation Vulnerability in IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 Privilege Escalation via Sensitive Cryptographic Keys in IBM Spectrum Scale 5.1.0.1 IBM UrbanCode Deploy (UCD) CLI Interface Agent Upgrade Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting Vulnerability in IBM Jazz Team Server Products Improper Input Validation in IBM Content Navigator 3.0.CD Leading to Denial of Service Open Port Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.11 Privilege Escalation Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 Client-side vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 due to incorrect content type in web response Weak Cryptographic Algorithms in IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 Weak Cryptographic Algorithms in IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 Resource Leak Vulnerability in IBM Secure External Authentication Server and IBM Secure Proxy Improper Certificate Validation in IBM Sterling Secure Proxy and IBM Secure External Authentication Server (CVE-201104) AIX Kernel Denial of Service Vulnerability Hard-coded Credentials in IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 SQL Injection Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium Remote Code Execution Vulnerability in IBM WebSphere Application Server Improper Validation of REST API Server Certificate in IBM InfoSphere Data Flow Designer Engine Server-Side Request Forgery (SSRF) Vulnerability in IBM InfoSphere Data Flow Designer Remote Information Disclosure Vulnerability in IBM Planning Analytics Local 2.0 Format String Security Vulnerability in IBM Spectrum Scale System Core Component Local Privilege Escalation Vulnerability in IBM AIX, VIOS, and Korn Shell (ksh) User Impersonation Vulnerability in IBM Security Verify Access Docker 10.0.0 Stored Cross-Site Scripting Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Privilege Escalation Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 Authentication Bypass Vulnerability in IBM InfoSphere Information Server 11.7 Server-side Request Forgery (SSRF) Vulnerability in IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 Weak Cryptographic Algorithms in IBM QRadar SIEM 7.3 and 7.4: A Critical Vulnerability Information Disclosure Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager Information Disclosure Vulnerability in IBM Db2 11.2 and 11.5: Exposing Remote Storage Credentials Insecure Transmission and Storage of Authentication Credentials in IBM Business Automation Workflow and IBM Business Process Manager Privilege Escalation Vulnerability in IBM WebSphere Application Server's SAML Web Inbound Trust Association Interceptor (TAI) Improper Certificate Validation in IBM QRadar SIEM 7.3, 7.4, and 7.5 Cross-Site Request Forgery (CSRF) Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 Cross-Site Request Forgery Vulnerability in IBM QRadar User Behavior Analytics 4.1.1 Improper Access Controls in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 Sensitive Information Disclosure in IBM App Connect Enterprise Certified Container 1.0-1.3 Unauthenticated File Download Vulnerability in IBM Sterling B2B Integrator Unauthorized Access to Sensitive Information in IBM Sterling B2B Integrator Local Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Stored Cross-Site Scripting Vulnerability in IBM Sterling B2B Integrator IBM PowerVM Hypervisor FW940 and FW950 Information Disclosure Vulnerability Sensitive Information Disclosure in IBM i2 Analyst's Notebook Premium Sensitive Information Disclosure in IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 Unauthorized Access to Sensitive Information in IBM Cognos Analytics Insecure Cookie Handling in IBM i2 Analyst's Notebook Premium Hazardous Input Validation Vulnerability in IBM i2 Analyst's Notebook Premium Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Code Injection Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.11 Insecure Direct Object Reference (IDOR) Vulnerability in IBM Security Guardium 10.6 and 11.3 Elevated Privilege Vulnerability in IBM Jazz Team Server Products (X-Force ID: 203025) Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow and IBM Cloud Pak for Automation Information Disclosure Vulnerability in IBM QRadar SIEM 7.3, 7.4, and 7.5 Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Unauthenticated Key Exchange Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Improper Input Validation in IBM Resilient OnPrem v41.1 Remote Code Execution Vulnerability in IBM Partner Engagement Manager 2.0 Sensitive Information Disclosure in IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 IBM Security SOAR V42 and V43: Remote Information Disclosure Vulnerability Clear Text Storage of User Credentials in IBM Jazz Team Server Products Cross-Site Scripting (XSS) Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises Cross-Site Scripting (XSS) Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises Privilege Escalation via CA Private Key in IBM Event Streams Insecure SSH Server Configuration in IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21: Vulnerability to Information Decryption IBM PowerVM Hypervisor Local Denial of Service Vulnerability SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 Improper Client Side Validation in IBM Engineering Requirements Quality Assistant On-Premises (All versions) Allows Information Disclosure Stored Cross-Site Scripting Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 Privilege Escalation Vulnerability in IBM AIX and VIOS Privilege Escalation Vulnerability in IBM Security SOAR Stored Cross-Site Scripting Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Clear Text Storage of User Credentials in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Request Forgery Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting (XSS) Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Request Forgery Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Privilege Escalation in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) via ADMIN_CMD with LOAD or BACKUP XML External Entity Injection (XXE) Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Stored Cross-Site Scripting Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 Cross-Site Request Forgery Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 IBM Security Guardium Insights 3.0 HTTP Strict Transport Security Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Financial Transaction Manager 3.2.4 User Enumeration Vulnerability in IBM WebSphere Application Server and Liberty Denial of Service Vulnerability in IBM MQ 9.1 and 9.2 IBM Jazz Team Server Products Vulnerable to Server-Side Request Forgery (SSRF) Improper Input Validation in IBM Security Guardium Insights 3.0 Allows Unauthorized Actions Insufficient Session Expiration in IBM Security Guardium Insights 3.0 Insecure Communication Channel Vulnerability in BMC Firmware of IBM Power System S821LC Server Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Remote Information Disclosure Vulnerability in IBM Planning Analytics 2.0 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics 2.0 Unvalidated Return Values in IBM Planning Analytics 2.0 Could Lead to Information Exposure HTTP Header Injection Vulnerability in IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 Denial of Service Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Insufficient Validation and Revocation in IBM ICP4A User Management System Component Vulnerability in libc.a Library Exposes Sensitive Information in IBM AIX and VIOS EFS Vulnerability in IBM AIX 7.1, 7.2, and VIOS 3.1 AIX Kernel Denial of Service Vulnerability Vulnerability Title: Server Side Request Forgery (SSRF) in IBM QRadar SIEM 7.3 and 7.4 Open Redirect Vulnerability in IBM Security Identity Manager 6.0 and 6.0.2 Click Hijacking Vulnerability in IBM Jazz Team Server Unauthorized Access to Jupyter Notebooks in IBM Cognos Analytics 11.1.7 and 11.2.0 Insufficient Session Expiration in IBM i2 iBase 8.9.13 and 9.0.0 HTTP Header Injection Vulnerability in IBM Cloud Pak for Automation Business Automation Studio Component Restricted Shell Escape Vulnerability in IBM Flash System 900 Insecure Third Party Domain Access Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 Information Disclosure Vulnerability in IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 Insecure Cookie Handling in IBM Standards Processing Engine Cross-Site Request Forgery (CSRF) Vulnerability in IBM InfoSphere Information Server 11.7 Improper Site Identity Certificate Upload Vulnerability in IBM OPENBMC OP910 and OP940 Weak Cryptographic Algorithms in IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 Denial of Service Vulnerability in IBM Engineering Requirements Quality Assistant SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 User Credentials Exposed in Plain Text in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting Vulnerability in IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Local Information Disclosure in IBM App Connect Enterprise Certified Container Arbitrary Code Execution Vulnerability in IBM OpenPages with Watson 8.1 and 8.2 Unauthenticated Administrative Access Vulnerability in IBM TS7700 Management Interface Cross-Site Scripting (XSS) Vulnerability in IBM Security Risk Manager on CP4S 1.7.0.0 Improper Input Validation in IBM Security Verify Privilege On-Premise 11.5 IP Address Access Control Bypass Vulnerability in Python's ipaddress Library IP Address Bypass Vulnerability in Rust's net/parser.rs IP Address Access Control Bypass Due to Octal Interpretation Vulnerability Double Drop Vulnerability in Endian Trait Crate Uninitialized Memory Drop Vulnerability in arenavec Crate Double Drop Vulnerability in arenavec Crate Denial of Service Vulnerability in parse_duration Crate Double Drop Vulnerability in insert_many Crate Uninitialized Memory Read Vulnerability in PartialReader Use-after-free vulnerability in rocket crate's uri::Formatter Uninitialized Memory Drop in adtensor Crate's FromIterator Implementation for Vector and Matrix Uninitialized Memory Drop Vulnerability in Rust Telemetry Crate Double Drop Vulnerability in SliceDeque::drain_filter Out-of-Bounds Write Vulnerability in StackVector Crate Double Free Vulnerability in Rust's through Crate Out-of-Bounds Write Vulnerability in reorder Crate Uninitialized Value Vulnerability in reorder crate Improper Authorization Resolution in Apache Solr's ConfigurableInternodeAuthHadoopPlugin HTML Injection Vulnerability in Firefox for Android (Versions < 88) WebAssembly JIT Null Read Vulnerability on x86-32 Platforms Integer Overflow in Alt-Svc Header Allows Bypass of Port Blocking Restrictions Memory Corruption Vulnerability in Firefox 87 Race Condition Vulnerability in Thunderbird < 78.10: Signature File Replacement Insecure Shared Library Loading in Thunderbird < 78.9.1 Unprotected Secret Key Retention Vulnerability in Thunderbird Title: Privilege Escalation Vulnerability in Mozilla Maintenance Service on Windows Systems Race Condition in Web Render Components: Arbitrary Code Execution Vulnerability Universal Cross-Site Scripting Vulnerability in Firefox for Android Reticulum Proxy Vulnerability: Unauthorized Access to Internal URLs Floating Point Value Injection (FPVI): Arbitrary Memory Address Leakage and JIT Type Confusion Vulnerability in Firefox Unencrypted Storage of OpenPGP Secret Keys in Thunderbird Versions 78.8.1 to 78.10.1 Unprotected Part Disclosure in Thunderbird MIME Encoded Email Cookie Leakage in Firefox for iOS < 34 Firefox < 89 Vulnerability: Unauthorized Re-enabling of Camera Access by Websites Privacy Leakage: Firefox Caching Vulnerability Exposes Website Titles in Private Browsing Mode UI Overlay Vulnerability in Firefox < 89 when Styling and Rendering Oversized `<select>` Element Firefox for Android Popup Overload Vulnerability Session Data Leakage in Firefox for Android's Private Browsing Mode Out-of-Bounds Read Vulnerability in Firefox on Windows Password Manager Vulnerability in Firefox for Android: Misleading Suggestions Memory Corruption Vulnerabilities in Firefox 88: Potential Arbitrary Code Execution Memory Corruption Vulnerabilities in Firefox 88 and Firefox ESR 78.11 Out of Bounds Read Vulnerability in Firefox (Windows) with WebRender Disabled IMAP Server Response Injection Vulnerability in Thunderbird Accessibility-Enabled Use-After-Free Vulnerability in Thunderbird and Firefox Firefox for Android Vulnerability: Cross-Origin Permission Granting Use-after-free vulnerability in out-of-date Cairo library affects Firefox < 90 Insecure Password Autofill Vulnerability in Firefox for Android (Versions < 90) TLS Error Page Override Vulnerability in Firefox < 90 DOM Overlay Vulnerability in Firefox < 90 Memory Corruption Vulnerabilities in Firefox and Thunderbird Memory Corruption Vulnerabilities in Firefox 89 Multiple Low Security Issues in Mozilla VPN < 2.3 Arbitrary JavaScript Execution in Hubs Cloud Uninitialized Memory Vulnerability in Thunderbird and Firefox Deterministic Register Confusion Vulnerability in Firefox and Thunderbird Versions < 91 Memory Leakage Vulnerability in Firefox and Thunderbird Versions < 91 Firefox for Android Fullscreen Mode Stuck Vulnerability Memory Corruption and Exploitable Crash Vulnerability in Thunderbird and Firefox Memory Corruption and Exploitable Crash Vulnerability in Thunderbird and Firefox Media Channels Race Condition Vulnerability in getaddrinfo() Function on Linux Operating Systems Positional Click Vulnerability in Firefox and Thunderbird on Linux Out of Bounds Read and Memory Corruption Vulnerability in Firefox and Thunderbird Memory Corruption Vulnerabilities in Firefox 90 and Firefox ESR 78.12 Memory Corruption Vulnerability in Firefox 90 HTTP/3 Header Splitting Vulnerability in Firefox and Thunderbird Intent Protocol Navigation Vulnerability in Firefox for Android Cross-Site Scripting (XSS) Vulnerability in Cloudera Hue 4.6.0 Cross Site Request Forgery (CSRF) Vulnerability in CloverDX Server Console Allows Remote Code Execution Arbitrary Command Execution and Remote Code Execution (RCE) Vulnerability in Mark Text 0.16.3 Buffer Over-read Vulnerability in Wind River VxWorks 7 before 21.03 Heap Overflow Vulnerability in Wind River VxWorks DHCP Client Possible Stack Overflow Vulnerability in Wind River VxWorks DHCP Server SQL Injection in LATRIX 0.6.0: Information Disclosure and Code Execution via txtaccesscode Parameter Memory Leak in video_usercopy for Large Arguments in Linux Kernel Stored XSS Vulnerability in Nokia G-120W-F 3FE46606AGAB91 Administrative Interface Vulnerability: Forging Attacks in wpa_supplicant and hostapd 2.9 Insufficient Checks in JetBrains PyCharm VCS Integration Allow Local Code Execution IntelliJ IDEA XXE Vulnerability: Information Disclosure Integer Overflow Vulnerability in GPAC 1.0.1's hevc_parse_slice_segment Function Null Pointer Dereference in gf_filter_pck_new_alloc_internal function in GPAC 1.0.1 Heap Overflow Vulnerability in GPAC 1.0.1's adts_dmx_process Function Reflected XSS vulnerability in Seo Panel 4.8.0 via the forgot email parameter in seo/seopanel/login.php Heap Overflow Vulnerability in gf_hevc_read_pps_bs_internal Function Integer Overflow in gf_avc_read_pps_bs_internal in GPAC 1.0.1 Uninitialized Memory Use Vulnerability in md4c 0.4.7 Default Credentials in SOOTEWAY Wi-Fi Range Extender v1.5 Allow Remote Firmware Manipulation Cleartext HTTP Communication Vulnerability in Agenzia delle Entrate Desktop Telematico 1.0.0 Remote Clinic v2.0: Full Name Field XSS Vulnerability Remote Clinic v2.0: Cross Site Scripting (XSS) Vulnerability in Symptons Field on patients/register-report.php Remote Clinic v2.0: Cross Site Scripting (XSS) Vulnerability in Fever or Blood Pressure Field on patients/register-report.php Incorrect Calculation in yCREDIT Smart Contract Allows for Token Manipulation Remote Clinic v2.0: Cross Site Scripting (XSS) Vulnerability in Registration Fields Remote Clinic v2.0: Cross Site Scripting (XSS) Vulnerability in staff/register.php Buffer Overflow Vulnerability in SerenityOS 2021-03-27 EndOfCentralDirectory::read() Function Segmentation Fault Vulnerability in VIGRA Computer Vision Library Version-1-11-1's read_image_band() Function Denial of Service Vulnerability in VSFTPD 3.0.3 Arbitrary File Read Vulnerability in Novel-plus (小说精品屋-plus) 3.5.1 Cross Site Scripting (XSS) Vulnerability in SysAid 20.3.64 b14 via /KeepAlive.jsp?stamp= URI Sensitive Information Disclosure in MK-AUTH through 19.01 K4.9 via Modified Invoice Number SQL Injection Vulnerability in Knowage Suite 7.1: Exploiting 'par_year' Parameter in Document Execution/URL Analytics Driver Reflected Cross-Site Scripting (XSS) in Knowage Suite before 7.4 Stored HTML Injection Vulnerability in Knowage Suite 7.1 Cross-Site Scripting (XSS) Vulnerability in Knowage Suite before 7.4 Access Control Vulnerability in Farm Smart Contract Implementation of Seal Finance USB Stick Code Execution Vulnerability on Schneider Electric ConneXium Tofino Firewall and Belden Tofino Xenon Security Appliance OPC Enforcer Bypass Vulnerability in Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 and Belden Tofino Xenon Security Appliance OPC Enforcer Denial of Service Vulnerability in Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 and Belden Tofino Xenon Security Appliance Hardcoded Default Credentials Vulnerability in Schneider Electric ConneXium Tofino Firewall and Belden Tofino Xenon Security Appliance Incomplete Fix of CVE-2017-11401 Allows Bypass of ModBus Enforcer on Schneider Electric ConneXium Tofino Firewall and Belden Tofino Xenon Security Appliance Arbitrary Firmware Image Loading Vulnerability in Schneider Electric ConneXium Tofino Firewall and Belden Tofino Xenon Security Appliance Remote Code Execution Vulnerability in Laminas Project and Zend Framework Arbitrary Package Installation Vulnerability in HestiaCP Arbitrary Code Execution via Cross-Site Scripting (XSS) in HestiaCP v1.3.5 and earlier Stack-based Buffer Overflow in prog.cgi on D-Link DIR-878 1.30B08 Devices Cross Site Scripting (XSS) vulnerability in docsify 4.12.1 search component Bypassing Access Control in beego through 2.0.1 SQL Injection Vulnerability in emlog 6.0.0stable via admin/navbar.php?action=add_page Persistent XSS Vulnerability in Gris CMS v0.1 Allows Remote Code Injection via admin/dashboard Reflected XSS Vulnerability in Mediat 1.4.1: Unauthenticated Remote Code Injection via 'return' Parameter in login.php KindEditor 4.1.12 (Chinese versions) XSS Vulnerability: Cookie Information Disclosure Multiple Persistent Cross-Site Scripting (XSS) Vulnerabilities in OpenText Content Server Version 20.3 Server-side Request Forgery (SSRF) Vulnerability in Feehi CMS 2.1.1 Allows Unauthorized Requests Persistent Cross-site scripting (XSS) vulnerability in Froala Editor 3.2.6 hyperlink creation module Vulnerability: Electromagnetic-Wave Side-Channel Attack on NXP SmartMX and A7x Microcontrollers Arbitrary Code Execution via Spoofed Response in Domain Time II Stored XSS Vulnerability in Web-School ERP V 5.0 via Event Name and Description Fields Cross-Site Request Forgery (CSRF) Vulnerability in Web-School ERP V 5.0 Blind XSS Vulnerability in Web-School ERP V 5.0 via Event Name and Description Fields Cross-Site Request Forgery (CSRF) Vulnerability in Web-School ERP V 5.0 Kaseya VSA Pre-9.5.7 Unauthenticated Credential Disclosure Vulnerability Semi-Authenticated Boolean-Based Blind SQL Injection in /InstallTab/exportFldr.asp Arbitrary File Upload and Remote Code Execution in Kaseya VSA Unified RMM 9.5.4.2149 Authenticated Reflective XSS in HelpDeskTab/rcResults.asp and done.asp Cross-Site Scripting (XSS) Vulnerability in ESRI Enterprise Document Link Kaseya VSA 2FA Bypass Vulnerability Semi-Authenticated Local File Inclusion Vulnerability in Kaseya.SB.JS/js.aspx Buffer Overflow Vulnerability in FFmpeg <=4.3 Allows Remote Code Execution Arbitrary Code Execution in vscode-phpmd Extension (CVE-2021-12345) XSS Vulnerability in Jamf Pro Inventory History (PI-009376) Unauthenticated Access to Application Settings in Lightmeter ControlCenter TerraMaster F2-210 Devices: Inconsistent UPnP Configuration Allows Internet Access to Admin Web Server Unsafe Deserialization Vulnerability in Apache OFBiz (Prior to 17.12.07) Apache Mina SSHD OutOfMemory Vulnerability in SFTP and Port Forwarding Arbitrary Program Execution Vulnerability in ripgrep (Windows) RSA PKCS#1 v1.5 Signature Verification Vulnerability in phpseclib Cloudera Manager 7.2.4 Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in CloverDX Server 5.9.0 and Earlier XSS Vulnerability in php-mod/curl (before 2.3.2) via post_file_path_upload.php and post_multidimensional.php Authenticated XXE leading to SSRF via XML unmarshalling in Assyst 10 SP7.5 Buffer Overflow Vulnerability in Alpine Linux apk-tools Reflected XSS Vulnerability in MikroTik RouterOS Hotspot Login Page Stored XSS in LiquidFiles 3.4.15 via send email functionality Friendica through 2021.01 UserExport.php Access Control Vulnerability Bypassing Access Control in GLPI Dashboard Plugin Code Execution Vulnerability in mpv through 0.33.0 via Crafted m3u Playlist File Persistent XSS Vulnerability in Seafile 7.0.5 (2019) via Share of Library Functionality CSRF Vulnerability in DMA Softlab Radius Manager 4.4.0 Allows Unauthorized Manager Account Creation Remote Code Execution in Composr 10.0.36 XML Script XSS Vulnerability in Composr 10.0.36 Cross-Site Scripting (XSS) Vulnerability in Sidekiq's Live-Poll Feature with Internet Explorer API vulnerability allows unauthorized users to escalate page protection level User Existence Disclosure Vulnerability in VisualEditor Extension Cross-Site Scripting (XSS) Vulnerability in MediaWiki's Special:NewFiles Unauthenticated Content Model Manipulation in MediaWiki Information Leakage in MediaWiki Special:Contributions Cross-Site Scripting (XSS) Vulnerability in MediaWiki Special Pages Blocked Users Unable to Reset Tokens Vulnerability Bypassing Page Deletion Restrictions in MediaWiki Lockscreen Bypass Vulnerability on LG Mobile Devices with Android OS 11 LG Mobile Devices: ISMS Service Access Control Bypass Vulnerability Information Disclosure Vulnerability in Redmine Bypassing add_issue_notes Permission Requirement in Redmine Issues API Hard-coded Default Administrator Account and Password Vulnerability in EDIMAX Wireless Network Camera Command Injection Vulnerability in IP Camera's NTP Server Configuration Function Remote Privilege Escalation in Network Camera Device via Manage Users Profile Services Webcam Device Vulnerability: Unauthorized Access and Control of Sensitive Information Webcam Device Vulnerability: Unauthorized Access to User Credentials Intelbras WIN 300 and WRN 342 Devices: HTML Source Code Disclosure of Credentials Vulnerability Stored XSS Vulnerability in ERP POS Customer Profile Page Allows Remote Attackers to Inject Malicious JavaScript and Manipulate Customer Information Stored XSS Vulnerability in ERP POS News Page Allows Remote Attackers to Inject Malicious JavaScript and Manipulate Customer Information Reflected XSS Vulnerability in Quan-Fang-Wei-Tong-Xun System Allows Remote Attackers to Manipulate Customer Information Arbitrary File Access via Local File Inclusion in Omni-Directional Communication System Stored XSS Vulnerability in RiyaLab CloudISO Time Management Page SQL Injection Vulnerability in ZEROF Web Server 1.0 (April 2021) SQL Injection Vulnerability in ZEROF Expert pro/2.0 Mobile Application SQL Injection Vulnerability in PHP-Nuke 8.3.3 User Registration Section Leading to Remote Code Execution NULL Pointer Dereference in synic_get for SynIC Hyper-V Context (CID-919f4ebc5987) Apache Dubbo Remote Code Execution via Native Java Deserialization Unauthenticated Boolean-Based SQL Injection in ipeak Infosystems ibexwebCMS 3.5 Arbitrary Constructor Calling Vulnerability in Apache Dubbo (CVE-2021-29425) Arbitrary Code Execution Vulnerability in Apache Dubbo Cleartext Storage of Sensitive Information in Octopus Server Logs Arbitrary Code Execution Vulnerability in GNU Chess 6.2.7 via Crafted PGN Data CERN Indico Password Reset Link Vulnerability Heap-based Buffer Overflow in CODESYS V2 Runtime System SP (CVE-2021-3017) OS Command Injection Vulnerability in CODESYS V2 Runtime System SP Stack-based Buffer Overflow in CODESYS V2 Runtime System SP before 2.4.7.55 Stack-based Buffer Overflow in CODESYS V2 Web-Server before 1.1.9.20 Directory Traversal Vulnerability in ffay lanproxy 0.1 Allows Unauthorized Access to Credentials Improper Access Control in CODESYS V2 Web-Server Buffer Overflow Vulnerability in CODESYS V2 Web-Server Improperly Implemented Security Check in CODESYS V2 Web-Server Out-of-bounds Write Vulnerability in CODESYS V2 Web-Server Out-of-bounds Read Vulnerability in CODESYS V2 Web-Server Improper Input Validation in CODESYS V2 Runtime System (CVE-XXXX-XXXX) Null Pointer Dereference in GPAC 1.0.1: Crash Vulnerability in filters/reframe_latm.c Privilege Escalation Vulnerability in ClusterLabs Hawk Insecure External XML Entity Processing in KaseyaWS API Reflected Cross-Site Scripting (XSS) Vulnerability in dzzoffice 2.02.1_SC_UTF8 Unauthenticated Access Control Vulnerability in dzzoffice 2.02.1_SC_UTF8 Arbitrary File Upload Vulnerability in Textpattern V4.8.4 SQL Injection Vulnerability in ISPConfig before 3.2.2 Stored Cross-Site Scripting (XSS) in Knowage Suite 7.3 via 'surname' parameter in '/knowage/restful-services/signup/update' Stored Cross-Site Scripting (XSS) in Knowage Suite 7.3 via '/knowage/restful-services/documentnotes/saveNote' Unauthenticated Reflected XSS in Knowage Suite 7.3 via '/servlet/AdapterHTTP' Stored Client-Side Template Injection in Knowage Suite 7.3 via 'name' parameter in '/knowage/restful-services/signup/update' NULL Pointer Dereference in Samurai 1.2's writefile() Function via Crafted Build File NULL Pointer Dereference in printstatus() Function in Samurai 1.2 via Crafted Build File Unprotected MTK Protect2 Partition Vulnerability on LG Mobile Devices with Android OS 10 CSRF Vulnerability in Rukovoditel v2.8.3 Allows Creation of Arbitrary Admin User Emlog 6.0 Article Comments Feature XSS Vulnerability Remote Command Execution Vulnerability in China Mobile An Lianbao WF-1 Router 1.0.1 Remote Command Execution Vulnerability in China Mobile An Lianbao WF-1 Router 1.0.1 Remote Command Execution Vulnerability in China Mobile An Lianbao WF-1 Router 1.0.1 Remote Command Execution Vulnerability in China Mobile An Lianbao WF-1 Router 1.0.1 Remote Command Execution Vulnerability in China Mobile An Lianbao WF-1 Router 1.0.1 Arbitrary Command Execution Vulnerability in China Mobile An Lianbao WF-1 Router 1.0.1 Arbitrary Command Execution Vulnerability in China Mobile An Lianbao WF-1 Router 1.0.1 Disclosure of Internal IP Address in HashiCorp Vault and Vault Enterprise Apache OpenOffice Hyperlink Code Execution Vulnerability Invalid RSA PKCS#1 v1.5 Signatures Validation Vulnerability SQL Injection in Invision Community IPS Community Suite Downloads REST API Critical Buffer Overflow Vulnerability in Snapdragon Devices' Factory Calibration and Test DIAG Command Buffer Overflow Vulnerability in PDM DIAG Command in Snapdragon Devices Stack Overflow Vulnerability in VR Service: Improper Camera Name Length Validation in Snapdragon Compute, Connectivity, Consumer IOT, and Industrial IOT Unvalidated DSP Selection Values Vulnerability in Snapdragon Compute, Connectivity, Consumer IOT, and Industrial IOT Critical Buffer Overflow Vulnerability in Snapdragon Platform VR Service Improper Validation of Function Table Entries in Multiple Snapdragon Platforms Cross-Site Scripting (XSS) Vulnerability in Invision Community IPS Community Suite before 4.5.4.2 Improper Input Validation in extscan hostlist Configuration Command in Snapdragon Platforms Unvalidated Input Size Vulnerability in Snapdragon Platforms Memory Access Vulnerability in Snapdragon Platforms Race Condition Vulnerability in On-Device Logging Node in Snapdragon Compute, Industrial IOT, Mobile, Voice & Music Critical Use After Free Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables Improper Memory Validation in Interface Initialization Vulnerability FTM ARA Commands Vulnerability: Integer Overflow Leading to Buffer Overflow in Snapdragon Platforms Heap Memory Corruption Vulnerability in Snapdragon Platforms Null Pointer Dereference Vulnerability in Snapdragon Platforms LDAP Injection Vulnerability in LibrIT PaSSHport Null Pointer Dereference Vulnerability in Multiple Snapdragon Platforms Null Pointer Dereference Vulnerability in Multiple Snapdragon Platforms Null Pointer Dereference Vulnerability in Snapdragon Platforms Critical Vulnerability: Improper Handling of Invalid Length in Destination Options Header in Snapdragon Platforms Critical Vulnerability: Integer Overflow in Access Control Initialization Interface in Snapdragon Platforms Critical Vulnerability: Integer Overflow in Page Alignment Interface in Snapdragon Platforms Dynamic XPU Re-configuration Vulnerability in Snapdragon Platforms TrustZone Memory Transfer Interface Vulnerability Improper Permission Masking Vulnerability in Snapdragon Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure, and Networking Code Execution Vulnerability in git-big-picture before 1.0.0 due to Mishandling of ' Characters in Branch Name Improper Data Check Vulnerability in Multiple Snapdragon Platforms Critical Out of Bound Write Vulnerability in Snapdragon Platforms Denial of Service Vulnerability in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile: Improper Handling of Debug Register Trap from User Applications Vulnerability: Message Integrity Check Failure in Snapdragon Platforms Memory Region Validation Vulnerability in Snapdragon Platforms Improper Symbol Validation in Snapdragon Platforms: PDCCH Monitoring Vulnerability Stack Overflow Vulnerability in Snapdragon Platforms Unbounded Range Check Vulnerability in Snapdragon Platforms OS Command Injection Vulnerability in EVOLUCARE ECSIMAGING (aka ECS Imaging) 6.21.5 Race condition vulnerability in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile: Potential Null Pointer Dereference Memory Corruption Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Platforms PUSCH Configuration Vulnerability: Lack of Input Validation in Snapdragon Platforms Null Pointer Dereference Vulnerability in KGSL GPU Auxiliary Command in Snapdragon Auto, Connectivity, Industrial IOT, and Mobile Heap Overflow Vulnerability in Snapdragon Platforms Improper Validation of Packet Length in VR Service: Potential Out of Bound Read Vulnerability Improper Validation of Item Size and DIAG Memory Pools Data Switching Vulnerability Hex Data Decoding Vulnerability in Snapdragon Platforms: Potential Denial of Service Exploit Memory Exhaustion Vulnerability in Snapdragon Auto, Industrial IOT, and Mobile Devices Leads to Denial of Service EAP WAPI EAPOL Frame Authentication Vulnerability in Snapdragon Platforms Segmented WMI Command Buffer Overflow Vulnerability Improper Validation of TBTT Count and Length in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity: Buffer Out of Bound Read Vulnerability Unvalidated Page Offset Vulnerability in Snapdragon Platforms Improper Buffer Allocation Vulnerability in Snapdragon Platforms Improper Validation of DNS Response in Snapdragon Platforms: Potential Denial of Service Vulnerability Buffer Overflow Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Devices Etherleak Vulnerability in PAN-OS Firewalls: Information Leakage via Padding Bytes Buffer Overflow Vulnerability in Snapdragon Auto, Connectivity, Consumer Electronics, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music Heap Overflow Vulnerability in Snapdragon Platforms Vulnerability: Improper Authentication of Sub-Frames in Snapdragon Platforms Race condition vulnerability in wired connectivity leading to use after free condition Third-Party Application Access Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Auto Sensor HAL Improper Boundary Check Vulnerability in Snapdragon Platforms ELF Metadata Validation Bypass Vulnerability in Snapdragon Platforms HDCP Key Provisioning Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Platforms Information Exposure Through Log File Vulnerability in Palo Alto Networks PAN-OS Software Buffer Overflow Vulnerability in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity: Unchecked Parameter Length in MBSSID Scan IE Parse Improper Validation of GPIO Configuration Leads to Out of Bounds Write Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Platforms Out of Bound Write Vulnerability in Snapdragon Platforms Critical Vulnerability: Out of Bound Access in Snapdragon Platforms Improper Size Validation Vulnerability in Snapdragon Auto, Compute, Connectivity, Industrial IOT, and Mobile Critical Buffer Overflow Vulnerability in Snapdragon Devices: Overwriting Secure Configuration Data via Sahara Protocol Critical Vulnerability: Improper Validation of Invalid NR CSI-IM Resource Configuration in Snapdragon Platforms Improper Validation of TCI Configuration in Snapdragon Platforms Cryptographic Signature Bypass Vulnerability in Palo Alto Networks Prisma Cloud Compute Console Improper Validation of APE Clip in Snapdragon Platforms: Null Pointer Dereference Vulnerability Critical Vulnerability: Buffer Overflow Exploit in Snapdragon Platforms OTA Configuration Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Critical Use After Free Vulnerability in Snapdragon Platforms Simultaneous Add/Update Requests Vulnerability in Multiple Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Multiple Snapdragon Platforms TrustZone Memory Transfer Interface Vulnerability in Snapdragon Compute Insecure PRNG Output Reading in Snapdragon Platforms: A Key Generation Vulnerability SAML SSO Integration Secrets Exposure in Cortex XSOAR Improper Validation of Coreset in PDCCH Configuration in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Race condition vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Voice & Music, and Wearables: Improper integrity check between PDCP and RRC tasks Race Condition Vulnerability in Snapdragon Auto, Compute, Connectivity, Industrial IOT, and Mobile: Improper Integrity Check between PDCP and RRC Tasks Replayed LTE Security Mode Command Vulnerability in Snapdragon Platforms Improper SMMU Configuration in Snapdragon Devices Allows Unauthorized Access to Secure Resources Improper SMMU Configuration in Snapdragon Devices Allows Unauthorized Access to Secure Resources Race Condition Vulnerability in Snapdragon Auto, Compute, Connectivity, Industrial IOT, and Mobile: Improper Integrity Check between PDCP and RRC Tasks Vulnerability: Denial of Service in Snapdragon Platforms Vulnerability: Improper Access Control Sequence in Snapdragon Platforms Unsafe Deserialization Vulnerability in Bridgecrew Checkov Allows Arbitrary Code Execution Memory Corruption Vulnerability in Snapdragon Platforms Critical Vulnerability: Out of Bound Memory Access in Snapdragon Platforms during Music Playback Function Pointer Type Validation Vulnerability in Snapdragon Platforms Heap-Based Buffer Overflow in Amazon Kindle E-Reader (CVE-2021-XXXX) Privilege Escalation Vulnerability in Amazon Kindle E-Reader (<= 5.13.4) Check Point Identity Agent Denial of Service Vulnerability: Privilege Escalation and System File Overwrite Partial Disclosure of Configuration Files in SSL Network Extender Client for Linux Path Manipulation Vulnerability in Mobile Access Portal Native Applications Privilege Escalation via Installation Repair in Harmony Browse and SandBlast Agent for Browsers Cleartext Logging of Secrets in Palo Alto Networks PAN-OS XML API Requests Privilege Escalation via Specially Crafted EXE in MS Installer Repair Directory Command Injection Vulnerability in Check Point Gaia Portal's GUI Clients Information Exposure through Log Files: Cleartext Credentials in Palo Alto Networks PAN-OS Configuration Export Windows Blue Screen of Death (BSOD) DoS Vulnerability in Palo Alto Networks GlobalProtect App Information Exposure Through Log File Vulnerability in Palo Alto Networks Prisma Cloud Compute Console Unsafe Deserialization Vulnerability in Bridgecrew Checkov Allows Arbitrary Code Execution Local Privilege Escalation in Palo Alto Networks Cortex XDR Agent on Windows Platforms Local Privilege Escalation in Palo Alto Networks Cortex XDR Agent on Windows Platforms Reflected Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console Improper Authorization Vulnerability in Palo Alto Networks Cortex XSOAR REST API Arbitrary File Read Vulnerability in Palo Alto Networks PAN-OS Web Interface Uninitialized Memory Buffer Vulnerability in outer_cgi Crate Double Free Vulnerability in id-map Crate Double Free Vulnerability in id-map Crate Double Free Vulnerability in id-map Crate Cross-Site Scripting (XSS) Vulnerability in Wikimedia Parsoid SQL Injection in Jazzband Django Debug Toolbar SAML Authentication Impersonation Vulnerability in Palo Alto Networks PAN-OS Software Remote Code Execution Vulnerability in VoIPmonitor Web UI Privilege Escalation in VestaCP through 0.9.8-24 via Sudo Configuration Privilege Escalation via Symlink Vulnerability in VestaCP Denial of Service Vulnerability in OMICRON StationGuard Container Filesystem Breakout via Directory Traversal in runc Infinite Loop Denial of Service Vulnerability in Apache CXF's JsonMapObjectReaderWriter Use-after-free vulnerability in PoDoFo 0.9.7 allows denial of service via crafted PDF file Cryptographically Weak PRNG Vulnerability in Palo Alto Networks PAN-OS Web Interface Stack Overflow Vulnerability in PoDoFo 0.9.7 Stack Overflow Vulnerability in PoDoFo 0.9.7 Stack-based Buffer Overflow in PdfEncryptMD5Base::ComputeOwnerKey Function in PoDoFo 0.9.7 Out-of-Bounds Memory Freeing in libaom's aom_image.c Use-after-free vulnerability in libaom's aom_dsp/grain_table.c Buffer Overflow in aom_dsp/noise_model.c in libaom Improper Configuration of GCE-Type Bound Labels in HashiCorp Terraform's Vault Provider Outgoing Webhook Bot Privilege Escalation in Zulip Server Zulip Server Vulnerability: Unauthorized Message Forging by Users with can_forge_sender Permission Improper Access Control in Zulip Server Allows Guest Users to Access Private Message Traffic Denial-of-Service Vulnerability Caused by Invalid URL Entries in External Dynamic List (EDL) Remote Code Execution Vulnerability in Zoom Chat Software Buffer Overflow Vulnerability in Valve Steam Allows Remote Code Execution Application Password Revocation Vulnerability in JetBrains UpSource Directory Traversal Vulnerability in isomorphic-git before 1.8.2 NULL Pointer Dereference in ezXML 0.8.6 during Parsing of Crafted XML File Blind and Stacked SQL Injection Vulnerabilities in SysAid 20.3.64 b14 via Asset Management Components Cross-Organization Message Movement Vulnerability in Zulip Server 3.x before 3.4 Improper Authorization Vulnerability in Palo Alto Networks Cortex XSOAR Server Insecure Permissions in ViewPowerHTML Enable Privilege Escalation Razer Synapse 3 Software Suite Vulnerability: Unauthorized File Creation in Unintended Directories Privilege Escalation Vulnerability in Razer Synapse 3 Software Suite Denial of Service Vulnerability in Telegram iOS App 7.6.2 Unauthenticated Remote File Read Vulnerability in Ivanti Avalanche (Premise) 6.3.2 Heap Buffer Overflow in export_tga function of libcaca Buffer Overflow Vulnerability in libcaca's export_troff Function Palo Alto Networks PAN-OS Web Interface OS Command Injection Vulnerability Null Pointer Dereference Vulnerability in upx PackLinuxElf::canUnpack() UPX 4.0.0 MemBuffer::alloc() Assertion Abort Denial of Service Vulnerability Remote Code Execution in vscode-ghc-simple Extension via Crafted Workspace Configuration Remote Code Execution in GLSL Linting Extension for Visual Studio Code (CVE-2021-12345) Unbounded Resource Allocation Vulnerability in JetBrains IntelliJ IDEA (before 2021.1) Privilege Escalation through Insecure Security UI in Google Chrome for Android Remote Code Execution via Insecure Offline Implementation in Google Chrome on Android Heap Buffer Overflow in Media Feeds in Google Chrome Prior to 90.0.4430.212 Out of Bounds Write Vulnerability in Google Chrome Tab Strip Improper Verification of Cryptographic Signature Vulnerability in Cortex XSOAR SAML Authentication Aura Use After Free Vulnerability in Google Chrome (CVE-2021-212) Tab Groups Out of Bounds Read Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome Notifications Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 90.0.4430.212) Autofill Use After Free Vulnerability in Google Chrome (CVE-2021-212) Heap Corruption Vulnerability in Google Chrome File API (CVE-2021-212) Heap Buffer Overflow in Google Chrome's History Prior to 90.0.4430.212 Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 90.0.4430.212) Heap Buffer Overflow in Google Chrome Reader Mode Exploitable Use After Free Vulnerability in Google Chrome Payments (CVE-2021-212) Reflected Cross-Site Scripting (XSS) Vulnerability in Palo Alto Network PAN-OS Web Interface Use After Free Vulnerability in Google Chrome Tab Strip Heap Buffer Overflow in Autofill in Google Chrome on Android WebAudio Use After Free Vulnerability in Google Chrome Remote Code Execution Vulnerability in WebRTC in Google Chrome TabStrip Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in TabGroups in Google Chrome Out of Bounds Write Vulnerability in Google Chrome TabStrip (CVE-2021-30563) Heap Corruption Vulnerability in Google Chrome WebUI Remote Code Execution via Use After Free in WebAuthentication in Google Chrome on Android Heap Corruption Exploit: Use After Free Vulnerability in Google Chrome Bookmarks (CVE-2021-30563) Palo Alto Networks PAN-OS Denial of Service Vulnerability Out of Bounds Memory Access Vulnerability in WebAudio in Google Chrome (CVE-2021-30563) Bypassing Content Security Policy in Google Chrome prior to 91.0.4472.77 via Crafted HTML Page Bypassing Content Security Policy in Google Chrome prior to 91.0.4472.77 via Crafted HTML Page Bypassing Navigation Restrictions via Crafted Iframe in Google Chrome PopupBlocker (CVE-2021-30563) Bypassing Navigation Restrictions in iFrameSandbox in Google Chrome (CVE-2021-30563) Double Free Vulnerability in ICU in Google Chrome (prior to 91.0.4472.77) Allows Remote Heap Corruption Remote Code Execution via Out of Bounds Read in V8 in Google Chrome Cookie Policy Bypass Vulnerability in Google Chrome (prior to 91.0.4472.77) Bypassing Content Security Policy in Google Chrome (prior to 91.0.4472.77) via Crafted HTML Page Bypassing Content Security Policy in Google Chrome (prior to 91.0.4472.77) via Crafted HTML Page TOCTOU Race Condition Vulnerability in Palo Alto Networks PAN-OS Web Interface Allows Arbitrary Code Execution with Root Privileges Domain Spoofing Vulnerability in Google Chrome for Android (prior to 91.0.4472.77) Allows Remote Attackers to Perform Payment Fraud Heap Corruption Vulnerability in V8 Engine in Google Chrome (prior to 91.0.4472.164) via Crafted HTML Page Use After Free Vulnerability in Google Chrome Tab Strip (CVE-2021-30563) Use After Free Vulnerability in Google Chrome Tab Strip (CVE-2021-30563) BFCache Use After Free Vulnerability in Google Chrome (CVE-2021-30563) Remote Code Execution via Use After Free in Google Chrome Extensions Autofill Use After Free Vulnerability in Google Chrome (CVE-2021-30563) Out of Bounds Write Vulnerability in ANGLE in Google Chrome (CVE-2021-30563) Heap Corruption Vulnerability in Google Chrome Loader (CVE-2021-30563) Heap Corruption Vulnerability in Google Chrome Spell Check Extension (CVE-2021-30563) Palo Alto Networks PAN-OS Web Interface XXE Vulnerability Heap Corruption Vulnerability in Google Chrome Accessibility (CVE-2021-30563) Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 91.0.4472.101) Heap Corruption Exploit via Malicious Extension Installation in Google Chrome Remote Code Execution Vulnerability in Google Chrome Network Service (CVE-2021-30563) WebGL Use After Free Vulnerability in Google Chrome (CVE-2021-30563) Heap Corruption Exploit: Use After Free Vulnerability in Google Chrome Sharing (prior to 91.0.4472.114) WebAudio Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in TabGroups in Google Chrome Bypassing Content Security Policy in Google Chrome (CVE-2021-30563) Remote Code Execution via Out of Bounds Write in ANGLE in Google Chrome Root Privilege Code Execution Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN Blink XSLT Use After Free Vulnerability in Google Chrome (CVE-2021-30563) Heap Corruption Exploit via Type Confusion in V8 WebSerial Use After Free Vulnerability in Google Chrome Heap Corruption Exploit via Type Confusion in V8 WebXR Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Out of Bounds Write Vulnerability in Google Chrome Tab Groups Stack Buffer Overflow in Google Chrome Printing (CVE-2021-30563) Heap Corruption Exploit via Use After Free in Google Chrome DevTools Heap Buffer Overflow in WebGL in Google Chrome: Remote Code Execution Vulnerability SQLite Use After Free Vulnerability in Google Chrome (CVE-2021-30563) Title: Critical Stack-Based Buffer Overflow Vulnerability in Palo Alto Networks GlobalProtect App Allows for Arbitrary Code Execution Sandbox Escape Vulnerability in Google Chrome DevTools (CVE-2021-30563) Autofill Use After Free Vulnerability in Google Chrome (CVE-2021-30563) GPU Heap Corruption via Crafted HTML Page in Google Chrome (CVE-2021-30563) Remote Code Execution via Use After Free in Google Chrome (CVE-2021-30563) Autofill Out of Bounds Write Vulnerability in Google Chrome (CVE-2021-30563) Heap Corruption Exploit via Malicious Extension in Google Chrome DevTools Local Privilege Escalation Vulnerability in Google Chrome Installer Out of Bounds Memory Access Vulnerability in Google Chrome (CVE-2021-30563) Use After Free Vulnerability in Google Chrome UI Framework Palo Alto Networks PAN-OS Web Interface OS Command Injection Vulnerability Android Intent Policy Enforcement Vulnerability in Google Chrome Heap Corruption Exploit via Malicious Extension in Google Chrome DevTools Cross-Origin Data Leakage in Animation Implementation in Google Chrome (CVE-2021-30563) Cross-Origin Data Leakage in iOS Google Chrome Prior to 92.0.4515.107 Domain Spoofing Vulnerability in Google Chrome for Android (prior to 92.0.4515.107) via Downloads UI Remote Code Execution Vulnerability in Google Chrome on Windows Use After Free Vulnerability in Windows Dialog Box Handling in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome (CVE-2021-30563) Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit Remote Code Execution via Crafted Click-to-Call Link in Google Chrome (CVE-2021-30563) OS Command Injection Vulnerability in Palo Alto Networks PAN-OS Management Interface Heap Buffer Overflow in Google Chrome Bookmarks Heap Corruption Vulnerability in Google Chrome File System API Tab Groups Out of Bounds Write Vulnerability in Google Chrome (CVE-2021-30563) Tab Strip Out of Bounds Read Vulnerability in Google Chrome (CVE-2021-30563) Remote Code Execution via Use After Free in Google Chrome Page Info UI Spoofing Vulnerability in Google Chrome for Android (prior to 92.0.4515.131) Remote Code Execution via Use After Free in Google Chrome Browser UI Type Confusion Vulnerability in V8: Remote Code Execution in Google Chrome (CVE-2021-30563) Type Confusion Vulnerability in V8: Remote Code Execution in Google Chrome (CVE-2021-30563) OS Command Injection Vulnerability in PAN-OS Software's SCEP Feature Remote Code Execution via Use After Free in Google Chrome Printing Use After Free Vulnerability in Google Chrome Extensions API WebRTC Use After Free Vulnerability in Google Chrome (CVE-2021-30563) WebAudio Data Race Vulnerability in Google Chrome (CVE-2021-30563) ANGLE Use After Free Vulnerability in Google Chrome DCOM Access Rights Vulnerability in ChromeOS Readiness Tool Installer Chromium Blink: Use After Free Vulnerability (CVE-2021-30606) Chromium Vulnerability: Use After Free in Permissions (CVE-2021-30607) Chromium Web Share Use After Free Vulnerability (CVE-2021-30608) Chromium Sign-In Vulnerability: CVE-2021-30609 Use After Free Palo Alto Networks PAN-OS CLI OS Command Injection Vulnerability Chromium Vulnerability: Use After Free in Extensions API (CVE-2021-30610) Chromium WebRTC Use After Free Vulnerability (CVE-2021-30611) Chromium WebRTC Use After Free Vulnerability (CVE-2021-30612) Chromium Vulnerability: Use after free in Base Internals (CVE-2021-30613) Chromium TabStrip Heap Buffer Overflow Vulnerability (CVE-2021-30614) Chromium: Cross-origin Data Leak in Navigation (CVE-2021-30615) Chromium Media Use After Free Vulnerability (CVE-2021-30616) Chromium Vulnerability: Policy Bypass in Blink (CVE-2021-30617) Chromium DevTools: Inappropriate Implementation Vulnerability (CVE-2021-30618) Chromium Autofill UI Spoofing Vulnerability (CVE-2021-30619) Improper Access Control Vulnerability in PAN-OS Software Enables Unauthorized Access to EC2 Instance Metadata Endpoint Chromium: Insufficient Policy Enforcement in Blink (CVE-2021-30620) Chromium Autofill UI Spoofing Vulnerability (CVE-2021-30621) Chromium WebApp Installs: Use After Free Vulnerability (CVE-2021-30622) Chromium Vulnerability: Use After Free Exploit in Bookmarks (CVE-2021-30623) Chromium Autofill Use After Free Vulnerability Heap Corruption Vulnerability in Google Chrome's Selection API (CVE-2021-37973) Heap Corruption Vulnerability in ANGLE in Google Chrome (CVE-2021-30563) Type Confusion Vulnerability in Blink Layout Engine Remote Code Execution via Stack Buffer Overflow in ANGLE in Google Chrome Use After Free Vulnerability in Google Chrome (CVE-2021-30563) GlobalProtect Portal and Gateway Interfaces Denial of Service Vulnerability Cross-Origin Data Leakage in Google Chrome Prior to 93.0.4577.82 Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2021-30563) Sandbox Escape via Use After Free in Indexed DB API in Google Chrome Directory Traversal Vulnerability in Sonatype Nexus Repository Manager 3.x before 3.30.1 Integer Overflow Vulnerability in MediaTek LinkIt SDK Stored XSS in htmly 2.8.0 via blog title, Tagline, or Description in config.html.php Apache Tapestry Information Exposure Vulnerability in Context Asset Handling Apache Tomcat Denial of Service Vulnerability Memory Corruption Vulnerability in Palo Alto Networks GlobalProtect Interface JNDI Realm Authentication Bypass Vulnerability in Apache Tomcat Apache HTTP Server Vulnerability: Unexpected Matching Behavior with 'MergeSlashes OFF' Arbitrary OS Command Execution Vulnerability in Symantec Security Analytics Web UI Authentication Bypass Vulnerability in Symantec Advanced Secure Gateway (ASG) and ProxySG Web Management Consoles Reflected XSS Vulnerability in Symantec Layer7 API Management OAuth Toolkit (OTK) Allows Remote Code Injection Unauthorized Access to External LDAP/Active Directory Server Passwords by Malicious SMG Administrator Vulnerability Patched: Race Condition Exploitable for Root Privilege Escalation Arbitrary Code Execution Vulnerability in Image Processing GarageBand 10.4.3 Patch: Local Attacker Exploits Sensitive Information Disclosure Vulnerability Privilege Escalation Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Kernel Memory Layout Disclosure Vulnerability Gatekeeper Bypass Vulnerability in macOS Big Sur 11.3 and Security Update 2021-002 Catalina Gatekeeper Bypass Vulnerability in macOS Big Sur 11.3 Sensitive User Information Leakage Vulnerability Improved Bounds Checking to Address Out-of-Bounds Read Vulnerability in macOS and iOS Use After Free Vulnerability in Apple Software Arbitrary Code Execution Vulnerability Fixed in iOS 14.5 and iPadOS 14.5 Arbitrary Code Execution via Integer Overflow in iOS, iPadOS, tvOS, Safari, and macOS Improper Bounds Checking Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Apple Devices Buffer Overflow Vulnerability in iOS 12.5.3 Allows Arbitrary Code Execution Improved Validation for Authentication Mechanism in iOS 14.6 and iPadOS 14.6 Login Window Bypass Vulnerability in macOS Big Sur 11.4 Gatekeeper Bypass Vulnerability in macOS Big Sur 11.4 and Earlier Versions Unauthorized Apple Event Vulnerability in macOS Finder Memory Corruption Vulnerability Allows Privilege Escalation Improved Access Restrictions for Call History in macOS Big Sur 11.4 and Security Update 2021-003 Catalina Memory Disclosure Vulnerability Patched in iOS 14.6 and iPadOS 14.6 Privilege Escalation Vulnerability in Boot Camp 6.1.14 Vulnerability: Logic Issue Leading to Unexpected System Termination and Kernel Memory Read Sandbox Escape Vulnerability Patched in Apple's Latest Updates Title: Logic Issue in macOS Allows Remote Code Execution Privilege Escalation Vulnerability Patched in macOS Big Sur 11.4 and Security Updates Vulnerability: Unsigned Kernel Extension Loading in macOS Big Sur 11.4 Symlink Validation Vulnerability Allows Root Privilege Escalation Improved Restrictions for Logic Issue in Apple Software: Potential Sensitive User Information Leakage Vulnerability Title: Use After Free Vulnerability in macOS Big Sur 11.4 and Earlier Versions Logic Issue in macOS Big Sur and Catalina Allows Remote Code Execution Vulnerability: Information Disclosure via Malicious Audio File Parsing Memory Disclosure Vulnerability in Apple Operating Systems Improper Bounds Checking in Image Processing Leads to User Information Disclosure Sandbox Escape Vulnerability Patched in macOS Big Sur 11.4 and Security Update 2021-003 Catalina Universal Cross-Site Scripting Vulnerability Patched in Apple's Latest Software Updates Apache Multiple Vulnerabilities Fixed in Security Update 2021-004 Mojave Memory Disclosure Vulnerability in macOS and iOS Memory Disclosure Vulnerability in macOS and iOS Arbitrary Code Execution Vulnerability in Image Processing Memory Disclosure Vulnerability in macOS and iOS Improper Bounds Checking in USD File Processing Leads to Memory Disclosure Privileged Network Position Vulnerability in macOS: Improved State Management Fix Improved State Management to Address Logic Issue and Prevent Sensitive User Information Leakage Improper Input Validation Leads to Null Pointer Dereference Vulnerability Lockscreen Bypass Vulnerability in iOS 14.6 and iPadOS 14.6 Image Processing Vulnerability in macOS, tvOS, watchOS, iOS, and iPadOS Arbitrary Code Execution Vulnerability in Image Processing Login Window Bypass Vulnerability Patched in macOS Big Sur 11.4 and Security Updates Double Free Vulnerability in Apple Operating Systems Kernel Privilege Escalation Vulnerability Memory Disclosure Vulnerability in ASTC File Processing Image Processing Vulnerability in macOS, tvOS, watchOS, iOS, and iPadOS: User Information Disclosure Fixed in Latest Updates Arbitrary Code Execution Vulnerability in macOS, tvOS, watchOS, iOS, and iPadOS Vulnerability: Out-of-Bounds Read in USD File Processing Memory Disclosure Vulnerability in macOS and iOS Memory Corruption Vulnerability in Apple Operating Systems Title: Logic Issue in macOS Allows Remote Code Execution macOS Big Sur 11.4 Patch: Privacy Preferences Bypass Vulnerability Race Condition Vulnerability Fixed in iOS 14.6 and iPadOS 14.6: Potential System Termination and Kernel Memory Write Denial of Service Vulnerability Patched in Apple Operating Systems Privileged Network Position Denial of Service Vulnerability Memory Corruption Vulnerability in macOS Big Sur 11.4 and Earlier Versions Privilege Escalation Vulnerability in macOS Big Sur 11.4 macOS Big Sur and Catalina Vulnerability: Local User Exploitation for System Termination and Kernel Memory Read Vulnerability: Logic Issue Allows Malicious Website to Access Restricted Ports Path Validation Vulnerability in macOS Improved State Management to Prevent Information Disclosure in macOS Big Sur 11.4 and Security Updates Memory Disclosure Vulnerability in macOS and iOS Privilege Escalation Vulnerability Patched in Multiple Apple Operating Systems Memory Corruption Vulnerability in USD File Processing Kernel Privilege Escalation Vulnerability in macOS File System Modification Vulnerability in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6, and iPadOS 14.6 Kernel Privilege Escalation via Out-of-Bounds Write Vulnerability Vulnerability Patched: Logic Issue Allows Acceptance of Invalid Activation Results in iOS 14.6 and iPadOS 14.6 USB Device Capture Vulnerability Patched in macOS Big Sur 11.4 and Security Update 2021-004 Catalina Font Processing Out-of-Bounds Read Vulnerability Arbitrary Code Execution Vulnerability in Apple Devices Kernel Privilege Escalation Vulnerability in macOS Buffer Overflow Vulnerability Patched in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6, and iPadOS 14.6 Memory Corruption Vulnerability in ASN.1 Decoder Allows Arbitrary Code Execution Arbitrary File Overwrite Vulnerability Patched in macOS Big Sur 11.4 and Security Update 2021-004 Mojave Privilege Escalation Vulnerability in macOS Kernel Privilege Escalation Vulnerability in macOS, tvOS, watchOS, iOS, and iPadOS Use After Free Vulnerability in iOS and iPadOS 14.6 Memory Consumption Vulnerability in iOS 14.5 and iPadOS 14.5 Allows Arbitrary Code Execution via Malicious Audio File Arbitrary Code Execution Vulnerability in Image Processing Universal Cross-Site Scripting Vulnerability in Apple Devices and Safari Browser Improper Input Validation in USD File Processing Leads to Memory Disclosure Memory Corruption Vulnerability in iOS 14.7 and macOS Big Sur 11.5 Allows Arbitrary Code Execution with Kernel Privileges Arbitrary Code Execution Vulnerability in Apple Devices Improved Permissions Logic Fixes Vulnerability Allowing Access to User's Recent Contacts Privacy Bypass Vulnerability in macOS Big Sur 11.4 Arbitrary Code Execution Vulnerability in Image Processing Font Processing Out-of-Bounds Read Vulnerability Font Processing Vulnerability Allows Disclosure of Process Memory Now Playing Information Leak from Lock Screen Vulnerability in iMovie 10.2.4 Allows Malicious App Access to Entitlements and Privacy Permissions Type Confusion Vulnerability Patched in iOS 14.7 and Other Apple Platforms Title: Critical Vulnerability Patched in Apple Devices: Arbitrary Code Execution via Malicious Font File Font File Integer Overflow Vulnerability Memory Corruption Vulnerability in iOS 12.5.4 Allows Arbitrary Code Execution iOS 12.5.4 Patch: Use After Free Vulnerability with Arbitrary Code Execution Shortcut Bypasses Internet Permission Requirements in iOS 14.7 and watchOS 7.6 Arbitrary Code Execution Vulnerability in iOS, iPadOS, watchOS, and tvOS (Fixed in 14.5) Vulnerability: Out-of-Bounds Write Exploit Allows Arbitrary Code Execution with Kernel Privileges Vulnerability: Out-of-Bounds Write Exploit Allows Arbitrary Code Execution with Kernel Privileges File System Modification Vulnerability Sandbox Circumvention Vulnerability Patched in Multiple Apple Operating Systems Pointer Authentication Bypass Vulnerability in iOS 14.7, tvOS 14.7, and watchOS 7.6 Kernel Memory Bypass Vulnerability in iOS 14.7, tvOS 14.7, watchOS 7.6 Font File Out-of-Bounds Write Vulnerability Patched in macOS Big Sur 11.4 and iOS 14.6 Privilege Escalation Vulnerability in macOS Big Sur 11.5 Code Signature Validation Vulnerability in iOS 14.7, tvOS 14.7, and watchOS 7.6 Root Privilege Escalation Vulnerability in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7 Memory Corruption Vulnerability in Audio File Processing Vulnerability: Unexpected Application Termination via Malicious Audio File Root Privilege Escalation Vulnerability in macOS Big Sur 11.5 and Earlier Versions Privacy Preferences Bypass Vulnerability in macOS Big Sur 11.5 Arbitrary Code Execution Vulnerability in Image Processing Root Privilege Escalation Vulnerability in Apple Operating Systems Vulnerability: Local Attacker Exploitation Leading to Application Termination or Code Execution Vulnerability Patched: Unauthorized Access to Restricted Files in macOS Sandbox Circumvention Vulnerability in macOS Vulnerability Title: Local Code Execution on Apple T2 Security Chip in macOS Big Sur 11.5 Title: Critical Buffer Overflow Vulnerability Patched in Apple's Latest Software Updates Race Condition Vulnerability in PDF File Handling Vulnerability: Application-Triggered System Termination and Kernel Memory Write Vulnerability Patched: Denial-of-Service and Memory Disclosure in TIFF File Processing Font File Out-of-Bounds Read Vulnerability Title: macOS Information Disclosure Vulnerability Patched in Big Sur 11.5 and Security Updates Improper Bounds Checking in File Processing Leads to User Information Disclosure Vulnerability: Out-of-Bounds Write in Image Processing Leading to Arbitrary Code Execution Kernel Privilege Escalation Vulnerability in macOS Big Sur 11.5 and Earlier Versions Arbitrary Code Execution Vulnerability in iOS, Safari, macOS, watchOS, and tvOS Image Processing Logic Issue Leading to Denial of Service in iOS and macOS Code Execution Vulnerability in iOS, Safari, macOS, watchOS, and tvOS Privacy Preference Bypass Vulnerability Memory Corruption Vulnerabilities in iOS, macOS, and Security Updates iOS 14.7 Patch: Vulnerability Exploitable via Malicious Wi-Fi Networks Use After Free Vulnerability Patched in iOS 14.7 and tvOS 14.7, Allowing Arbitrary Code Execution macOS Big Sur 11.5 Fixes Permissions Vulnerability Allowing Unauthorized Access to Recent Contacts Find My Data Access Vulnerability Patched in iOS 14.7 Memory Corruption Vulnerability in macOS Big Sur 11.5 and Earlier Kernel Privilege Escalation Vulnerability in macOS, iOS, iPadOS, and watchOS Vulnerability: File System Tampering Exploit Arbitrary Code Execution Vulnerability Fixed in Safari 15 and iOS 15 Wi-Fi Network Forcing Vulnerability during Device Setup Local Information Disclosure Vulnerability in iOS 15, iPadOS 15, and watchOS 8 Login Window Bypass Vulnerability in macOS Monterey 12.0.1 Arbitrary Code Execution Vulnerability in Image Processing Lock Screen Contact Access Vulnerability Privacy Breach: Unauthorized Access to Contact Information on iOS 15 and iPadOS 15 macOS Big Sur 11.5 Fixes Permissions Vulnerability Allowing Unauthorized Access to Family Sharing Data Type Confusion Vulnerability in iOS, iPadOS, tvOS, Safari, and watchOS Allows Arbitrary Code Execution Memory Disclosure Vulnerability in iOS 15 and iPadOS 15 via Malicious USD File Logic Issue in iOS 14.8 and iPadOS 14.8 Allows Remote Code Execution Memory Corruption Vulnerability in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, and macOS Big Sur 11.6.1 HSTS Bypass Vulnerability Patched in macOS Monterey 12.0.1 and iOS 14.8 Memory Corruption Vulnerability in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, and macOS Big Sur 11.6.1 Local Attacker Exploits Vulnerability in iOS 15 and iPadOS 15, Leading to Application Termination and Code Execution Baseband Vulnerability: Failure to Enable Integrity and Ciphering Protection Privilege Escalation Vulnerability in macOS Big Sur and Catalina Local Privilege Escalation Vulnerability in macOS Local File Execution Vulnerability in URI Parsing Memory Corruption Vulnerability in macOS Font Processing Vulnerability: Memory Disclosure via Crafted Fonts Privilege Escalation Vulnerability in macOS Big Sur 11.6 and Security Update 2021-005 Catalina Arbitrary File Write Vulnerability in macOS Monterey 12.0.1 Vulnerability: Logic Issue in Audio File Processing Leading to Application Termination or Code Execution Arbitrary Code Execution Vulnerability in Image Processing Memory Disclosure Vulnerability in iOS, iPadOS, tvOS, and watchOS Memory Consumption Vulnerability in iOS 15, iPadOS 15, watchOS 8, and tvOS 15 Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability on Apple Neural Engine in iOS 15 and iPadOS 15 Arbitrary Code Execution Vulnerability in dfont File Processing Arbitrary Code Execution Vulnerability in Font Processing Arbitrary Code Execution Vulnerability in Font Processing Arbitrary Code Execution Vulnerability in Font Processing Memory Leakage Vulnerability Patched in macOS Big Sur 11.6 and Security Update 2021-005 Catalina Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in macOS Big Sur 11.6 Arbitrary Code Execution Vulnerability in iOS, iPadOS, Safari, tvOS, and watchOS Arbitrary Code Execution Vulnerability in Image Processing Memory Corruption Vulnerability in iOS, iPadOS, and Safari: Code Execution via Malicious Web Content Memory Corruption Vulnerability in iOS, iPadOS, watchOS, Safari, tvOS, and iTunes Improved Access Restrictions Fix Vulnerability Allowing Unauthorized File System Access Memory Corruption Vulnerability Fixed in Safari 15, tvOS 15, watchOS 8, iOS 15, and iPadOS 15: Potential Code Execution via Malicious Web Content Type Confusion Vulnerability Patched in iOS 14.8 and iPadOS 14.8: Arbitrary Code Execution Possible Gatekeeper Bypass Vulnerability in macOS Big Sur 11.6 Sandbox Circumvention Vulnerability Patched in iOS 15, iPadOS 15, tvOS 15, and watchOS 8 Symlink Validation Vulnerability Allows Unauthorized File Access macOS Big Sur 11.3 Fixes Privacy Bypass Vulnerability in Remote Login Improved Locking to Address Race Condition Vulnerability Use After Free Vulnerability in Apple Software Allows Arbitrary Code Execution Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Integer Overflow Vulnerability in PDF Processing Gatekeeper Bypass Vulnerability in macOS Monterey 12.0.1 Arbitrary JavaScript Code Execution Vulnerability in iTunes U 3.8.3 Face ID Vulnerability: Authentication Bypass via 3D Model Spoofing Sandbox Circumvention Vulnerability in macOS Monterey 12.0.1 Vulnerability: Out-of-Bounds Read Leading to Arbitrary Code Execution in macOS Big Sur 11.6 and Security Update 2021-005 Catalina Privacy Enhancement: Removal of Broadcast MAC Address Tracking in tvOS 15, watchOS 8, iOS 15, and iPadOS 15 Unauthorized Access to Photo Metadata in iOS 15 and iPadOS 15 Race Condition Vulnerability in macOS Monterey 12.0.1 and macOS Big Sur 11.6.1 Allows Arbitrary Code Execution Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Remote Server Contact Vulnerability in iOS 15 and iPadOS 15 Local Privilege Escalation Vulnerability in Apple Operating Systems Privilege Escalation Vulnerability in macOS Monterey 12.0.1 Unauthorized VPN Configuration Installation Vulnerability Lock Screen Contact Access Vulnerability Improper Bounds Checking in AppleScript Binary Processing Improper Bounds Checking in AppleScript Binary Processing Improper Bounds Checking in AppleScript Binary Processing Improper Bounds Checking in AppleScript Binary Processing Memory Handling Vulnerability in Archive Unpacking Leading to Arbitrary Code Execution Microphone Access Vulnerability during FaceTime Call Memory Corruption Vulnerability with Kernel Privilege Escalation Privacy Breach: Browsing History Exposure via Malicious Websites Arbitrary Code Execution Vulnerability in macOS Monterey 12.0.1, iOS 15.1, iPadOS 15.1, watchOS 8.1, and tvOS 15.1 Unenforced Content Security Policy Vulnerability in macOS Monterey 12.0.1 and iOS 15.1 Information Leakage via Redirect Behavior in iOS, iPadOS, macOS, tvOS, and watchOS Buffer Overflow Vulnerability Patched in macOS Monterey 12.0.1, iOS 15.1, and More Universal Cross-Site Scripting Vulnerability Patched in macOS Monterey 12.0.1 and iOS 15.1 Inherited Permissions Vulnerability Patched in macOS Monterey 12.0.1 and Security Updates Arbitrary Code Execution Vulnerability in iOS 15.1 and iPadOS 15.1 Improved Restrictions for Contact Information Access in iOS 15.0.2 and Other Apple Operating Systems Gameplay Data Exposure Vulnerability Cross-Origin Data Exfiltration Vulnerability in Resource Timing API Sandbox Restrictions Patched to Prevent Unauthorized Access to Apple ID Information and In-App Search Terms Race Condition Vulnerability in macOS Monterey, Catalina, and Big Sur Arbitrary Code Execution Vulnerability in iOS and iPadOS Arbitrary Code Execution Vulnerability in macOS Monterey, Catalina, and Big Sur Use After Free Vulnerability in iOS and iPadOS: Arbitrary Code Execution and Application Termination Local Privilege Escalation Vulnerability in iOS, iPadOS, and macOS Vulnerability: Persistent Message Sync in iMessage after Sign Out Improper Bounds Checking in File Processing Leads to User Information Disclosure Privilege Escalation Vulnerability in Apple Operating Systems Privilege Escalation via Integer Overflow in Apple Operating Systems Desktop View Vulnerability in macOS Fast User Switching Screen Memory Corruption Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Improper Bounds Checking in File Processing Leads to User Information Disclosure Improper Bounds Checking in USD File Processing Leads to Memory Disclosure Keychain Vulnerability: Unauthorized Access to User's Keychain Items Privilege Escalation Vulnerability: Unprivileged Application NVRAM Variable Editing Arbitrary Code Execution Vulnerability in iOS 15.1 and iPadOS 15.1 Password Characteristic Disclosure Vulnerability Memory Corruption Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in ICC Profile Processing Lock Screen Vulnerability Allows Unauthorized Access to Restricted Content Vulnerability: Out-of-Bounds Write in PDF Processing Improved Validation for Permissions Issue in macOS Monterey 12.0.1: Mitigating Local Attacker's Access to Sensitive Information Password Visibility Vulnerability in iOS 14.5 and iPadOS 14.5 Out-of-Bounds Write Vulnerabilities Allow Arbitrary Code Execution in macOS Big Sur 11.6.1 Race Condition Vulnerability in macOS Monterey 12.0.1 Allows Arbitrary Code Execution with Kernel Privileges macOS Monterey 12.0.1 Patch: Remote Denial of Service Vulnerability Privacy Bypass Vulnerability in watchOS, macOS, iOS, and iPadOS Memory Corruption Vulnerability in ICC Profile Processing Kernel Privilege Escalation via Use After Free Vulnerability Memory Corruption Vulnerability in Image Processing Memory Disclosure Vulnerability in USD File Processing Improved State Management to Address IP Address Tracking Vulnerability Kernel Memory Disclosure Vulnerability Lock Screen Contact Access Vulnerability Patched in iOS 15.2 and iPadOS 15.2 Race Condition Vulnerability in macOS Monterey 12.0.1 and macOS Big Sur 11.6 Allows Arbitrary Code Execution Buffer Overflow Vulnerability Patched in Apple Operating Systems and Safari Kernel Privilege Escalation Vulnerability Fixed in Security Update 2021-008 Catalina and macOS Big Sur 11.6.2 Arbitrary Code Execution Vulnerability Fixed in Multiple Apple Platforms Memory Corruption Vulnerability in macOS, tvOS, iOS, iPadOS, watchOS Fixed with Improved Locking Local Privilege Escalation Vulnerability in macOS Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Buffer Overflow Vulnerability in USD File Processing Buffer Overflow Vulnerability in USD File Processing Memory Corruption Vulnerability in ICC Profile Processing Group Membership Handling Vulnerability Data Leakage Vulnerability in iOS, iPadOS, watchOS, macOS, and tvOS Privilege Escalation Vulnerability in macOS, tvOS, iOS, iPadOS, watchOS Privacy Preference Bypass Vulnerability Fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2, iPadOS 15.2, and macOS Big Sur 11.6.2 Sandbox Restriction Bypass Vulnerability Insecure Password Access via Physical Device Access Memory Corruption Vulnerability in macOS, tvOS, iOS, iPadOS, watchOS Gatekeeper Bypass Vulnerability in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2 Arbitrary Code Execution Vulnerability Fixed in Multiple Apple Platforms Arbitrary Code Execution via Integer Overflow in Apple Devices Arbitrary Code Execution Vulnerability in Apple Devices Type Confusion Vulnerability Patched in Multiple Apple Operating Systems Race Condition Vulnerability in macOS Monterey 12.1, watchOS 8.3, iOS 15.2, iPadOS 15.2, and tvOS 15.2 Lock Screen Contact Access Vulnerability Buffer Overflow Vulnerability Patched in macOS Monterey 12.1 and Other Apple Operating Systems Vulnerability: Arbitrary Code Execution via Malicious Audio File Buffer Overflow Vulnerability in macOS Audio File Parsing Buffer Overflow Vulnerability in Apple Operating Systems Buffer Overflow Vulnerability in macOS Audio File Parsing Memory Initialization Vulnerability in tvOS 15.2 and macOS Big Sur 11.6.2: User Information Disclosure via Malicious Audio File Parsing Buffer Overflow Vulnerability in macOS Audio File Parsing Inherited Permissions Vulnerability Allows Privacy Preference Bypass Denial of Service Vulnerability in macOS Endpoint Security Clients Proxy Server Traffic Leakage Vulnerability Local Privilege Escalation Vulnerability in iOS 15.2 and iPadOS 15.2 Sandbox Bypass Vulnerability in macOS and iOS Privacy Preferences Path Validation Vulnerability in macOS: Unexpected JavaScript Execution from Maliciously Crafted URLs Privacy Preference Bypass Vulnerability in macOS Monterey 12.1 and macOS Big Sur 11.6.2 Improper Bounds Checking in USD File Processing Leading to Arbitrary Code Execution Privacy Preference Bypass Vulnerability Fixed in macOS Big Sur 11.6.3 and Catalina Security Update 2022-001 Improper Input Validation Leads to Information Disclosure in macOS and iOS Vulnerability: Malicious OSAX Scripting Addition Bypasses Gatekeeper and Sandbox Restrictions Gatekeeper Bypass Vulnerability in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2 Buffer Overflow Vulnerability Patched in macOS Monterey 12.1, Security Update 2021-008 Catalina, and macOS Big Sur 11.6.2 Buffer Overflow Vulnerability Patched in macOS Monterey 12.1, iOS 15.2, and iPadOS 15.2 Kernel Privilege Escalation via Use After Free Vulnerability Vulnerability Patched: Buffer Overflow Exploit in macOS Monterey, Catalina, and Big Sur Race Condition Vulnerability Patched in macOS Monterey 12.1, Security Update 2021-008 Catalina, and macOS Big Sur 11.6.2 Buffer Overflow Vulnerability in iOS 15.2 and iPadOS 15.2 Allows Arbitrary Code Execution Race Condition Vulnerability Patched in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in iOS 15.2 and iPadOS 15.2 Bluetooth MAC Address Tracking Vulnerability Improved Access Restrictions to Address Passive Tracking Vulnerability in macOS Monterey 12.1 Application Enumeration Vulnerability in iOS 15.2 and iPadOS 15.2 Gatekeeper Bypass Vulnerability in macOS Monterey 12.1, Security Update 2021-008 Catalina, and macOS Big Sur 11.6.2 Improper Bounds Checking Leading to Arbitrary Code Execution in iOS 15.2 and iPadOS 15.2 Live Photos Metadata Leakage in FaceTime Calls Buffer Overflow Vulnerability in macOS Monterey 12.1, watchOS 8.3, iOS 15.2, iPadOS 15.2, and tvOS 15.2 Allows for Arbitrary Code Execution Improved Access Restrictions in macOS Monterey 12.0.1 Prevent Unauthorized Access to Apple IDs Privilege Escalation Vulnerability Patched in macOS Big Sur 11.6.2 and Other Apple Operating Systems Race Condition Vulnerability in macOS Monterey 12.1, iOS 15.2, and iPadOS 15.2 Allows Arbitrary Code Execution with Kernel Privileges S/MIME Encryption Vulnerability in iOS 15.2 and iPadOS 15.2 S/MIME Encryption Certificate Leakage Vulnerability iOS 14.6 and iPadOS 14.6 Patch Vulnerability Allowing Incomplete Deletion of Browsing History Apache Log4j Privilege Escalation Vulnerability Improved Validation for Permissions Issue in iOS 15.2 and Other Apple Operating Systems Improved Access Restrictions in iOS 15 and iPadOS 15 Mitigate Privileged Network Position Vulnerability Vulnerability: Out-of-Bounds Read Leading to Arbitrary Code Execution in macOS Monterey 12.0.1 and macOS Big Sur 11.6.2 Privilege Escalation Vulnerability Patched in macOS Monterey 12.0.1 and macOS Big Sur 11.5 Improper State Management in Remote Content Blocking Privacy Bypass Vulnerability in watchOS, tvOS, and macOS Privacy Bypass Vulnerability in Apple Operating Systems Type Confusion Vulnerability in Safari 15.1 and Other Apple Operating Systems HDF5 Vulnerabilities Patched in iOS 15.2, iPadOS 15.2, and macOS Monterey 12.1 Container Privilege Escalation via SELinux Bypass in Hotdog v1.0.1 Deserialization Vulnerability Patched in Apple Security Update 2021-005 Font Processing Vulnerability: Memory Disclosure via Out-of-Bounds Read Reverse Tabnabbing Vulnerability in SolarWinds Orion Platform Time-Based Boolean SQL Injection in PrestaShop 1.7.7.0 Store System via module=productcomments controller=CommentGrade id_products[] Parameter Stored XSS Vulnerability in Concrete5 8.5.4 Express Entries Dashboard Session Cookie Exposure in Netsia SEBA+ 0.16.1 Build 70-e669dcd7 Underflow Vulnerability in P-224 Field Reduction in Go Crypto Library Vulnerability: Command Injection and Remote Code Execution in Go go get Command with cgo CSRF Vulnerability in Multilaser Router AC1200 V02.03.01.45_pt Local Information Disclosure Vulnerability Predictable Temporary Filenames in /tmp and Target Directory Allow Local Privilege Escalation Umask Normalization Failure Allows Local Attacker to Gain Root Privileges CVE-2021-31156 Improper Authorization Checks in Couchbase Server Query Engine User Enumeration Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP (SDPMSP-15732) Boolean Confusion in Proxy Authorization Header Parsing in proxy.py Critical Data Exposure Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP Double Free Vulnerability in Rust's Vec::from_iter Function CRLF Log Injection Vulnerability in Apache Unomi Windows Container Manager Service Privilege Escalation Vulnerability HTTP Protocol Stack RCE Vulnerability Windows Container Manager Service Privilege Escalation Vulnerability Windows Container Manager Service Privilege Escalation Vulnerability Windows Container Manager Service Privilege Escalation Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server Excel Data Leakage Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Exposed Secrets: Microsoft Office Information Disclosure Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Multiple SQL Injection Vulnerabilities in EVOLUCARE ECSIMAGING Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability BlueSpoof: Exploiting Microsoft's Bluetooth Driver Vulnerability BlueKeep: Windows TCP/IP Driver Denial of Service Vulnerability Windows IrDA Information Disclosure Vulnerability Windows Desktop Bridge Denial of Service Vulnerability: Exploiting the Bridge to Crash Applications Exposed Secrets: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows WalletService Privilege Escalation Vulnerability Windows Graphics Component Privilege Escalation Vulnerability NULL Pointer Dereferencing Vulnerability in Zetetic SQLCipher 4.x before 4.4.3 Windows Container Isolation FS Filter Driver Privilege Escalation Vulnerability Windows Projected File System FS Filter Driver Information Disclosure Vulnerability Windows Media Foundation Core Remote Code Execution Vulnerability: A Critical Security Flaw Windows SSDP Service Privilege Escalation Vulnerability Exploiting the OLE Automation Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability Arbitrary File Upload Vulnerability in YITH WooCommerce Gift Cards Premium Plugin Critical Remote Code Execution Vulnerability in Common Utilities Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability Exploiting .NET and Visual Studio Elevation of Privilege Vulnerability Windows SMB Client Security Feature Bypass Vulnerability: A Potential Breach in Windows SMB Client Security Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exchange Server Security Feature Bypass Vulnerability Windows Container Manager Service Privilege Escalation Vulnerability Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Index Validation Vulnerability in GoGo Protobuf: The Skippy Peanut Butter Issue Code Execution Vulnerability in Visual Studio Code Remote Access Remote Code Execution Vulnerability in Visual Studio Code Remote Containers Extension Code Execution Vulnerability in Visual Studio Code Remote Access Remote Code Execution in SchedMD Slurm: Environment Mishandling Vulnerability Server Side Request Forgery (SSRF) Vulnerability in Siren Investigate Image Proxy Route Insecure File Permissions in SolarWinds DameWare Mini Remote Control Server 12.0.1.200 Allow SYSTEM-Level File Deletion Remote Code Execution Vulnerability in CMCAgent on Aloha POS/BOH Servers Insecure Access Control Allows Unauthorized Modification of Security Policies in SES Evolution before 2.1.0 Vulnerability: Unauthorized Deletion of Security Policy Components in SES Evolution before 2.1.0 Vulnerability: Unauthorized Security Policy Modification in SES Evolution Unauthorized Access to Security Policy in SES Evolution before 2.1.0 Vulnerability: Unauthorized Duplication of Security Policies in SES Evolution before 2.1.0 Vulnerability: Unauthorized Deletion of Unused Resources in SES Evolution Heap Buffer Overflow in HCC embedded InterNiche 4.0.1 via Crafted HTTP POST Request Heap Buffer Overflow in HCC embedded InterNiche 4.0.1 via Malformed HTTP POST Request Predictable Source Port Vulnerability in HCC embedded InterNiche 4.0.1 Out-of-Bounds Write Vulnerability in ezXML 0.8.6 Local File Disclosure Vulnerability in Grafana Enterprise Metrics and Metrics Enterprise Local File Disclosure Vulnerability in CNCF Cortex Alertmanager SQL Injection Vulnerability in Fighting Cock Information System v.1.0 via edit_breed.php Parameter Remote Denial of Service Vulnerability in SQLite SQLite3 v.3.35.4 via appendvfs.c Function Stored Cross-Site Scripting (XSS) Vulnerability in Custom Global Variables v 1.0.5 Arbitrary Code Execution Vulnerability in libming v0.4.8 Timing Attack Vulnerability in omr-admin.py CRLF Injection Vulnerability in CHIYU Technology Inc's BF-430, BF-431, and BF-450M TCP/IP Converter Devices IPv6 Routing Loop Vulnerability in TP-Link TL-XDR Series Routers Multiple Storage XSS Vulnerabilities in CHIYU Technology Inc's BF-430, BF-431, and BF-450M TCP/IP Converter Devices Authentication Bypass Vulnerability in CHIYU Technology Inc's Telnet Server Open Redirect Vulnerability in CHIYU Technology Devices Buffer Overflow Vulnerability in GPAC 1.0.1 MP4Box's tenc_box_read Function Buffer Overflow Vulnerability in MP4Box in GPAC 1.0.1 Memory Leak Vulnerability in stbl_GetSampleInfos Function in GPAC 1.0.1 Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 MergeTrack Function Memory Read Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command AV1_DuplicateConfig Function Denial of Service Vulnerability in GPAC 1.0.1 Incorrect Access Control in NATS Server 2.x and JWT Library 2.0.1 Directory Traversal Vulnerability in SerenityOS Tar/Unzip: Potential Command Execution and Privilege Escalation Stored XSS Vulnerability in LibreNMS API Access Page IPv6 Routing Loop Vulnerability in ASUS Routers Cross-Site Scripting (XSS) Vulnerability in tp5cms through 2017-05-25 Unauthenticated Remote Code Execution in Ignition (Laravel and Other Products) Heap-based Buffer Overflow in Exiv2 0.27.3's CrwMap::encode0x1810 Allows for Denial of Service Redis SET Command Vulnerability HTML 'password field' obfuscation vulnerability in Open-AudIT up to version 3.5.3 Base64 Encoding of Credentials in 1C:Enterprise 8 Web Server Arbitrary File Upload Vulnerability in Ejinshan V8+ Terminal Security System Stack Based Overflow in Telegram's Custom Fork of rlottie Library Allows Remote Memory Access via Malicious Animated Sticker SQL Injection Vulnerability in CentOS Web Panel's Unprivileged User Portal Type Confusion Vulnerability in Telegram's Custom Fork of rlottie Library Allows Remote Heap Memory Access Type Confusion Vulnerability in Telegram's Custom Fork of rlottie Library Allows Remote Heap Memory Access Integer Overflow in LOTGradient::populate function of Telegram's rlottie library allows remote heap memory access Heap Buffer Overflow in Telegram's Custom Fork of rlottie Library Stack Based Overflow in Telegram's Custom Fork of rlottie Library Heap Buffer Overflow in Telegram's Custom Fork of rlottie Library Allows Remote Access to Heap Memory Heap Buffer Overflow in Telegram's LottieParserImpl::parseDashProperty Function Command Injection Vulnerability in CentOS Web Panel's Unprivileged User Portal Arbitrary Device Reset Vulnerability in D-Link DIR-816 A2 1.10 B05 Stored XSS vulnerability in Remote Clinic v2.0: Exploiting the Medicine Name Field in /medicines. Remote Clinic v2.0: Cross Site Scripting (XSS) Vulnerability in Chat and Personal Address Fields CSRF Vulnerability in Elementor Contact Form DB Plugin for WordPress Persistent Cross-Site Scripting (XSS) Vulnerability in Review Board Versions 3.0.20 and 4.0 RC1 and Earlier Unauthenticated Remote Access Vulnerability in SIMATIC HMI Comfort Panels Unauthenticated Privilege Escalation and Code Execution in SINEMA Remote Connect Client XML File Upload Vulnerability in Mendix Excel Importer Module (All versions < V9.0.3) Privilege Escalation Vulnerability in Mubu 2.2.1 (CNVD-2020-68878) Denial-of-Service Vulnerability in SIMATIC RF Series Readers XML File Upload Vulnerability in Mendix Database Replication Module (Versions prior to v7.0.1) Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 ICMP Echo Reply Vulnerability in Multiple Building Automation Systems Unchecked UDP Payload Length Vulnerability Unchecked ICMP Payload Length Vulnerability Memory Handling Vulnerability in ezXML 0.8.6's ezxml_parse_str() Function Memory Handling Vulnerability in ezXML 0.8.6's ezxml_parse_str() Function Authentication Bypass Vulnerability in Juniper Networks 128 Technology Session Smart Router Cross-Site Scripting (XSS) Vulnerability in tagDiv Newspaper Theme 10.3.9.1 for WordPress Improper Privilege Management Vulnerability in gRPC Framework Allows Root Compromise Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on MX Series Weak Cipher Negotiation Vulnerability in Juniper Networks SRC Series Devices Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Juniper Networks Junos OS and Junos OS Evolved Out Of Bounds (OOB) Access Vulnerability in Agile License Client Persistent XSS Vulnerability in Juniper Networks Junos OS Captive Portal GUI Command Injection Vulnerability in Juniper Networks Junos OS Evolved Command Injection Vulnerability in Juniper Networks Junos OS Evolved Command Injection Vulnerability in Juniper Networks Junos OS Evolved Local Privilege Escalation Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Privilege Management Vulnerability in Juniper Networks Junos OS and Junos OS Evolved VXLAN Encapsulation DoS Vulnerability in Juniper Networks Junos OS Protection Mechanism Failure Vulnerability in Juniper Networks Junos OS and Junos OS Evolved: IS-IS Adjacency Denial of Service (DoS) MPLS P2MP Routing Protocol Daemon (RPD) Loop with Unreachable Exit Condition Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on SRX Series Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS on EX2300, EX3400, and EX4300 Series Platforms Unchecked Return Value Vulnerability in Juniper Networks Junos OS on MX Series Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on PTX Series Uncontrolled Resource Consumption Vulnerability in Juniper Networks JUNOS OS Unauthenticated DoS Vulnerability in Juniper Networks Junos OS on MX Series with MS-MPC/MS-MIC XWiki 12.10.2 Comment Section Upload XSS Vulnerability Incomplete List of Disallowed Inputs Vulnerability in Juniper Networks Junos OS on QFX5000 and EX4600 Series Information Exposure Vulnerability in Juniper Networks Junos OS on QFX Series Switches Privilege Escalation Vulnerability in J-Web of Juniper Networks Junos OS Persistent Cross-Site Scripting (XSS) Vulnerability in Juniper Networks Junos OS on SRX Series, J-Web Interface Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Devices BGP Origin Validation Bypass Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on ACX Series Devices Incorrect Permission Assignment for Critical Resource Vulnerability in Junos OS Juniper Networks Junos OS Subscriber Termination DoS Vulnerability MAP-E Automatic Tunneling Mechanism Denial of Service Vulnerability Rate-Limit Bypass Vulnerability Allows 2FA Bypass in Discourse 2.7.0 Sensitive Information Disclosure Vulnerability in Juniper Networks SRC Series Remote File Deletion Vulnerability in Juniper Networks SRC Series Race Condition Vulnerability in Juniper Networks Junos OS on PTX1000 and PTX10002-60C Systems Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Unauthorized Access to J-Web Administrative Interfaces in Juniper Networks Junos OS SRX Series Privilege Escalation via Path Traversal in Juniper Networks Junos OS J-Web J-Web HTTP Service Protection Mechanism Failure Vulnerability Directory traversal vulnerability in Open-iSCSI tcmu-runner allows remote file read/write Man-in-the-Middle Vulnerability in 2N Access Unit 2.0 2.31.0.40.5 Devices TCP Out-of-Band Data Processing DoS Vulnerability Integer Overflow in TCP Header Processing in HCC embedded InterNiche 4.0.1 CRLF Injection Vulnerability in dio package 4.0.0 for Dart Timing Attack Vulnerability in Vaadin Server Timing Attack Vulnerability in com.vaadin:flow-server Unsafe Validation RegEx in EmailField Component in Vaadin Text Field Flow Timing Attack Vulnerability in CSRF Token Comparison in Vaadin Flow and Fusion OSGi Integration Vulnerability in com.vaadin:flow-server Incorrect HTTP Method in Authentication.logout() Helper Allows Local Attackers to Bypass Fusion Endpoint Access Restrictions Email Address Denial of Service Vulnerability in Vaadin-Compatibility-Server Recoverable Password Storage Vulnerability in Unisys Stealth (core) Remote Access to Project Sources in Vaadin Designer Versions 4.3.0 through 4.6.3 Local Code Injection Vulnerability in Vaadin Frontend Build Functionality Improper sanitization of path in default RouteNotFoundError view in Vaadin Flow Server versions 1.0.0 through 1.0.14, 1.1.0 prior to 2.0.0, 2.0.0 through 2.6.1, and 3.0.0 through 6.0.9 allows route enumeration. Remote Code Execution Vulnerability in vscode-rpm-spec Extension Memory Initialization Vulnerability in Parallels Desktop 15.1.4-47270 (ZDI-CAN-12131) Memory Initialization Vulnerability in Parallels Desktop 15.1.4-47270 (ZDI-CAN-12221) Parallels Desktop 15.1.4-47270 Toolgate Component Memory Initialization Vulnerability Privilege Escalation in Parallels Desktop 16.1.0-48950 via Toolgate Component (ZDI-CAN-12220) Arbitrary File Deletion Vulnerability in Parallels Desktop 16.1.1-49141 Privilege Escalation Vulnerability in Parallels Desktop 16.1.1-49141 Memory Initialization Vulnerability in Parallels Desktop 15.1.5-47309 Allows Local Information Disclosure Privilege Escalation in Parallels Desktop 15.1.5-47309 via Open Tools Gate Component Integer Overflow Privilege Escalation in Parallels Desktop 16.1.2-49151 Integer Overflow Privilege Escalation in Parallels Desktop 16.1.2-49151 Privilege Escalation and Information Disclosure Vulnerability in Parallels Desktop 15.1.5-47309 Privilege Escalation via IDE Virtual Device in Parallels Desktop 15.1.5-47309 Privilege Escalation via IDE Virtual Device in Parallels Desktop 15.1.5-47309 Parallels Desktop 15.1.5-47309 IDE Virtual Device Buffer Overflow Vulnerability Parallels Desktop 15.1.5-47309 IDE Virtual Device Buffer Overflow Vulnerability Parallels Desktop 15.1.5-47309 IDE Virtual Device Buffer Overflow Vulnerability Arbitrary Code Execution via ARW File Parsing in Foxit Studio Photo 3.6.6.931 Arbitrary Code Execution via JPM File Parsing in Foxit Studio Photo 3.6.6.931 Arbitrary Code Execution via Uninitialized Memory in Foxit Studio Photo 3.6.6.931 Arbitrary Code Execution Vulnerability in Foxit Studio Photo 3.6.6.931 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.931 via Malicious JP2 Files (ZDI-CAN-12384) Arbitrary Code Execution Vulnerability in Foxit Studio Photo 3.6.6.931 Arbitrary Code Execution Vulnerability in Synology DiskStation Manager Eauth Token Reuse Vulnerability in SaltStack Salt Privilege Escalation Vulnerability in Linux Kernel 5.11.15 via eBPF Programs (ZDI-CAN-13661) Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 Arbitrary Code Execution via U3D Handling in Foxit Reader 10.1.1.37576 Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Object Handling Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Object Handling Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Objects in PDF Files (ZDI-CAN-13244) Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Object Handling Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Object Handling Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Object Handling Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Objects in PDF Files Biometric Authentication Bypass Vulnerability in Ionic Identity Vault (Android) Arbitrary Code Execution via XFA Forms in Foxit Reader 10.1.1.37576 Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 Arbitrary Code Execution via XFA Forms in Foxit Reader 10.1.1.37576 Arbitrary Code Execution via XFA Forms Handling in Foxit Reader 10.1.1.37576 Arbitrary Code Execution via Decimal Element Overflow in Foxit Reader 10.1.1.37576 Arbitrary Code Execution via XFA Forms in Foxit Reader 10.1.1.37576 Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 Arbitrary Code Execution via XFA Forms in Foxit Reader 10.1.1.37576 Privilege Escalation Vulnerability in Dolby Audio X2 (DAX2) API Service on Windows Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via XFA Templates (ZDI-CAN-13096) Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 (ZDI-CAN-13333) Remote Code Execution Vulnerability in Foxit Reader 10.1.3.37598 via U3D Object Handling Remote Code Execution Vulnerability in Foxit Reader 10.1.3.37598 via U3D Object Handling Remote Code Execution Vulnerability in Foxit Reader 10.1.3.37598 via U3D Object Handling Arbitrary Code Execution via U3D Handling in Foxit Reader 10.1.3.37598 Arbitrary Code Execution via U3D Object Handling in Foxit Reader 10.1.3.37598 Remote Code Execution Vulnerability in Foxit Reader 10.1.3.37598 via U3D File Handling Arbitrary Code Execution via U3D File Handling in Foxit Reader 10.1.3.37598 Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Objects in PDF Files Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Objects in PDF Files Remote Code Execution Vulnerability in Foxit Reader 10.1.1.37576 via U3D Objects in PDF Files (ZDI-CAN-12955) Arbitrary Code Execution via U3D Object Handling in Foxit Reader 10.1.1.37576 Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.3.37598 (ZDI-CAN-13523) Unauthenticated Remote Code Execution in SolarWinds Network Performance Monitor 2020.2.1 Remote Code Execution in SolarWinds Orion Job Scheduler 2020.2.1 HF 2 via JobRouterService WCF Service Arbitrary Code Execution via XFA Template Handling in Foxit PhantomPDF 10.1.3.37598 Hard-coded Default Credentials Vulnerability in GE Reason RPV311 14A03 Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via PDF Parsing (ZDI-CAN-12633) Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via PDF Parsing (ZDI-CAN-12634) Command Injection in SaltStack Salt API Arbitrary Code Execution via DXF File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via Malicious DWF Files (ZDI-CAN-12708) Arbitrary Code Execution via OpenText Brava! Desktop 16.6.3.84 DWF Parsing Vulnerability Arbitrary Code Execution via DWF File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution via OpenText Brava! Desktop 16.6.3.84 DWF Parsing Vulnerability Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via Malicious DWF Files (ZDI-CAN-12712) Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via Malicious DWF Files (ZDI-CAN-12715) Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via Malicious DWF Files (ZDI-CAN-12716) Arbitrary Code Execution via OpenText Brava! Desktop 16.6.3.84 DWF Parsing Vulnerability OS Command Injection Vulnerability in Netshield NANO 25 10.2.18 Devices Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via DWF File Parsing Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via DWF File Parsing Arbitrary Code Execution via OpenText Brava! Desktop 16.6.3.84 DWF Parsing Vulnerability Arbitrary Code Execution via DXF File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution via DXF File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution via DXF File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution via DXF File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via Malicious DWF Files (ZDI-CAN-12744) Remote Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 via DWF File Parsing Cross-Site Scripting (XSS) Vulnerability in Cryptshare Server 4.8.0 and Earlier Arbitrary Code Execution Vulnerability in OpenText Brava! Desktop 16.6.3.84 OpenText Brava! Desktop 16.6.3.84 DWG File Parsing Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.4.55 Remote Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.3.84 (ZDI-CAN-12690) Arbitrary Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.3.84 Arlo Q Plus 1.9.0.3_278 Privilege Escalation via SSH Hard-coded Credentials Remote Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.4.55 Arbitrary Code Execution via CGM File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution via DXF File Parsing in OpenText Brava! Desktop 16.6.3.84 Arbitrary Code Execution via DXF File Parsing in OpenText Brava! Desktop 16.6.3.84 Stored Cross-Site Scripting (XSS) Vulnerability in i-doit before 1.16.0 Remote Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.4.55 via TIF File Parsing (ZDI-CAN-13675) Remote Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.4.55 Remote Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.4.55 (ZDI-CAN-13677) Remote Code Execution Vulnerability in OpenText Brava! Desktop Build 16.6.4.55 via Malicious BMP Files (ZDI-CAN-13678) Arbitrary Code Execution via CGM File Parsing in OpenText Brava! Desktop Build 16.6.4.55 Arbitrary Code Execution via BNDB File Parsing Vulnerability in Vector 35 Binary Ninja 2.3.2660 Arbitrary Code Execution via BNDB File Parsing in Vector 35 Binary Ninja 2.3.2660 File-Parsing Vulnerability in Trend Micro Home Network Security 6.5.599 and Earlier: Potential Denial-of-Service Exploit File-Parsing Vulnerability in Trend Micro Home Network Security 6.5.599 and Earlier: Potential Denial-of-Service Exploit Privilege Escalation Vulnerability in Trend Micro HouseCall for Home Networks Vulnerability in Home Assistant Custom Integrations Allows Directory Traversal Attacks Session Token Authentication Bypass Vulnerability in Trend Micro IM Security 1.6 and 1.6.5 Reflected Cross-Site Scripting (XSS) Vulnerability in Trend Micro InterScan Web Security Virtual Appliance Version 6.5 Captive Portal Arbitrary Class Loading Vulnerability in Apache Kylin Privilege Escalation Vulnerability in Debian xscreensaver Package Denial of Service Vulnerability in net/http Library in Go Lack of Two-Factor Authentication Enforcement in HashiCorp Terraform Enterprise up to v202102-2 Information Disclosure Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP before 10522 Zoho ManageEngine ServiceDesk Plus MSP before 10521: Server-Side Request Forgery (SSRF) Vulnerability Undocumented ROM Patch Vulnerability in NXP Microcontrollers and Processors Arbitrary Code Execution via XLookupColor Request in X.Org X Cross-Site Scripting (XSS) Vulnerability in SIS SIS-REWE Go before 7.7 SP17 Relative Path Traversal Vulnerability in LANCOM R&S Unified Firewall (UF) Devices Running LCOS FX 10.5 Cleartext Password Storage Vulnerability in Wowza Streaming Engine Cleartext Password Retrieval via Macro Injection in SolarWinds Serv-U Insecure File Permissions in Wowza Streaming Engine Configuration Files Directory Traversal Vulnerability in Django MultiPartParser, UploadedFile, and FieldFile Information Leakage of Deleted Usernames in AbuseFilter Extension for MediaWiki Sensitive Suppression Deletion Logging Vulnerability in AbuseFilter Extension Information Disclosure Vulnerability in AbuseFilterCheckMatch API Bypassing AbuseFilter for Partially Blocked or Unsuccessfully Blocked Users in MediaWiki Disclosure of Suppressed MediaWiki Usernames in AbuseFilter Extension Insecure Permissions in snapd's ~/snap Directories Cross-Site Scripting (XSS) Vulnerability in CommentBox Extension for MediaWiki Cross-Site Scripting (XSS) Vulnerability in PageForms Extension for MediaWiki Account Creation Vulnerability in AbuseFilter Extension for MediaWiki Denial of Service Vulnerability in CheckUser Extension for MediaWiki Account Block Bypass Vulnerability in AbuseFilter Extension for MediaWiki Unvalidated Length Parameter in MediaWiki OAuth Extension Vulnerability: Inadequate RSA Key Length Validation in MediaWiki OAuth Extension Stored Cross-Site Scripting Vulnerability in DIAEnergie Version 1.7.5 and Prior S2S TCP Token Bypass Vulnerability in Splunk Enterprise Indexer 8.1 and 8.2 Heap-based Buffer Overflow in Sudo before 1.9.5p2 via sudoedit -s and Single Backslash Argument Critical SSL/TLS Vulnerabilities in Fresenius Kabi Agilia Link + Version 3.0 Archive Extraction Vulnerability: Unauthorized File Modification and Privilege Escalation Download Monitor WordPress Plugin <= 4.4.6 Authenticated Arbitrary File Download Vulnerability Integer Overflow Vulnerability in Amazon Web Services FreeRTOS Integer Overflow Vulnerability in Amazon Web Services FreeRTOS Stream Buffer Command Injection Vulnerability in Config Manager Allows Remote Privilege Escalation Command Injection Vulnerability in Config Manager Allows Remote Privilege Escalation Command Injection Vulnerability in Config Manager Allows Remote Privilege Escalation Missing Permission Check in Boa Web Server Allows Remote Information Disclosure Unauthenticated Remote Privilege Escalation in Boa Web Server Stack Buffer Overflow Vulnerability in Boa: Remote Privilege Escalation without User Interaction Hard-coded Credential Vulnerability in Akkadian Provisioning Manager Engine (PME) Bypassing Restricted Shell in Akkadian Provisioning Manager Engine Escape from Akkadian Provisioning Manager Engine (PME) Restricted Shell via 'Edit MySQL Configuration' Command Multiple Authenticated Stored and Reflected XSS Vulnerabilities in Sipwise C5 NGCP WWW Admin CSRF Vulnerability in Sipwise C5 NGCP www_csc Version 3.6.4 Privilege Escalation via SSH Password Generation in Accellion Kiteworks SQL Injection via LDAPGroup Search in Accellion Kiteworks before 7.4.0 Cross-Site Scripting (XSS) Vulnerability in BeyondTrust Secure Remote Access Base Software 6.0.1 and Older Stored Cross Site Scripting (XSS) Vulnerability in Landray EKP V12.0.9.R.20160325's /sys/attachment/uploaderServlet Component JSON Webtoken Handling Vulnerability in PwnDoc Versions until 0.4.0 Insecure SSL Certificate Validation in xmlhttprequest-ssl Package Heap-based Buffer Overflow in ezXML 0.8.6's ezxml_decode() Function Arbitrary Code Execution Vulnerability in Hitachi Vantara Pentaho Remote Code Execution via Deserialization in ASSUWEB 359.3 Build 1 Login Page Information Disclosure: User Enumeration in Hitachi Vantara Pentaho Information Disclosure: Listing of Database Connection Details and Credentials in Hitachi Vantara Pentaho Unauthenticated Information Extraction Vulnerability in Hitachi Vantara Pentaho CSRF Vulnerability in Furlongm OpenVPN-Monitor 1.1.3 Allows Arbitrary Client Disconnection OpenVPN-Monitor 1.1.3 Command Injection Vulnerability Authorization Bypass Vulnerability in furlongm OpenVPN-Monitor 1.1.3 Local Privilege Escalation via Command Injection in SaltStack's Snapper Module Bypassing Security Control in Proofpoint Enterprise Protection before 18.8.0 Bluetooth Classic Implementation in Silicon Labs iWRAP 6.3.0 and Earlier: Oversized LMP Packet Crash Vulnerability Bluetooth Classic Vulnerability: Denial of Service via LMP_AU_rand Flooding Bluetooth Classic Vulnerability: Out-of-Order LMP Setup Deadlock Bluetooth Classic Vulnerability: Deadlock Trigger via Oversized LMP Packet on Zhuhai Jieli AC690X Devices Bluetooth Classic Vulnerability: LMP Auto Rate Procedure Crash Bluetooth Low Energy Baseband Link Vulnerability: Unencrypted MITM Attack Stack Buffer Overflow in ShapeShift KeepKey Hardware Wallet Firmware (CVE-2021-XXXX) Remote Code Execution Vulnerability in ASQ in Stormshield Network Security (SNS) Apache HTTP Server HTTP/2 Protocol Handler NULL Pointer Dereference Vulnerability Local Privilege Escalation in Docker Desktop Community on macOS Arbitrary Code Execution via Buffer Overflow in Tenda AC9 Router Arbitrary Code Execution via Buffer Overflow in Tenda AC9 Router Arbitrary JavaScript Execution via XSS Payload in Slab Quill 4.8.0 HTML Editor Open PLC Webserver v3 Command Injection Vulnerability Privilege Escalation via Cross-Site Request Forgery (CSRF) in b2evolution CMS v7.2.3 SQL Injection Vulnerability in b2evolution CMS v7.2.3 User Login Section Remote Code Execution via Server-Side Template Injection in jFinal v.4.9.08 Remote Code Execution Vulnerability in UwAmp v1.1 - v3.0.2 Authenticated Remote Code Execution in ChurchRota 2.6.4 Unauthenticated XSS Vulnerability in CHIYU Technology IoT Devices Integer Overflow Vulnerability in CHIYU Technology IoT Devices XSS Vulnerability in CHIYU Technology IoT Devices: Component if.cgi - username Parameter Sanitization Issue Denial of Service Vulnerability in glFTPd 2.11a Account Takeover Vulnerability in Gestsup before 3.2.10 through Weak Password Recovery Tokens Deserialization Vulnerability in JFinal 4.9.08 and Below: Remote Code Execution via Redis SmartAgent 3.1.0 Vulnerability: Unauthorized Creation of SuperUser Account SQL Injection Vulnerability in Sourcecodester Online Grading System 1.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in neofarg-cms 0.2.3 Cross Site Scripting (XSS) Vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via profile parameter in view.cgi Array Index Error in TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 CSRF Vulnerability in TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 Arbitrary Firmware Upload Vulnerability on ASUS DSL-N14U-B1 1.1.2.3_805 Devices Buffer Overflow Vulnerability in RIOT-OS 2021.01 (CVE-2021-XXXX) Buffer Overflow Vulnerability in RIOT-OS 2021.01 (CVE-2021-XXXX) Buffer Overflow Vulnerability in RIOT-OS 2021.01 (CVE-2021-XXXX) Buffer Overflow Vulnerability in RIOT-OS 2021.01 Buffer Overflow Vulnerability in RIOT-OS 2021.01 (CVE-2021-XXXX) Exposure of JWT Authentication Tokens in Cloudera Data Engineering (CDE) 1.3.0 Virtual Cluster Server Logs Information Disclosure in pgsync before 0.6.7 due to mishandling of schema syncing options Dom-based Cross-site scripting (XSS) vulnerability in Cyclos 4 PRO.14.7 and earlier versions allows remote attackers to inject arbitrary web script or HTML via the groupId parameter during account registration. Remote Code Execution Vulnerability in Cyclos 4 PRO 4.14.7 and Earlier Critical Reflected XSS Vulnerability in PESCMS-V2.3.3 with Potential CSRF Exploitation CSRF Vulnerability in PESCMS-V2.3.3 Allows Unauthorized Password Modification CSRF Vulnerability in PESCMS-V2.3.3 Allows Deletion of User Company Import Information CSRF Vulnerability in PESCMS-V2.3.3 Allows Account Number Deletion Deserialization of Untrusted Data Vulnerability in YOLO 5 Allows Arbitrary Code Execution via Crafted YAML File Yolo 3 Deserialization Vulnerability: Arbitrary Code Execution via Crafted YAML File Reflected XSS Vulnerability in Automated Logic WebCTRL/WebCTRL OEM Login Portal Denial of Service Vulnerability in JSON Smart's indexOf Function Unrestricted API Access Vulnerability in Jumpserver Cross-Site Scripting (XSS) Vulnerability in 10Web Photo Gallery Plugin for WordPress Arbitrary Code Execution Vulnerability in Quectel EG25-G Devices Bracketed Paste Mode Mishandling in Mintty before 3.4.7 Frontier iCHRIS 5.18 Denial of Service Vulnerability through DNS Request Mishandling Arbitrary Code Execution Vulnerability in Frontier iChris 5.18 Arbitrary Code Execution Vulnerability in KiteCMS via Upload File Type Arbitrary Code Execution via Cross Site Scripting in Trippo ResponsiveFilemanager v.9.14.0 and earlier Cross-Site Scripting (XSS) vulnerability in react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 via javascript: URI in Link Target DNS Rebinding Vulnerability in npupnp Server (Version 4.1.4 and below) Allows Remote Code Execution Distributed Denial of Service Vulnerability in Php-Fusion v9.03.90 Cross-Site Scripting (XSS) Vulnerability in Chevereto Image Upload Remote Command Injection Vulnerability in Akuvox C315 115.116.2613 via cfgd_server Service Unrestricted Disk Read/Write Privilege Escalation in MalwareFox AntiMalware 2.74.0.150 Privilege Escalation via Incorrect Access Control in MalwareFox AntiMalware 2.74.0.150 Arbitrary File Overwrite Vulnerability in KiteCMS 1.1.1 Remote Code Execution Vulnerability in emlog v5.3.1 and v6.0.0 via Database Backup File Upload in admin/data.php Cross-Site Scripting (XSS) Vulnerability in Adiscon LogAnalyzer 4.1.10 and 4.1.11 SEPPmail 11.1.10 Cross-Site Scripting (XSS) Vulnerability via Recipient Address Cross-Site Scripting (XSS) Vulnerability in SEPPMail's Web Frontend Session Fixation Vulnerability in Pluck-CMS Pluck 4.7.15 Allows Sustained Unauthorized Access Zip Slip Vulnerability in Pluck-CMS Pluck 4.7.15: Arbitrary Code Execution via Malicious Zip File Upload Pluck 4.7.15 Missing SSL Certificate Validation Vulnerability: Enabling Man-in-the-Middle Attacks Stack Buffer Overflow Vulnerability in Tenda AC11 Devices Stack Buffer Overflow Vulnerability in Tenda AC11 Devices Stack Buffer Overflow Vulnerability in Tenda AC11 Devices Stack Buffer Overflow Vulnerability in Tenda AC11 Devices Improper Input Validation in Mitel BusinessCTI Enterprise (MBC-E) Client for Windows Allows Unauthorized Access to User Information Webmin 1.973 CSRF to RCE via Running Process Feature Reflected XSS Vulnerability in Webmin 1.973 Allows Remote Command Execution Webmin 1.973 Vulnerability: CSRF Exploit for Privileged User Creation and Reverse Shell Unprivileged Remote Code Execution in MyQ X Smart Server Buffer Overflow in PyCArg_repr in Python 3.x through 3.9.1 Unquoted Search Path Vulnerability in Aviatrix VPN Client on Windows SQL Injection Vulnerability in TYPO3 dce Extension XSS Vulnerability in media2click Extension for TYPO3 SSRF Vulnerability in Yoast SEO Extension for TYPO3 NFS Subdirectory Export Traversal Vulnerability Incorrect Sharing Group Association Leads to Information Disclosure in MISP 2.4.141 Local File Inclusion Vulnerability in Piwigo LocalFilesEditor Extension Out-of-Bounds Write Vulnerability in Open Design Alliance Drawings SDK Bluetooth Classic Implementation Vulnerability: Denial of Service via Crafted LMP Packets Bluetooth Classic Audio Implementation Vulnerability: Connection Disconnection and Deadlock via Forged BDAddress Bluetooth Classic Denial of Service Vulnerability on Actions ATS2815 Chipsets Insecure Data Storage in GGLocker iOS App Leads to Authentication Bypass Cleartext Password Exposure in Hardware Sentry KM for BMC PATROL Client Account Page XSS Vulnerability in SuiteCRM (Before 7.11.19) via Name Field Injection Unauthenticated Access to Snapshots and Video Streams on NightOwl WDB-20-V2 Doorbell Cross-Site Scripting (XSS) Vulnerability in Directum 5.8.2 via User-Agent Header in Settings.aspx Heap Memory Overwrite Vulnerability in PowerVR GPU Kernel Driver on Alcatel 1S Phones Inadequate Encryption in CyberArk Credential Provider: A Gateway to Information Disclosure Race Condition Vulnerability in CyberArk Credential Provider 12.1 and Earlier: Password Disclosure Risk Low Entropy Key Vulnerability in CyberArk Credential Provider Arbitrary Code Execution via Filename in RDoc Multiple Path Traversal Vulnerabilities in Impacket's smbserver.py Heap-based Buffer Overflow in NETGEAR R7000 1.0.11.116: Local Network Exploitable Vulnerability Self-XSS vulnerability in cPanel before 94.0.3 via EasyApache 4 Save Profile (SEC-581) Use-After-Free Vulnerability in LeoCAD before 21.03 Incomplete Fix for Forced OGNL Evaluation in Apache Struts 2.0.0 to 2.5.29 Allows Remote Code Execution Memory-management bug in Squid allows Denial of Service via HTTP Range request processing Integer Overflow Vulnerability in Squid HTTP Range Requests Handling HTTP Range Request Denial of Service Vulnerability in Squid Proxy Server Denial of Service Vulnerability in Mutt through 2.0.4 FTP Server Response Spoofing Vulnerability Apache PDFBox OutOfMemory-Exception Vulnerability Infinite Loop Vulnerability in Apache PDFBox Stored XSS Vulnerability in Zoho ManageEngine Applications Manager before 15130 VPN Blocking and Sensitive Information Disclosure Vulnerability in Stormshield 1.1.0 and 2.1.0 through 2.9.0 Privacy Breach in GAEN (Google/Apple Exposure Notifications) on Android: Sensitive Information Exposure Plaintext Storage of Database Password in OctopusServer.txt Log File Plaintext Storage of Database Password in OctopusServer.txt Log File Authenticated SQL Injection Vulnerability in Octopus Server's Events REST API Deserialization Vulnerability in Halibut Versions Prior to 4.4.7 Allows Remote Code Execution Buffer Overflow Vulnerability in Unsupported D-Link DCS-5220 Devices Plaintext Password Exposure in Octopus Server Web Request Proxy Configuration Windows Tentacle Docker Image Logs API Key in Plaintext Misconfigured Permissions in Octopus Tentacle systemd Service File on Linux NULL Pointer Dereference Vulnerability in Shibboleth Service Provider 3.x MOVEit Transfer Web App SQL Injection Vulnerability Open Distro for Elasticsearch (ODFE) SSRF Vulnerability in Alerting Plugin Speculative Load Vulnerability in Linux Kernel's BPF Verifier Authentication Bypass Vulnerability in Files.com Fat Client 3.3.6 Cross-site Scripting (XSS) Vulnerability in McAfee Database Security (DBSec) Prior to 4.8.2 Remote Access to Deleted Scripts Vulnerability in McAfee Database Security (DBSec) Remote Code Execution Vulnerability in McAfee DLP Endpoint for Windows Local Bypass Vulnerability in McAfee Application and Change Control (MACC) Prior to Version 8.3.4 Stored Cross-Site Scripting Vulnerability in McAfee ePolicy Orchestrator (ePO) Prior to 5.10 Update 11 Arbitrary Code Injection Vulnerability in McAfee ePolicy Orchestrator (ePO) Privilege Escalation Vulnerability in maconfig for McAfee Agent for Windows Buffer overflow vulnerability in McAfee GetSusp prior to version 4.0.0 allows for arbitrary code execution Command Injection Vulnerability in MVISION EDR (MVEDR) Prior to 3.4.0 Privilege Escalation Vulnerability in McAfee Agent for Windows XSS Vulnerability in MISP 2.4.136 via Crafted URL DLL Preloading Vulnerability in McAfee Agent for Windows DLL Sideloading Vulnerability in McAfee Agent for Windows McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 September 2021 Update XML Entity Expansion Injection Vulnerability Privilege Escalation Vulnerability in McAfee Endpoint Security (ENS) Windows Buffer Overflow Vulnerability in McAfee DLP Endpoint for Windows Prior to 11.6.200 Buffer Overflow Vulnerability in McAfee DLP Discover Allows Remote Code Execution DLL Preloading Vulnerability in McAfee Agent for Windows McAfee Data Loss Prevention (DLP) ePO Extension XSS Session Hijacking Vulnerability SQL Injection Vulnerability in McAfee Data Loss Prevention (DLP) ePO Extension Prior to 11.7.100 Stack Smashing Vulnerability in GStreamer H264 Component Denial-of-Service and Data Destruction Vulnerability in Database Security (DBS) Reflected Cross-Site Scripting Vulnerability in McAfee Policy Auditor Prior to 6.5.2 Reflected Cross-Site Scripting Vulnerability in McAfee Policy Auditor prior to 6.5.2 DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183): Arbitrary Code Execution and Privilege Escalation Command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 Allows Arbitrary Code Execution KDE Messagelib Vulnerability: Cleartext Exposure of Encrypted Messages SQL Injection Vulnerability in Layer5 Meshery 0.5.2 REST API Credential Retrieval Vulnerability in Zoho ManageEngine Password Manager Pro Stored Cross-Site Scripting Vulnerability in DotNetNuke (DNN) 9.9.1 CMS User Profile Biography Section Local Privilege Escalation in YSoft SafeQ 6 6.0.55 via FlexiSpooler Service Stored XSS Vulnerability in Tenda AC5 AC1200 Version V15.03.06.47_multi Wifi Settings Unauthenticated XSS Vulnerability in SysAid 20.4.74 via KeepAlive.jsp Stamp Parameter Arbitrary File Read Vulnerability in Redmine Git Repository Integration Bypassing add_issue_notes Permission Requirement via Redmine Incoming Mail Handler File Extension Bypass Vulnerability in Redmine Timing-based Information Disclosure in Redmine Boolean-based blind SQL injection in Pimcore Customer Data Framework version 3.0.0 and earlier Unrestricted Ticket Access in Rapid7 Nexpose Version 6.6.95 and Earlier SQL Injection Vulnerability in Pimcore AdminBundle (<=6.8.0) Privilege Escalation Vulnerability in BeyondTrust Privilege Management for Mac Integer Overflow and Heap Buffer Overflow in klibc's calloc() Function Integer Overflow in klibc's cpio Command Leading to NULL Pointer Dereference on 64-bit Systems Integer Overflow Vulnerability in klibc's cpio Command on 32-bit Systems Integer Overflow and Heap Buffer Overflow in klibc malloc() Function Sensitive Information Disclosure in Zoho ManageEngine ADSelfService Plus Off-by-one Heap-Based Buffer Overflow in mjs_json_parse in Cesanta MongooseOS mJS 1.26 Bitcoin Core Vulnerability: Inadequate Implementation of BIP125 Replacement Policy Vulnerability: Re-INVITE without SDP after BYE Request in Asterisk Authorization Header Leakage in GNU Wget through 1.21.1 CSV Injection Vulnerability in phpList 3.6.0 Denial-of-Service Vulnerability in Multiple Building Automation Systems Denial-of-Service Vulnerability in APOGEE and Desigo Building Automation Systems Denial-of-Service Vulnerability in Multiple Building Automation Systems Out-of-Bound Reads, Writes, and Denial-of-Service Vulnerability in Multiple Building Automation Systems TFTP Server Application Memory Buffer Reading Vulnerability (FSMD-2021-0009) Stack-based Buffer Overflow in Multiple Building Automation Systems (FSMD-2021-0010) Stack-based Buffer Overflow Vulnerability in APOGEE, Desigo, Nucleus, and TALON Building Automation Systems Stack-based Buffer Overflow Vulnerability in APOGEE, Desigo, Nucleus, and TALON Building Automation Systems Vulnerability: Malformed TCP Packets with Corrupted SACK Option in Multiple Building Automation Systems (FSMD-2021-0015) Open-Redirect Vulnerability in slashify package 1.0.0 for Node.js Unchecked TCP Payload Length Vulnerability (FSMD-2021-0017) Command Injection Vulnerability in Desigo CC, GMA-Manager, Operation Scheduler, Siveillance Control, and Siveillance Control Pro TLS MITM Vulnerability in Siemens SINUMERIK Software Suite Buffer Overflow Vulnerability in Siemens Industrial Software Vulnerability: Unauthorized Manipulation of Device Configurations Memory Overwrite Vulnerability in RUGGEDCOM ROS Devices Untrusted Projects Code Execution Vulnerability in JetBrains WebStorm Insecure HTTP Requests in JetBrains WebStorm before 2021.1 Code Execution Vulnerability in JetBrains Code With Me (Before Version 2021.1) OS Command Injection in async-git Package for Node.js (Versions before 1.13.2) Remote Code Execution Vulnerability in JetBrains Code With Me Improper Two-Factor Authentication Implementation in JetBrains Hub (CVE-2021-13079) Improper Access Control in JetBrains YouTrack before 2020.6.6600 Insufficient Sanitization of Pull Request Titles in JetBrains YouTrack before 2021.1.9819 Leads to XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in JetBrains TeamCity Test History Page Information Disclosure Vulnerability in JetBrains YouTrack Insufficient Audit Logs for File Uploads in JetBrains TeamCity Improper Permission Checks in JetBrains TeamCity Plugin Management Stored XSS Vulnerability in JetBrains TeamCity (Before 2020.2.3) Remote Code Execution Vulnerability in JetBrains TeamCity (CVE-2020-XXXX) Remote Unauthorized Access Vulnerability in Idelji Web ViewPoint Suite SSRF Information Disclosure Vulnerability in JetBrains TeamCity Reflected XSS Vulnerability in JetBrains TeamCity before 2020.2.3 Account Takeover Vulnerability in JetBrains TeamCity before 2020.2.3 Insufficient Redirect URI Validation in JetBrains TeamCity GitHub SSO Token Exchange Arbitrary Code Execution Vulnerability in JetBrains TeamCity Server (Windows) Remote Code Execution Vulnerability in JetBrains TeamCity (CVE-2020-XXXX) Linux Kernel Multi-device Driver Module Out-of-Bounds Memory Write Vulnerability Authentication Bypass Vulnerability in Red Hat DataGrid and Infinispan Vulnerability: Readable Ansible Log File during Stack Update and Creation in tripleo-ansible Uninitialized Value Vulnerability in rkyv Crate Path Bypass Vulnerability in Istio Authorization Policies Remote Access Bypass Vulnerability in Istio HTTP Request Smuggling Vulnerability in Pulse Secure Virtual Traffic Manager HTTP Request Smuggling Vulnerability in Ping Identity PingAccess before 5.3.3 Local PIN Bypass Vulnerability in Yubico pam-u2f Denial of Service Vulnerability in Pexip Infinity 25.x before 25.4 Unauthorized Port Opening Vulnerability in CubeCoders AMP 2.1.x Insecure Direct Object Reference (IDOR) Vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 Privilege Escalation in Annex Cloud Loyalty Experience Platform <2021.1.0.1 Authenticated Attacker Can Modify Loyalty Campaigns and Settings in Annex Cloud Loyalty Experience Platform <2021.1.0.1 Remote Code Execution in Nagios Docker Config Wizard Persistent XSS vulnerability in Concerto web interface allows remote attackers to execute arbitrary JavaScript during account deletion Nokia BTS TRS Web Console Authentication Bypass via URL Encoding Chamilo Remote Code Execution via File Upload Vulnerability Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 and Earlier Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.4 and Earlier Microsoft Accessibility Insights for Web Information Disclosure Vulnerability: Exposing Sensitive Data Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) VSCode Kubernetes Tools Extension Privilege Escalation Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability 3D Viewer RCE Vulnerability 3D Viewer RCE Vulnerability 3D Viewer Data Exposure Vulnerability Exploiting the Paint 3D Remote Code Execution Vulnerability Exploiting the Paint 3D Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Outlook RCE Vulnerability: A Critical Security Flaw in Microsoft's Email Client Arbitrary Directory File Creation Vulnerability in Bitcoin Core's bitcoind Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Windows Kernel Privilege Escalation Vulnerability Windows Kernel-Mode Driver Privilege Escalation Vulnerability Windows Filter Manager Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Kernel Information Leakage Vulnerability Windows NTFS Privilege Escalation Vulnerability ASP.NET DoS Vulnerability: Exploiting Server Overload Windows NTLM Privilege Escalation Vulnerability Exploiting the Scripting Engine Memory Corruption Vulnerability SAML Response Injection Vulnerability in Hitachi ID Bravura Security Fabric Windows Bind Filter Driver Information Disclosure Vulnerability Windows InstallService Privilege Escalation Vulnerability Kerberos AppContainer Security Bypass Vulnerability SharePoint Server Remote Code Execution Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server SharePoint Server Remote Code Execution Vulnerability VP9 Video Extensions RCE Vulnerability Windows Remote Desktop Services Denial of Service Vulnerability: Disrupting Remote Desktop Services Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Shell Injection Vulnerability in SaltStack Salt's SSH Client TCP/IP Driver Security Feature Bypass Vulnerability in Windows HTML Platform Security Bypass Vulnerability Windows Event Tracing Information Disclosure Vulnerability Windows GPSVC Privilege Escalation Vulnerability NFS Server Denial of Service Vulnerability Unauthenticated Information Disclosure Vulnerability in Server for NFS Unauthenticated Information Disclosure Vulnerability in Server for NFS Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Microsoft Defender DoS Vulnerability Windows Kernel Privilege Escalation Vulnerability Vulnerability: Command Injection in Ivanti MobileIron Core's 'install rpm url' Command Intune Management Extension Remote Code Execution Vulnerability Edge (Chromium-based) Security Feature Bypass Vulnerability Exploiting the Paint 3D Remote Code Execution Vulnerability Power BI Remote Code Execution: A Critical Vulnerability Exploiting Data Visualization Software DefenderShield: Microsoft Defender Remote Code Execution Vulnerability SMTP Notification Parameter Validation Vulnerability SMTP Test Functionality Allows Bypass of Blocked Network Recipients SMTP Header Injection Vulnerability Vulnerability: Unauthorized Memory Dump Extraction in AXIS Device Manager Remote Code Execution via Directory Traversal in ONLYOFFICE Document Server before 5.6.3 Double Free Vulnerability in Algorithmica Crate Local Privilege Escalation Vulnerability in python-postorius of openSUSE Leap 15.2 and Factory Privilege Escalation via Incorrect Default Permissions in inn Packaging Impersonation Vulnerability in Rancher: Unauthorized User Access Buffer Overflow Vulnerability in libsolv 2020-12-13: Denial of Service via testcase_read() Function Symlink Following Vulnerability in clone-master-clean-up.sh Script Vulnerability: Unauthorized Extraction of Confidential Keying Material in K3s and RKE2 Unauthenticated Local Access Control Vulnerability in Secomea SiteManager Unprotected Transport of Credentials Vulnerability in Secomea SiteManager Provisioning Service Improper Host Header Check in Secomea GateManager Web Server Allows Browser Cache Poisoning Stored Cross-site Scripting (XSS) Vulnerability in Secomea SiteManager Log View Vulnerability: Unauthorized Access to SiteManager Backup Files in Secomea GateManager Improper Pathname Limitation Allows Deletion of System Files in Secomea GateManager XSS Vulnerability in Secomea GateManager Firmware Section Insufficient Encryption Strength in Secomea SiteManager, LinkManager, and GateManager TLS Stack: Facilitating Man-in-the-Middle Attacks Denial of Service (Memory Consumption) Vulnerability in SheetJS and SheetJS Pro Denial of Service Vulnerability in SheetJS and SheetJS Pro Denial of Service (CPU Consumption) Vulnerability in SheetJS and SheetJS Pro Unauthorized Access to TPM Non-Volatile Memory in Nuvoton NPCT75x TPM 1.2 Firmware 7.4.0.0 Arbitrary File Write and Remote Code Execution in JUMP AMS 3.6.0.04.009-2487 Information Disclosure: Remote File System Listing in JUMP AMS 3.6.0.04.009-2487 Arbitrary File Reading Vulnerability in JUMP AMS 3.6.0.04.009-2487 SOAP API XSS Vulnerability in OpenWrt Luci Web-Interface Allows Full System Control via ICMP Heap Memory Bounds Checking Vulnerability in Amazon Web Services FreeRTOS Denial of Service Vulnerability in BlackBerry Protect for Windows Allows Code Execution BlackBerry Protect for Windows: Low Privileged Delete Vulnerability Elevation of Privilege Vulnerability in BlackBerry Protect for Windows: Code Execution Exploit BMP Image Codec Remote Code Execution Vulnerability in BlackBerry QNX SDP QNX Neutrino Kernel Elevation of Privilege Vulnerability Arbitrary Memory Write Vulnerability in PostgreSQL Arbitrary Memory Read Vulnerability in PostgreSQL Arbitrary Memory Read Vulnerability in PostgreSQL Authentication Bypass Vulnerability in ASUS GT-AC2900 Devices Memory Leak Vulnerability in Trusted Firmware-M through 1.3.0 Time Traveler Attack: Predicting TOTP Passwords via Manipulation of Internal Clock Denial of Service and Resource Depletion Vulnerability in MongoDB Server Denial of Service and Server Exit Vulnerability in MongoDB Server v5.0.2 and earlier Unencrypted User Credentials Exposure in MongoDB Extension for VS Code Server-Side Request Forgery (SSRF) Vulnerability in Webware Webdesktop 5.1.15 Document Conversion Component Allows Unauthorized File Access Stack Overflow Vulnerability in MongoDB Aggregation Pipeline MongoDB Drivers Vulnerability: Authentication Data Exposure via Command Listener SQL Injection Vulnerability in Hexagon G!nius Auskunftsportal (before 5.0.0.0) via GiPWorkflow/Service/DownloadPublicFile id Parameter HTTP Header Injection Vulnerability in Django URLValidator Denial of Service via History Requests in HAPI FHIR Server Missing Content-Disposition Headers in Firely/Incendi Spark before 1.5.5-r4 Allows Rendering of Crafted Files in Web Browsers Out-of-Bounds Read Vulnerability in Mutt and NeoMutt with $imap_qresync Server Annotation Access Restriction Bypass in Cyrus IMAP Directory Traversal Vulnerability in S3Scanner before 2.0.2 MapServer CGI Path Restriction Bypass Vulnerability StartTLS Stripping Vulnerability in Ruby's Net::IMAP Information Disclosure Vulnerability in MiCollab Client Service Mitel MiCollab Man-In-the-Middle Vulnerability Improper TLS Negotiation Vulnerability in Mitel MiCollab before 9.3 Insecure Header Response Vulnerability in Mitel MiCollab Client Service Unauthenticated Access Control Vulnerability in Mitel MiCollab Client Service Insufficient Output Sanitization in MiCollab Client Service Allows Source Code Disclosure CSRF Vulnerability in DedeCMS V5.7 SP2 Allows Remote Code Execution Sensitive Information Exposure in HashiCorp Vault GitHub Action Insecure Deserialization Vulnerability in Re-Logic Terraria (pre-1.4.2.3) Referrer Spoofing Vulnerability in SolarWinds Web Help Desk 12.7.2 Brute-Force Attack Vulnerability Exposes Social Security Numbers in VerityStream MSOW Solutions Out-of-Bounds Read Vulnerability in Linux Kernel through 5.12.11 Arbitrary File Upload and Execution Vulnerability in Zebra Fixed RFID Reader FX9500 Arbitrary Shell Command Injection in StackLift LocalStack 0.12.6 Dashboard Component Cross-site scripting (XSS) vulnerability in StackLift LocalStack 0.12.6 Cross-site Scripting (XSS) Vulnerability in NSA Emissary 5.9.0 DocumentAction Component Arbitrary File Read Vulnerability in NSA Emissary 5.9.0 ConfigFileAction Component Arbitrary File Upload Vulnerability in U.S. National Security Agency (NSA) Emissary 5.9.0 Arbitrary File Deletion Vulnerability in U.S. National Security Agency (NSA) Emissary 5.9.0 CSRF Vulnerability in NSA Emissary 5.9.0 ConsoleAction Component Unauthenticated Phar Deserialization Vulnerability in Artica Pandora FMS 742 SQL Injection Vulnerability in Artica Pandora FMS 742 Allows Login Bypass Arbitrary System Command Execution in Bloodhound <= 4.0.1 via Malicious Data File Remote File Inclusion Vulnerability in Artica Pandora FMS 742: Exploitable by Low Privileged User OpenEMR 5.0.2.1 Patient Portal Incorrect Access Control Vulnerability SQL Injection Vulnerability in OpenEMR 5.0.2.1's custom_template/ajax_code.php Stored XSS Vulnerability in OpenEMR User Group Administration SQL Injection Vulnerability in OpenEMR 5.0.2.1's save.php Reflected XSS Vulnerability in ICEcoder 8.0's multipe-results.php Page CSRF Vulnerability in NETGEAR Devices: EX3700, EX3800, EX6120, and EX6130 Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command NULL Pointer Dereference Vulnerability in GPAC 1.0.1 Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Heap Buffer Overflow in print_udta function in GPAC 1.0.1: Denial of Service and Arbitrary Code Execution Vulnerability Heap Buffer Overflow in URL_GetProtocolType Function in GPAC 1.0.1: Denial of Service and Arbitrary Code Execution Vulnerability Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Buffer Overflow Vulnerability in LibRaw Linux/Unix v0.20.0: Privilege Escalation via LibRaw_buffer_datastream::gets(char*, int) Webmin 1.973 CSRF Vulnerability in Scheduled Cron Jobs Webmin 1.973 XSS Vulnerability in Scheduled Cron Jobs Feature Webmin 1.973 XSS Vulnerability in Upload and Download Feature Webmin 1.973 CSRF Vulnerability in Upload and Download Feature Webmin 1.973 Add Users Cross-Site Scripting (XSS) Vulnerability Webmin 1.973 File Manager Cross-Site Scripting (XSS) Vulnerability Webmin File Manager Cross-Site Request Forgery (CSRF) Vulnerability Case-Sensitive JWT Authorization Vulnerability in MOSN v0.23.0 Preauthorization Remote Code Execution (RCE) Vulnerability in Maian Cart v3.8 via Elfinder Plugin Access Control Issue Title: EmTec ZOC 8.02.4 Denial of Service Vulnerability through Title Change CS-Cart Version 4.11.1: Copy-Paste XSS Vulnerability in Blog Post Creation Page Directory Traversal Vulnerability in Node-RED-Dashboard (before 2.26.2) Allows Unauthorized File Read XSS Vulnerability in SmarterTools SmarterMail before Build 7776 Remote Code Execution Vulnerability in SmarterTools SmarterMail 16.x through 100.x Buffer Overflow Vulnerability in Rocket League <=1.95 Stored XSS Vulnerability in cszcms 1.2.9 via /admin/pages/new (content parameter) Critical File Upload RCE Vulnerability in FOGProject v1.5.9 Arbitrary Code Execution via Description Field in Moodle 3.10.3 Unfiltered SVG File Upload Vulnerability in PageKit v1.0.18 Stack-Overflow Vulnerability in GNU libiberty's demangle_type Function Heap-Based Buffer Overflow in ok_csv_circular_buffer_read Function Global Buffer Overflow in AP4_MemoryByteStream::WritePartial() Function Buffer Overflow Vulnerability in gf_fprintf Function in GPAC NULL Pointer Dereference in ilst_item_box_dump Function Allows for Denial of Service in gpac NULL Pointer Dereference in vwid_box_del Function Leading to Denial of Service in gpac Stack Buffer Overflow in DumpRawUIConfig Function in gpac (CVE-2020-XXXX) Heap-Buffer-Overflow Vulnerability in faad2's stszin Function Allows Code Execution Stack-buffer-overflow in ftypin function allows Code Execution in faad2 through 2.10.0 Heap-buffer-overflow vulnerability in faad2 allows for code execution NULL Pointer Dereference in CosPrim::computeSigOutput() Function Allows for Denial of Service NULL Pointer Dereference in faad2's get_sample() Function Leading to Denial of Service Heap-buffer-overflow vulnerability in faad2 allows code execution Heap-buffer-overflow in lt_prediction function allows code execution in faad2 through 2.10.0 NULL Pointer Dereference in compute_closed_spline() Function Leads to Denial of Service in fig2dev Heap Buffer Overflow in gnode_function_add_upvalue in gravity_ast.c NULL Pointer Dereference in ircode_add_check() Function Leading to Denial of Service in gravity through 0.8.1 NULL Pointer Dereference in gravity_string_to_value() Function Allows for Denial of Service NULL Pointer Dereference in ircode_register_pop_context_protect() Function Leading to Denial of Service NULL Pointer Dereference in list_iterator_next() Function in gravity_core.c Allows for Denial of Service Global Buffer Overflow in hcxtools: Code Execution Vulnerability Global Buffer Overflow in Heif's HevcDecoderConfigurationRecord::getPicWidth() Function Global Buffer Overflow in Heif's HevcDecoderConfigurationRecord::getPicHeight() Function NULL Pointer Dereference in convertByteStreamToRBSP() Function in heif ASUSWRT ASUS RT-AX3000 Firmware Denial of Service Vulnerability Stack-buffer-overflow in json_parse function of json-c (versions 20200420-0.15-20200726) Heap-buffer-overflow in libgig's RIFF::List::GetSubList function leading to code execution Heap Buffer Overflow in LIEF's pe_reader.c Allows Code Execution Global Buffer Overflow in IFF_errorId Function Enables Code Execution Stack Buffer Overflow in pbrt::ParamSet::ParamSet() Allows Code Execution Cross-Site Scripting (XSS) Vulnerability in IRZ Electronics RUH2 GSM Router Allows Information Disclosure via Upload File Parameter Arbitrary Command Execution in WebSVN 2.6.1 and earlier Vulnerability Title: Null Pointer Dereference in Vim 8.2.2348 via ex_buffer_all Method Unauthenticated SQL Injection Vulnerability in E-Learning System 1.0 Race Condition Vulnerability in Linux Kernel's HCI Controller Removal Cross Site Request Forgery (CSRF) Vulnerability in Intelbras Router RF 301K Firmware 1.1.2 Cross Site Request Forgery (CSRF) Vulnerability in Intelbras Router RF 301K Firmware 1.1.2 Local Privilege Escalation Vulnerability in EXEMSI MSI Wrapper Sensitive Information Disclosure in Schism Tracker v20200412 SQL Injection Vulnerability in DuxCMS v3.1.3 via s/tools/SendTpl/index?keyword= Heap-based Buffer Overflow in dpic.y's thestorestring function (CVE-2021-01-01) Heap Use-After-Free Vulnerability in dpic.y's deletestringbox() Function (CVE-2021-XXXX) Global Buffer Overflow in theyylex() Function in main.c Unauthenticated Router Takeover Vulnerability in TrendNet TW100-S4W1CA 2.3.32 Arbitrary JavaScript Injection Vulnerability in TrendNet TW100-S4W1CA 2.3.32 SQL Injection Vulnerability in Viaviwebtech Android EBook App: Exploiting the author_id Parameter in api.php Cross-Site Scripting (XSS) Vulnerability in Wfilter ICF 5.0.117 Out-of-Bounds Read Vulnerability in abcm2ps v8.14.11's calculate_beam Function Stack-based Buffer Overflow in get_key function of abcm2ps v8.14.11 Out-of-Bounds Read Vulnerability in write_title() Function of abcm2ps v8.14.11 Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Buffer Overflow Vulnerability in stbl_AppendSize Function in GPAC 1.0.1 Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command SQL Injection Vulnerability in Exponent-CMS v.2.6.0: Exploiting selectValue Function in expConfig Class Unauthenticated Access to Internal Configuration Database in SITEL CAP/PRX Firmware 5.2.01 Hardcoded Password Vulnerability in SITEL CAP/PRX Firmware Version 5.2.01 Denial of Service Vulnerability in SITEL CAP/PRX Firmware Version 5.2.01 Local Network Traffic Analysis Vulnerability in SITEL CAP/PRX Firmware Version 5.2.01 Trend Micro Home Network Security Privilege Escalation Vulnerability Vulnerability: Stack-Based Buffer Overflow in Trend Micro Home Network Security Hard-coded Password Vulnerability in Trend Micro Home Network Security Heap Buffer Overflow Vulnerability in libsndfile 1.0.30: Arbitrary Code Execution via Crafted WAV File Improper Access Control Vulnerability in Trend Micro Maximum Security 2021 (v17) Installer Integer Truncation Privilege Escalation Vulnerability in Trend Micro Password Manager Exposed Hazardous Function Remote Code Execution Vulnerability in Trend Micro Password Manager (Consumer) Privilege Escalation and File Deletion Vulnerability in Trend Micro Apex One and Worry-Free Security Privilege Escalation Vulnerability in Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security Services Authentication Bypass Vulnerability in Trend Micro Apex One, Apex One as a Service, and OfficeScan XG SP1 Uncontrolled Search Path Element Privilege Escalation Vulnerability in Trend Micro HouseCall for Home Networks Vulnerability: Out-of-bounds read in MediaTek microchips' WPS protocol handling Vulnerability: Out-of-bounds read in MediaTek microchips' WPS protocol handling Vulnerability: WPS Protocol Mishandling in MediaTek Microchips XSS Vulnerability in Craft CMS before 3.6.13 Arbitrary Code Execution Vulnerability in Marvin Minsky's Universal Turing Machine Implementation CSV Export Vulnerability in Moodle Versions 3.8 to 3.10.3 Pre-Release Quiz Grade Viewing Vulnerability in Moodle SQL Injection Vulnerability in MNet-enabled Moodle Sites via XML-RPC Call Stored XSS vulnerability in Quiz Grading Report in Moodle versions 3.5 to 3.10.3 Denial-of-Service Vulnerability in Moodle's Draft Files Area Unrestricted Display of Last Mobile App Access on User Profile Page LTI Authorization Endpoint Redirect URI Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cloudera Hue 4.6.0 via type Parameter Cross-Site Scripting (XSS) Vulnerability in Cloudera Manager Cloudera Manager 7.2.4 Incorrect Access Control Vulnerability: Privilege Escalation to Restricted Dashboard Remote Denial of Service Vulnerability in Modem 2G RRM Heap Buffer Overflow Vulnerability in Modem 2G RRM: Remote Denial of Service without User Interaction Remote Denial of Service Vulnerability in Modem 2G RRM Remote Denial of Service Vulnerability in Modem 2G RRM Integer Overflow Vulnerability in Yubico yubihsm-shell Out of Bounds Write Vulnerability in djvulibre-3.5.28 and Earlier Integer Overflow Vulnerability in djvulibre-3.5.28 and Earlier Out of Bounds Read Vulnerability in djvulibre-3.5.28 and Earlier Heap Buffer Overflow in djvulibre-3.5.28 and Earlier: Potential Application Crash and Consequences Division by Zero Vulnerability in Radare2's Mach-O Parser: Exploiting the Rebase_Buffer Function for Denial of Service Use-After-Free Vulnerability in Radare2's pyc Parser's get_none_object Function Inadequate Encryption Strength Vulnerability in SICK Visionary-S CX up version 5.21.2.29154R Arbitrary Execution Vulnerability in SICK SOPAS ET (before version 4.8.0) Arbitrary Executable Execution via Path Traversal in SICK SOPAS ET (before version 4.8.0) Command Line Argument Manipulation Vulnerability in SICK SOPAS ET (before version 4.8.0) Unauthenticated Access to Sensitive Web URLs: A Gateway for Malicious Attacks Unauthenticated Access to Sensitive Web URLs: A Gateway for Malicious Attacks Absolute Path Traversal Vulnerability in QSAN Storage Manager's GetImage Function Absolute Path Traversal Vulnerability in QSAN Storage Manager FileDownload Allows Arbitrary File Download Absolute Path Traversal Vulnerability in QSAN Storage Manager FileStreaming Absolute Path Traversal Vulnerability in FileviewDoc in QSAN Storage Manager QSAN Storage Manager Directory Listing Vulnerability QSAN Storage Manager Directory Listing Vulnerability Unauthenticated Remote Command Execution in QuickInstall of QSAN Storage Manager Remote Code Execution Vulnerability in QSAN Storage Manager Improper Access Control Vulnerability in QSAN Storage Manager FirmwareUpgrade Allows Remote Device Reboot Directory Listing Vulnerability in QSAN Storage Manager's share_link Path Traversal Vulnerability in QSAN Storage Manager Allows Remote File Download Improper Access Control Vulnerability in QSAN Storage Manager Allows Remote File Download Arbitrary File Access Vulnerability in QSAN Storage Manager's share_link Insufficient Computational Effort in Password Hashing Vulnerability in QSAN Storage Manager, XEVO, SANOS Information Disclosure Vulnerability in KACO New Energy XP100U Authentication Process Hard-coded Cryptographic Key Vulnerability in QSAN Storage Manager: User Credential and Permission Exposure Privilege Escalation via MAC Address Authentication in QSAN Storage Manager Excessive Authentication Attempts Vulnerability in QSAN Storage Manager: Remote Credential Discovery Remote Privilege Escalation Vulnerability in QSAN Storage Manager QSAN Storage Manager Command Injection Vulnerability Hard-coded Password Vulnerability in QSAN Storage Manager Improper Permission Assignment in QSAN Storage Manager Allows Unauthorized Access to Password Files Path Traversal Vulnerability in QSAN Storage Manager Allows Remote File Download Unauthorized Access to System Information in QSAN Storage Manager Remote Command Injection Vulnerability in QSAN XEVO SANOS OS Command Injection Vulnerability in Array Function in QSAN XEVO (CVE-2021-XXXX) OS Command Injection Vulnerability in QSAN XEVO Init Function Path Traversal Vulnerability in QSAN XEVO v2.0.0 Allows Unauthorized File Download QSAN SANOS v2.1.0 Improper Filtering of Special Parameters Vulnerability QSAN SANOS Factory Reset Function Command Injection Vulnerability QSAN SANOS Hard-Coded Default Credentials Vulnerability Reflected XSS Vulnerability in MCUsystem Login Page Realtek HAD Driver Crashed Vulnerability Unrestricted File Upload Vulnerability in ARTWARE CMS Image Upload Function Stored XSS vulnerability in Add Event function of 101EIP system Asus DSL-N14U-B1 1.1.2.3_805 Vulnerability: Remote DoS via TCP SYN Scan Stored XSS Vulnerability in 101EIP System's Announcement Function Authentication and Session Management Vulnerability in CTS Web Transaction System Unfiltered Special Characters in CTS Web Trading System Functions Enable Reflected XSS and Token Theft Authentication Bypass Vulnerability in CTS Web Transaction System DOM-based XSS vulnerability in IGT+ search function allows remote authenticated attackers to inject malicious JavaScript Remote Denial of Service Vulnerability in Pexip Infinity Before 26 Due to Missing RTMP Input Validation Remote Command Execution via Git Configuration Overwrite Vulnerability: Information Exposure via Symbolic Links and FIFOs in openjdk-lts Package Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file() Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file() Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file() Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file() Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file() Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file() Vulnerability: Information Disclosure via Symbolic Links and FIFOs in read_file() Vulnerability: Information Disclosure via Symbolic Links and FIFOs in apport/hookutils.py Package Name Injection Vulnerability in get_modified_conffiles() Function Arbitrary File Write Vulnerability in process_report() Function Crash Vulnerability in Sangoma Asterisk Versions 13.x, 16.x, 17.x, 18.x, and Certified Asterisk Integer Overflow in pywin32: Crash Exploit via ACE Size Arbitrary File Read Vulnerability in KuaiFanCMS V5.x Incorrect Access Control in OctoPrint Logging Subsystem Cross-Site Scripting (XSS) Vulnerability in OctoPrint before 1.6.0 Thunar File Type Delegation Vulnerability Apache Traffic Server Content-Length Header Smuggling Vulnerability Apache Traffic Server HTTP/2 Denial of Service Vulnerability Apache Traffic Server HTTP/2 Denial of Service Vulnerability Deserialization Vulnerability in mrdoc Cross-Site Scripting Vulnerability in Outdated OSS-RC Systems Privilege Escalation Vulnerability in Ericsson Network Manager (ENM) Releases Before 21.2 Unsecured User Credentials Left in Deprecated OSS-RC Systems Directory Traversal Vulnerability in Speco Web Viewer Allows Unauthorized File Access Reflected XSS Vulnerability in express-cart Package for Node.js Vulnerability: Insecure Destination Service Identity Validation in HashiCorp Consul and Consul Enterprise ARP Spoofing Vulnerability in HashiCorp Nomad and Nomad Enterprise Local Privilege Escalation in Acronis True Image prior to 2021 Update 4 for Windows (Issue 1 of 2) Insecure Folder Permissions in Acronis True Image prior to 2021 Update 5 for Windows: Local Privilege Escalation Vulnerability Local Privilege Escalation in Acronis True Image: Improper Soft Link Handling (Issue 2 of 2) Unauthenticated Remote Tampering Vulnerability in Acronis True Image Cross-Site Scripting (XSS) Vulnerability in Question2Answer Q2A Ultimate SEO Version 1.3 Local Privilege Escalation Vulnerability in Acronis True Image (Windows) Prior to 2021 Update 4 SSL Certificate Validation Bypass in Acronis True Image and Acronis Cyber Protect Blind SQL Injection Vulnerability in ConnectWise Automate Stored Cross-Site Scripting Vulnerability in FortiWAN before 4.5.9 Improper Input Validation Vulnerability in FortiMail Web Server CGI Facilities Improper Access Control Vulnerability in FortiManager and FortiAnalyzer GUI Interface FortiPortal Hard-Coded Credentials Vulnerability SQL Injection Vulnerabilities in FortiPortal Cryptographic Vulnerability in FortiSandbox, FortiWeb, FortiADC, and FortiMail DLL Hijack Vulnerability in FortiClient and FortiClientEMS FortiWAN Dynamic Tunnel Protocol Vulnerability Unrestricted File Upload Vulnerability in FortiPortal Web Interface Uncontrolled Resource Consumption Vulnerabilities in FortiPortal Web Interface Predictable Salt Vulnerability in FortiPortal Password Storing Mechanism Stored Cross Site Scripting (XSS) Vulnerability in FortiManager and FortiAnalyzer User Interface HTTP Response Splitting Vulnerability in FortiManager and FortiAnalyzer GUI FortiOS CLI Vulnerability: Unauthorized Access to Sensitive Information in VDOMs Cross-Site Scripting (XSS) Vulnerability in FortiPortal GUI FortiManager and FortiAnalyser GUI SSRF Vulnerability Share URL XSS Vulnerability in SolarWinds Serv-U Arbitrary OS Command Execution in zzzcms zzzphp before 2.0.4 Privilege Escalation via Use-After-Free in Linux Kernel CAN ISOTP SF_BROADCAST Support Unsanitized HTML Input in Private Messages in SmartstoreNET Unsanitized HTML Input in Smartstore Forum Post Apache Superset 1.1 HTML Injection Vulnerability in Explore Page Titles Symlink Traversal Vulnerability in Archive_Tar before 1.4.14 NULL Pointer Dereference Vulnerability in eXosip2 through 5.2.0 when Handling 3xx Redirect Responses Cleartext HTTP Communication Vulnerability in VeryFitPro (com.veryfit2hr.second) Application 3.2.8 for Android Double Free Vulnerability in Radare2's pyc Parse Leading to DoS Memory Layout Information Leakage in dmg2img through 20170502 Piwigo 11.4.0 SQL Injection in admin/user_list_backend.php order[0][dir] 1CDN Cross-Site Scripting Vulnerability Quadratic Complexity Denial of Service Vulnerability in Exiv2 Vulnerability: Open Redirect in Flask-Security-Too Package Vulnerability in Deno Allows Bypassing Network and File System Permission Checks SQL Injection Vulnerability in TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 User Self-Reactivation Vulnerability in XWiki Platform Privilege Escalation through Gadget Title Editing in XWiki Platform Local File Preview Script Execution Vulnerability in Matrix-React-SDK Billion Laughs Attack Vulnerability in Opencast Prior to 9.6 Vulnerability: Access Control Bypass in Keystone 5 Query Infrastructure Integer Overflow Vulnerability in Redis STRALGO LCS Command Heap-based Lua stack overflow vulnerability in Redis with Lua scripting support Integer Overflow Vulnerability in Redis Integer Overflow Vulnerability in Redis ziplist Data Structure Cranelift 0.73 x64 Backend Bug Allows Potential Sandbox Escape in Wasm Programs Authenticated RCE via .phar file upload in Admidio before version 4.0.4 Authentication Bypass Vulnerability in Common Package Vulnerability: Cross-Site Request Forgery (CSRF) in Pajbot versions prior to 1.52 Untrusted User Access to Zope Page Templates in Versions Prior to 4.6 and 5.2 Unsafe Deserialization in Emissary 6.4.0 REST Endpoint Allows Remote Code Execution Vulnerability in Singularity 3.7.2 and 3.7.3: Remote Execution of Malicious Containers Vulnerability: Bypassing Authentication Mechanism in Authelia with Nginx Insecure Token Handling in GitHub's CodeQL Runner Server-Side Request Forgery (SSRF) Vulnerability in Emissary Workflow Engine SQL Injection Vulnerability in cxuucms 3.1 via pid Parameter in public/admin.php WebSocket Server Denial of Service Vulnerability in ws Library Reflected XSS vulnerability in auth0-lock versions before 11.30.1 Configuration Injection via Crafted RadSec Peer Discovery DNS Records in radsecproxy Directory Leakage Vulnerability in Http4s Code Injection Vulnerability in Ampache 4.x.y's random.php Open Redirect Vulnerability in Tenancy Multi-Tenant for Laravel Roomer Discord Bot Cog Vulnerability: Unauthorized Channel Manipulation Post-Authentication Remote Code Execution in Emissary's CreatePlace REST Endpoint Account takeover vulnerability in OctoberCMS Arbitrary PHP Code Execution in October CMS Template Markup Vulnerability: Remote Code Execution via Theme Import in October CMS Blind LDAP Injection Vulnerability in OneDev Versions 4.4.1 and Prior Missing Permission Check in Nextcloud Mail Allows Unauthorized Access to Mail Metadata User ID Leakage in Nextcloud Server Privilege Escalation in Nextcloud Server's Federated File Sharing Privilege Escalation via Files Drop Link Conversion in Nextcloud Server Vulnerability in Nextcloud Server Allows Unauthorized Access to User Information via Federated Share User Administration Page Break Vulnerability in Nextcloud Server Timeout Issue in Nextcloud Android Client Leads to Incomplete Data Removal on Account Removal Unauthenticated Room Repointing Vulnerability in Matrix-appservice-bridge Arbitrary Script Upload Vulnerability in @backstage/techdocs-common Arbitrary Script Injection in Backstage Techdocs Plugin (Versions < 0.9.5) Sensitive File Disclosure in Backstage TechDocs Unauthenticated System Setup Call Leading to SSRF in iTop XSS Vulnerability in Combodo iTop Run Query Page Unverified Conversation Bug in wire-ios Versions 3.8.0 and Earlier Denial of Service Vulnerability in wire-ios Versions 3.8.0 and Prior Cross-Site Scripting Vulnerability in TYPO3 Versions 9.0.0 - 11.3.0 Cross-Site Scripting Vulnerability in TYPO3 Versions 9.0.0 - 9.5.28, 10.0.0 - 10.4.17, and 11.0.0 - 11.3.0 Persistent Cross-Site Scripting Vulnerability in TYPO3 Backend Layouts Arbitrary Code Execution Vulnerability in KiteCMS v.1.1 via uploadFile Function Reflected Cross-Site Scripting Vulnerability in Datasette's `_trace` Debugging Feature Flarum v1.0.0 and v1.0.1 - Remote Code Execution Vulnerability Redis Lua Debugger Protocol Parser Buffer Overflow Vulnerability Arbitrary Command Execution Vulnerability in reg-keygen-git-hash-plugin (<=0.10.15) TAL Expression Traversal Vulnerabilities in Zope Redis RESP Protocol Memory Allocation Vulnerability Session Cookie Not Rotated in Nextcloud Talk FastAPI versions lower than 0.65.2 vulnerable to Cross-Site Request Forgery (CSRF) attack when using cookies for authentication Unrestricted OCS API Response Rate Limiting in Nextcloud Server Unsanitized Filename Download Vulnerability in Nextcloud Server Unlogged Share Expiration Date Unsetting Vulnerability in Nextcloud Server Cross-Site Scripting Vulnerability in Wagtail Content Management System Remote Code Execution Vulnerabilities in elFinder 2.1.58 Cross-Site Scripting (XSS) Vulnerability in wire-webapp prior to version 2021-06-01-production.0 Unimplemented Handler Vulnerability in Magento-Scripts 1.5.1 and 1.5.2 Insecure Signature Verification in tEnvoyNaClSigningKey in versions prior to 7.0.3 Race condition and destruction vulnerability in PJSIP SSL socket Integer Overflow Vulnerability in Redis Allows Heap Corruption and Potential Remote Code Execution Insecure Permission Handling in Nextcloud Server Allows Unauthorized Filesystem Access Username Reuse Vulnerability in Nextcloud Talk Helm Repository Credential Leakage Vulnerability User Account Access Vulnerability in Apollos Apps Versions Prior to 2.20.0 Arbitrary Command Execution via Malicious Page Title in Activity Watch Firewall Authentication Token Leakage Vulnerability in Symfony 5.3.0 - 5.3.1 Uncaught Exception Vulnerability in Nextcloud Android App (Versions Prior to 3.15.1) Vulnerability: Unauthorized Access to Nextcloud Android App Shared Preferences Type-Confusion Vulnerability in striptags npm Package (CVE-2021-12345) Vulnerability: Bypassing Form Validators in neos/forms Blind GET Request Vulnerability in eLabFTW 4.0.0 Improper Container Process Limits in Pterodactyl Wings (Versions < 1.4.4) Lead to Resource Exhaustion Vulnerability Supply Chain Attack Vulnerability in Ballerina Versions 1.2.x and SL Alpha 3 Vulnerability: Improper Token Scope Validation in ORY Oathkeeper Reflected XSS vulnerability in Auth0 Next.js SDK (<=1.4.1) allows arbitrary code execution Lack of Ratelimiting on Nextcloud Server Shareinfo Endpoint Vulnerability SQL Injection Vulnerability in DHIS2 Versions 2.34.4, 2.35.2, 2.35.3, 2.35.4, and 2.36.0 Lack of Ratelimiting on Nextcloud Server's Public DAV Endpoint Allows Enumeration of Share Tokens and Credentials Pi-hole Web Interface Unescaped Period Vulnerability Nextcloud Mail Prior to 1.9.6 Privacy Filter Bypass Vulnerability Arbitrary Code Execution Vulnerability in Flysystem Unvalidated Order Credits Creation Vulnerability in Shopware Stored XSS vulnerability in PressBooks 5.17.3 via Book Info's Long Description Body Critical Vulnerability in Shopware: Session Hijacking of Store Customers Information Leakage Vulnerability in Shopware Store-API (Versions prior to 6.3.5.1) Vulnerability: System Information Leakage in Shopware eCommerce Platform (Versions prior to 5.6.10) Authenticated Stored XSS Vulnerability in Shopware Administration Integer Overflow Vulnerability in hyper HTTP Library (Versions prior to 0.14.10) Vulnerability: Request Smuggling in hyper HTTP/1 Server Exposure of Internal Hidden Fields in Shopware Admin API Vulnerability: Public Access to Private Files in Shopware eCommerce Platform User Ban Rendering Vulnerability in RabbitMQ Management UI Cross-Site Scripting (XSS) Vulnerability in RabbitMQ Federation Management Plugin Heap-Based Buffer Over-Read Vulnerability in libjasper's jp2_decode Function Information Exposure in Sylius eCommerce Platform Open Redirect Vulnerability in PowerMux versions prior to 1.1.1 Uncontrolled Resource Consumption Vulnerability in GlobalNewFiles Extension Prism v1.24.0 Vulnerability: Regular Expression Denial of Service (ReDoS) Exposure of GITHUB_TOKEN via crafted Pull Request in check-spelling GitHub Action Default Share Permissions Bypass in Nextcloud Server Webauthn Token Persistence Vulnerability in Nextcloud Server Insecure Key Verification in Nextcloud Android Client Insecure Key Verification in Nextcloud Desktop Client Authentication Failure Record Reset Vulnerability in XWiki Platform Code Injection Vulnerability in Nagios XI Below 5.7 via /nagiosxi/admin/graphtemplates.php Cross-Site Request Forgery Vulnerability in XWiki Platform Information Disclosure Vulnerability in XWiki Platform's Reset Password Form Vulnerability: Account Enumeration and Username Disclosure in XWiki Forgot Username Page Cross-Site Scripting Vulnerability in Nextcloud Text Application Nextcloud Server Text Application Full Path Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in Kirby CMS 3.5.5 and 3.5.6 Prototype Pollution Vulnerability in think-helper versions prior to 1.1.3 Cross-Site Scripting (XSS) Vulnerability in Sulu CMS Collection Title Missing Server Signature Verification in Utils.readChallengeTx in js-stellar-sdk Privilege Escalation Vulnerability in Icinga Monitoring System Uncontrolled Resource Consumption Vulnerability in Addressable URI Template Implementation Lack of Ratelimiting on Nextcloud Server Public Share Link Mount Endpoint Vulnerability in Vapor's Data.init(base32Encoded:) Function Allows Server Memory Exposure and Denial of Service Exposure of Credentials in Icinga Monitoring System API Unauthenticated Access to Opened Files in Collabora Online Editor Reflected XSS Vulnerability in Collabora Online prior to version 6.4.9-5 Arbitrary File Read Vulnerability in Icinga Web 2's `doc` Module Exposure of Custom Variables in Icinga Web 2 Vulnerability: Bypass of Watermark and Download Protection in Nextcloud Richdocuments Remote Code Execution Vulnerability in fail2ban's mail-whois Action Unauthenticated Stored Cross-Site Scripting (XSS) Vulnerability in TP-Link Products MuWire Desktop Client Prior to Version 0.8.8 Vulnerability: De-anonymization via HTML Image Tag Arbitrary Code Execution Vulnerability in Gradle Start Scripts Authenticated Admin Users Able to Access Any File on Server in Ether Logs Plugin (Versions Prior to 3.0.4) Vulnerability: OAuth2 Token Endpoint Dictionary Attack in EdgeX Foundry XML External Entity (XXE) Vulnerability in FlowDroid versions prior to 2.9.0 Lack of Certificate Pinning in Wire iOS 3.82 WebSocket Implementation Arbitrary Code Execution with Root Privileges in ManageIQ Arbitrary Command Execution Vulnerability in OpenMage Magento LTS (Versions prior to 19.4.15 and 20.0.11) Arbitrary File Upload Vulnerability in OpenMage Magento-LTS Privilege Escalation via Containerd Image Extraction Vulnerability Vulnerability: Out-of-bounds Read and Integer Overflow in Redis `*BIT*` Command Integer Overflow Vulnerability in Redis-cli and Redis-sentinel Regular Expression Denial of Service in OpenProject's MessagesController XSS Vulnerability in YouTube Oneboxes in Discourse Integer Overflow Vulnerability in Hiredis Library Vulnerability: Folder Enumeration in Nextcloud Text Application Vulnerability: Plain-text Logging of User Credentials in TYPO3 Cross-Site Scripting Vulnerability in TYPO3 Content Rendering Path Traversal Vulnerability in Micronaut Framework (Versions prior to 2.5.9) Arbitrary File Upload and Remote Code Execution in Nagios XI 5.7.5 and Earlier Gatsby-source-wordpress Plugin Leaks .htaccess HTTP Basic Authentication Variables Buffer Overflow in RPL-Classic Implementation in Contiki-NG Cross-Site Scripting (XSS) Vulnerability in Poddycast Prior to Version 0.8.1 Racket Sandbox Module Hijacking Vulnerability CSRF Vulnerability in DataDump Extension Information Disclosure Vulnerability in Combodo iTop CSRF Token Reuse Vulnerability in Combodo iTop Authorization Bypass Vulnerability in Envoy's ext-authz Extension High CPU Utilization Vulnerability in Envoy's HTTP/2 Stream Reset Procedure Improper Handling of URI Fragments in Envoy Proxy Authentication Bypass via SQL Injection in Local Service Search Engine Management System 1.0 Abnormal State Transition Vulnerability in Envoy Proxy Buffer Overflow Vulnerability in Envoy Proxy Stored Cross-Site Scripting (XSS) Vulnerability in Nextcloud Circles Application Remote access to Envoy's admin interface in Contour before version 1.17.1 Uncontrolled Format String Bug in mod_auth_openidc Open Redirect vulnerability in mod_auth_openidc logout functionality Information Leakage in Sourcegraph before version 3.30.0 Whisper Post Creator Disclosure Vulnerability SQL Injection Vulnerability in WooCommerce Gutenberg Products Block Plugin Cross-Site Scripting (XSS) Vulnerability in sz.chat Version 4 SQL Injection Vulnerability in WooCommerce Plugin (Versions 3.3.0 - 3.3.6) Static IV and AAD in AES GCM Encryption in mod_auth_openidc before version 2.4.9 XSS Vulnerability in mod_auth_openidc when using OIDCPreservePost On Persistent Cross-Site Scripting (XSS) Vulnerability in Pi-hole Web Interface Vulnerability: Accidental Removal of IPCPassword in ArchiSteamFarm Denial of Service Vulnerability in ArchiSteamFarm Improper Character Escaping in xmldom Versions 0.6.0 and Older Remote Code Execution in JupyterLab via Untrusted Notebook Jupyter Notebook XSS Vulnerability: Arbitrary Code Execution via Malicious ipynb Documents Bypassing Two Factor Authentication in Nextcloud Server Sensitive Key Material Logging Vulnerability in Nextcloud Encryption-at-Rest Functionality Vulnerability: Untrusted User-Supplied Content Execution in Nextcloud Server Image Previews Arbitrary File Creation/Overwrite Vulnerability in npm package tar (aka node-tar) Arbitrary File Creation/Overwrite Vulnerability in npm package tar (node-tar) Open Redirect Vulnerability in Flask-AppBuilder OAuth Open Redirect vulnerability in Products.isurlinportal prior to 1.2.0 Vulnerability: Remote Code Execution in Zope's AccessControl Module CKEditor Clipboard Widget Plugin Undo Feature JavaScript Code Execution Vulnerability CKEditor 4 Clipboard Package HTML Injection Vulnerability Directory Traversal Vulnerability in Django's Archive Extraction Method Double Popping Vulnerability in crossbeam-deque Remote Code Execution Vulnerability in Zope Versions Prior to 4.6.3 and 5.3 Reflected Cross-Site Scripting Vulnerability in Monkshu Enterprise Application Server Potential Header Vulnerability in Traefik's Connection Handling Directory Traversal Vulnerability in Skytable Versions Prior to 0.5.1 Exiv2 Crafted Image Metadata Modification Denial of Service Vulnerability Regular Expression Denial-of-Service Vulnerability in ProtonMail Web Client File Disclosure Vulnerability in express-hbs Template Engine RCE and XSS Vulnerabilities in haml-coffee Template Engine Remote Code Execution in Squirrelly Template Engine via ExpressJS Configuration Overwrite Unauthenticated Execution of `remove-peer` Command in HashiCorp Vault Enterprise 1.6.0 & 1.6.1 File Disclosure Vulnerability in Express-handlebars Vulnerability: Regular Expression Denial of Service (ReDoS) in MooTools CSS Selector Parser File Disclosure Vulnerability in npm hbs Package Denial-of-Service Vulnerability in bindata RubyGem Prior to 2.4.10 Apache Dubbo Pre-Auth Remote Code Execution via Telnet Handler Vulnerability Zipslip Vulnerability in bblfshd Allows Arbitrary File Write and Read Access Arbitrary Command Execution Vulnerability in Proxyee-Down Arbitrary Code Execution via MockServer's Overly Broad CORS Configuration and Script Injection Reflected Cross-Site Scripting (XSS) Vulnerability in Nuxeo Platform 11.5.109's `oauth2` REST API ZStack REST API Post-Authentication Remote Code Execution via Groovy Shell Sandbox Bypass Process Isolation Vulnerability in HashiCorp Nomad and Nomad Enterprise Command Injection Vulnerability in @diez/generation's locateFont Method Code Injection Vulnerability in Total.js Framework (npm package total.js) before version 3.4.9 Regular Expression Denial of Service (ReDoS) Vulnerability in Rocket.Chat Arbitrary File Read Vulnerabilities in Emby Server on Windows (Version 4.6.4.0) Arbitrary Code Execution in Eclipse Keti via Malicious Groovy Scripts Post-Authentication Remote Code Execution Vulnerability in Eclipse Keti Pre-Auth Unsafe Deserialization Vulnerability in ZStack REST API Regular Expression Denial of Service (ReDoS) Vulnerability in mechanize Library (Versions Prior to 0.4.6) Regular Expression Denial of Service (ReDoS) in Flask-RESTX email_regex Regular Expression Denial of Service in sqlparse Arbitrary File Write Vulnerability in SharpZipLib (<=1.3.3) Arbitrary File Creation Vulnerability in SharpZipLib (or #ziplib) Arbitrary File Creation Vulnerability in SharpZipLib Null Pointer Dereference in HyperKit's virtio.c Leads to Host Crash Null Pointer Dereference in HyperKit's vi_pci_write Function Uninitialized Memory Read Vulnerability in HyperKit's qnotify Function Uninitialized Memory Use in HyperKit's virtio-sock Function (CVE-2021-XXXXX) HyperKit Disk Driver Vulnerability: Host Memory Disclosure in Virtualized Guest ReDoS Vulnerability in Octobox Prior to PR 2807 Arbitrary Command Execution Vulnerability in Gerapy Prior to 0.9.9 Unverified X.509 Certificates Vulnerability in JxBrowser Cross-Site Scripting (XSS) Vulnerability in jQuery MiniColors Cross-Site Scripting Vulnerability in mind-elixir Prior to Version 0.18.1 Cross-Site Scripting (XSS) Vulnerability in Countly Community Edition (prior to version 21.11) Cross-Site Scripting (XSS) Vulnerability in Erxes 0.22.3 and Prior Versions Allows Client-Side Code Execution Copy-Paste Cross-Site Scripting (XSS) Vulnerability in textAngular (Versions 1.5.16 and prior) Copy-Paste Cross-Site Scripting (XSS) Vulnerability in Vditor Versions Prior to 3.8.7 Incomplete Fix for Copy-Paste Cross-Site Scripting (XSS) Vulnerability in Microweber Cross-Site Scripting (XSS) Vulnerability in Cockpit Content Management System Cross-Site Scripting (XSS) Vulnerability in esdoc-publish-html-plugin Cross-Site Scripting (XSS) Vulnerability in Baremetrics Date Range Picker Incomplete Fix for SQL Injection Vulnerability in Spotweb 1.4.9 Cross-Site Scripting (XSS) Vulnerability in iziModal Plugin Exploiting Cross-Site Scripting Vulnerabilities in nbconvert: A Comprehensive Analysis Unauthenticated Remote Code Execution in Zoho ManageEngine OpManager before 12.5.329 Arbitrary OS Command Execution in Zen Cart 1.5.7b via HTML Radio Input Element Open Access Vulnerability in Prosody's Proxy65 Component Remote Unauthenticated DoS Vulnerability in Prosody Server Impersonation Vulnerability in Prosody Uncontrolled CPU Consumption Vulnerability in Prosody before 0.11.9 via SSL/TLS Renegotiation Flood Timing Attack Vulnerability in Prosody Token and Dynamic Secret Lease Renewal Vulnerability in HashiCorp Vault Invision Community (IPS Community Suite) before 4.6.0: Moderator PHP Code Injection Vulnerability XML External Entity (XXE) Injection in Chamilo 1.11.x User Import Password Hash Replacement Vulnerability Client-side JavaScript Injection Vulnerability in Uffizio GPS Tracker Uninstaller Fails to Close Port 1947 in Sentinel LDK Run-Time Environment Unintended Action Exploit in Uffizio GPS Tracker: All Versions Affected Full Path Disclosure Vulnerability in Emlog v5.3.1 t/index.php Missing Authentication Vulnerability in iView (Versions Prior to v5.7.03.6182) Uninitialized Pointer Vulnerability in FATEK Automation FvDesigner SQL Injection Vulnerability in iView (versions prior to v5.7.03.6182) Command Injection Vulnerability in MDT AutoSave Versions Prior to v6.02.06 Insufficient Data Protection in ThroughTek P2P Products: Exploiting Vulnerable SDKs and Firmware Deserialization Vulnerability in Cognex In-Sight OPC Server DXF File-Recovering Procedure Out-of-Bounds Write Vulnerability Session Temporary Working Folder Vulnerability in MDT AutoSave Versions Prior to v6.02.06 Out-of-Bounds Read Vulnerability in Drawings SDK (Versions prior to 2022.4) FATEK Automation FvDesigner Out-of-Bounds Write Vulnerability Cross-Site Scripting (XSS) Vulnerability in CASAP Automated Enrollment System 1.0 DWG File-Recovering Procedure Out-of-Bounds Read Vulnerability Stack-Based Buffer Overflow in Annke N48PBB Network Video Recorder (NVR) Allows Remote Code Execution Cleartext Credential Exposure Vulnerability in AVEVA InTouch Runtime 2020 R2 and Prior Versions Stack-Based Buffer Overflow Vulnerability in WebAccess/SCADA Use-After-Free Vulnerability in Drawings SDK (All versions prior to 2022.4) Allows Memory Corruption and Arbitrary Code Execution Vulnerability: Encryption Deciphering in MDT AutoSave Versions Prior to v6.02.06 DGN File Parsing Vulnerability in Drawings SDK (Version 2022.4 and prior) Stack-Based Buffer Overflow in FATEK Automation FvDesigner, Versions 1.5.88 and Prior DWG File-Reading Procedure Out-of-Bounds Write Vulnerability Directory Traversal Vulnerability in MDT AutoSave Versions Prior to v6.02.06 DXF File Parsing Out-of-Bounds Read Vulnerability Improper Authentication Vulnerability in WebAccess/NMS (Versions prior to v3.0.3_Build6299) DGN File-Reading Procedure Out-of-Bounds Write Vulnerability SQL Injection Vulnerability in MDT AutoSave Versions Prior to v6.02.06 Directory Traversal Vulnerability in Advantech WebAccess/SCADA Versions 9.0.1 and Prior Unrestricted File Upload Vulnerability in Delta Electronics DIAEnergie Version 1.7.5 and Prior Redirection Vulnerability in Advantech WebAccess/SCADA Versions 9.0.1 and Prior Binary Hijacking Vulnerability in MDT AutoSave Versions Prior to v6.02.06 Local Command Line Interface Access Vulnerability in Claroty Secure Remote Access (SRA) Site Versions 3.0-3.2 Heap-based Buffer Overflow in SuiteLink Server Command Processing (0x05/0x06) Bypassing FactoryTalk Security Policies Based on Computer Name in Rockwell Automation FactoryTalk Services Platform Unauthenticated Remote Code Execution via getfile Function in MDT AutoSave Remote Code Execution Vulnerability in AGG Software Web Server 4.0.40.1014 and Prior Null Pointer Dereference Vulnerability in SuiteLink Server Command Processing Path Traversal Vulnerability in AGG Software Web Server 4.0.40.1014 and Earlier Versions Type Confusion Vulnerability in Delta Electronics DIAScreen Versions Prior to 1.1.0 Clear Text Transmission of Sensitive Information in Philips Interoperability Solution XDS Unauthenticated Administrative User Addition Vulnerability in Delta Electronics DIAEnergie Version 1.7.5 and Prior Buffer Overflow Vulnerabilities in Moxa NPort IAW5000A-I/O Series Firmware: Remote Denial-of-Service Exploits Out-of-Bounds Write Vulnerability in Delta Electronics DIAScreen Cookie Manipulation Vulnerability Allows Unauthorized Administrator Access on Zyxel NBG2105 V1.00(AAGU.2)C0 Devices Unvalidated Data Copy Vulnerability in Moxa NPort IAW5000A-I/O Series Firmware Null Pointer Dereference Vulnerability in SuiteLink Server Command 0x07 Processing XML External Entity (XXE) Injection in Panasonic FPWIN Pro Remote Code Execution Vulnerability in Moxa NPort IAW5000A-I/O Series Firmware Out-of-Bounds Read Vulnerability in Cscape (All Versions prior to 9.90 SP5) Multiple Buffer Overflows in Moxa NPort IAW5000A-I/O Series Firmware v2.2 or Earlier: Remote Code Execution and DoS Vulnerabilities Cryptographic Signature Verification Vulnerability in AVEVA System Platform Versions 2017-2020 R2 P01 Vulnerability: Password Disclosure and Unauthorized Access in Automation Direct CLICK PLC CPU Modules Null Pointer Dereference Vulnerability in SuiteLink Server Command Processing XSS Vulnerability in Collabtive 3.1 Profile Edit Page Vulnerability: Unprotected Additional Software Programming Connections in Automation Direct CLICK PLC CPU Modules Path Traversal Vulnerability in AVEVA System Platform Versions 2017-2020 R2 P01 Insecure Password Exchange in Automation Direct CLICK PLC CPU Modules Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie Version 1.7.5 and Prior Privilege Escalation Vulnerability in Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with Firmware Prior to v3.00 Unverified Source Data and Communication Vulnerability in AVEVA System Platform Versions 2017-2020 R2 P01 Unlocked State Persistence Vulnerability in Automation Direct CLICK PLC CPU Modules Null Pointer Dereference Vulnerability in SuiteLink Server Command 0x0b Processing Out-of-Bounds Write Vulnerability in FATEK Automation WinProladder Versions 3.30 and Prior Reflected Cross-Site Scripting Vulnerability in LCDS LAquis SCADA Application (Version 4.3.1.1011 and Prior) Out-of-Bounds Read Vulnerability in FATEK Automation WinProladder Versions 3.30 and Prior Cross-Site Request Forgery Vulnerability in Delta Electronics DIAEnergie Version 1.7.5 and Prior Memory Buffer Overflow Vulnerability in FATEK Automation WinProladder Versions 3.30 and Prior Hard-coded Credentials Vulnerability in IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) Improper Validation of Extension Objects in Softing OPC UA C++ SDK Allows for Memory Access Vulnerability Out-of-Bounds Write Vulnerability in Cscape (All Versions prior to 9.90 SP5) Integer Coercion Vulnerability in FANUC R-30iA and R-30iB Series Controllers Weak Encryption Algorithm in Baker Hughes Bentley Nevada Products Remote Code Execution Vulnerability in FANUC R-30iA and R-30iB Series Controllers Command 0x01 Exception Handling Vulnerability in SuiteLink Server Arbitrary Code Execution via Heap-Based Buffer Overflow in WebAccess HMI Designer Cross-Site Scripting Vulnerability in xArrow SCADA Versions 7.2 and Prior Arbitrary Code Execution via Malicious Project File in WebAccess HMI Designer (Versions 2.1.9.95 and Prior) Weak Hashing Algorithm in Delta Electronics DIAEnergie Version 1.7.5 and Prior: Clear Text Password Retrieval Vulnerability Memory Corruption Vulnerability in WebAccess HMI Designer (Versions 2.1.9.95 and Prior) Arbitrary File Upload Vulnerability in mySCADA myPRO Versions Prior to 8.20.0 Heap-Based Buffer Overflow in Delta Electronics TPEditor: v1.98.06 and Prior Unauthenticated Access Vulnerability in AVEVA System Platform Versions 2017-2020 R2 P01 Arbitrary File Upload Vulnerability in mySCADA myPRO Versions Prior to 8.20.0 Uncaught Exception Denial-of-Service Vulnerability in AVEVA System Platform 2017-2020 R2 P01 ICMP Flood Vulnerability in TOYOPUC Series: Denial of Ethernet Communications Denial-of-Service Vulnerability in Rockwell Automation MicroLogix 1100 Unrestricted Unauthorized Read Access to Sensitive System Information in mySCADA myPRO Versions Prior to 8.20.0 Hard-coded Credentials Vulnerability in KUKA KR C4 Control Software Out-of-Bounds Write Vulnerability in Cscape (All Versions prior to 9.90 SP5) Hard-coded Credentials Vulnerability in KUKA KR C4 Control Software Unauthenticated Access Path in IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) Vulnerability: Use of Broken or Risky Cryptographic Algorithm in Philips Vue PACS Versions 12.2.x.x and Prior Stack-Based Buffer Overflow Vulnerability in Delta Electronics DOPSoft Version 4.00.11 and Prior Expired Cryptographic Key Vulnerability in Philips Vue PACS Versions 12.2.x.x and Prior Cross-Site Scripting Vulnerability in xArrow SCADA Versions 7.2 and Prior ClearText Transmission of Sensitive Data in Philips Vue PACS Versions 12.2.x.x and Prior Heap-Based Buffer Overflow in Advantech WebAccess Versions 9.02 and Prior: Remote Code Execution Vulnerability Insecure Transmission and Storage of Authentication Credentials in Philips Vue PACS Versions 12.2.x.x and Prior Unvalidated Registry Key Execution in xArrow SCADA Versions 7.2 and Prior Remote Code Execution and Local Privilege Escalation in Flask-Caching Extension Insufficient Entropy in Nonce: A Security Vulnerability in Sylabs Singularity Enterprise Unauthorized Account Access via Save API in LabCup (CVE-18022) Remote Code Execution (RCE) Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 WebUI Use-after-free vulnerability in cipso_v4_genopt in Linux kernel before 5.11.14 Use-after-free vulnerability in Linux kernel before 5.12.4 allows arbitrary value writing in net/bluetooth/hci_event.c (CID-5c4c8c954409) Arbitrary Code Execution Vulnerability in Apache OpenOffice 4.1.10 Arbitrary Command Execution Vulnerability in Apache Hadoop HTTP Request Smuggling Vulnerability in Apache Tomcat Public Visibility of Private Mailing List Archives During Import in HyperKitty Buffer Overflow Vulnerability in Sagemcom F@ST 3686 v2 3.495 Devices via Long sessionKey Cross-Site Scripting (XSS) vulnerability in managers/views/iframe.js in FuturePress EPub.js before 0.3.89 XSS Vulnerability in vmd through 1.34.0 Allows Remote Code Execution Dahua Login Bypass Vulnerability: Identity Authentication Flaw in Some Products Dahua Login Bypass Vulnerability: Identity Authentication Flaw in Some Products Dahua Products Vulnerable to Password Reset Exploit Untrusted Search Path Vulnerability in Beijing Feishu Technology Co., Ltd Feishu v3.40.3 SAML Assertion Signature Validation Bypass in SOGo Unauthenticated Remote Code Execution Vulnerability in Zoho ManageEngine ADSelfService Plus (Non-English Editions) Belledonne Belle-sip SIP Message Crash Vulnerability Unenforced Permission Requirement in QQ Application Allows Unauthorized Location Access Improper Access Control in Intel(R) Administrative Tools Installer for Windows Privilege Escalation Vulnerability in Intel(R) Administrative Tools for Intel(R) Network Adapters Driver Escalation of Privilege Vulnerability in Intel(R) Processor BIOS Firmware Denial of Service Vulnerability in Intel(R) 82599 Ethernet Controllers and Adapters Privilege Escalation Vulnerability in Intel(R) VTune(TM) Profiler Software Installer Uncontrolled Search Path Vulnerability in Intel RealSense D400 Series UWP Driver Uncontrolled Search Path Vulnerability in Intel(R) System Studio Software Installer Denial of Service Vulnerability in Intel(R) AMT Subsystem Improper Resource Shutdown Vulnerability in Intel SSD and Optane SSD Firmware Privilege Escalation Vulnerability in Intel(R) oneAPI Rendering Toolkit Installer Unauthenticated Denial of Service Vulnerability in Intel(R) Distribution of OpenVINOâ„¢ Toolkit Firmware Vulnerability in Intel SSDs and Optane SSDs Allows Unauthorized Information Disclosure Race condition vulnerability in Intel(R) Optane(TM) SSD and Intel(R) SSD DC firmware allows for local privilege escalation and denial of service Firmware Vulnerability in Intel(R) SSD DC Products Allows Privilege Escalation via Physical Access Vulnerability: Insufficient Control Flow Management in Intel SSD Firmware Allows Privilege Escalation via Physical Access Race Condition Vulnerability in Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products Firmware: Local Privileged User Denial of Service Firmware Vulnerability in Intel(R) SSD DC Products Allows Local Information Disclosure Denial of Service (DoS) Attack via Vector Exhaustion in Xen Hypervisor Uncleared Debug Information in Firmware: Potential Information Disclosure and Privilege Escalation Vulnerability in Intel SSD and Optane Products Firmware Vulnerability in Intel(R) SSD DC Products Allows Local Information Disclosure Information Disclosure Vulnerability in Intel(R) SSD and Intel(R) Optane(TM) SSD Products Vulnerability: Local Privileged User Information Disclosure in Intel SSD and Optane SSD Firmware Authenticated Local User Can Trigger Denial of Service in Intel(R) NUC Firmware Authentication Bypass Vulnerability in Intel(R) NUC M15 Laptop Kit Management Engine Driver Pack Privilege Escalation Vulnerability in Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub Driver Pack Privilege Escalation Vulnerability in Intel NUC HDMI Firmware Update Tool Unauthorized Connection Processing Vulnerability in Wekan before 4.87 Privilege Escalation via Incorrect Default Permissions in Intel(R) NUC HDMI Firmware Update Tool Insecure Inherited Permissions in Intel(R) NUC M15 Laptop Kit Audio Driver Pack Installer Privilege Escalation Vulnerability in Intel(R) NUC M15 Laptop Kit HID Event Filter Driver Pack Insecure Inherited Permissions in Intel(R) NUC M15 Laptop Kit Serial IO Driver Pack Installer Insecure Inherited Permissions in Intel(R) NUC M15 Laptop Kit Keyboard LED Service Driver Pack Unquoted search path vulnerability in Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack Network on Chip Vulnerability in Intel(R) 82599 Ethernet Controllers and Adapters: Potential Denial of Service via Local Access Time-of-Check Time-of-Use Vulnerability in Intel(R) SGX Crypto API Toolkit: Network-based Privilege Escalation Denial of Service Vulnerability in Intel(R) Ethernet ixgbe Driver for Linux Vulnerability: Symbolic Link Following on SMB and AFP Shares in Western Digital My Cloud OS 5 Devices Uncontrolled Search Path Vulnerability in Intel(R) GPA Software: Local Privilege Escalation BIOS Authenticated Code Module Vulnerability in Intel(R) Processors: Local Privilege Escalation Improper Access Control in Intel(R) OFU Software: Potential Denial of Service Vulnerability Intel(R) Core(TM) Processors with Radeon(TM) RX Vega M GL Graphics: Local Information Disclosure Vulnerability Safestring Library Integer Overflow Vulnerability USB Provisioning Vulnerability in Intel(R) AMT SDK, SCS, and MEBx Privilege Escalation Vulnerability in Intel(R) In-Band Manageability Software Session ID Reactivation Vulnerability Denial of Service Vulnerability in Intel(R) and Killer(TM) Bluetooth(R) Products Vulnerability: Unauthenticated Denial of Service and Information Disclosure in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Vulnerability: Unauthenticated Privilege Escalation in Intel(R) PROSet/Wireless WiFi UEFI Local Information Disclosure Vulnerability in 3rd Generation Intel Xeon Scalable Processors Vulnerability: Privilege Escalation in Intel(R) Serial IO Driver Installer Improper Access Control in Intel RealSense DCM: Potential Information Disclosure via Local Access XML External Entity (XXE) Vulnerability in Alkacon OpenCms 11.0, 11.0.1, and 11.0.2 Allows Remote File Exfiltration via Crafted SVG Document Complex Microarchitectural Condition in Intel Atom Processors: Out-of-Bounds Read Vulnerability BIOS Firmware Vulnerability: Privilege Escalation via Insufficient Control Flow Management BIOS Authenticated Code Module Vulnerability: Local Privilege Escalation in Intel Processors Vulnerability: Out-of-Bounds Write in Intel(R) Processor BIOS Authenticated Code Module Allows Privilege Escalation Firmware Vulnerability in Intel Ethernet Controllers and Adapters: Potential Denial of Service via Improper Access Control Improper Access Control in Intel(R) E810 Ethernet Controllers Firmware: Potential Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel(R) Advisor Software Installer Stored Cross-Site Scripting (XSS) Vulnerability in Plone CMS 5.2.4 Insecure Default Variable Initialization in Intel(R) RealSense(TM) ID Solution F450: Potential Information Disclosure via Physical Access Denial of Service Vulnerability in Linux Kernel Drivers for Intel(R) SGX Escalation of Privilege Vulnerability in Intel(R) Kernelflinger Project Denial of Service Vulnerability in Intel(R) and Killer(TM) Bluetooth(R) Products XSS Vulnerability in Unsupported Oracle GlassFish Server 3.1.2.18 and Below Improper Conditions Check in Intel(R) IPP Crypto Library: Potential Information Disclosure Vulnerability Intel(R) Processors Vulnerability: Local Access Information Disclosure Potential Stored XSS Vulnerability in JetBrains TeamCity (before 2020.2.2) Tests Page Intel(R) Trace Hub Instances: Potential Privilege Escalation via Physical Access Denial of Service Vulnerability in Intel(R) and Killer(TM) Bluetooth(R) Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) AMT Subsystem Vulnerability: Privilege Escalation via Local Access in Intel(R) NUC BIOS Firmware Default Permissions Vulnerability in Intel(R) RXT for Chromebook Application Authenticated Command Injection in KLog Server 2.4.1 via async.php Denial of Service Vulnerability in EMQ X Broker Versions Prior to 4.2.8 Denial of Service Vulnerability in VerneMQ MQTT Broker Versions Prior to 1.12.0 SQL Injection Vulnerability in Nagios XI Bulk Modifications Functionality Authenticated Path Traversal Vulnerability in NagVis Allows Arbitrary File Deletion Authenticated Reflected Cross-Site Scripting Vulnerability in Nagios XI Versions Prior to 5.8.4 Cross-Site Scripting (XSS) Vulnerability in attach/ajax.php in DzzOffice through 2.02.1 via editorid parameter SQL Injection Vulnerability in Synology Media Server SSRF Vulnerability in Synology Video Station WebAPI Component Path Traversal Vulnerability in Synology DiskStation Manager (DSM) PDF Viewer Component Path Traversal Vulnerability in Synology Docker Container Volume Management Component SSRF Vulnerability in Synology Download Station Allows Remote File Reading Buffer Overflow Vulnerability in SerenityOS TestBitmap's set_range Test Stack Buffer Overflow in SerenityOS test-crypto.cpp DOS Vulnerability in Zephyr: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses Vulnerability: IP Bypass and Fixed Default Credentials in Apache APISIX Dashboard 2.6 Arbitrary Binary Execution Vulnerability in Apache NiFi MiNiFi C++ 0.5.0 Arbitrary JavaScript Execution Vulnerability in Apache Jena Fuseki HTML Pages HTTP/2 Request Splitting and Cache Poisoning Vulnerability in Apache HTTP Server 2.4.17 to 2.4.48 Denial of Service Vulnerability in golang.org/x/net (CVE-2021-34567) Unsafe Injection Vulnerability in DNS Lookup Functions Panic Vulnerability in Go Archive/Zip Library Arbitrary Header Dropping Vulnerability in Go ReverseProxy Configuration Panic Vulnerability in math/big.Rat SetString or UnmarshalText Method Untrusted Input Handling Vulnerability in Expression Engine AddonIcon NULL Pointer Dereference in 802154 ACK Frames Handling Incorrect Pointer Arithmetic Limits in Linux Kernel (CVE-2021-3489) Directory Traversal Vulnerability in Django's django.contrib.admindocs Arbitrary Code Execution via Insecure Search Path in pg_partman Extension Privilege Escalation Vulnerability in Western Digital EdgeRover Deserialization of Untrusted Data in MashZone NextGen HTTP Client Ehcache Configuration File XXE Vulnerability User Enumeration Vulnerability in Fimer Aurora Vision Integer Underflow in IEEE 802154 Fragment Reassembly Header Removal in Zephyr (CWE-680) Unauthenticated Information Disclosure in Fimer Aurora Vision Directory Traversal Vulnerability in Elements-IT HTTP Commander 5.3.3 Unzip Feature Cross-site Scripting (XSS) Vulnerability in Elements-IT HTTP Commander 5.3.3 View in Browser Feature SSRF Vulnerability in Elements-IT HTTP Commander 5.3.3 Upload from URL Feature Weak Filesystem Permissions in HMS Ewon eCatcher through 6.6.4: A Gateway to Sensitive Data Exposure and System Disruption Directory Traversal Vulnerability in CommScope Ruckus IoT Controller 1.7.1.0 and earlier Undocumented Backdoor Vulnerability in CommScope Ruckus IoT Controller 1.7.1.0 and Earlier Arbitrary Read/Write Vulnerability in CommScope Ruckus IoT Controller Hard-coded System Passwords in CommScope Ruckus IoT Controller 1.7.1.0 and earlier: Shell Access Vulnerability Hard-coded Web Application Administrator Passwords in CommScope Ruckus IoT Controller 1.7.1.0 and earlier NULL Pointer Dereference in IEEE 802154 Fragment Reassembly in Zephyr (CWE-476) Hard-coded API Keys in CommScope Ruckus IoT Controller 1.7.1.0 and earlier Unauthenticated API Endpoints in CommScope Ruckus IoT Controller 1.7.1.0 and earlier Privilege Escalation Vulnerability in SeedDMS 6.0.15 Umbraco Forms v.8.7.0 File Upload Vulnerability Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Saltstack v.3003 and Earlier: Arbitrary Code Execution via func Variable in status.py Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr Arbitrary Code Execution via Cross Site Scripting (XSS) in EasyVista Service Manager 2018.1.181.1 Buffer Overflow Vulnerability in write_node in htmldoc through 1.9.11: Denial of Service Exploit via html.cxx:588 Buffer Overflow Vulnerability in write_header in htmldoc through 1.9.11: Denial of Service via html.cxx:273 Bypassing Basic Authentication in Monitorix 3.13.0 Default Installation Denial of Service Vulnerability in EmbedThis Appweb Community Edition 8.2.1 CSV Injection Vulnerability in ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 Unauthenticated Access Vulnerability in D-Link DIR-868LW 1.12b Allows DNS Query History Retrieval Denial of Service Vulnerability in GNU C Library's iconv Function Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Cross-Site Scripting (XSS) Vulnerability in Ovation Dynamic Content 1.10.1 for Elementor via post_title Parameter Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Stack Buffer Overflow Vulnerability in D-Link DIR-809 Devices Out-of-Bounds Read Vulnerability in Aprelium Abyss Web Server X1 2.12.1 and 2.14 Heap Buffer Overflow in NTFS-3G: Memory Disclosure and Denial of Service Vulnerability Heap Buffer Overflow in NTFS-3G < 2021.8.22 Allows for Code Execution Heap Buffer Overflow in NTFS-3G Versions < 2021.8.22 Heap Buffer Overflow in NTFS-3G Versions < 2021.8.22 Allows for Code Execution via Specially Crafted MFT Section HCI Host Stack Initialization Vulnerability Out-of-Bounds Read Vulnerability in Panorama Tools libpano13 v2.9.20 Denial of Service Vulnerability in elfutils 0.183: Infinite Loop in handle_symtab function Arbitrary Code Execution via Cross Site Scripting (XSS) Vulnerability in Joplin Desktop App Out-of-Bounds Write Vulnerability in Zephyr Linked-List Sorting Double Free Vulnerability in picoTCP: Arbitrary Code Execution Arbitrary Program Execution via Crafted URL in WinSCP Integer Underflow Vulnerability in TRENDnet TI-PG1284i Switch (hw v2.0R) Integer Underflow Vulnerability in TRENDnet TI-PG1284i Switch (hw v2.0R) Null Pointer Dereference Vulnerability in TRENDnet TI-PG1284i Switch (hw v2.0R) Input Validation Vulnerability in WatsonWebserver and IpMatcher Bypassing Protection Mechanism in WPS Hide Login 1.6.1 via post_password Unrestricted Content Flagging Vulnerability in Liferay Portal User Email Enumeration Vulnerability in Liferay Portal Password Reset Token Reuse Vulnerability in Liferay Portal and Liferay DXP Unauthenticated Remote Viewing of Autosaved Form Values in Liferay Portal Unauthenticated Remote Access to Pages via Liferay Portal Layout Module Clear Text Password Storage Vulnerability in Liferay Portal Workflow Module Arbitrary Web Script Injection via Modal Window Title in Liferay Portal Improper User Permission Check in Liferay Portal Allows Unauthorized Access Cross-site scripting (XSS) vulnerability in Liferay Portal and Liferay DXP Cross-Site Scripting (XSS) Vulnerability in Opmantek Open-AudIT 4.0.1 CORS Bypass Vulnerability in Liferay Portal 7.2.0 - 7.3.2 and Liferay DXP 7.2 Arbitrary External URL Redirection Vulnerability in Liferay Portal and Liferay DXP Arbitrary Web Script Injection in Liferay Portal's Portlet Configuration Module User Permission Bypass in Liferay Portal Workflow Module Unauthenticated Access to Forms and Form Entries in Liferay Portal Privilege Escalation Vulnerability in Liferay Portal and Liferay DXP Allows Takeover of Company Administrator Account Arbitrary Script Injection in Liferay Portal's Journal Module Arbitrary Script Injection in Liferay Portal Document Library Module CSRF Token Exposure in Liferay Portal and Liferay DXP Arbitrary Web Script Injection Vulnerability in Liferay Portal and Liferay DXP Arbitrary Password Modification Vulnerability in D-LINK DSL-2888A Router XSS Vulnerabilities in JPress v3.3.0 and Below: Template and Tag Management Modules XSS Vulnerability in JFinal Framework's Controller Class Privilege Escalation via Cross Site Scripting in Wyomind Help Desk Magento 2 Extension Arbitrary Code Execution Vulnerability in Wyomind Help Desk Magento 2 Extension Arbitrary Code Execution via Directory Traversal in Wyomind Help Desk Magento 2 Extension Directory Traversal Vulnerability in htmly 2.8.1: Arbitrary File Deletion Arbitrary Command Injection and Privilege Escalation in RaspAP 1.5 to 2.6.5 Arbitrary OS Command Execution Vulnerability in RaspAP 2.6 to 2.6.5 Arbitrary OS Command Execution Vulnerability in RaspAP 2.3 to 2.6.5 Arbitrary File Read Vulnerability in gowitness < 2.3.6 Vulnerability: Impersonation of TLS 1.3 Servers in wolfSSL Arbitrary Code Execution Vulnerability in Stoqey gnuplot v.0.0.3 and Earlier Memory Leak Vulnerability in MP4Box in GPAC 1.0.1: Unauthorized Memory Read via Crafted File Stack Buffer Overflow in MP4Box in GPAC 1.0.1: Denial of Service and Arbitrary Code Execution Vulnerability Memory Leak Vulnerability in MP4Box in GPAC 1.0.1 Allows Unauthorized Memory Reading Memory Leak Vulnerability in GPAC 1.0.1's MP4Box Def_Parent_Box_New Function Memory Leak in gf_isom_get_root_od Function in GPAC 1.0.1: Unauthorized Memory Read Vulnerability Memory Leak in gf_isom_oinf_read_entry Function in GPAC 1.0.1 Allows Unauthorized Memory Reading Buffer Overflow Vulnerability in Freeimage v3.18.0: Denial of Service via Crafted JXR File Bypassing Content-Reading Restrictions in Hide-Thread-Content Plugin for MyBB Stored XSS Vulnerability in Student Management System v1.0 Allows Arbitrary Code Execution via Chat Box Arbitrary Code Execution via Crafted GET Request in MiniCMS v.1.10 Heap Buffer Overflow in dpic.y's themakevar() Function (CVE-2021-04-10) Unrestricted Web-Page Access in ModernFlow before 1.3.00.208 Use-After-Free Vulnerability in dpic.y's deletestringbox() Function (2021.04.10) Arbitrary Code Execution Vulnerability in HTACG HTML Tidy v5.7.28 Insecure Ownership of backup.pl in IPFire 2.25-core155 Session Fixation Vulnerability in Cubecart 6.4.2 CSRF Vulnerability in baijiacms 4.1.4 Allows Arbitrary Account Modification Arbitrary Web Script Injection Vulnerability in Wikindx Lancer Token Smart Contract: Integer Overflow Vulnerability Ab Initio Control>Center Local File Inclusion Vulnerability Path Traversal Vulnerability in DxWebEngine Component of DH2i DxEnterprise and DxOdyssey for Windows Arbitrary File Read and Command Execution in EPrints 3.4.2 via LaTeX Input Deserialization Vulnerability in Inikulin Replicator Allows Remote Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in OpenWRT LuCI 19.07 Web Interface Buffer Overflow Vulnerability in NumPy 1.9.x: PyArray_NewFromDescr_int Function Denial of Service Local Privilege Escalation via DLL Hijacking in NoMachine for Windows Memory Leaks in frozen_cb() in mjs.c: A Critical Vulnerability in mJS Stack Buffer Overflow in json_parse_array() in mjs.c Integer Overflow in gc_compact_strings() in mjs.c: A Vulnerability in mJS OpenShift Builder Privilege Escalation Vulnerability NULL Pointer Dereference in mjs_bcode_commit() in mjs.c NULL Pointer Dereference in exec_expr() in mjs.c NULL Pointer Dereference in json_printf() in mjs.c Stack Buffer Overflow in mjs_execute() in mjs.c NULL Pointer Dereference in getprop_builtin_foreign() in mjs.c NULL Pointer Dereference in mjs_string_char_code_at() in mjs.c NULL Pointer Dereference in mjs_next() in mjs.c NULL Pointer Dereference in mjs_print() in mjs.c Stack Buffer Overflow Vulnerability in mjs(mJS: Restricted JavaScript Engine) NULL Pointer Dereference in mjs_bcode_part_get_by_offset() in mjs.c Heap-based Buffer Overflow in _gcry_md_block_write in Libgcrypt 1.9.0 Memory Leaks in NASM Version 2.16rc0: Vulnerability in nasm_calloc() Memory leaks in fill_buffer() in stream.c Memory Leaks in NASM Version 2.16rc0: Vulnerability in nasm_malloc() Use-after-free vulnerability in lrzip version 0.641 in ucompthread() in stream.c:1538 NULL Pointer Dereference in yasm_expr_get_intnum() in libyasm/expr.c NULL Pointer Dereference in do_directive() in yasm version 1.3.0 NULL Pointer Dereference in hash() function in yasm version 1.3.0 NULL Pointer Dereference in expand_mmac_params() in yasm version 1.3.0 NULL Pointer Dereference in find_cc() in yasm version 1.3.0 NULL Pointer Dereference in nasm_parser_directive() HTML Injection Vulnerability in Foris Login Template NULL Pointer Dereference in if_condition() in yasm version 1.3.0 Use-after-free vulnerability in yasm_intnum_destroy() in libyasm/intnum.c Use-after-free vulnerability in expr_traverse_nodes_post() in yasm version 1.3.0 NULL Pointer Dereference in yasm_expr__copy_except() in libyasm/expr.c Heap-buffer-overflow in inc_fopen() in yasm version 1.3.0 NULL Pointer Dereference in expand_mmacro() in yasm version 1.3.0 NULL Pointer Dereference in expand_smacro() in yasm version 1.3.0 Use-after-free vulnerability in yasm version 1.3.0 in pp_getline() function Use-after-free vulnerability in yasm version 1.3.0 Cross Site Scripting (XSS) Vulnerability in COVID19 Testing Management System 1.0 via Admin name Parameter Kernel Stack Use-After-Free Vulnerability in PI Futexes (CID-34b1a1ce1458) SQL Injection Vulnerability in COVID19 Testing Management System 1.0 Admin Panel Dragonfly Ruby Gem v1.3.0 Argument Injection Vulnerability Remote Code Execution Vulnerability in rxvt-unicode, rxvt, mrxvt, and Eterm Vulnerability Title: TrustZone Arbitrary Code Execution in Broadcom MediaxChange Firmware Stack-Based Buffer Overflow Vulnerability in gocr's measure_pitch() Function Use-after-free vulnerability in nbd_add_socket in Linux kernel through 5.10.12 Use-After-Free Vulnerability in gocr's context_correction() Function Stack-Based Buffer Overflow Vulnerability in gocr's try_to_divide_boxes() Function Cross-Site Scripting (XSS) Vulnerability in OnyakTech Comments Pro 3.8 Hardcoded IV and Encryption Key Vulnerability in OnyakTech Comments Pro 3.8 Heap-based Buffer Overflow in CODESYS Control Runtime System (CVE-2021-3016) Vulnerability: Improper Handling of Exceptional Conditions in CODESYS V3 Runtime Toolkit for VxWorks Improper Input Validation in OX App Suite 7.10.5 Allows Rogue OX Chat Server Redirection XSS Vulnerability in OX App Suite 7.10.5 via Shared XCF File Unknown Identifier Valid Signature Vulnerability in GNOME Evolution Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.5 via Crafted Snippet in Shared Mail Signature Directory Traversal Vulnerability in OX App Suite 7.10.5 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.5 via OX Chat Room Name Code Injection Vulnerability in OX App Suite through 7.10.5 via Java Classes in YAML Format Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.5 via OX Chat Room Title Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.5 via OX Chat System Message XSS Vulnerability in Dutchcoders Transfer.sh before 1.2.4 Directory Traversal Vulnerability in Dutchcoders transfer.sh (before 1.2.4) Allows File Deletion Remote Denial of Service Vulnerability in Pexip Infinity (Issue 1 of 2) Remote Denial of Service Vulnerability in Pexip Infinity: Missing H.264 Input Validation (Issue 2 of 2) Cross-Site Scripting (XSS) Vulnerability in Delete Account Plugin 1.4 for MyBB Title: Denial of Service Vulnerability in PuTTY (Windows GUI Hang) Overwolf Client 0.169.0.22 XSS Vulnerability with Remote Code Execution via overwolfstore:// URL Exponential Performance ReDoS Vulnerability in normalize-url Package Catastrophic Backtracking Denial of Service Vulnerability in urllib3 Couchbase Server 7.1.0 Vulnerability: Incorrect Access Control Local Privilege Escalation Vulnerability in Falco 0.28.1 Unrestricted Room Creation Vulnerability in Jitsi Meet Reflected XSS Vulnerability in Zope Products.CMFCore and Products.PluggableAuthService Cross-Site Scripting (XSS) Vulnerability in Plone 5.2.4 Ownership Tab Rendering Remote Code Execution via Crafted Keyword Arguments in Plone's ReStructuredText Transform Stored XSS Vulnerability in OpenPLC Runtime V3 through 2016-03-14 via Device Name Field Plone 5.2.4 SSRF Vulnerability via Event iCal URL SSRF Vulnerability in Plone 5.2.4 via lxml Parser Stored XSS Vulnerability in Plone 5.2.4 via SVG or HTML Document Upload XSS Vulnerability in Plone's Products.CMFDiffTool Inline Diff Methods Command Injection Vulnerability in NETGEAR Devices via /sqfs/lib/libsal.so.0.0 STARTTLS Command Injection Vulnerability in Dovecot Submission Service GUPnP DNS Rebinding Vulnerability Improper Token Handling Vulnerability in Mitel MiContact Center Business Arbitrary Command Execution via JDBC Driver Upload in MashZone NextGen 10.7 GA Remote Command Execution Vulnerability in EyesOfNetwork eonweb 5.3-11 Arbitrary Code Execution via Malicious OpenVPN Configuration in MB connect line mbDIALUP versions <= 3.9R0.0 Arbitrary Code Execution Vulnerability in MB connect line mbDIALUP versions <= 3.9R0.0 Privilege Escalation Vulnerability in Weidmueller Industrial WLAN Devices Hard-coded Cryptographic Keys in Weidmueller Industrial WLAN Devices Enable Decryption of Network Traffic Command Injection Vulnerability in Weidmueller Industrial WLAN Devices Undocumented Encryption Password Allows Unauthorized Creation of Diagnostic Scripts in Weidmueller Industrial WLAN Devices Command Injection Vulnerability in Weidmueller Industrial WLAN Devices Command Injection Vulnerability in Weidmueller Industrial WLAN Devices Command Injection Vulnerability in Weidmueller Industrial WLAN Devices: Full Device Control Format String Vulnerability in Weidmueller Industrial WLAN Devices Allows Remote Code Execution Denial-of-Service Vulnerability in Weidmueller Industrial WLAN Devices Remote Code Execution Vulnerability in Weidmueller Industrial WLAN Devices Improper Access Control Vulnerability in Weidmueller Industrial WLAN Devices Authentication Bypass Vulnerability in Weidmueller Industrial WLAN Devices Undocumented Password-Protected FTP Access Vulnerability in Phoenix Contact AXL F BK and IL BK Devices Denial-of-Service Vulnerability in Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 Remote Code Execution Vulnerability in Phoenix Contact Classic Automation Worx Software Suite Default User Authentication Settings Vulnerability in Multiple Camera Devices Command Injection Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Stack-Based Buffer Overflow Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Stack-Based Buffer Overflow Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Stack-Based Buffer Overflow Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Command Injection Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Stack-Based Buffer Overflow Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Stored-Self XSS Vulnerability in LightCMS v1.3.4: Execution of HTML/JavaScript in Title Field to /admin/SensitiveWords Command Injection Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Command Injection Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Command Injection Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Command Injection Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Command Injection Vulnerability in Multiple Camera Devices by UDP Technology, Geutebrück, and Other Vendors Unauthenticated Path Traversal Vulnerability in PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 Unescaped Output XSS Vulnerability in MantisBT 2.25.2 Sensitive Information Disclosure in Boa 0.94.13 via Misconfigured Files ElGamal Encryption Vulnerability in Libgcrypt Stored XSS Vulnerability in Shopizer 2.17.0: Arbitrary Code Injection via customer_name in Store Administration Reflected Cross-Site Scripting (XSS) Vulnerability in Shopizer 2.17.0 and Earlier Vulnerability: Lack of Login Throttling, Password Strength Policy, and Username Validation in Koel before 5.1.4 Dragonfly Gem Argument Injection Vulnerability Stored XSS Vulnerability in Postbird 0.8.4 via onerror Attribute of IMG Element Bypass of IP Address Access Control in Django F-Secure Linux Security Denial-of-Service (DoS) Vulnerability Use-after-free vulnerability in mq_notify function in glibc 2.32 and 2.33 Remote Code Execution Vulnerability in Pixar ruby-jss Gem Arbitrary File Write Vulnerability in Cleo LexiCom 5.5.0.0 Bypassing Sender Identification in Cleo LexiCom 5.5.0.0 via Content-Type Manipulation SQL Injection Vulnerabilities in Echo ShareCare 8.15.5 Server-side Regular Expression Denial of Service (ReDoS) Vulnerability in Roller 6.0.2 SSRF Vulnerability in MashZone NextGen 10.7 GA Allows Unauthorized Interaction with TCP Services Denial of Service Vulnerability in Cyrus IMAP Server Hardcoded sa Password Vulnerability in REINER timeCard 6.05.07 Memory Leakage Vulnerability in InspIRCd 3.8.0 through 3.9.x Linear Time Complexity Vulnerability in css-what Package 4.0.0 - 5.0.0 for Node.js Weak Encryption Vulnerability in Ribose RNP before 0.15.1 Stack-based Buffer Over-read in GattLib 0.3-rc1's get_device_path_from_mac Function Remote Code Execution Vulnerability in Naver Comic Viewer Prior to 1.0.15.0 Arbitrary Code Execution Vulnerability in NAVER Toolbar before 4.0.30.323 Address Bar Spoofing Vulnerability in Whale Browser for iOS Address Bar Spoofing Vulnerability in Safe Browser for Android Address Bar Spoofing Vulnerability in Safe Browser for iOS URL Spoofing Vulnerability in F-Secure Safe Browser for iOS F-Secure Atlant SAVAPI Remote Denial-of-Service (DoS) Vulnerability F-Secure Atlant Denial-of-Service (DoS) Vulnerability Remote Exploitable Denial-of-Service Vulnerability in F-Secure Antivirus Engine F-Secure Internet Gatekeeper Web Interface Denial-of-Service Vulnerability Arbitrary Code Execution Vulnerability in F-Secure Internet Gatekeeper Web User Interface Remote Denial-of-Service Vulnerability in F-Secure Antivirus Engine F-Secure Atlant AVPACK Module Denial-of-Service (DoS) Vulnerability Arbitrary JavaScript Code Execution via URL Encoding Error in Vaadin Flow-Server Vulnerability: Modification of Disabled Checkbox in CheckboxGroup Component Heap Exhaustion Vulnerability in DataCommunicator Class in Vaadin Server 8.0.0 - 8.14.0 Remote Code Execution via Missing Output Sanitization in Vaadin Menu Bar (org.webjars.bowergithub.vaadin:vaadin-menu-bar) Unrestricted File Upload Vulnerability in RSA Archer 6.8.00500.1003 P5 Stored XSS Vulnerability in RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) Username Enumeration Vulnerability in Zoho ManageEngine Password Manager Pro Cross-Site Scripting (XSS) Vulnerability in Dolibarr ERP and CRM 13.0.2 via Object Details HTTP Response Header Denial of Service Vulnerability in Squid Proxy Server HTTP Response Splitting Vulnerability in Ruby CGI Gem Incorrect Check of a Function's Return Value in Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8 Regular Expression Denial of Service (ReDoS) in trim-newlines package for Node.js Side-channel attack vulnerability in Linux kernel's BPF verifier (CID-9183671af6db) Insyde InsydeH2O Kernel 5.x HddPassword Buffer Address Validation Vulnerability SMM Buffer Pointer Validation Vulnerability Insyde InsydeH2O 5.x Firmware Vulnerability: Unchecked Buffer Address in FwBlockServiceSmm Space-Handling Vulnerability in isula-build Before 0.9.5-6 NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation in net/sched/sch_cbs.C Forced Integer Overflow Vulnerability in openEuler Kernel on Linux (Filesystem Modules) CVE-2021-33632 CVE-2021-33633 DOS Vulnerability in iSulad's Default Runtime Remote Code Execution Vulnerability in isula pull Arbitrary Code Execution Vulnerability in Isula Load Command Container Escape Vulnerability Container Escape Vulnerability: Exploiting isula cp Command for Unauthorized Container Escape SVM Driver REMAP Command Vulnerability Use-after-free vulnerability in libtar.c after tar_close() Use After Free Vulnerability in Malloc when Processing Comments Infinite Loop Vulnerability in next_inline() of more_curly() Function Out-of-Bounds Read Vulnerability Triggered by Crafted Tar File Size Header Out-of-Bounds Read Vulnerability Triggered by Crafted Tar File Memory Leak Vulnerability in th_read() Function Memory Leak Vulnerability in th_read() Function Out-of-Bounds Memory Access in Tile Operator's Inference Shape Operation Out-of-Bounds Access Vulnerability in Inference Shape Operations Out-of-Bounds Access in Transpose Operator during Inference Shape Operation Out-of-Bounds Access in SparseToDense Inference Shape Operation Division by 0 Exception in DepthwiseConv2D Operator with depth_multiplier=0 Division by 0 Exception in Reduce Operator Division by 0 Exception in SpaceToBatch Operator's Derivation Shape Operation Division by 0 Exception in Split Operator Initialization Out-of-Bounds Memory Write Vulnerability in Kernel via ioctl cmd FBIOPUT_VSCREENINFO Out-of-Bounds Memory Write Vulnerability in Kernel Font Setting via ioctl cmd PIO_FONT Heap Overflow Vulnerability in SDL 2.x to 2.0.18: Malicious .BMP File Exploitation Local Privilege Escalation and File Modification via Unauthenticated Access in atune before 0.3-0.8 Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash SAP Business One Version 10.0 File System Information Disclosure Vulnerability Improper Restriction of I/O Buffering in SAP NetWeaver AS ABAP Allows Cleartext Command Injection in Encrypted SMTP Sessions Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Application Server ABAP SAP NetWeaver Application Server ABAP Cross-Site Scripting (XSS) Vulnerability MIME Sniffing Vulnerability in SAP Commerce Cloud Version 100 SAP Business Objects Web Intelligence (BI Launchpad) JSP Source Code Disclosure Vulnerability LDAP Injection Vulnerability Insecure Temporary File Storage Vulnerability in SAP Mobile SDK Certificate Provider SAP NetWeaver AS for Java Denial of Service Vulnerability SAP NetWeaver Guided Procedures Privilege Escalation Vulnerability SAP Contact Center Communication Desktop Component 700: Remote Code Execution via Malicious Chat Message Stored Cross-Site Scripting (XSS) Vulnerability in SAP Contact Center Version 700 Reflected Cross-Site Scripting (XSS) Vulnerability in SAP Contact Center - Version 700 Reflected Cross-Site Scripting (XSS) Vulnerability in SAP Contact Center - Version 700 SAP CRM Missing Authority Check Vulnerability Information Disclosure Vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Code Injection Vulnerability in SAP NetWeaver AS ABAP Reconciliation Framework Stored Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects BI Platform version 420 Buffer Overflow Vulnerability in SAP 3D Visual Enterprise Viewer v9 Out-of-Bounds Write Vulnerability in SAP 3D Visual Enterprise Viewer v9 Cross-Site Scripting (XSS) Vulnerability in SAP Lumira Server version 2.4 HTTP Request Smuggling Vulnerability in SAP Web Dispatcher and ICM Memory Corruption Vulnerability in SAP NetWeaver AS ABAP and ABAP Platform File System Traversal Vulnerability in SAP Business One Version 10.0 SAP Business One Version 10.0 Encryption Vulnerability Sensitive Information Disclosure in SAP NetWeaver AS JAVA (Enterprise Portal) SAP Business One Privilege Escalation Vulnerability Insufficient Privileges in SAP NetWeaver Administrator Leads to Missing Security Audit Log Title: Critical Server-Side Request Forgery (SSRF) Vulnerability in SAP NetWeaver Development Infrastructure Component Build Service Cross-Site Scripting (XSS) Vulnerability in NWDI Notification Service SAP Cloud Connector 2.0 Zip File Upload Vulnerability SAP Cloud Connector 2.0 Configuration File Injection Vulnerability Stored Cross-Site Scripting in SAP Cloud Connector 2.0 Insecure Certificate Validation in SAP Cloud Connector 2.0 XSS Vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report) Versions 420 and 430 Reverse Tabnabbing Vulnerability in SAP BusinessObjects Business Intelligence Platform (SAPUI5) Versions 420 and 430 Arbitrary File Upload Vulnerability in SAP Business One 10.0 Task Hijacking: Exploiting Android Task Control for Unauthorized App Takeover Cross-Site Scripting (XSS) Vulnerability in DouPHP v1.6 via /admin/cloud.php SAP Business One Version 10.0 Local Browser-Based Authentication Bypass Vulnerability SQL Injection Vulnerability in DMIS Mobile Plug-In or SAP S/4HANA Stored Cross-Site Scripting (XSS) Vulnerability in NetWeaver Enterprise Portal Reflected Cross-Site Scripting (XSS) Vulnerability in NetWeaver Enterprise Portal Unauthorized Access to Restricted Functionality in SAP Business One, Version 10.0 Server-Side Request Forgery (SSRF) Vulnerability in SAP NetWeaver Portal's Iviews Editor Log Tampering Vulnerability in InfraBox Arbitrary Website Redirection and Phishing Vulnerability in SAP NetWeaver Knowledge Management Header Manipulation Vulnerability in Kyma Allows Privilege Escalation Application Token Leakage Vulnerability in Teamcenter Active Workspace Reflected Cross-Site Scripting (XSS) Vulnerability in Teamcenter Active Workspace Sensitive Information Leakage in Teamcenter Active Workspace Privilege Escalation Vulnerability in Mendix SAML Module (All versions < V2.1.2) Denial-of-Service Vulnerability in JT Utilities (All versions < V13.0.2.0) NULL Pointer Dereference Vulnerability in JT Utilities (All versions < V13.0.2.0) Race Condition Vulnerability in JT Utilities (All versions < V13.0.2.0) ClearText Information Retrieval Vulnerability in SIMATIC CP 1543-1 and CP 1545-1 NULL Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Bypassing Write Access Checks in Mendix Applications SIPROTEC 5 Relays CPU Vulnerability: Denial-of-Service and Remote Code Execution SIPROTEC 5 Relays Denial-of-Service Vulnerability Command Injection Vulnerability in SINEC NMS (All versions < V1.0 SP2) Path Traversal Vulnerability in SINEC NMS Allows Arbitrary File Creation User Profile Manipulation and Unauthorized Password Change Vulnerability in SINEC NMS Arbitrary File Deletion Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary File Deletion Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary File Download Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) User Profile Information Leakage Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Insecure Deserialization Allows Remote Code Execution in SINEC NMS Arbitrary Command Execution via Firmware Container Import in SINEC NMS Arbitrary Command Execution Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary Command Execution Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary Command Execution Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary Command Execution Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary Command Execution Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary Command Execution Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Arbitrary Command Execution Vulnerability in SINEC NMS (All versions < V1.0 SP2 Update 1) Denial of Service Vulnerability in SIMATIC CP and SIPLUS NET Devices Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13405) Windows DWM Core Library Privilege Escalation Vulnerability RStudio Shiny Server Directory Traversal Vulnerability Windows Media Player Remote Code Execution Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Windows Projected File System Privilege Escalation Vulnerability Windows Secure Kernel Mode Security Feature Bypass Vulnerability: A Critical Flaw in Windows Security Windows DNS Server DoS Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server DNS Snap-in Remote Code Execution Vulnerability in Windows Memory Corruption Vulnerability in ActivePresenter 6.1.6: Potential DoS and Code Execution DNS Snap-in Remote Code Execution Vulnerability in Windows Storage Spaces Controller Privilege Escalation Vulnerability DNS Snap-in Remote Code Execution Vulnerability in Windows Bing Search Spoofing: Exploiting Microsoft's Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Hyper-V DoS Vulnerability: Disrupting Windows Virtualization DNS Snap-in Remote Code Execution Vulnerability in Windows Windows Security Account Manager Remote Protocol Security Bypass Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows Desktop Bridge Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Cuppa CMS Versions Before 31 Jan 2021 Unveiling the Media Foundation Information Disclosure Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Azure CycleCloud Privilege Escalation Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Key Distribution Center Information Leakage Vulnerability Windows Installer Impersonation Vulnerability Exposed: Microsoft Exchange Server Information Leakage Vulnerability Open Enclave SDK EoP Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Cross-Site Scripting (XSS) Vulnerability in ansi_up v4 Windows Kernel Privilege Escalation Vulnerability BlueKeep: Windows TCP/IP Driver Denial of Service Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions AD FS Security Feature Bypass Vulnerability in Windows Arbitrary File Upload Vulnerability in FortiLogger 4.4.2.2 Critical Remote Code Execution Vulnerability in Windows DNS Server Azure AD Security Feature Bypass Vulnerability: Exploiting Weaknesses in Authentication and Authorization Windows Authenticode Signature Spoofing Vulnerability Windows SMB Information Leakage Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Windows AF_UNIX Socket Provider Denial of Service Vulnerability: Disrupting Communication Channels LSA Security Feature Bypass Vulnerability in Windows Windows LSA Denial of Service Vulnerability: Exploiting a Weakness in Local Security Authority Subsystem Service Remote Code Execution Vulnerability in RebornCore Library Out-of-Bounds Write Vulnerability in Foxit Reader and PhantomPDF Out-of-Bounds Write Vulnerability in Foxit Reader and PhantomPDF Tab Key Mishandling in Foxit Reader and PhantomPDF Leads to Information Disclosure and Application Crash Incorrect PDF Document Signatures in Foxit Reader and PhantomPDF (CVE-2021-21827) Use-after-free vulnerability in MuJS 1.1.2 allows for denial of service through regexp source property access. Buffer-Overflow Vulnerability in Artifex MuJS (Versions 1.0.1 to 1.1.1) Null Pointer Dereference Vulnerability in libpano13-2.9.20: Denial of Service and Potential Code Execution ICREM H8 SSRMS Print Invoice Functionality IDOR Vulnerability Directory Traversal Vulnerability in Druid 1.2.3 Remote Code Execution Vulnerability in BDew BdLib Library Directory Traversal Vulnerability in Cartadis Gespage 8.2.1 Denial of Service Vulnerability in JDOM's SAXBuilder through 2.0.6 Out-of-Bounds Array Access in dwa_uncompress in FFmpeg 4.4 Incomplete Protection Mechanism in Dolibarr 13.0.2 Allows Remote PHP Code Execution UniFi Protect G3 FLEX Camera Denial-of-Service Vulnerability Remote Denial of Service Vulnerability in Gitea 1.9.0 through 1.13.1 via File Path Denial-of-Service Vulnerability in UniFi Protect G3 FLEX Camera Denial-of-Service Vulnerability in 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 Denial-of-Service Vulnerability in MOXA Mgate MB3180 Version 2.1 Build 18113012 Denial-of-Service Vulnerability in MOXA Mgate MB3180 Version 2.1 Build 18113012 OS Command Injection in ownCloud Files Antivirus Administration Settings Insecure Protection Mechanism in ownCloud Files Antivirus Component CKEditor 4 HTML Data Processor XSS Vulnerability Incorrect Access Control in TH Wildau COVID-19 Contact Tracing Application Allows Interference with Infection Chain Tracing Stack-based Buffer Overflow in ConnMan's DNS Proxy Memory Corruption Vulnerability in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00 COVID-19 Tracking App Exposes Sensitive Information Due to Improper Request Sequencing QR Code Confusion Vulnerability in Luca Android App Allows Unauthorized Access to COVID-19 Tracking Information ARP/NDP Tables Management Vulnerability in Stormshield Network Security Denial of Service Vulnerability in Luca Server: Unauthenticated Insertion of Fake COVID-19 Records Remote Code Injection Vulnerability in SGE-PLC1000 Firmware Version 0.9.2b Cookie Parameter Authentication Bypass Vulnerability in Circutor SGE-PLC1000 Firmware 0.9.2b Default Configuration Page Accessible Without Authentication in Fresenius Kabi Agilia SP MC WiFi vD25 and Prior SoX WAV File Divide-by-Zero Vulnerability Username Enumeration Vulnerability in Splunk Enterprise REST API Authentication Token Impersonation Vulnerability in Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 Buffer Overflow Vulnerability in Intel(R) and Killer(TM) Bluetooth Firmware Reflected Cross-Site Scripting Vulnerability in Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 XSS Vulnerability in Zoho CRM Lead Magnet Version 1.7.2.4 Stored Cross-Site Scripting (XSS) Vulnerability in Microsoft Clarity 0.3 Arbitrary Code Execution via XSS in Customize Login Image Plugin Settings Page Post Duplicator Plugin XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in CRM Allows Arbitrary Code Execution Insecure HTTP Update Download Vulnerability in Tencent GameLoop Observable Timing Discrepancy in aaugustin Websockets Library: Timing Attack on HTTP Basic Authentication RFID Tear Off Attack: Bypassing Monotonic Counter Protection on NXP MIFARE Ultralight and NTAG Cards Critical Function Reconfiguration Vulnerability in B. Braun SpaceCom2 Cleartext Transmission of Sensitive Information in B. Braun SpaceCom2: Remote Network Snooping Vulnerability Unrestricted File Upload Vulnerability in B. Braun SpaceCom2 Insufficient Verification of Data Authenticity in B. Braun SpaceCom2: Remote Command Execution Vulnerability Remote Command Injection Vulnerability in B. Braun SpaceCom2 Physical Access Vulnerability in Peloton TTR01: Unauthorized Booting into Modified Kernel/Ramdisk Stack-based Buffer Overflow in OpenThread wpantund due to Inconsistent Integer Data Type for metric_len SQL Injection Vulnerability in MOVEit Transfer Web App ETINET BACKBOX E4.09 and H4.09 Password Access Control Vulnerability Directory Traversal Vulnerability in Dino Versions 0.1.2 and Below Buffer Overflow and Improper Path Handling Vulnerabilities in Synthesia Arbitrary PHP Class Deserialization and Remote Code Execution in Invoice Ninja before 4.4.0 Missing StartTLS Encryption and SASL Confidentiality Layer in Apache Directory Studio Vulnerability: Inconsistent Password Change for SNMPv3 Access in LCOS 10.40 to 10.42.0473-RU3 on LANCOM Devices XSS Vulnerability in Accela Civic Platform through 21.1 Remote Code Execution Vulnerability in Zoom Client for Windows Integer Overflow and Out-of-bounds Write Vulnerability in Linux Kernel's fs/seq_file.c User Account Enumeration Vulnerability in MobileIron Mobile@Work Excessive Size Value Memory Allocation Vulnerability in systemd Remote Code Execution Vulnerability in Zoho ManageEngine ADManager Plus (before 7110) Heap-based Buffer Overflow in libspf2 Allows Remote Code Execution via Crafted SPF DNS Record Heap-based Buffer Overflow in libspf2 Allows Remote Code Execution via Crafted SPF DNS Record Use-After-Free Vulnerability in QEMU's MegaRAID Emulator Insecure Permissions Vulnerability in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2, and 6.0.0 Incorrect Access Control in Confluent Ansible (cp-ansible) 5.5.0-5.5.2 and 6.0.0 SQL Injection Vulnerability in nitinparashar30 CMS-CorePHP Plone CMS RSS Feed Portlet Information Disclosure Vulnerability Buffer Overflow Vulnerability in pool_installable Function in libsolv Buffer Overflow Vulnerability in pool_disabled_solvable Function in libsolv Information Leak Vulnerability in PostgreSQL Buffer Overflow Vulnerability in pool_installable_whatprovides Function in libsolv Allows for Denial of Service Buffer Overflow Vulnerability in prune_to_recommended Function in libsolv Insecure Folder Permissions in Millennium Millewin: Local Privilege Escalation Vulnerability Stack Buffer Overflow in RICOH Printer Series SP Products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 330SN, Aficio SP 3500SF, SP 221S, SP 220SNw, SP 221SNw, SP 221SF, SP 220SFNw, SP 221SFNw v1.06 via /etc/wpa_supplicant.conf Arbitrary Code Execution via SQL Injection in FantasticLBP Hotels Server v1.0 Arbitrary Code Execution Vulnerability in FeMiner WMS v1.1 Arbitrary File Upload XSS Vulnerability in Pryaniki 6.44.3 XMLTextExtractor Function Vulnerability in OpenKM v6.3.10 Plex Media Server 1.21 and Earlier: DDoS Reflection Attack Vulnerability via Plex Service Incorrect Access Control in OpenNMS Meridian and Horizon versions before 2018.1.25, 2019.1.16, and 2020.1.5, and Newts <1.5.3, enabling code execution via JEXL expressions Enhanced-Github v5.0.11 File Name Parameter Cross Site Scripting (XSS) Vulnerability OS Command Injection Vulnerability in China Mobile An Lianbao WF-1 Router v1.0.1 Command Injection Vulnerability in China Mobile An Lianbao WF-1 v1.0.1 Router Web Interface Command Injection Vulnerability in China Mobile An Lianbao WF-1 V1.0.1 Router's Firewall Level Parameter Command Injection Vulnerability in China Mobile An Lianbao WF-1 V1.0.1 Router's /api/ZRMesh/set_ZRMesh Endpoint Spotweb 1.4.9 Authenticated Cross Site Scripting (XSS) Vulnerability Buffer Overflow Vulnerability in Qihoo 360 Chrome v13.0.2170.0: Privilege Escalation Exploit Qihoo 360 Safeguard and Total Security Buffer Overflow Vulnerability Qihoo 360 Safe Browser v13.0.2170.0 Privilege Escalation via Buffer Overflow Vulnerability Privilege Escalation via Buffer Overflow in Qihoo 360 SafeGuard Qihoo 360 Safeguard and Chrome Buffer Overflow Vulnerability Privilege Escalation via Buffer Overflow in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 Integer Overflow in Stormshield Network Security (SNS) 3.x High-Availability Component Fish | Hunt FL iOS App: Remote Retrieval of Personal Information and License Images Vulnerability Insufficient Session Expiration Vulnerability in Fish | Hunt FL iOS App Version 3.8.0 and Earlier Buffer Overflow Vulnerability in Dvidelabs flatcc v0.6.0: Arbitrary Code Execution via error_ref_sym Function Microweber CMS 1.2.7 Login Form Cross Site Scripting (XSS) Vulnerability Liferay Portal 6.2.5 File Upload Vulnerability Arbitrary Code Execution Vulnerability in Bitcoin Core Vulnerability: Integer and Buffer Overflow in libyara/modules/macho/macho.c Double Free Vulnerability in ytnef 1.9.3 Allows Remote Code Execution Heap Buffer Overflow in SwapWord Function in ytnef 1.9.3 Allows for Remote Code Execution Heap Overflow Vulnerability in libebml Buffer Overflow Vulnerability in jhead 3.06 via exif.c's Put16u Function Cryptographic Chain of Trust Invalidity in Keylime 5.8.1 and Older Deserialization of YAML File Vulnerability in EdgeGallery/developer Heap-Based Buffer Overflow in tsMuxer 2.6.16: Denial of Service (DoS) Vulnerability Heap-Based Buffer Overflow in tsMuxer 2.6.16: Denial of Service (DoS) Vulnerability tsMuxer 2.6.16 Divide-by-Zero Bug: Exploitable Denial of Service (DoS) Vulnerability Double Free Vulnerability in mupdf 1.18.0: Memory Corruption and Potential Consequences Denial of Service (DoS) Vulnerability in tsMuxer 2.6.16 Heap-Based Buffer Overflow in tsMuxer 2.6.16: Denial of Service (DoS) Vulnerability Cross Site Scripting (XSS) Vulnerability in Sourcecodester Gadget Works Online Ordering System Arbitrary File Upload and Remote Command Execution in PandoraFMS <=7.54 via File Manager Sensitive Information Exposure in Artica Pandora FMS <=754 File Manager Component Arbitrary Code Execution and Privilege Escalation via File Upload in PHPOK 5.7.140 OS Command Injection Vulnerability in lifion-verify-dependencies through 1.1.0 Mintzo Docker-Tester 1.2.1 OS Command Injection Vulnerability OS Command Injection in es128 ssl-utils 1.0.0 for Node.js OS Command Injection Vulnerability in bbultman gitsome 0.2.3: Arbitrary Command Execution via Crafted Tag Name OS Command Injection Vulnerability in allenhwkim proctree Remote Code Execution Vulnerability in Google-it Node.js Package Arbitrary Command Execution Vulnerability in Turistforeningen node-s3-uploader Read Access Violation in III_dequantize_sample Function in mp3gain through 1.5.2-r2 CSRF Vulnerability in Ultimaker 3D Printers' Local Webserver APIs Clickjacking Vulnerability in Ultimaker 3D Printers Ineffective Patch in QEMU Allows Privileged Guest to Crash Host Buffer Overflow Vulnerability in libcaca v0.99.beta19: Local Code Execution Linux Kernel Memory Access Violation Vulnerability Privilege Escalation Vulnerability in WinWaste.NET Version 1.0.6183.16475 Command Injection Vulnerability in Thecus 4800Eco via /adm/setmain.php SQL Injection Vulnerability in SEO Panel 4.9.0: Gain Sensitive Information via getUserName Function Code Execution and Denial of Service Vulnerability in htmodoc 1.9.12 Critical Vulnerability in 3Scale Developer Portal Allows Brute Force Attacks and Unauthorized Access Out of Bounds Memory Layout Information Leak in htmodoc 1.9.12 NULL Pointer Dereference in bitstr_tell function in ffjpeg commit 4ab404e Stack-buffer-overflow vulnerability in atasm 1.09's aprintf() function allows arbitrary code execution Vulnerability: Unauthorized Access to Sensitive Information in Yuneec Mantis Q and PX4-Autopilot Arbitrary PHP Code Execution in LaikeTui 3.5.0 via ZIP Archive Upload Arbitrary File Deletion via Directory Traversal in LaikeTui 3.5.0 Credential Leak in Red Hat Satellite: Exposing Azure Resource Manager Secret Key Satellite Vulnerability: Granular Permission Flaw Grants Unauthorized Access to Other Organizations Incomplete String Comparison Vulnerability in NumPy Core Component Bluetooth Classic Implementation Denial of Service Vulnerability Bluetooth Classic Vulnerability: Truncated LMP_SCO_Link_Request Packet Denial of Service Denial of Service Vulnerability in Cypress WICED BT Stack for CYW20735B1 Devices Bluetooth Classic Implementation in Cypress CYW920735Q60EVB: Denial of Service Vulnerability Bluetooth Classic Vulnerability in Cypress WICED BT Stack: Resource Exhaustion and Crash via Malformed LMP Timing Accuracy Response Denial of Service Vulnerability in Cypress WICED BT Stack for CYW20735B1 Devices Bluetooth Classic Implementation Vulnerability on Texas Instruments CC256XCQFN-EM: Denial of Service via LMP_AU_Rand Flooding Bluetooth Classic Vulnerability: Denial of Service via Crafted LMP Packet on Bluetrum AB5301A Devices Stack Overflow Vulnerability in QEMU NIC Emulators: DoS via Infinite Loop Arbitrary Command Execution Vulnerability in LIZHIFAKA v.2.2.0 SQL Injection Vulnerability in Sourcecodester Basic Shopping Cart 1.0: Bypass Authentication and Admin Privilege Escalation SQL Injection Vulnerability in Sourcecodester Simple Food Website 1.0 Allows Remote Authentication Bypass and Admin Privilege Escalation CSRF Vulnerability in taoCMS 3.0.2 Allows Privilege Escalation via admin.php Credentials for Lenovo XClarity Administrator (LXCA) encoded and logged in LXCO FFDC service log Remote Code Execution Vulnerability in Dark Souls III Denial of Service and Kernel Panic Vulnerability in Espressif ESP32 v4.2 and Earlier Versions via Malformed Beacon CSA Frame Title: Denial of Service (DoS) Vulnerability in Broadcom BCM4352 and BCM43684 Chips Vulnerability Title: Grub2 Secure Boot Bypass via Certificate Installation (CVE-2020-15705 Reintroduction) TomExam 3.0 Cross Site Scripting (XSS) Vulnerability via p_name Parameter in list.thtml Arbitrary Code Execution Vulnerability in ttyd v1.6.3 Double Free Vulnerability in miniaudio.h: Buffer Overflow Risk in ma_default_vfs_close__stdio Integer-based Buffer Overflow in Miniaudio 0.10.35: Out-of-Bounds Left Shift in drwav_bytes_to_u32 SQL Injection Vulnerability in Chamilo 1.11.14 via model.ajax.php Stored XSS Vulnerability in Issabel PBX v4: Execute Arbitrary Scripts via Crafted Payload in Create New Rate Module Stack Overflow Vulnerability in OpenSC Smart Card Middleware Heap-based Buffer Overflow Vulnerability in newlib Buffer Overflow Vulnerability in D-Link DIR-2640-US 1.01B04 Multiple Out-of-Bounds Vulnerabilities in D-Link AC2600(DIR-2640) 1.01B04: Local Arbitrary Code Execution and Remote Code Execution D-Link DIR-2640-US 1.01B04 Vulnerability: Unauthorized Network Monitoring and Backdoor Access Insufficiently Protected Credentials in D-Link DIR-2640-US 1.01B04: Plain Text Password Storage and Default Passwords Arbitrary JavaScript Execution in TOTOLINK A3002R V1.1.1-B20200824 (ddns.htm) RPM Package Read Functionality Vulnerability Arbitrary JavaScript Execution via Cross-Site Scripting in TOTOLINK A3002R V1.1.1-B20200824 Directory Indexing Vulnerability in TOTOLINK-A702R-V1.0.0-B20161227.1023 Login Portal Denial-of-Service Vulnerability in Splunk Enterprise Instances Configured for Universal Forwarder Traffic Cross-Site Scripting Vulnerability in TOTOLINK A3002R V1.1.1-B20200824 (Important Update, new UI) Arbitrary JavaScript Execution via Cross-Site Scripting in TOTOLINK A3002R V1.1.1-B20200824 (Important Update, new UI) Arbitrary JavaScript Execution in TOTOLINK A3002R V1.1.1-B20200824 via Cross-Site Scripting (XSS) in parent_control.htm Uncontrolled Search Path Element Vulnerability in Bitdefender GravityZone Business Security SQL Injection Vulnerability in Tokheim Profleet DiaLOG 11.005.02 - Field__UserLogin Parameter on Logon Page Buffer Overflow Vulnerability in Netgear R8000 Router Firmware v1.0.4.56 IDN Homograph Attack Vulnerability in Keycloak Stored XSS Vulnerability in Ice Hrm 29.0.0.OS via Crafted File Upload CSRF Vulnerability in Ice Hrm 29.0.0.OS Allows Unauthorized Account Creation and Password Modification SQL Injection Vulnerability in Sourcecodester Online-Book-Store 1.0: Remote Information Disclosure AMQ Broker JDBC Persistence Vulnerability Open Redirection Vulnerability in Umbraco CMS before 7.15.7 WPanel 4 4.3.1 and Below: Multiple Remote Code Execution (RCE) Vulnerabilities via Malicious PHP File Upload Buffer Overflow Vulnerability in STM32Cube Middleware v1.8.0 and Below: USBH_ParseCfgDesc() Function Allows Arbitrary Code Execution Information Disclosure Vulnerability in Python 3's pydoc Server Buffer Overflow Vulnerability in STMicroelectronics STM32Cube Middleware v1.8.0 and Below: USBH_ParseInterfaceDesc() Function Denial of Service Vulnerability in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below Buffer Overflow Vulnerability in STM32Cube Middleware v1.8.0 and Below: USBH_ParseEPDesc() Function Allows Arbitrary Code Execution Denial of Service (DOS) Vulnerability in USBH_MSC_InterfaceInit() Function of STMicroelectronics STM32Cube Middleware v1.8.0 and Below Denial of Service Vulnerability in STMicroelectronics STM32Cube Middleware v1.8.0 and below Deluge Web-UI XSS Vulnerability through Crafted Torrent File Doftcoin Token Smart Contract: Owner-Triggered Financial Loss Vulnerability Smart Contract Vulnerability in RobotCoin (RBTC) Allows Account Hijacking and Supply Manipulation B2X Smart Contract Vulnerability: Account Hijacking and Supply Manipulation Exploit Integer Overflow Vulnerability in ext4_es_cache_extent in Linux Kernel Uninitialized Pointer Vulnerability in Polaris Office v9.103.83.44230: Remote Code Execution via Crafted PDF Insecure Password Logging in cloud-init Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12956) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12959) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13020) Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13023) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13024) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13057) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13059) BMP_Loader.dll Code Execution Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13060) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13192) Reachable Assertion Vulnerability in Zephyr versions >= v1.14 Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13194) BMP_Loader.dll Code Execution Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13196) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13197) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13198) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13199) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13340) Memory Corruption Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13342) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13343) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13344) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13350) Reachable Assertion Vulnerability in Zephyr versions >= v2.5.0 (CWE-617) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13351) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13352) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13353) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13354) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13355) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13356) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13380) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13402) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13403) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13404) Division by Zero Vulnerability in Zephyr versions >= v1.14.0 (CWE-369) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13406) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13414) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13416) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13419) Unvalidated User Input in JT2Go and Teamcenter Visualization Allows Code Execution (ZDI-CAN-13420) Out-of-Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13421) Out-of-Bounds Write Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization (ZDI-CAN-13422) Out-of-Bounds Write Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization (ZDI-CAN-13423) Out-of-Bounds Write Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization (ZDI-CAN-13424) Out-of-Bounds Write Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization (ZDI-CAN-13427) Deadlock Vulnerability in Zephyr v2.5.0 and above: Invalid Channel Map in CONNECT_IND Unvalidated User Input in JT2Go and Teamcenter Visualization Allows Code Execution (ZDI-CAN-13430) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-13442) Denial of Service Vulnerability in JT2Go and Teamcenter Visualization (CVE-2021-79300) Double Free Vulnerability in JT2Go and Teamcenter Visualization (CNVD-C-2021-79295) Infinite Loop Denial of Service Vulnerability in Exiv2 Exiv2 Integer Divide by Zero Floating Point Exception Vulnerability Timing Attack Vulnerability in Mailman Core REST API Out-of-Bounds Buffer Overwrite Vulnerability in Ming 0.4.8's getName() Function Out-of-Bounds Buffer Access Vulnerability in Ming 0.4.8 Decompiler Stack-based Buffer Overflow in le_ecred_conn_req() Out-of-Bounds Buffer Access Vulnerability in Ming 0.4.8 Out-of-Bounds Read Vulnerability in Ming 0.4.8's decompileIF() Function Out-of-Bounds Read Vulnerability in Ming 0.4.8's newVar_N() Function in decompile.c Stack Buffer Overflow Vulnerability in QNAP Devices Running QTS, QuTScloud, QuTS hero Stack Buffer Overflow Vulnerability in QNAP QUSBCam2 Stack Buffer Overflow Vulnerability in QNAP NVR Storage Expansion Stack Buffer Overflow Vulnerability in QNAP NVR Storage Expansion Command Injection Vulnerability in QNAP QVR: Remote Code Execution Risk Command Injection Vulnerability in QNAP QVR Devices: Remote Code Execution Risk Uninitialized Resource Vulnerability in le_ecred_conn_req() Command Injection Vulnerability in QNAP QVR Devices: Remote Code Execution Risk Command Injection Vulnerability in QNAP QVR: Remote Code Execution Risk Critical Cross-Site Scripting (XSS) Vulnerability in QNAP Photo Station Critical Cross-Site Scripting (XSS) Vulnerability in QNAP NAS Photo Station Critical Cross-Site Scripting (XSS) Vulnerability in QNAP Photo Station Critical Cross-Site Scripting (XSS) Vulnerability in QmailAgent: Patched in Latest Versions QmailAgent Vulnerability Patched in QmailAgent 3.0.2 and Later Versions Critical Cross-Site Scripting (XSS) Vulnerability in QNAP Proxy Server Vulnerability: Overwriting Existing Bond during Keys Distribution Phase Title: Critical Cross-Site Request Forgery (CSRF) Vulnerability in QNAP Proxy Server Allows Remote Code Injection Critical Cross-Site Scripting (XSS) Vulnerability in QNAP Proxy Server Command Injection Vulnerability in QNAP Media Streaming Add-on Path Traversal Vulnerability in thefuck Package Allows Arbitrary File Deletion Refined GitHub Browser Extension XSS Vulnerability Sensitive Information Disclosure in Accela Civic Platform through 20.1 via Modified contactSeqNumber Value OMEN Gaming Hub SDK Package Vulnerabilities: Privilege Escalation and Denial of Service XSS Vulnerability in Accela Civic Platform 20.1: ssoAdapter/logoutAction.do successURL Arbitrary Java Object Deserialization Remote Code Execution in Neo4j Integer Overflow in NVIDIA Trusty Driver OTE Protocol Message Parsing Code Heap Overflow Vulnerability in NVIDIA TLK Kernel Unverified Input Buffer Length Vulnerability in Trusty Command Handlers Stack Cookie Vulnerability in Trusty's Trusted Applications (TAs): Potential Denial of Service, Privilege Escalation, and Information Disclosure HDCP Service TA Bounds Checking Vulnerability in Trusty HDCP Service TA Bounds Checking Vulnerability in Trusty HDCP Service TA Bounds Checking Vulnerability in Trusty HDCP Service TA Vulnerability: Missing Bounds Checking in Command 10 Escalation of Privilege Vulnerability in HP LaserJet and Samsung Printers NVIDIA MB2 Bootloader Vulnerability: Heap Overflow Exploitation and Secure Boot Compromise Integer Overflow Vulnerability in NVIDIA TLK Kernel Function Integer Overflow Vulnerability in NVIDIA TLK Kernel's tz_map_shared_mem Function NVIDIA MB2 Bootloader Vulnerability: Heap Overflow Exploitation for DoS and Privilege Escalation NVIDIA MB2 Bootloader Vulnerability: Heap Overflow Exploitation and Potential Code Execution Integer Overflow Vulnerability in NVIDIA TLK Kernel Leading to Heap Overflow Integer Overflow Vulnerability in NVIDIA TLK Kernel: Exploiting Heap Overflows ARM TrustZone Technology Vulnerability: Unauthorized Write Access to Kernel Code and Data NVIDIA TegraBoot Heap Overflow Vulnerability: RAM Control and Code Execution Risk NVIDIA OTE Protocol Message Parsing Code Vulnerability in Trusty Potential BIOS Firmware Vulnerability Identified in HP Workstation Products NVIDIA TLK Kernel Function Integer Overflow Vulnerability in Trusty Integer Overflow Vulnerability in NVIDIA TLK Kernel Function in Trusty Integer Overflow in NVIDIA TLK Kernel: Bypassing Boundary Checks for Denial of Service Vulnerability in Trusty TSEC TA Deserialization Allows Code Execution and Information Disclosure NVIDIA OTE Protocol Vulnerability in Trusty TAs: Buffer Overflow and Data Manipulation Access Permission Vulnerability in Trusty TLK: Limited Information Disclosure and Denial of Service Vulnerability in Bootloader Access Permissions Allows Unauthorized Software to Overwrite NVIDIA MB2 Code, Leading to Limited Denial of Service NVIDIA MB2 Bootloader Vulnerability: Exploitable Free-the-Wrong-Heap Flaw Vulnerability in NVIDIA DCGM Allows Privilege Escalation and Denial of Service Vulnerability in NVIDIA GPU and Tegra Hardware Allows Privilege Escalation and Information Disclosure Local Elevation of Privilege Vulnerability in HP Print and Scan Doctor Vulnerability in NVIDIA GPU and Tegra Hardware Allows Unauthorized Access to Unscrubbed Memory NVIDIA Linux Kernel nvmap Access Control Vulnerability NVIDIA Tegra Kernel Driver NVDEC Buffer Overflow Vulnerability NVIDIA Linux Distribution nvmap ioctl Use-After-Free Vulnerability Vulnerability in Android T210 Images: Unprivileged Physical Access Exploit Vulnerability in NVIDIA Linux Distributions: Denial of Service via TrustZone's TEE_Malloc Function Race Condition Vulnerability in NVIDIA Tegra Kernel Driver's NVHost Component Privilege Escalation Vulnerability in Zoom Client for Windows Arbitrary System Command Execution during Zoom Installation HP OfficeJet 7110 Wide Format ePrinter XSS Vulnerability Privilege Escalation Vulnerability in Zoom Plugin for Microsoft Outlook for Mac Local Privilege Escalation in Zoom Rooms for Conference Room for Windows Installation Process Local Privilege Escalation via Zoom Client for Meetings Installation Time-of-check Time-of-use (TOC/TOU) Vulnerability in Zoom Plugin for Microsoft Outlook for MacOS Remote Command Injection in Zoom On-Premise Connectors and Load Balancer Unverified cnt Field in Zoom On-Premise Meeting Connector Controller Leads to Resource Exhaustion and System Crash Remote Command Injection in Zoom On-Premise Connectors and Load Balancer Remote Command Injection in Zoom On-Premise Meeting Connector Controller Null Byte Authentication Bypass Vulnerability in Zoom On-Premise Meeting Connector and Virtual Room Connector HTML Injection Vulnerability in Zoom Client for Meetings for Ubuntu Linux Unvalidated User Input in Red Hat OpenShift API Management Allows XSS Attack Unverified Signature Vulnerability in Zoom Client for Windows Installer Unintended Message Disclosure Vulnerability in Keybase Client for Android and iOS Path Traversal Vulnerability in Keybase Client for Windows Buffer Overflow Vulnerability in Multiple Zoom Clients and Plugins Memory Exposure Vulnerability in Multiple Zoom Clients and Plugins Server Side Request Forgery (SSRF) Vulnerability in Zoom Chat's Link Preview Functionality Arbitrary Command Execution Vulnerability in Keybase Client for Windows Remote Code Execution Vulnerability in Eclipse BIRT Versions 4.8.0 and Earlier Session ID Invalidation Vulnerability in Eclipse Jetty Directory Traversal Vulnerability in Eclipse Jetty (CVE-2021-28164/GHSA-v7ff-8wcx-gmc5) NULL Pointer Dereference Vulnerability in Jasper Image Format Decoder Vulnerability: Weak Random Number Generation in Eclipse TinyDTLS Memory Leak DoS Vulnerability in Eclipse Mosquitto 1.6 to 2.0.10 Denial of Service Vulnerability in Eclipse Mosquitto Server Versions 2.07 and Earlier Unverified Server Signature in DTLS Handshake in Eclipse Californium Unrevoked Subscriptions Vulnerability in Eclipse Mosquitto 2.0 to 2.0.11 Remote Code Execution (RCE) Vulnerability in Eclipse Theia's mini-browser Extension Remote Code Execution and XXE Vulnerability in Eclipse Theia 0.1.1 to 0.2.0 via theia-xml-extension Font Driver Host Remote Code Execution Vulnerability in Windows Windows Media Foundation Remote Code Execution Vulnerability BPF Verifier Truncation Vulnerability in Linux Kernel GDI+ Information Leakage Vulnerability Windows Media Foundation Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Windows DNS Server DoS Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability HTML Platform Security Bypass Vulnerability Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Exploiting the Scripting Engine Memory Corruption Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Vulnerability: Code Execution via Altered RPM Package Header in libdnf Hyper-V Remote Code Execution Vulnerability in Windows Office Online Server Spoofing Vulnerability: Impersonation Risk for Microsoft Users Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Exchange Server DoS Vulnerability: Disrupting Microsoft's Communication Platform Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows File History Service Privilege Escalation Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Kernel Remote Code Execution: A Critical Security Vulnerability AppContainer Privilege Escalation Vulnerability in Windows Vulnerability in libtpms Allows Weak Data Confidentiality Storage Spaces Controller Privilege Escalation Vulnerability Windows Container Isolation FS Filter Driver Privilege Escalation Vulnerability AppX Deployment Extensions Privilege Escalation Vulnerability DefenderShield: Microsoft Defender Remote Code Execution Vulnerability Windows Hello Authentication Bypass Vulnerability SharePoint Server Remote Code Execution Vulnerability SharePoint Server Remote Code Execution Vulnerability Office Security Feature Bypass Vulnerability: A Potential Breach in Microsoft Office Insecure Logging of Credentials in Ansible Modules Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Windows Defender Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Dynamics Business Central RCE Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Bowser.sys DoS Vulnerability Visual Studio Code .NET Runtime Privilege Escalation Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Visual Studio Identity Spoofing Vulnerability DNS Cache Poisoning Vulnerability in dnsmasq Exploiting the Scripting Engine Memory Corruption Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows User Profile Service Privilege Escalation Vulnerability Unprotected Information Exposure in .NET Core and Visual Studio Windows Event Tracing Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Windows Console Driver Privilege Escalation Vulnerability Exploiting the DirectWrite Remote Code Execution Vulnerability OpenSSL TLS Server Denial of Service Vulnerability BlueKeep: Windows TCP/IP Driver Denial of Service Vulnerability Win32k Information Disclosure Vulnerability Exposes Sensitive Data Windows Certificate Forgery Vulnerability Windows Partition Management Driver Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Windows GDI Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Windows GDI Privilege Escalation Vulnerability Windows DNS Server DoS Vulnerability Bypass of Non-CA Certificate Check in OpenSSL 1.1.1h-1.1.1j Windows Kernel Memory Leak Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Windows Media Foundation Remote Code Execution Vulnerability Address Book Remote Code Execution Vulnerability in Windows Edge (Chromium-based) Security Feature Bypass Vulnerability Windows Remote Assistance Information Disclosure Vulnerability Exposes Sensitive Data Windows Kernel Remote Code Execution Vulnerability: A Critical Security Flaw Exposed Storage Spaces Controller Vulnerability Denial of Service Vulnerability in Lenovo PCManager: Unauthorized Configuration File Write Storage Spaces Controller Privilege Escalation Vulnerability Windows Installer Privilege Escalation Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server ThinkPad System Shutdown SMI Callback Function Vulnerability SharePoint Server Remote Code Execution Vulnerability Raw Image Extension RCE Vulnerability DefenderShield: Microsoft Defender Remote Code Execution Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 On-Premises Critical Remote Code Execution Vulnerability in Windows DNS Server Title: Windows Print Spooler Remote Code Execution Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Code Execution Vulnerability in Visual Studio Code Remote Access Unprotected BIOS Modules in Certain Lenovo Systems Allow Unauthorized Write Access to SPI Flash Storage Exploiting the Windows Graphics Component for Remote Code Execution ASP.NET Core and Visual Studio Information Disclosure Vulnerability: Exposing Sensitive Data Font Parsing Remote Code Execution Vulnerability in Windows Graphics Component Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Storage Spaces Controller Privilege Escalation Vulnerability BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Apache Hive Privilege Escalation through Unauthorized UDF Manipulation Unvalidated Java Version Setting Allows Code Execution in CubeCoders AMP Truncated L2CAP K-frame Assertion Failure Vulnerability Cross-Site Scripting (XSS) Vulnerability in Advantech WebAccess 8.4.2 and 8.4.4 Unauthenticated Remote Access to Solar-Log 500 Web Administration Server Cleartext Password Storage Vulnerability in Solar-Log 500 Arbitrary Command Execution via NetSetMan Pro Pre-Logon Profile Switch Button Vulnerability CSRF Vulnerability in PRTG Network Monitor 20.1.55.1775 Allows Unauthorized User Account Creation Vulnerability: Access Control Bypass via Forged RELAY_END or RELAY_RESOLVED in Tor (TROVE-2021-003) Circuit ID Mishandling Vulnerability in Tor (TROVE-2021-005) Use After Free Vulnerability in Zephyr Bluetooth L2CAP Channel Disconnection Out-of-Bounds Memory Access Vulnerability in Tor Onion Service Descriptor Parsing (TROVE-2021-006) Remote Code Execution in PHPMailer on Windows via UNC Pathname in lang_path Buffer Overflow Vulnerability in Pillow and PIL Convert.c Unauthenticated Access to Blob Files in Sonatype Nexus Repository Manager 3.x OpenDMARC 1.4.1 and 1.4.1.1 Denial of Service Vulnerability Unprivileged BPF Program Exploits Speculative Store Bypass Side-Channel Vulnerability in Linux Kernel Buffer Overflow Vulnerability in XScreenSaver 5.45 Allows Bypass of Screen Lock RSA Key Exchange Vulnerability in Go's crypto/tls Package Remote Code Execution Vulnerability in PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 Improper Authorization Handling in Foreman Salt Plugin Allows Unauthorized Access and Denial of Service Vulnerability: Password Capture via Autocomplete in PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 DNS Rebinding Vulnerability in PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 Arbitrary JavaScript Injection Vulnerability in PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 Lack of HttpOnly Attribute in PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 Cookie Cookie-stealing vulnerability in PEPPERL+FUCHS WirelessHART-Gateway 3.0.9 Hard-coded Credentials in PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 Unauthenticated Remote Code Execution and Denial of Service Vulnerability in WAGO I/O-Check Service Unauthenticated Remote Code Execution and Denial of Service Vulnerability in WAGO I/O-Check Service Unauthenticated Remote Denial of Service Vulnerability in WAGO I/O-Check Service WAGO I/O-Check Service Remote Code Execution Vulnerability Improper Authorization Handling in Foreman Shellhooks Plugin Allows Local Attackers to Access and Delete Limited Resources and Cause Denial of Service DoS Vulnerability in Phoenix Contact PLCnext Control Devices Hard-coded Credentials in Enbra Wireless M-Bus Devices: A Security Mode 5 Vulnerability Replay Attack Vulnerability in Enbra EWM 1.7.29 Misinterpretation and Recognition Issues with Backflow and No Flow Events in Enbra EWM Version 1.7.29 Password Policy Bypass Vulnerability in MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual (v2.11.2) User Enumeration Vulnerability in mbCONNECT24 <= 2.8.0 Information Exposure Vulnerability in Kaden PICOFLUX Air Wireless M-Bus Mode 5 Vulnerability in Kaden PICOFLUX AiR Water Meter Unauthenticated Access and Manipulation of WAGO PLC Settings Unauthenticated Access to Sensitive Configuration Profiles in Phoenix Contact: FL MGUARD DM Unauthenticated Access to Motorola MM1000 Device Configuration Portal User Enumeration Vulnerability in mbCONNECT24 <= 2.9.0 Unauthenticated DoS Vulnerability in OpenSSL Implementation of WAGO 750 Series HTML Injection (XSS) Vulnerability in Phoenix Contact FL MGUARD 1102 and 1105 Versions 1.4.0, 1.4.1, and 1.5.0 Heap-Based Buffer Overflow in CODESYS V2 Web Server CODESYS V2 Web Server Vulnerability: Memory Disclosure and Denial-of-Service Denial of Service Vulnerability in CODESYS V2 Web Server Null Pointer Dereference Vulnerability in CODESYS V2 Web Server Stack Overflow Vulnerability in Bender/ebee Charge Controllers Unprotected Data Export Vulnerability in Bender/ebee Charge Controllers RFID Leak Vulnerability in Bender/ebee Charge Controllers MM1000 Device Configuration Web Server Privilege Escalation Vulnerability Cross-site Scripting (XSS) Vulnerability in Bender/ebee Charge Controllers Local Privilege Escalation Vulnerability in Bender/ebee Charge Controllers Command Injection Vulnerability in Bender/ebee Charge Controllers Denial-of-Service Vulnerabilities in CODESYS V2 Runtime Toolkit 32 Bit and PLCWinNT Relative Path Traversal Vulnerability in TwinCAT OPC UA Server Out-of-Bounds Read/Write Vulnerability in CODESYS V2 Runtime Toolkit 32 Bit Uninitialized Pointer Read Access Vulnerability in CODESYS V2 Runtime Toolkit 32 Bit Arbitrary File Unpacking Vulnerability in PC Worx Automation Suite Memory Leak in Remote Logging Functionality of Phoenix Contact FL MGUARD 1102 and 1105 Versions 1.4.0, 1.4.1, and 1.5.0 Certificate Validation Bypass in CODESYS Git Insecure Server Certificate Verification in Motorola MH702x Devices Weak Seed for Random Number Generation in Telenot CompasX Versions Prior to 32.0: Predictable AES Keys in NFC Tags Hardcoded SSH Credentials in Bender/ebee Charge Controllers Command Injection Vulnerability in Bender/ebee Charge Controllers Zip Slip Vulnerability in XINJE XD/E Series PLC Program Tool v3.5.1: Arbitrary File Write Privilege Local Privilege Escalation via DLL Injection in XINJE XD/E Series PLC Program Tool Aruba ClearPass Policy Manager Remote SQL Injection Vulnerability Vulnerability: Incomplete User Session Logout in Keycloak with External SAML Identity Provider and Attribute Principal Type Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba Instant Access Point (IAP) Remote Cross-Site Scripting (XSS) Vulnerability Aruba Instant Access Point (IAP) Remote Denial of Service (DoS) Vulnerability Cross-Site Request Forgery and Arbitrary File Upload Vulnerability in WooCommerce Stock Manager WordPress Plugin Unauthorized Access Vulnerability in Lenovo Power Management Driver for Windows 10 Vulnerability: Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation in WP Fluent Forms plugin < 3.6.67 for WordPress User Registration Component Vulnerability in ProfilePress WordPress Plugin Privilege Escalation Vulnerability in ProfilePress WordPress Plugin Arbitrary File Upload Vulnerability in ProfilePress WordPress Plugin Arbitrary File Upload Vulnerability in ProfilePress WordPress Plugin Arbitrary Web Script Injection Vulnerability in WP Upload Restriction Plugin Vulnerability in WP Upload Restriction Plugin Allows Unauthorized Deletion of Custom Extensions WP Upload Restriction Plugin: Unauthorized Access to Custom Extensions Cross-Site Request Forgery Vulnerability in Admin Custom Login WordPress Plugin Authorization Bypass Vulnerability in SendGrid WordPress Plugin Critical Null Pointer Dereference Vulnerability in Lenovo Power Management Driver for Windows 10 Reflected XSS Vulnerability in GTranslate < 2.8.65 Cross-Site Request Forgery Vulnerability in NewsPlugin WordPress Plugin (Versions up to 1.0.18) Cross-Site Request Forgery Vulnerability in SEO Backlinks WordPress Plugin (up to version 4.0.1) Cross-Site Request Forgery Vulnerability in Youtube Feeder WordPress Plugin (Versions up to 2.0.1) Cross-Site Request Forgery Vulnerability in Nifty Newsletters WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Poll Maker WordPress Plugin (Versions up to 3.2.8) Cross-Site Request Forgery Vulnerability in Countdown and CountUp WooCommerce Sales Timers WordPress Plugin Cross-Site Request Forgery Vulnerability in Post Index WordPress Plugin Authenticated Directory Traversal and XSS Vulnerability in WordPress Download Manager <= 3.1.24 Authenticated File Upload Vulnerability in WordPress Download Manager <= 3.1.24 DLL Search Path Privilege Escalation Vulnerability in Lenovo PCManager Reflected Cross-Site Scripting Vulnerability in Securimage-WP-Fixed WordPress Plugin (Versions up to 3.5.4) Stored Cross-Site Scripting Vulnerability in SEOPress WordPress Plugin (Versions 5.0.0 - 5.0.3) Reflected Cross-Site Scripting Vulnerability in Smart Email Alerts WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Skaut bazar WordPress Plugin (up to version 1.3.2) Reflected Cross-Site Scripting Vulnerability in Multiplayer Games WordPress Plugin Cross-Site Request Forgery Vulnerability in Shopping Cart & eCommerce Store WordPress Plugin Authentication Bypass and User Impersonation Vulnerability in Booster for WooCommerce WordPress Plugin Sensitive Information Disclosure in Ninja Forms WordPress Plugin Arbitrary Email Sending Vulnerability in Ninja Forms WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Simple Behance Portfolio WordPress Plugin Reflected Cross-Site Scripting Vulnerability in eID Easy WordPress Plugin (up to version 4.6) Reflected Cross-Site Scripting Vulnerability in Scribble Maps WordPress Plugin (Versions up to 1.2) Reflected Cross-Site Scripting Vulnerability in Media Usage WordPress Plugin (Versions up to 0.0.4) Reflected Cross-Site Scripting Vulnerability in WP Fountain WordPress Plugin (Versions up to 1.5.9) Reflected Cross-Site Scripting Vulnerability in Custom Post Type Relations WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP Songbook WordPress Plugin (up to version 2.0.11) Reflected Cross-Site Scripting Vulnerability in 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress Plugin Reflected Cross-Site Scripting Vulnerability in 2TypoFR WordPress Plugin (Versions up to 0.11) Reflected Cross-Site Scripting Vulnerability in Simple Popup Newsletter WordPress Plugin (up to version 1.4.7) Reflected Cross-Site Scripting Vulnerability in Plugmatter Pricing Table Lite WordPress Plugin Buffer Overflow Vulnerability in libmicrohttpd 0.9.70 Reflected Cross-Site Scripting Vulnerability in WP Fusion Lite WordPress Plugin Cross-Site Request Forgery Vulnerability in WP Fusion Lite WordPress Plugin Reflected Cross-Site Scripting Vulnerability in jQuery Tagline Rotator WordPress Plugin (Versions up to 0.1.5) Reflected Cross-Site Scripting Vulnerability in Moova for WooCommerce WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP SEO Tags WordPress Plugin (Versions up to 2.2.7) Reflected Cross-Site Scripting Vulnerability in Add Sidebar WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Calendar_plugin WordPress Plugin (Versions up to 1.0) Stored Cross-Site Scripting Vulnerability in WordPress Real Media Library Plugin NULL Pointer Dereference Vulnerability in Jasper Image Format Decoder Authentication Bypass Vulnerability in Basix NEX-Forms (CVE-2021-XXXX) Authentication Bypass Vulnerability in Basix NEX-Forms 7.8.7 for Excel Report Generation Credential Disclosure Vulnerability in Thycotic Password Reset Server Infinite Loop Vulnerability in avahi Unix Socket Termination Handling Vulnerability: Man-in-the-Middle Attack in Receita Federal IRPF 2021 1.7 Update Feature Information Disclosure Vulnerability in EIC E-document System 3.0 Unauthenticated SQL Injection in Hitachi Vantara Pentaho Business Analytics Arbitrary File Upload Vulnerability in Hitachi Vantara Pentaho Business Analytics iDrive RemotePC Personal Key Information Disclosure Vulnerability Information Disclosure: Reversible Encryption of Personal Key in iDrive RemotePC Information Disclosure in iDrive RemotePC on Windows Improper Authorization Handling in Foreman Proxy with Puppet CA iDrive RemotePC Authentication Bypass Vulnerability iDrive RemotePC Linux Denial of Service Vulnerability Privilege Escalation in iDrive RemotePC on Windows Uninitialized Data Structure Vulnerability in Linux Kernel (CVE-2021-3609) Bypassing Access Control Lists (ACLs) in Cisco ASR 900 and ASR 920 Series Routers Cisco IOS XE Software Vulnerability: Denial of Service Attacks through Protection Against Distributed Denial of Service Attacks Feature Denial of Service Vulnerability in Cisco AsyncOS for Cisco Web Security Appliance Cisco IOS and IOS XE Software TrustSec CLI Parser Reload Vulnerability Heap Overflow Vulnerability in Redis Vulnerability: Unauthorized File Access in Cisco SD-WAN vManage Software Directory Traversal Vulnerability in Cisco Unified Communications Manager and Unity Connection Improper Privilege Enforcement in Cisco Identity Services Engine (ISE) Web Interface Allows Information Disclosure Cisco IOS and IOS XE Software LLDP Message Parser Buffer Initialization Vulnerability Cisco ASA and FTD Software Denial of Service Vulnerability Arbitrary Number Dialing Vulnerability in Cisco Voice Telephony Service Provider (VTSP) Service Cisco Identity Services Engine (ISE) Web Interface XXE Vulnerability Sensitive Data Exposure Vulnerability in Cisco EPNM REST API Arbitrary Code Execution Vulnerabilities in Cisco NCS 540 Series Routers Arbitrary Code Execution Vulnerabilities in Cisco NCS 540 Series Routers Command Injection and Remote Code Execution Vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter Software File System Read Access Vulnerability in Cisco IP Phone Debug Shell Title: Cisco SD-WAN vManage Software: Cypher Query Language Injection Vulnerability Vulnerability in Cisco ASR 9000 Series Routers: Unauthenticated Reboot via Layer 2 Punt Code Unauthenticated Adjacent Attackers Can Cause Device Reload via UDLD Vulnerability Remote Code Execution Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Arbitrary Code Execution Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Arbitrary File Overwrite and Read Vulnerability in Cisco IOS XR Software SSH Server Privilege Escalation Vulnerabilities in Cisco IOS XR Software CLI Integer Underflow Vulnerability in xorg-x11-server Cisco IOS XR Software IP SLA and TWAMP Denial of Service Vulnerability Root Shell Access Vulnerability in Cisco IOS XR Software Root Shell Access Vulnerability in Cisco IOS XR Software Arbitrary File Overwrite Vulnerability in Cisco IOS XE SD-WAN Software Privilege Escalation and Arbitrary Code Execution Vulnerability in Cisco IOS XE SD-WAN Software CLI Arbitrary Command Injection Vulnerability in Cisco IOS XE SD-WAN Software Arbitrary Command Injection Vulnerability in Cisco SD-WAN Software Buffer Overflow Vulnerability in Cisco IOS XE SD-WAN Software Privilege Escalation Vulnerabilities in Cisco IOS XR Software CLI Arbitrary Command Execution Vulnerability in Cisco IOS XE SD-WAN Software and Cisco IOS XE Software Vulnerability: Exposure of Backup/Restore Password in Lenovo XClarity Controller (XCC) Logs Remote Code Execution and Denial of Service Vulnerability in Cisco Small Business RV Routers Stored Cross-Site Scripting Vulnerability in Cisco Prime Access Registrar Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Collaboration Provisioning Unsecured Storage of Sensitive Information in Cisco Prime Infrastructure and Cisco EPN Manager Double Free Vulnerability in Cisco Video Surveillance 7000 Series IP Cameras Firmware Command Injection and Remote Code Execution Vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter Software Cisco IMC Software Web Interface Denial of Service Vulnerability Cisco IOS XR Software DHCPv4 Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Software Insufficient Expiration of Session Credentials in Cisco Small Business Series Switches Shift Overflow Vulnerability in OpenEXR Versions before 3.0.0-beta Denial of Service (DoS) Vulnerability in Cisco Aironet Access Point Software Cisco AsyncOS Email Scanning Algorithm Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Vision Dynamic Signage Director Unauthorized Application Integration Vulnerability in Cisco Webex Software Vulnerabilities in Cisco Business 220 Series Smart Switches Firmware: Credential Exposure and Password Reconfiguration Privilege Escalation in AppDynamics .NET Agent for Windows TACACS+ Authentication Bypass Vulnerability in Cisco NFVIS Command Injection Vulnerability in Cisco Intersight Virtual Appliance's Web Management Interface Inadequate Filtering of SSL Handshake: Bypassing Filtering Technology and Data Exfiltration Vulnerability Integer Overflow Vulnerability in OpenEXR Versions Before 3.0.0-beta Bypassing Configured Rules for ENIP Traffic in Cisco Firepower Threat Defense Software Arbitrary Command Execution Vulnerabilities in Cisco Firepower Threat Defense (FTD) Software Arbitrary Command Execution Vulnerabilities in Cisco Firepower Threat Defense (FTD) Software Vulnerabilities in Cisco Business 220 Series Smart Switches Firmware: Credential Exposure and Password Reconfiguration Memory Corruption Vulnerability in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Software Shift Overflow Vulnerability in OpenEXR's B44 Uncompression Functionality Cross-Site Scripting (XSS) Vulnerability in Cisco TelePresence Management Suite (TMS) Software Arbitrary Data Overwrite Vulnerability in Cisco Firepower Threat Defense (FTD) Software Directory Traversal Vulnerability in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) and Open Redirect Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) and Open Redirect Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cisco Nexus Insights Web UI File Download Vulnerability Privilege Escalation Vulnerability in Cisco Smart Software Manager On-Prem IPv6 Traffic Processing Vulnerability in Cisco Catalyst 9000 Family Wireless Controllers Denial of Service Vulnerabilities in Cisco Catalyst 9000 Family Wireless Controllers Denial of Service Vulnerabilities in Cisco Catalyst 9000 Family Wireless Controllers OpenEXR Integer Overflow Vulnerability Cisco Catalyst 9000 Family Wireless Controllers CAPWAP Protocol Processing Arbitrary Code Execution Vulnerability Insufficient Privilege Restriction in Cisco IOS XR Software CLI Cisco Orbital Web-Based Management Interface Open Redirect Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Unified Communications Manager Cisco Common Services Platform Collector (CSPC) Web Interface Information Disclosure Vulnerability Vulnerabilities in Cisco Small Business 220 Series Smart Switches: LLDP Code Execution and Database Corruption Vulnerabilities in Cisco Small Business 220 Series Smart Switches: LLDP Code Execution and Database Corruption Vulnerabilities in Cisco Small Business 220 Series Smart Switches: LLDP Code Execution and Database Corruption Vulnerabilities in Cisco Small Business 220 Series Smart Switches: LLDP Code Execution and Database Corruption Vulnerabilities in Cisco Small Business 220 Series Smart Switches: LLDP Code Execution and Database Corruption OpenEXR Vulnerability: Excessive Memory Consumption in Scanline Input Files Vulnerabilities in Cisco Small Business 220 Series Smart Switches: LLDP Code Execution and Database Corruption Denial of Service Vulnerability in Cisco Firepower Threat Defense (FTD) Software for Multi-Instance Deployments Improper Access Controls in Cisco DNA Center API Endpoints Allow Unauthorized Information Disclosure Software-based SSL/TLS Message Handler Vulnerability in Cisco ASA and FTD Software Stored Cross-Site Scripting Vulnerability in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities in Cisco BroadWorks CommPilot Application Software: Arbitrary User Account Deletion and Privilege Escalation Vulnerabilities in Cisco BroadWorks CommPilot Application Software: Arbitrary User Account Deletion and Privilege Escalation Bypassing Security Protections in Cisco ASA and FTD Software Race Condition Vulnerability in Cisco AnyConnect Secure Mobility Client for Linux and Mac OS Allows Local Privilege Escalation Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Tetration Web Management Interface Memory Consumption Vulnerability in OpenEXR's Scanline API NAT Slipstreaming: Multiple Vulnerabilities in Cisco ASA and FTD ALG NAT Slipstreaming: Multiple Vulnerabilities in Cisco ASA and FTD ALG Cisco ASA and FTD Software Denial of Service Vulnerability Denial of Service (DoS) Vulnerability in Cisco ASA and FTD Software Ineffective Access Control in SNMPv3 of Cisco ASA and FTD Software Multiple Vulnerabilities in Cisco Catalyst PON Series Switches ONT Web Management Interface Log File Redaction Vulnerability in Apache Geode Apache HTTP Server 2.4.48 and Earlier: NULL Pointer Dereference Vulnerability NULL Pointer Dereference Vulnerability in slapi-nis Acronis Agent Vulnerability: Sensitive Information Logging Denial of Service Vulnerability in Valine 1.4.14 Security Context Reset Vulnerability in Neo4j Graph Database 4.2 and 4.3 Untrusted DLL Loading Vulnerability in TeamViewer on Windows Directory Traversal Vulnerability in FAUST iServer Open Redirect Vulnerability in Zimbra Collaboration Suite through 9.0 SSRF Vulnerability in Synology Media Server Allows Unauthorized Access to Intranet Resources Command Injection Vulnerability in Synology Download Station Out-of-Bounds Read Vulnerability in Qt's QRadialFetchSimd Privilege Escalation Vulnerability in Synology Download Station SSRF Vulnerability in Synology Download Station Allows Unauthorized Access to Intranet Resources Hard-coded Credentials Vulnerability in Synology Calendar Component Stack-based buffer overflow in Matrix libolm before 3.2.3 allows remote code execution and client crash during Olm encrypted room key backup retrieval Security Control Bypass in Proofpoint Spam Engine before 8.12.0-2106240000 XSS Vulnerability in CheckSec Canopy Login Page Argument Injection Vulnerability in Etherpad Plugin Management Cross-Site Scripting (XSS) Vulnerability in Etherpad 1.8.13 Chat Component Heap-based Buffer Overflow in Exiv2's Jp2Image::readMetadata() Function Novus HTTP Server Directory Traversal Vulnerability Cross Site Scripting (XSS) Vulnerability in AAT Novus Management System through 1.51.2 Remote File Access and XXE Vulnerability in ON24 ScreenShare Plugin for macOS Cross-Namespace Credential Exposure in Istio Gateway and DestinationRule Quassel Launches Without SSL/TLS Support When X.509 Certificate is Missing Unauthenticated Remote Code Execution in D-Link DAP-1330 1.13B01 BETA Routers via SOAPAction Header Handling Vulnerability Unauthenticated Remote Code Execution in D-Link DAP-1330 1.13B01 BETA Routers Unauthenticated Remote Code Execution in D-Link DAP-1330 1.13B01 BETA Routers via HNAP_AUTH HTTP Header Handling Vulnerability Use-after-free vulnerability in Nosy driver in Linux kernel (versions before 5.12-rc6) Unauthenticated Remote Code Execution in D-Link DAP-1330 1.13B01 BETA Routers Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.4.37651 (ZDI-CAN-13741) Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.0.0.49893 (ZDI-CAN-13928) Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Remote Code Execution Vulnerability in Bitdefender Endpoint Security Tools for Linux Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.0.0.49893 Privilege Escalation in Parallels Desktop 16.1.3 (49160) via Toolgate Component Uninitialized Memory Disclosure Vulnerability in Parallels Desktop 16.1.3 (49160) Privilege Escalation via virtio-gpu in Parallels Desktop 16.1.3 (49160) Privilege Escalation via Toolgate Component in Parallels Desktop 16.1.3 (49160) Remote Code Execution Vulnerability in TeamViewer via Malicious TVS Files Remote Code Execution Vulnerability in TeamViewer 15.16.8.0 via Malicious TVS Files (ZDI-CAN-13697) Unsanitized Metadata in GLPi 9.5.4 Allows XSS Exploitation in Plugins Unauthenticated Information Disclosure Vulnerability in D-Link DAP-2020 1.01rc001 Routers Unauthenticated Remote Code Execution in D-Link DAP-2020 1.01rc001 Routers Unauthenticated Remote Code Execution in D-Link DAP-2020 1.01rc001 Routers Unauthenticated Remote Code Execution in D-Link DAP-2020 1.01rc001 Routers Privilege Escalation Vulnerability in Parallels Desktop 16.1.3 (49160) NETGEAR Router Authentication Bypass Vulnerability Privilege Escalation via eBPF Programs in Linux Kernel 5.14-rc3 Privilege Escalation Vulnerability in Parallels Desktop 16.1.3-49160 Privilege Escalation via Uncontrolled Memory Allocation in Parallels Desktop 16.1.3-49160 Privilege Escalation in Parallels Desktop 16.1.3-49160 via Toolgate Component (ZDI-CAN-13797) Unauthenticated Disclosure of Sensitive Information in NETGEAR XR1000 1.0.0.52_1.0.38 Routers Arbitrary Code Execution via BMP File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution via SKP File Parsing in Bentley View 10.15.0.75 Buffer Overflow Vulnerability in Bentley View 10.15.0.75 via PDF Parsing Arbitrary Code Execution via 3DS File Processing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious 3DS Files (ZDI-CAN-14827) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing (ZDI-CAN-14829) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious 3DS Files (ZDI-CAN-14833) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via OBJ File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JP2 File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JP2 File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious FBX Files (ZDI-CAN-14839) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious PDF Parsing (ZDI-CAN-14840) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious 3DS Files (ZDI-CAN-14842) Out-of-bounds Write Vulnerability in eBPF RINGBUF Function Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution via BMP File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious 3DS Files (ZDI-CAN-14847) Arbitrary Code Execution via 3DS File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution via BMP File Parsing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing eBPF ALU32 Bounds Tracking Vulnerability in Linux Kernel Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious 3DS Files (ZDI-CAN-14874) Bentley View 10.15.0.75 DWG Parsing Remote Code Execution Vulnerability Buffer Overflow in Bentley View 10.15.0.75 via Malicious BMP File (ZDI-CAN-14876) Arbitrary Code Execution via DGN File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution via DGN File Parsing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K Parsing Arbitrary Code Execution via BMP File Parsing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Heap Overflow Vulnerability in Linux Kernel's io_uring Subsystem Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing (ZDI-CAN-14883) Arbitrary Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious 3DS Files (ZDI-CAN-14884) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing (ZDI-CAN-14885) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K File Parsing Bentley View 10.15.0.75 DWG Parsing Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JP2 File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious JP2 Files (ZDI-CAN-14897) Shiftfs Vulnerability: Double-Free and Memory Exhaustion in Ubuntu Linux Kernels Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Buffer Overflow Vulnerability in Bentley View 10.15.0.75 Allows Remote Code Execution Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Privilege Escalation Vulnerability in Linux Kernel's OverlayFS Implementation Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution Vulnerability in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Arbitrary Code Execution Vulnerability in Bentley View 10.15.0.75 Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Unauthenticated Man-in-the-Middle Attack in Foreman Smart Proxy's FreeIPA Module Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Arbitrary Code Execution Vulnerability in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing (ZDI-CAN-15041) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Arbitrary Code Execution Vulnerability in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JT File Parsing Kiali-Operator Access Control Flaw Allows Unauthorized Image Deployment and Privileged Token Access Heap-Based Buffer Overflow in jhead 3.06's Get16u() Function in exif.c Memory Access Vulnerability in GStreamer Demuxing of Malformed Matroska Files Unauthenticated Password Reset Vulnerability in NETGEAR R7000 1.0.11.116_10.2.100 Routers Arbitrary Code Execution Vulnerability in NETGEAR R6260 Router (ZDI-CAN-13511) Unauthenticated Remote Code Execution in NETGEAR R6260 Router (ZDI-CAN-13512) Heap Corruption Vulnerability in GStreamer Parsing Matroska Files Arbitrary Code Execution Vulnerability in NETGEAR R6260 1.1.0.78_1.0.1 Routers Bentley ContextCapture 10.18.0.232 OBJ File Parsing Remote Code Execution Vulnerability Bentley ContextCapture 10.18.0.232 OBJ File Parsing Remote Code Execution Vulnerability Privilege Escalation via Symbolic Link Vulnerability in Parallels Desktop 16.5.0 (49183) Privilege Escalation via HDAudio Virtual Device in Parallels Desktop 16.5.1 (49187) Multiple DNS Rules in OVN Kubernetes Egress Firewall Vulnerability Arbitrary Code Execution Vulnerability in NETGEAR R6400v2 1.0.4.106_10.0.80 Routers Arbitrary Code Execution Vulnerability in Orckestra C1 CMS 6.10 Remote Authentication Bypass Vulnerability in Commvault CommCell 11.22.22 Arbitrary Code Execution Vulnerability in Commvault CommCell 11.22.22 Arbitrary Code Execution via Commvault CommCell DownloadCenterUploadHandler Arbitrary Code Execution Vulnerability in Commvault CommCell 11.22.22 Arbitrary Code Execution Vulnerability in Commvault CommCell 11.22.22 Privilege Escalation via Named Pipes in Panda Security Free Antivirus 20.2.0.0 Stack Overflow Vulnerability in djvulibre-3.5.28 and Earlier Archer C90 Router Remote Code Execution Vulnerability Remote Code Execution Vulnerability in TP-Link TL-WA1201 Wireless Access Points TeamViewer Local Information Disclosure Vulnerability Linux Kernel KVM API Out-of-Bounds Write Vulnerability Avahi 0.8-5 Vulnerability: Local Attacker Can Crash Service Zyxel VPN2S Firmware 1.12 Directory Traversal Vulnerability Command Injection Vulnerability in Zyxel VPN2S Firmware v1.12: Arbitrary OS Command Execution Remote Command Execution Vulnerability in Zyxel USG/Zywall Series Firmware Insufficient RBAC Restrictions in Wildfly Expose Metrics Data Vulnerability Cross-Site Scripting (XSS) Vulnerability in Zyxel GS1900-8 Firmware V2.60 Arbitrary OS Command Execution Vulnerability in Zyxel GS1900, XGS1210, and XGS1250 Series Firmware Arbitrary OS Command Execution Vulnerability in Zyxel GS1900 Series Firmware v2.60 Root Access Vulnerability in Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 Firmware with Pre-configured Password Management Insufficient Session Expiration Vulnerability in Zyxel NBG6604 Firmware Cleartext Storage of Sensitive Information in Zyxel NBG6604 Firmware Cleartext Storage Vulnerability in Zyxel VMG3625-T50B Firmware v5.50(ABTL.0)b2k: Unauthorized Access to Sensitive Configuration Data Unvalidated URL Redirect Vulnerability in Jamf Pro Signature Verification Bypass in Linux Kernel Hivex Library Memory Read Out-of-Bounds Vulnerability Vulnerability: Denial of Service (DoS) in FISCO-BCOS V2.7.2 due to Unformatted Packet Handling QuerySet.order_by SQL Injection in Django 3.1.x and 3.2.x XSS Vulnerability in OWASP AntiSamy HTML Output Serializer Arbitrary Code Execution via Cross-Site Scripting (XSS) Vulnerability in Ice Hrm 29.0.0.OS Session Fixation Vulnerability in Ice Hrm 29.0.0 OS Allows Session Hijacking via Crafted Session Cookie Command Injection Vulnerability in Fidelis Network and Deception Components Unauthenticated SQL Injection Vulnerability in Fidelis Network and Deception CommandPost Command Injection Vulnerability in Fidelis Network and Deception CommandPost Vulnerability: Reduced Key Strength in libtpms TPM 2 Implementation Vulnerability: Storing User Credentials in Recoverable Format in Fidelis Network and Deception CommandPost Kaspersky Password Manager Vulnerability: Process Integrity Elevation Arbitrary Parameter Modification Vulnerability in Firefox Browser Leading to System Denial of Service Arbitrary JSON File Deletion via Path Traversal in Minecraft (before 1.17.1) with online-mode=false Configuration Vulnerability in MediaTek Microchips: WPS Protocol Mishandling Unisys Stealth Unquoted Windows Search Path Vulnerability Cross-Site Scripting (XSS) Vulnerability in OpenWay WAY4 ACS before 1.2.278-2693 via /way4acs/enroll action parameter Out-of-Bounds Memory Access Vulnerability in Linux Kernel Unauthenticated Discovery of Stored Payment Card Numbers in OpenWay WAY4 ACS Multiple Cross-Site Scripting (XSS) Vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 Shell Metacharacter Injection Vulnerability in DRK Odenwaldkreis Testerfassung March-2021: Unauthorized Command Execution via COVID-19 Test Result Token Critical Evasion Vulnerability in Suricata Privilege Escalation through Misconfigured Sudo in KramerAV VIAWare Vulnerability: ReDoS Attacks in glob-parent Package for Node.js Critical XXE Vulnerability in ConnectWise Automate (Before 2021.0.6.132) Replay Attack Vulnerability in Meross MSG100 Devices NULL pointer dereference vulnerability in Bluetooth HFP protocol in Snapdragon platforms Memory Corruption Vulnerability in Snapdragon Platforms Heap Buffer Overflow in QEMU Floppy Disk Emulator Improper SMMU Configuration in Snapdragon Industrial IOT and Snapdragon Mobile Allows RPM Secure Stream to Access Secure Resources and Lead to Information Disclosure Buffer Over Read Vulnerability in Multiple Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Rank Restriction Field Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Fragment Calculation in Snapdragon Platforms Unvalidated WDOG Structure Registration Vulnerability in Snapdragon Platforms Improper Validation of RRC Connection Reconfiguration Message in Snapdragon Platforms Potential Use After Free Vulnerability in Dynamic Process Spawning during Compute Offloads in Snapdragon Platforms Improper Validation of Certificate Chain Length in Snapdragon Platforms Telephony Service API Permission Validation Vulnerability Infinite Loop Vulnerability in PDFResurrect 0.22b via Crafted PDF File SMMU Disablement Vulnerability in Snapdragon Devices Buffer Overflow Vulnerability in Snapdragon Devices: Exploiting Improper SSID Length Validation Race Condition Vulnerability in Snapdragon Industrial IOT: Improper Integrity Check between PDCP and RRC Tasks Improper Validation of Certificate Chain in Snapdragon Products Unbounded Data Length Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Improper Validation of SIB Type Leads to Buffer Over Read in Snapdragon Platforms Critical Vulnerability: Null Pointer Access in Snapdragon Industrial IOT and Snapdragon Mobile Improper Validation of IE Length in SSID Parsing Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto: Lack of Input Validation in IB Amount Processing XSS Vulnerability in Red Hat Ceph Storage 4 Dashboard Component Race condition vulnerability in Snapdragon platforms leading to hypervisor memory corruption Improper Typecasting Vulnerability in Snapdragon Connectivity and Snapdragon Mobile Arbitrary Address Modification Vulnerability in Snapdragon Platforms Denial of Service Vulnerability in BlueCore BT Controller due to Oversized LMP Packet Timeout-based authentication vulnerability in Snapdragon Auto, Compute, Connectivity, Industrial IOT, and Mobile platforms Race condition vulnerability in Snapdragon Connectivity and Snapdragon Mobile allows multiple gunyah message clients to register with the same label due to improper serialization of message queue client registration. Memory Allocation Vulnerability in Snapdragon Platforms Improper Order of Signature Verification and Hashing in Snapdragon Platforms: Potential Authentication Bypass Vulnerability Session ID Validation Vulnerability in Snapdragon Platforms Zephyr JSON Decoder Array of Array Decoding Vulnerability Improper String Length Calculation Vulnerability in Snapdragon Platforms Virtual GICR Control Write Vulnerability in Snapdragon Auto, Compute, and Mobile Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Critical Out-of-Bounds Write Vulnerability in Snapdragon Devices Critical Buffer Overflow Vulnerability in Snapdragon Audio Processing Improper Input Validation Vulnerability in Snapdragon Platforms Improper Length Calculation Vulnerability in Snapdragon Platforms AP-S Lock Bit Vulnerability in Snapdragon Connectivity and Snapdragon Mobile Address Range Manipulation Vulnerability in Snapdragon Connectivity and Snapdragon Mobile Unauthenticated Remote Disclosure of Sensitive Information Vulnerability in Buffalo Broadband Routers Vulnerability in Snapdragon Connectivity and Mobile: Buffer Overflow Exploitation via Improper Hash Validation TOCTOU Race Condition Vulnerability in Snapdragon Connectivity and Snapdragon Mobile Improper Access Control in Register Configuration Allows Unauthorized Access to Graphics Protected Region in Snapdragon Platforms Improper Order of Signature Verification and Hashing in Snapdragon Platforms: Potential Authentication Bypass Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto Backend Driver Use After Free Vulnerability in Snapdragon Auto and Snapdragon Mobile due to Improper Handling of Multiple Sessions in PVM Backend Crafted Model Loading Vulnerability in Snapdragon Platforms Out of Bounds Read Vulnerability in Snapdragon Platforms Out-of-Bounds Write Vulnerability in Snapdragon Camera Driver Improper Length Validation Vulnerability in Snapdragon Firmware Unauthenticated Remote Access and Command Execution Vulnerability in Buffalo Broadband Routers Use After Free Vulnerability in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile Improper Mutex Locking and Unlocking in Synx Driver: Potential Use After Free Vulnerability Improper Input Validation in Snapdragon Platforms Allows Unauthorized Modification of IO Space xPUs Permissions Improper Length Check in GATT Multi Notification in Snapdragon Connectivity and Snapdragon Industrial IOT Critical Memory Corruption Vulnerability in Snapdragon Platforms Critical Memory Corruption Vulnerability in Snapdragon Chipsets Title: Keycloak Vulnerability Allows Brute Force Attacks Despite Permanent Lockout Critical Use After Free Vulnerability in Snapdragon Platform Graphics Support Layer Improper Bound Check Vulnerability in Snapdragon Services Use After Free Vulnerability in Synx Driver: Multiple Invocation of Synx Release Calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile Vulnerability: Memory Corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile due to Incorrect Calculation of Buffer Size in Boot Critical Null Pointer Dereference Vulnerability in Snapdragon Platforms NULL Pointer Dereference Vulnerability in sync_repl client of 389-ds-base Shell Injection Vulnerability in pglogical Use-after-free vulnerability in libxml2's xmllint before 2.9.11 allows for remote code execution XML Entity Encoding Out-of-Bounds Read Vulnerability in libxml2 Use-after-free vulnerability in libxml2 before 2.9.11 allows for remote code execution Unauthorized Access Vulnerability in Lenovo Desktops with 'BIOS Password At Boot Device List' Setting Enabled Certificate Authentication Bypass in Patterson Eaglesoft 18-21 Allows Remote Access to SQL Database Credentials Remote Code Execution via Insecure Deserialization in Manuskript 0.12.0 Unintended API Access Allows Bots to Bypass Sitewide Block in MediaWiki Stored Cross-Site Scripting (XSS) Vulnerability in NETSCOUT nGeniusONE 6.3.0 Stored Cross-Site Scripting (XSS) Vulnerability in NETSCOUT nGeniusONE 6.3.0 build 1196 and Earlier Integer Overflow Vulnerability in lz4: Potential Out-of-Bounds Write and Crash Stored Cross-Site Scripting (XSS) Vulnerability in NETSCOUT nGeniusONE 6.3.0 build 1196 XML External Entity (XXE) Vulnerability in NETSCOUT nGeniusONE 6.3.0 build 1196 Authorization Bypass Vulnerability in NETSCOUT Systems nGeniusONE 6.3.0 build 1196 Arbitrary File Read Vulnerability in NETSCOUT Systems nGeniusONE 6.3.0 build 1196 Reflected Cross-Site Scripting (XSS) Vulnerability in NETSCOUT Systems nGeniusONE 6.3.0 build 1196 URL Redirection Vulnerability in NETSCOUT Systems nGeniusONE Version 6.3.0 Build 1196 Unvalidated Redirect Vulnerability in Gitpod before 0.6.0 XSS Vulnerability in Zimbra Web Client Login Component Arbitrary Markup Injection in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23 X-Host Header Overwrites Host Header in Zimbra Collaboration Suite ProxyServlet Vulnerability RPM Signature Verification Vulnerability: Trusting Malicious Signatures Contao Backend XSS Vulnerability Title: Critical Remote Code Execution Vulnerability in SolarWinds Serv-U Exposes Privileged Access Orion Platform SQL Injection Privilege Escalation Vulnerability Orion Platform 2020.2.5 User Setting Privilege Escalation Vulnerability Session Invalidation Failure in SolarWinds Pingdom: Password and Email Address Change Vulnerability Critical Remote Code Execution Vulnerability Found in Orion Platform 2020.2.5 Patch Manager Orion Platform Integration Module Insecure Deserialization Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Patch Manager Orion Platform Integration Module Remote Code Execution Vulnerability in Orion Patch Manager Web Console ImportAlert Function Arbitrary File Read Vulnerability Out-of-Bounds Read Vulnerability in GStreamer Handling of ID3v2 Tags EmailWebPage API Command Injection Vulnerability ImportAlert Function Access Control Tampering Vulnerability Alerts Settings Page Vulnerability: Impersonation and Remote Code Execution (RCE) Exploit Remote Code Execution Vulnerability in Serv-U File Server Cross-Contamination Risk: Unauthorized Access to NetPath Services in MSP Environment Vulnerability: Misconfigured Entity in Network Configuration Manager Exposes Encrypted Passwords to Solarwinds Information Service Insecure HTTP Interface Enabled for RabbitMQ Plugin in ARM 2020.2.6 Reflective Cross-Site Scripting Vulnerability in Unsanitized Output Field Extraction from Headers Cross-Site Scripting Vulnerability in Database Performance Monitor 2022.1.7779 and Earlier Versions with Complex SQL Queries 3Scale APICast Connection Reuse Vulnerability Unquoted Service Path Vulnerability in Kiwi CatTools Installation Wizard Allows Privilege Escalation Unquoted Service Path Vulnerability in Kiwi Syslog Server Installation Wizard Vulnerability: Hard Coded Credentials in SolarWinds Web Help Desk HTTP TRACK & TRACE Method Vulnerability Orion Core Vulnerability: Read-Only SQL Injection and Privileged Escalation Default Enabled ASP.NET Debug Feature in Kiwi Syslog Server 9.7.2 and Previous Versions Allows Remote Debugging and Information Disclosure Lack of Secure Flag in SSL Cookie of Kiwi Syslog Server 9.7.2 and Earlier Versions Kiwi Syslog Server Vulnerability: Clickjacking Exploit via Missing X-Frame-Options Header Orion Platform Admin Rights Vulnerability: XSS Injection in CreateExternalWebsite Orion Map Manage Rights XSS Vulnerability Header Injection Vulnerability in Red Hat Ceph Storage RadosGW Stored XSS Vulnerability Exploiting Help Server Setting in Internet Explorer CSRFToken Leakage Vulnerability in Serv-U Server Vulnerability: Unrestricted HTTP PUT and DELETE Methods in Web Help Desk Server Unrestricted File Upload Vulnerability in Orion Platform's Log Alert to a File Action Privilege Escalation Vulnerability in Serv-U Console Allows Unauthorized File Manipulation Unencrypted Connection Vulnerability Vulnerability in Serv-U Web Login Screen Allows Insufficiently Sanitized Characters for LDAP Authentication Orion User Enumeration Vulnerability Domain Admin Data Leak: Unauthorized Access to Configuration & User Data Directory Traversal Vulnerability in Serv-U 15.3 Allows Unauthorized Access to Server Files Information Disclosure Vulnerability Vulnerability: Common Encryption Key Reuse in Serv-U FTP Server Unsanitized Input Vulnerability in SolarWinds WebHelpDesk Arbitrary Remote Code Execution Vulnerability in Yupoxion BearAdmin Reflected Cross-Site Scripting (XSS) Vulnerability in MaxSite CMS V106 Heap Buffer Overflow in NTFS-3G: Memory Disclosure, DoS, and Code Execution Vulnerability Stack Buffer Overflow in NTFS-3G Versions < 2021.8.22: Code Execution and Privilege Escalation Vulnerability Heap Buffer Overflow in NTFS-3G: Privilege Escalation via Crafted NTFS Inode Heap Buffer Overflow in NTFS-3G: Code Execution and Privilege Escalation USB Redirector Device Stack Overflow Vulnerability Leakage of AuthTokens in noobaa-operator allows unauthorized access and system configuration modification SQL Injection Vulnerability in atoms183 CMS 1.0 - Arbitrary Command Execution SQL Injection Vulnerability in get_user function of login_manager.php in rizalafani cms-php v1 Arbitrary JavaScript Injection in noobaa-core (CVE-2021-12345) Arbitrary Code Execution via File Upload in Balerocms-src 0.8.3 Authentication Bypass Vulnerability in PTCL HG150-Ub v3.0 Administrator Panel Remote Code Execution Vulnerability in Scalabium dBase Viewer 2.6 (Build 5.751) via Crafted DBF File Arbitrary Code Execution via Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 Sensitive Information Disclosure via Email Connection Configuration Probing in Zammad 1.0.x up to 4.0.0 Stack Exhaustion Vulnerability in GNU libiberty's demangle_path() 404 Page Content Spoofing Vulnerability in Zammad 1.0.x up to 4.0.0 Sensitive Information Disclosure in Zammad 1.0.x up to 4.0.0 via Ticket Article Detail View Improper Access Control for Linked Tickets in Zammad 1.0.x up to 4.0.0 Arbitrary Code Execution via User Avatar Attribute in Zammad 1.0.x up to 4.0.0 NULL Pointer Dereference in AP4_StszAtom::WriteFields Function Allows for Denial of Service (DoS) NULL Pointer Dereference in AP4_DescriptorFinder::Test Component Privilege Escalation Vulnerability in Samsung SyncThru Web Service SPL 5.93 06-09-2014 Denial of Service Vulnerability in Red Hat Ceph Storage RGW Privilege Escalation Vulnerability in CIR 2000 / Gestionale Amica Prodigy v1.7 Bludit 3-13-1 XSS Vulnerability in Admin/Login Username Field Authentication Bypass Vulnerability in TOTOLINK A720R Firmware V4.1.5cu.470_B20200911 Stack Overflow Vulnerability in TOTOLINK A720R Firmware v4.1.5cu.470_B20200911: Denial of Service (DoS) Exploit Configuration File Download Vulnerability in TOTOLINK A720R Router Remote Telnet Service Activation and Default Credential Exploitation in TOTOLINK A720R Firmware v4.1.5cu.470_B20200911 Tcl 8.6.11 Format String Vulnerability in nmakehlp.c Incorrect Access Control in Tieline IP Audio Gateway 2.6.4.8 and below: Unauthenticated Access to High Privileged Account Insecure Direct Object Reference (IDOR) vulnerability in Sourcecodester Phone Shop Sales Management System 1.0 JWT Token Invalidation Vulnerability in useradm Service CSRF Vulnerability in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 Allows Unauthorized Document Name Editing Heap-Based Buffer Overflow in tsMuxer v2.6.16 via BitStreamReader::getCurVal in bitStream.h Heap-Based Buffer Overflow in tsMuxer v2.6.16 via HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp Non-persistent Cross-Site Scripting Vulnerability in Rapid7 Nexpose's Filtered Asset Search Feature Stored XSS Vulnerability in dotCMS 21.05.1: Arbitrary Code Execution via 'Title' and 'Filename' Parameters XSS Vulnerability in Wildfly Admin Console Allows Payload Injection Reflected Cross-Site Scripting (XSS) Vulnerability in dotCMS 21.05.1's dotAdmin/#/c/containers Endpoint Reflected Cross-Site Scripting (XSS) Vulnerability in dotCMS 21.05.1's dotAdmin/#/c/links Endpoint Request Body Bypass via Trailing Pathname in OWASP ModSecurity Core Rule Set Arbitrary File Read Vulnerability in Peacexie ImCat v.5.2 NULL Dereference Vulnerability in libxml2 XML Parser Arbitrary Code Execution Vulnerability in Peacexie Imcat v5.4 Arbitrary Code Execution via Cross Site Scripting in VICIdial v2.14-610c and v.2.10-415c Insecure Randomness in go.uuid Generates Predictable UUIDs Directory Traversal Vulnerability in Solari di Udine TermTalk Server (TTServer) 3.24.0.2 SQL Injection Vulnerability in Hospital Management System v 4.0 via view-patient.php Cross Site Scripting (XSS) Vulnerability in Hospital Management System v 4.0 Persistent XSS Vulnerability in EspoCRM 6.1.6 and Prior Versions Arbitrary Code Execution Vulnerability in Deskpro Support Desk v2021.21.6 Heap Buffer Overflow in Realtek Jungle SDK's WiFi Simple Config Server Stack Buffer Overflow Vulnerability in Realtek Jungle SDK's WiFi Simple Config Server Multiple Memory Corruption and Arbitrary Command Injection Vulnerabilities in Realtek Jungle SDK Multiple Stack Buffer Overflow and Command Injection Vulnerabilities in Realtek Jungle SDK Web Server Path Traversal Vulnerability in Drogon Static Router (1.0.0-beta14 to 1.6.0) Allows Arbitrary File Reading Vulnerability: Escape Restricted clish Shell in Ivanti MobileIron Core Exponential Entity Expansion Attack in libxml2: Bypassing Protections and Causing Denial of Service Chamilo LMS v1.11.x Remote Code Execution via Crafted .htaccess File SQL Injection Vulnerability in Chamilo LMS v1.11.x via doc Parameter in upload.php Stored XSS Vulnerability in 'Title' and 'Content' Fields Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Nitro Enclaves Kernel Driver Arbitrary Code Execution Vulnerability in LMXCMS v.1.4 via TagsAction.class Reflected XSS Vulnerability in phpIPAM IP Calculator Memory leaks in virtio vhost-user GPU device (vhost-user-gpu) of QEMU up to version 6.0 Cross Site Scripting (XSS) Vulnerability in Smashing 1.3.4 Arbitrary Program Execution via Emote Interactive Remote Mouse 3.008 on Windows Privilege Escalation Vulnerability in Lexmark Universal Print Driver Uninitialized Memory Read Vulnerability in virtio vhost-user GPU Device Server Side Template Injection in Entando Admin Console 6.3.9 and earlier: Command Execution via FreeMarker Template Unauthenticated User Text Injection Vulnerability in Teradici PCoIP Management Console-Enterprise 20.07.0 Incorrect Access Control Vulnerability in libde265 v1.0.8: SEGV in slice.cc Critical Vulnerabilities Found in Online Pet Shop Web App 1.0: Remote SQL Injection and Shell Upload Union SQL Injection Vulnerability in Online Pet Shop Web App 1.0 Vulnerability: Out-of-Bounds Write in virtio vhost-user GPU Device Arbitrary Script Injection in Liferay Portal 7.4.0 Frontend Taglib Module Java Deserialization Remote Code Execution in ForgeRock AM Server Vulnerability: Insecure Exception Handling in Certain Arm Products Unquoted Service Path Vulnerability in Lexmark Printer Software Installation Packages Certificate Authentication Bypass Vulnerability in OpenVPN 3 Core Library Session Cache Corruption Vulnerability in LemonLDAP::NG CacheKey Plugin Stack-based Buffer Overflow Vulnerability in Apache Traffic Server Cross-Site Scripting (XSS) Vulnerability in SAS Environment Manager 2.5 Speculative Store Bypass Side-Channel Attack in Linux Kernel Reflected XSS Vulnerability in Nagios Log Server Alert History and Audit Log Function Stored XSS in Nagios Log Server 2.1.9: Custom Column View Vulnerability Memory Layout Information Leakage in dmg2img through 20170502 Remote Code Execution Vulnerability in Barco MirrorOp Windows Sender Boolean Blind SQL Injection in Nokia Broadcast Message Center 11.1.0 via extIdentifier Parameter Reflected XSS Vulnerability in Thruk 2.40-2 via host or title parameter Reflected XSS Vulnerability in Thruk 2.40-2 via host or service parameter GNU binutils objdump Utility 2.36 Out-of-Bounds Flaw: Integrity and System Availability Vulnerability Thruk before 2.44 Vulnerability: Quick Command XSS CSRF Vulnerability in Wowza Streaming Engine Allows Remote Account Deletion Filesystem Resource Exhaustion Vulnerability in Wowza Streaming Engine Stored and Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO WebFOCUS Client, Installer, and Reporting Server Race condition vulnerability in TIBCO JasperReports Server allows unauthorized access to temporary objects FTP Server Password Disclosure Vulnerability in TIBCO JasperReports Server XMLA Connections Component Vulnerability in TIBCO JasperReports Server and Related Editions Illegitimate Certificate Creation Vulnerability in TIBCO Software Inc.'s FTL and eFTL Components TIBCO EBX Web Server Password Bypass Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in TIBCO Nimbus Web Reporting Component DLL Search Path Privilege Escalation Vulnerability in Lenovo PCManager Arbitrary File Download Vulnerability in TIBCO Data Virtualization Stored XSS Vulnerability in PandoraFMS <=7.54 via Visual Console Name Field Unsanitized Data Vulnerability in MISP 2.4.144 Stored XSS vulnerability in Afian FileRun 2021.03.26 via mishandling of HTTP X-Forwarded-For header in Activity Logs rendering Remote Code Execution in Afian FileRun 2021.03.26 via ffmpeg Binary Check Path Vulnerability Remote Code Execution in Afian FileRun 2021.03.26 via Check Path for Magick Binary Cross-Site Scripting (XSS) Vulnerability in Afian FileRun 2021.03.26 HTML Editor Privilege Escalation Vulnerability in TeraRecon AQNetClient 4.4.13 PKI-Server Debug Mode Credential Leakage Vulnerability Zoho ManageEngine Applications Manager Build 15200 SSRF Vulnerability XSS Vulnerability in Mermaid before 8.11.0 with Antiscript Feature Ruby Code Injection in Narou (aka Narou.rb) Novel Titles or Author Names Denial of Service Vulnerability in Compress' sevenz Package Denial of Service Vulnerability in Compress' Sevenz Package Denial of Service Vulnerability in Compress' TAR Package Server-Side Request Forgery (SSRF) Vulnerability in Bitdefender Endpoint Security Tools and GravityZone Buffer Overflow Vulnerability in IDEMIA Morpho Wave Compact and VisionPass Devices Path Traversal Vulnerability in IDEMIA Morpho Wave Compact and VisionPass Devices Buffer Overflow Vulnerability in IDEMIA Morpho Wave Compact, VisionPass, Sigma, and MA VP MD Devices Insecure Configuration Handling in Securepoint SSL VPN Client v2 Allows Local Privilege Escalation Denial of Service Vulnerability in PostSRSd before 1.11 Unencrypted Backup File Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS (Version 6.3 and Prior) Improper Access Control in Hitachi Energy Retail Operations and Counterparty Settlement and Billing (CSB) Allows Execution of Modified Java Applet Credential Exposure and Unauthorized Access Vulnerability in Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing (CSB) Server-Side Request Forgery (SSRF) Vulnerability in Bitdefender Endpoint Security Tools and GravityZone Unauthorized Password Change and Login Bypass Vulnerability in Hitachi Energy's TXpert Hub CoreTec 4 Command Injection Vulnerability in Hitachi Energy TXpert Hub CoreTec 4 File Upload Validation Bypass in Hitachi Energy TXpert Hub CoreTec 4 APDU Parser Reboot Vulnerability in Hitachi Energy RTU500 Series Insufficient Security Control Vulnerability in Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 Insecure Boot Image Vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO Series Oracle Deal Management Vulnerability: Unauthorized Data Access and Modification MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.28 Vulnerability: Unauthorized Takeover Oracle Solaris Filesystem Vulnerability: Unauthorized Hang and Crash of Oracle Solaris Improper Access Control in Bitdefender Endpoint Security Tools for Linux Oracle VM VirtualBox Prior to 6.1.28 Denial of Service Vulnerability Vulnerability in Oracle PeopleSoft Enterprise SCM Supplier Portal (9.2) Allows Unauthorized Data Access and Manipulation Oracle VM VirtualBox Prior to 6.1.28 Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise CC Common Application Objects: Unauthorized Access and Data Manipulation Vulnerability in Oracle VM VirtualBox Prior to 6.1.28: Unauthorized Access and Denial of Service MySQL Server Replication Vulnerability Oracle Solaris Utility Component Vulnerability Buffer Overflow Vulnerability in Eufy Indoor 2K Indoor Camera Allows Remote Code Execution Unauthenticated Network Access Vulnerability in Java SE and Oracle GraalVM Enterprise Edition Vulnerability in Oracle Database Server: RDBMS Security Component DOS and Unauthorized Data Access Oracle WebLogic Server Diagnostics Unauthenticated Access Vulnerability Vulnerability in PeopleSoft Enterprise CS Student Records: Unauthorized Data Access and Manipulation Oracle Trade Management Unauthorized Data Access Vulnerability Vulnerability in Java SE and Oracle GraalVM: Unauthorized Partial Denial of Service Oracle Database Server Core RDBMS Component Denial of Service Vulnerability Oracle Database Server Core RDBMS Component Denial of Service Vulnerability Vulnerability in Java SE and Oracle GraalVM: Unauthorized Partial Denial of Service Java SE Product Vulnerability: Unauthenticated Takeover via Deployment Component Vulnerability in Java SE and Oracle GraalVM: Unauthorized Partial Denial of Service Oracle Universal Work Queue: Unauthorized Data Access and Modification Vulnerability Oracle Shipping Execution Product Vulnerability: Unauthorized Data Access and Modification Vulnerability in Keytool Component of Java SE and Oracle GraalVM Vulnerability in Java SE and Oracle GraalVM: Unauthenticated Network Access Compromises Availability Vulnerability in Oracle Applications Manager of Oracle E-Business Suite: Unauthorized Access and Data Manipulation Vulnerability in Java SE and Oracle GraalVM: Unauthorized Access via Kerberos Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Oracle Applications Manager: Unauthorized Access Vulnerability Privilege Escalation and Data Leakage Vulnerability in argocd Oracle Mobile Field Service Admin UI Vulnerability Vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement: Unauthorized Data Access and Manipulation Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit MySQL Server Denial of Service Vulnerability Oracle Database Enterprise Edition Unified Audit Component Unauthorized Data Access Vulnerability High-Privilege Network Access Vulnerability in Oracle MySQL Server (Versions 8.0.26 and Prior) Vulnerability in Java SE and Oracle GraalVM: Unauthenticated Network Access Compromises Availability Vulnerability in Oracle Applications Manager: Unauthorized Data Access and Manipulation Oracle Applications Manager View Reports Unauthenticated Access Vulnerability Vulnerability in Oracle Applications Manager: Unauthorized Access and Data Manipulation Critical Denial of Service Vulnerability in Oracle MySQL Server (Versions 8.0.25 and Prior) Vulnerability in MySQL Cluster: Unauthorized Partial Denial of Service Oracle Incentive Compensation User Interface Vulnerability Vulnerability in Java SE and Oracle GraalVM: Unauthorized Partial Denial of Service Oracle Access Manager Remote Code Execution Vulnerability Unauthenticated Remote Denial of Service Vulnerability in Java SE, Oracle GraalVM Enterprise Edition Oracle Solaris Device Driver Vulnerability: Unauthorized Access and Denial of Service Vulnerability: Denial of Service in libvirt's virConnectListAllNodeDevices API MySQL Cluster Takeover Vulnerability MySQL Server Denial of Service Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability MySQL Client Denial of Service Vulnerability MySQL Cluster Takeover Vulnerability Zero Downtime DB Migration to Cloud Vulnerability in Oracle Database Server 21c Polkit Privilege Escalation Vulnerability Vulnerability in PeopleSoft Enterprise CS SA Integration Pack Allows Unauthorized Access to Critical Data Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Unauthenticated Network Access Vulnerability in Java SE and Oracle GraalVM Enterprise Edition Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community: Notification Framework Allows Unauthorized Access to Critical Data Critical Denial of Service Vulnerability in Oracle MySQL Server (Versions 8.0.26 and Prior) Vulnerability in Oracle MySQL Server: Group Replication Plugin allows for Denial of Service (DoS) Attacks Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Out of Bounds Flaw in fig2dev 3.2.8a: Potential Crash and Memory Corruption Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Oracle Sales Offline Partial Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash MySQL Cluster Unauthenticated Remote Denial of Service Vulnerability Oracle Transportation Management UI Infrastructure Unauthorized Data Access Vulnerability Oracle WebLogic Server Coherence Container Unauthenticated Remote Code Execution Vulnerability MySQL Cluster Vulnerability: Unauthorized Partial Denial of Service via Physical Communication Segment Java VM Component Vulnerability in Oracle Database Server Oracle WebLogic Server Denial of Service Vulnerability MySQL Cluster Takeover Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Read Access to Data Privilege Escalation Vulnerability in Oracle MySQL Server MySQL Server Privilege Escalation Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability: Bypassing Password Complexity in openstack-keystone Critical Data Manipulation Vulnerability in Oracle MySQL Server (Versions 8.0.26 and Prior) MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Denial of Service (DoS) MySQL Server Vulnerability: Unauthorized Partial Denial of Service (DOS) via Logging MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Stored Procedure Denial of Service Vulnerability Double-Free Memory Corruption Vulnerability in Linux Kernel HCI Device Initialization Subsystem MySQL Server Unauthorized Data Manipulation Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server FTS Component Denial of Service Vulnerability Vulnerability in Oracle Secure Global Desktop 5.6 Allows Unauthorized Data Access and Partial Denial of Service Vulnerability: Fixed AES Key in tpm2_import Allows MITM Attack Vulnerability in Oracle Secure Global Desktop 5.6 Allows Unauthorized Data Access and Partial Denial of Service Essbase Administration Services Unauthorized Access Vulnerability Essbase Administration Services Takeover Vulnerability Essbase Administration Services Unauthorized Access Vulnerability Essbase Administration Services Denial of Service Vulnerability Essbase Administration Services Unauthorized Read Access Vulnerability Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Arbitrary File Overwrite Vulnerability in ffmpeg TTY Demuxer Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Outside In Technology: Denial of Service (DoS) Exploit Vulnerability in Oracle Hyperion Financial Reporting: Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle HTTP Server Caribou Input Mechanism Bypass Vulnerability Oracle Essbase Administration Services Vulnerability: Unauthorized Takeover of Services Unauthorized Read Access Vulnerability in Oracle Financial Services Analytical Applications Infrastructure Oracle Financial Services Analytical Applications Infrastructure Unauthorized Read Access Vulnerability Critical Remote Code Execution Vulnerability in Oracle Talent Acquisition Cloud - Taleo Enterprise Edition (CVE-2021-35689) Stack Corruption Bug in libtpms: RSA Decryption Vulnerability Missing Length Check in ptp4l Program of linuxptp Package Allows Remote Code Execution Vulnerability in ptp4l Program of linuxptp Package Allows for Information Leak or Crash Unicode Separator Handling Vulnerability in python-pip Use-After-Free Vulnerability in Linux Kernel HCI Subsystem Memory Leak Vulnerability in ImageMagick-7.0.11-5's Convert Command Heap-Based Buffer Overflow in openjpeg's sycc420_to_rgb Function Privilege Escalation Vulnerability in Bitdefender Endpoint Security Tools and Total Security Unauthenticated Remote Code Execution Vulnerability in Motorola Binatone Hubble Cameras Heap Overflow Vulnerability in mbsync before v1.3.6 and v1.4.2 Privilege Escalation Vulnerability in Bitdefender Endpoint Security Tools and Total Security RSA Decryption Vulnerability in Nettle Library Leads to Application Crash and Denial of Service Buffer Access with Incorrect Length Value in Zephyr (CWE-805) QEMU Paravirtual RDMA Device Memory Remapping Vulnerability Ansible Template Injection Vulnerability: Command Injection and Sensitive Information Disclosure Foreman Project: Server-Side Remote Code Execution via Sendmail Configuration Options Insecure Logging of Plain Passwords in openstack-tripleo-heat-templates Unrestricted Access to NetworkPorts in servicemesh-operator Unbounded Array Access in cli_feat_read_cb() Function Foreman Ansible Authorization Flaw: Unauthorized Access to Hosts via Job Templates Foreman Project Vulnerability: Credential Leak Exposing Azure Compute Profile Password Invalid Pointer Initialization Vulnerability in QEMU's SLiRP Networking Implementation Invalid Pointer Initialization in QEMU's SLiRP Networking Implementation Unauthenticated Log File Access in Apache Airflow Race Condition Vulnerability in RPM Allows Privilege Escalation RPM Symbolic Link Vulnerability: Privilege Escalation and Data Compromise Incomplete Fix for Directory Traversal Vulnerability Allows Privilege Escalation Out-of-bounds Read Vulnerability in QEMU's SLiRP Networking Implementation Vulnerability: Out-of-bounds array read in apr_time_exp*() functions Unauthenticated System Factory Restore Vulnerability in Western Digital WD My Book Live and My Book Live Duo Potential Denial of Service and Information Disclosure in GNU C Library (glibc) through 2.33 Couchbase Server 6.5.x and 6.6.x through 6.6.2 Vulnerability: Incorrect Access Control for Externally Managed Users Couchbase Server Buffer Overflow Vulnerability Couchbase Server Buffer Overflow Vulnerability Privilege Escalation Vulnerability in ownCloud Version Before 10.8 Information Disclosure in ownCloud Server: Exposing Internal Path and Usernames via Public Share Controller Session Fixation Vulnerability in ownCloud Server Allows Bypass of Password Protection Bypassing Permission Checks and Metadata Disclosure in ownCloud Server 10.8.0 Invalid Pointer Initialization in QEMU's SLiRP Networking Implementation Unauthenticated Remote Attack: Bricking Vulnerability in Fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker Remote Time and Date Manipulation Vulnerability in Fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker Denial of Service Vulnerability in Fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker Title: Fastrack Reflex 2.0 Activity Tracker Vulnerability: Firmware Dumping, Malicious Firmware Flashing, and Device Bricking via SWD Backend XSS Vulnerability in Contao >=4.0.0 via HTML Attributes in HTML Field Stored Cross-Site Scripting (XSS) Vulnerability in AKCP sensorProbe Embedded Webserver Local Privilege Escalation via DLL Replacement in Stormshield Endpoint Security Evolution 2.0.0 - 2.0.2 Arbitrary File Overwrite Vulnerability in TensorFlow's tf.keras.utils.get_file XSS Vulnerability in Plone 5.0 through 5.2.4: Editors at Risk in Folder Contents View NULL Pointer Dereference Vulnerability in ImageMagick's ReadSVGImage() Function Default Admin Credentials Vulnerability in Dr. ID Door Access Control and Personnel Attendance Management System Path Traversal Vulnerability in Dr. ID Door Access Control and Personnel Attendance Management System Unfiltered File Upload Vulnerability in Orca HCM Digital Learning Platform Allows Remote Code Execution Unauthenticated Remote Access and Data Manipulation Vulnerability in Orca HCM Digital Learning Platform Weak Factory Default Administrator Password in Orca HCM Digital Learning Platform Orca HCM Digital Learning Platform URL Redirection Vulnerability Path Traversal Vulnerability in Orca HCM Digital Learning Platform Path Traversal Vulnerability in Orca HCM Digital Learning Platform Missing Call-Setup Input Validation in Pexip Infinity before 26: Temporary Remote Denial of Service Vulnerability Undertow HTTP2SourceChannel Denial of Service Vulnerability Improper Permission Checks in Talk 4 in Coral before 4.12.1 Allow Remote Discovery of Sensitive Information via GraphQL Deserialization Vulnerability in Veeam Backup and Replication Authentication Bypass Vulnerability in NETGEAR WAC104 Devices (CVE-2020-27866) Absolute path traversal vulnerability in Systematica SMTP Adapter component and other affected components in Systematica Radius Reflected XSS Vulnerability in Plesk Obsidian's Website Preview Feature (PFSI-62467) Buffer Overflow Vulnerability in Digi RealPort for Windows through 4.8.488.0 Arbitrary Remote Command Execution with SUPER Privileges in Digi TransPort DR64, SR44 VC74, and WR Vulnerability: Lack of Authentication and Man-in-the-Middle Attack in Digi RealPort OpenEXR ImfDeepScanLineInputFile Out-of-Bounds Read Vulnerability Path Traversal Vulnerability in Acrobat Reader DC Versions 2021.005.20054 and Earlier Use-after-free vulnerability in Acrobat Reader DC allows arbitrary code execution Uncontrolled Search Path Element Vulnerability in Acrobat Reader DC Use-after-free vulnerability in Acrobat Reader DC allows arbitrary code execution Null Pointer Dereference Vulnerability in Acrobat Reader DC Null Pointer Dereference Vulnerability in Acrobat Reader DC Type Confusion Vulnerability in Acrobat Reader DC Versions 2021.005.20054 and Earlier Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-bounds Read Vulnerability in Acrobat Reader DC Out-of-bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution ThinkPad SMI Callback Function Vulnerability: Local Privilege Escalation and Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Adobe Bridge 11.0.2 (and earlier) Access of Uninitialized Pointer Vulnerability Out-of-bounds Read Vulnerability in Adobe Bridge 11.0.2 and Earlier Arbitrary Code Execution via Specially Crafted File in Adobe After Effects Arbitrary Code Execution via Specially Crafted File in Adobe After Effects Improper Input Validation in Adobe After Effects Allows Memory Disclosure Memory Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Pro Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Prelude 10.0 and Earlier Allows Arbitrary Code Execution eBPF Bounds Tracking Vulnerability in Linux Kernel Memory Corruption Vulnerability in Adobe Character Animator Allows Arbitrary Code Execution Adobe Character Animator 4.2 (and earlier) Out-of-Bounds Read Vulnerability Adobe Captivate Privilege Escalation Vulnerability Adobe Audition 14.2 (and earlier) Out-of-Bounds Read Vulnerability Out-of-bounds Write Vulnerability in Adobe InDesign Allows Remote Code Execution Stack Overflow Vulnerability in Adobe Photoshop: Arbitrary Code Execution via Crafted PSD File Adobe Photoshop Improper Input Validation Vulnerability Allows Memory Disclosure Uninitialized Variable Vulnerability in Adobe Prelude 10.0 and Earlier Use-after-free vulnerability in Adobe Illustrator allows for arbitrary file system information disclosure Memory Corruption Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Arbitrary Code Execution via Command Injection in Adobe Illustrator Business Logic Error in Magento Commerce: Price Alteration Vulnerability in placeOrder Mutation Out-of-bounds Read Vulnerability in Adobe Media Encoder 15.2 and Earlier Allows Arbitrary Code Execution Uninitialized Pointer Vulnerability in Adobe Media Encoder 15.2 and Earlier: Arbitrary File System Information Disclosure Memory Corruption Vulnerability in Adobe Media Encoder 15.2 and Earlier: Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe Media Encoder 15.2 and Earlier Memory Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure Out-of-bounds Read Vulnerability in Adobe After Effects Allows Information Disclosure Information Disclosure Vulnerability in Buildah Container Builds XML Injection Vulnerability in 'City' Field Allows Remote Code Execution in Magento Commerce Versions 2.4.2 and Earlier Remote Code Execution Vulnerability in Magento CMS Page Scheduled Update Feature XML Injection Vulnerability in Magento Commerce Widgets Update Layout XML Injection Vulnerability in Magento Commerce Widgets Update Layout Remote Code Execution Vulnerability in Magento Commerce Versions 2.4.2 and Earlier Remote Code Execution Vulnerability in Magento Commerce Versions 2.4.2 and Earlier Stored Cross-Site Scripting Vulnerability in Magento Commerce Customer Address Upload Feature Stored Cross-Site Scripting Vulnerability in Magento Commerce Versions 2.4.2 and Earlier XML Injection Vulnerability in Magento Commerce Allows Remote Code Execution Improper Authorization Vulnerability in Magento Commerce Versions 2.4.2 and Earlier Vulnerability in PHPMailer 6.4.1 and earlier: Untrusted Code Execution Improper Input Validation Vulnerability in Magento Commerce Allows Price Manipulation during Checkout Path Traversal Vulnerability in Magento Commerce Allows Remote Code Execution via theme[preview_image] Parameter Improper Input Validation in Magento Commerce Allows Information Exposure and Privilege Escalation XML Injection Vulnerability in Magento Commerce Widgets Module Allows Remote Code Execution Remote Code Execution Vulnerability in Magento Commerce Versions 2.4.2 and Earlier Remote Code Execution Vulnerability in Magento Commerce Versions 2.4.2 and Earlier Improper Access Control in Magento's Media Gallery Upload Workflow Leads to Remote Code Execution Improper Authorization Vulnerability in Magento Commerce Versions 2.4.2 and Earlier Improper Input Validation in Magento Commerce Multishipping Module Leads to Sensitive Information Disclosure Improper Input Validation Vulnerability in Magento Commerce Allows Information Disclosure Blind SQL Injection in Secure 8 (Evalos): Unauthorized Data Extraction Improper Input Validation Vulnerability in Magento Commerce Allows Remote Code Execution Remote Code Execution Vulnerability in Magento Commerce Versions 2.4.2 and Earlier Unrestricted File Upload Vulnerability in Magento Commerce API File Option Upload Extension Blind SSRF Vulnerability in Magento Commerce's Bundled dotmailer Extension Improper Input Validation Vulnerability in Magento Commerce Allows Server-Side Denial-of-Service Out-of-Bounds Read Vulnerability in XMP Toolkit SDK 2020.1 and Earlier Memory Corruption Vulnerability in XMP Toolkit version 2020.1 and Earlier Arbitrary Code Execution via Crafted File in XMP Toolkit SDK Arbitrary Code Execution via Crafted File in XMP Toolkit SDK Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution OpenEXR Prior to 3.0.5: Out-of-Bounds Read Vulnerability Buffer Overflow Vulnerability in XMP Toolkit SDK version 2020.1 and Earlier Buffer Overflow Vulnerability in XMP Toolkit SDK 2020.1 and Earlier Allows Arbitrary Code Execution Memory Corruption Vulnerability in XMP Toolkit version 2020.1 and Earlier Out-of-Bounds Read Vulnerability in XMP Toolkit SDK 2020.1 and Earlier Buffer Overflow Vulnerability in XMP Toolkit SDK 2020.1 and Earlier: Local Application Denial of Service Use-After-Free Vulnerability in XMP Toolkit SDK Versions 2020.1 and Earlier Allows Arbitrary Code Execution Buffer Overflow Vulnerability in XMP Toolkit SDK version 2020.1 and Earlier Write-What-Where Condition Vulnerability in XMP Toolkit SDK version 2020.1 and Earlier Integer Overflow Vulnerability in XMP Toolkit SDK version 2020.1 and Earlier Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Arbitrary Code Execution via OpenSSL Configuration File in OpenVPN on Windows Out-of-Bounds Read Vulnerability in Adobe Media Encoder 15.2 and Earlier Adobe Connect Version 11.2.2 (and Earlier) Vulnerability: Unauthorized Recording Manipulation Reflected Cross-site Scripting Vulnerability in Adobe Connect 11.2.2 and Earlier Reflected Cross-site Scripting Vulnerability in Adobe Connect 11.2.2 and Earlier Buffer Underflow Vulnerability in XMP Toolkit version 2020.1 and Earlier Allows Arbitrary Code Execution Heap-Based Buffer Overflow Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution QEMU Integer Overflow Vulnerability in VMWare's Paravirtual RDMA Device Improper Memory Access Vulnerability in Adobe Media Encoder 15.1 and Earlier Adobe Bridge Out-of-Bounds Read Vulnerability Allows Arbitrary Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Bridge 11.1 and Earlier Adobe Bridge Out-of-Bounds Read Vulnerability Allows Arbitrary Memory Disclosure Buffer Overflow Vulnerability in Adobe Bridge 11.1 (and earlier) Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge 11.1 and Earlier: Local Application Denial of Service Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Adobe Bridge 11.1 (and earlier) Out-of-Bounds Read Vulnerability QEMU Vulnerability: Crash and Undefined Behavior in VMWare Paravirtual RDMA Device Handling Double-Free Vulnerability in GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 Use-after-free vulnerability in Tesseract OCR 5.0.0-alpha-20201231 during strpbrk call Stack-Based Buffer Overflow in ntop nDPI 3.4's processClientServerHello Stack-Based Buffer Overflow in KDE KImageFormats XCFImageFormat::loadTileRLE Use-after-free vulnerability in SELinux 3.2 CIL compiler: __cil_verify_classperms. Use-after-free vulnerability in SELinux 3.2 CIL compiler's __cil_verify_classperms function Use-after-free vulnerability in CIL compiler in SELinux 3.2 Heap-based Buffer Over-read Vulnerability in CIL Compiler of SELinux 3.2 Double Free Vulnerability in Fluent Bit (Versions 1.7.0 - 1.7.4) Heap-Based Buffer Overflow in Grok's FileFormatDecompress::apply_palette_clr Local Privilege Escalation Vulnerability in Linux Kernel's CAN BCM Networking Protocol Denial of Service Vulnerability in Compress' ZIP Package Calendar Access Control Bypass in OTRS Community Edition 6.0.x and OTRS 7.0.x XSS Vulnerability in OTRS AG Community Edition and OTRS Versions 6.0.1 and Later Email Stuck DoS Vulnerability in OTRS Community Edition and OTRS XSS Vulnerability in OTRS Appointment Edit Screen Vulnerability: User Login Disclosure via Lost Password Feature Vulnerability: Exposure of Private S/MIME and PGP Keys in Generated Support Bundles Ticket Lock Bypass Vulnerability in OTRS 8.0.x Heap-based Buffer Overflow Vulnerability in ImageMagick's ReadTIFFImage() Function Command Execution Vulnerability in OTRS System Configuration Stack Overflow Vulnerability in Intel HD Audio Device of QEMU Linux Kernel Joystick Devices Subsystem Out-of-Bounds Memory Write Vulnerability Unrestricted File Upload and Remote Code Execution in Echo ShareCare 8.15.5 Command Argument Injection Vulnerability in Echo ShareCare 8.15.5 Local File Inclusion Vulnerability in Echo ShareCare 8.15.5 Unauthenticated Access to Sensitive Resources in Echo ShareCare 8.15.5 Vulnerability: Denial of Service Attack in Special:GlobalRenameRequest Vulnerability: Invalid AbuseFilter Blocker Message Handling in MediaWiki Vulnerability: Disclosure of Suppressed Accounts in MediaWiki CentralAuth Extension Improper Implementation of Autoblocks in CentralAuth Extension Unvalidated Parameter in Translate Extension Allows Silent Deletion of Metadata Arbitrary Code Execution via OpenSSL Configuration File in OpenVPN Connect Arbitrary Code Injection in SocialProfile Extension: XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in MediaWiki SportsTeams Extension Insecure User Rights Validation in MediaWiki FileImporter Extension TrustZone Bypass Vulnerability in OPTEE-OS CSU Driver for NXP i.MX SoC Devices JPEG Parsing Code Out of Bounds Write Vulnerability in Netop Vision Pro 9.7.2 Lenovo Notebook BIOS Update Vulnerability Allows Privilege Escalation ACRN 2.5 and Earlier: NULL Pointer Dereference in virtio.c Use-after-free vulnerability in ACRN's polling timer handler for freed virtio device Use-After-Free Vulnerability in ACRN Device Model ACRN 2.5 and Earlier: NULL Pointer Dereference in devicemodel/hw/pci/xhci.c NULL Pointer Dereference in virtio_net_ping_rxq in ACRN before 2.5 Buffer Overflow in dmar_free_irte in ACRN before 2.5 Lenovo Smart Camera X3, X5, and C2E SD Card Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in SilverStripe Framework through 4.8.1 Apache Gobblin Local Privilege Escalation Vulnerability Apache Gobblin LDAP Certificate Trust Vulnerability Denial of Service Vulnerability in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 Denial of Service via Uncontrolled Recursion in gRPC Swift 1.1.1 and Earlier Arbitrary Length Buffer Allocation Vulnerability in gRPC Swift 1.1.0 and Earlier Directory Traversal Vulnerability in Grafana Loki Directory Traversal Vulnerability in Grafana Cortex Vulnerability: Man-in-the-Middle Attacks in xrdp Package for Alpine Linux Out-of-Bounds Read Vulnerability in libfetch FTP Passive Mode Implementation Lenovo Smart Camera X3, X5, and C2E Firmware Vulnerability: Unauthorized Access and Firmware Manipulation Apache HTTP Server mod_proxy_uwsgi Denial of Service Vulnerability Remote Code Execution (RCE) Vulnerability in Apache Dubbo 2.7.13 Arbitrary Constructor RCE Vulnerability in Apache Dubbo Apache Dubbo Hessian Protocol Deserialization Vulnerability Cleartext Storage of Sensitive Information in RICON Industrial Cellular Router S9922L FortiMail Authentication Token Guessing Vulnerability Bypassing Webfilter Control via Session-ID Parameter Modification Vulnerability Path Traversal Vulnerability in Fortinet FortiPortal Versions 5.3.x and 6.x Hidden Functionality Vulnerability in Fortinet FortiOS 7.x and 6.4.x Command Injection Vulnerability in Lenovo Smart Camera X3, X5, and C2E Cleartext Disclosure of FortiCloud Credentials in FortiAnalyzerVM and FortiManagerVM Predictable Password Generation Vulnerability in FortiPortal XML External Entity (XXE) Vulnerability in FortiPortal Heap-based Buffer Overflow in FortiOS Firmware Signature Verification Function Memory Allocation Vulnerability in FortiPortal License Verification Function Remote Code Injection Vulnerability in FortiWebManager Uncontrolled Resource Consumption Vulnerabilities in FortiPortal Web Interface Improper Access Control Vulnerability in FortiAuthenticator HA Service 6.3.2 and Below Fortinet FortiSDNConnector Version 1.1.7 and Below: Credential Disclosure Vulnerability Fortinet FortiWeb CLI Command Execution Vulnerability ALPACA: Application Layer Protocol Content Confusion Attack Command Injection Vulnerabilities in FortiWeb Management Interface Race Condition Vulnerability in FortiPortal Customer Database Interface Command Injection Vulnerability in Fortinet FortiWeb 6.3.13 and Below Privilege Escalation via FortiClient Update Named Pipe Vulnerability SQL Injection Vulnerability in Fortinet FortiWLM Version 8.6.1 and Below: Disclosure of Device, Users, and Database Information via Crafted HTTP Requests OS Command Injection Vulnerability in Fortinet FortiWLM Version 8.6.1 and Below Fortinet FortiWeb Stack-Based Buffer Overflow Vulnerability Uncontrolled Resource Consumption Vulnerability in Fortinet FortiWeb Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiWeb Versions 6.4.1 and below, 6.3.15 and below Fortinet FortiClientEMS Vulnerability: Information Disclosure via Browser Decrypted Data Inspection Post-Authentication Persistent XSS Vulnerability in Rapid7 Velociraptor Unauthenticated Access to Protected Hosts via Crafted HTTP Requests in Fortinet FortiWeb Open Redirect Vulnerability in Fortinet FortiWeb Versions 6.4.1 and below, 6.3.15 and below Unauthorized Access to Sensitive Information in FortiManager Arbitrary Code Execution Vulnerability in FortiWeb Command Line Interpreter Arbitrary Code Execution Vulnerabilities in FortiWeb API Controllers Command Injection Vulnerabilities in FortiWeb Command Line Interpreter Unauthorized Access Vulnerability: Exploiting Sensitive Data Exposure Vulnerability Scanner Disruption: Impact on VideoEdge NVR Functionality Vulnerability: Sensitive Information Disclosure in Ansible Engine's ansible-connection Module User Enumeration Vulnerability in Metasys ADS/ADX/OAS 10 and 11 Versions CCURE 9000 Version 2.90 and Prior: User Account Enumeration Vulnerability SSRF Vulnerability in Johnson Controls Metasys MUI PDF Export Feature Request Forgery Vulnerability Insufficiently Protected Credentials Expose in Johnson Controls Metasys ADS/ADX/OAS Session Token Persistence Vulnerability Authentication Bypass Vulnerability in CEVAS Versions Prior to 1.01.46 Privilege Escalation Vulnerability in Metasys ADS/ADX/OAS Servers Versions 10 and 11 Account Takeover Vulnerability in JetBrains Hub (CVE-2021-13389) SSSD Vulnerability: Command Injection via sssctl Logs-Fetch and Cache-Expire Subcommands Stored XSS Vulnerability in MISP Sharing Groups View Default Deny Policy Bypass in HashiCorp Consul and Consul Enterprise 1.9.0 - 1.10.0 Cross-Site Scripting (XSS) Vulnerability in LINE iOS Client (before 10.16.3) via WebView Header Address Bar Spoofing Vulnerability in LINE Client for iOS 10.21.3 and Earlier Arbitrary Code Execution Vulnerability in LINE for Windows 6.2.1.2289 and Earlier Buffer Overflow Vulnerability in SKALE sgxwallet 1.58.3 Uninitialized Pointer Freeing Vulnerability in SKALE sgxwallet 1.58.3 Stack Overflow Vulnerability in hivex Library Allows for System Availability Impact Race condition in net/http/httputil ReverseProxy leading to panic NULL Pointer Dereference in ec_verify Function of MIT Kerberos 5 KDC Unsecured nobody Account with Blank Password in Western Digital My Cloud Devices Unrestricted REST API Access in Western Digital My Cloud Devices Unauthenticated Firmware Upgrade Vulnerability in Western Digital My Cloud Devices Out-of-Bounds Access Vulnerability in libtpms Privilege Escalation via Inadequate Authorization Checks in HashiCorp Terraform Enterprise (up to v202106-1) Remote Code Execution via Deserialization in MIK.starlight 7.9.5.24363 Privilege Escalation Vulnerability in MIK.starlight 7.9.5.24363 Arbitrary File Read Vulnerability in MIK.starlight 7.9.5.24363 Hard-coded Cryptographic Key Vulnerability in MIK.starlight 7.9.5.24363 Privilege Escalation via File and Folder Security Bypass in Ivanti Workspace Control Integer Overflow Vulnerability in dcraw Allows Arbitrary Code Execution Heap-based Buffer Overflow in Zephyr USB DFU DNLOAD (CWE-122) Local Privilege Escalation in Windows Multipass Versions Before 1.7.0 Command Injection Vulnerability in Hikvision Web Server: Exploiting Insufficient Input Validation Insufficient Access Control Vulnerability in Dell DBUtilDrv2.sys Driver (Versions 2.5 and 2.6) Improper Verification of Cryptographic Signature Vulnerability in Dell Command | Update, Dell Update, and Alienware Update Sensitive Information Exposure in Dell EMC PowerScale OneFS Log Files Dell EMC PowerScale OneFS Privilege Escalation Vulnerability Authenticated Cross-site Scripting (XSS) Vulnerability in OpenKM Community Edition 6.3.10 Dell EMC PowerScale OneFS Privilege Escalation Vulnerability Dell EMC PowerScale OneFS Privilege Escalation Vulnerability Uninitialized Resource Vulnerability in Dell EMC PowerScale OneFS Versions 8.2.x - 9.1.0.x Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Excessive Authentication Attempts Vulnerability Dell BIOS Excessive Authentication Attempts Vulnerability Arbitrary File Deletion Vulnerability in Dell SupportAssist Client Consumer Versions 3.9.13.0 and Prior Unauthenticated Remote Code Execution Vulnerability in Dell VNX2 for File Version 8.1.21.266 and Earlier Dell VNX2 for File Path Traversal Vulnerability Sensitive Information Disclosure Vulnerability in Dell VNX2 OE for File Versions 8.1.21.266 and Earlier Undertow HTTP/2 Flow Control Vulnerability Privilege Escalation Vulnerability in Dell VNX2 for File version 8.1.21.266 and Earlier Privilege Escalation Vulnerability in Dell VNX2 for File version 8.1.21.266 and Earlier Dell VNX2 OE for File Authentication Bypass Vulnerability Authenticated Remote Code Execution Vulnerability in Dell VNX2 OE for File Versions 8.1.21.266 and Earlier Authenticated Remote Code Execution Vulnerability in Dell VNX2 OE for File Versions 8.1.21.266 and Earlier Untrusted Search Path Vulnerability in SupportAssist Client Versions 3.8 and 3.9 InsightIQ SSH Authentication Bypass and Remote Takeover Vulnerability SQL Injection Vulnerability in Dell iDRAC9 Versions 4.40.00.00 and Later DjVuLibre Out-of-Bounds Write Vulnerability in DJVU::DjVuTXT::decode() iDRAC9 Improper Input Validation Vulnerability Stack Buffer Overflow in Dell iDRAC 9 and iDRAC 8 Racadm Privilege Escalation Vulnerability in Dell EMC Integrated System for Microsoft Azure Stack Hub Unsynchronized Access to Shared Data in Dell PowerScale OneFS SMB CA Handling: Denial of Service Vulnerability Authentication Bypass Vulnerability in Networking OS10 with RESTCONF API Privilege Escalation Vulnerability in Networking OS10 with RESTCONF API Authentication Bypass Vulnerability in Networking OS10 with Smart Fabric Services Sensitive Information Disclosure Vulnerability in Dell Enterprise SONiC OS Vulnerability: SELinux MCS Category Pair Generation Flaw in libvirt Uncontrolled Resource Consumption Vulnerability in Dell Networking OS10 API Service Improper Authorization Vulnerability in Dell EMC Networker Versions Prior to 19.5 Hard-coded Password Vulnerability in Dell EMC CloudLink 7.1 and Prior Versions Critical OS Command Injection Vulnerability in Dell EMC CloudLink 7.1 and Prior Versions Arbitrary File Creation Vulnerability in Dell EMC CloudLink 7.1 and Prior Versions Critical Privilege Escalation Vulnerability in Dell EMC PowerScale Nodes Improper Privilege Management Vulnerability in Dell EMC Avamar Server AUI Dell EMC Avamar Server 19.4 AvInstaller Plain-Text Password Storage Vulnerability Critical Vulnerability in Dell EMC Avamar: Plain-Text Password Storage Puts System at Risk of Complete Outage Dell Networking OS10 Information Exposure Vulnerability Keycloak Vulnerability: Unauthorized Registration of Security Devices via WebAuthn Dell Networking X-Series Firmware Authentication Bypass Vulnerability Improper Input Validation Vulnerability in Dell Networking X-Series Firmware Dell Networking X-Series Firmware Host Header Injection Vulnerability Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell EMC Streaming Data Platform SSL Strip Vulnerability Dell EMC Streaming Data Platform: Server Side Request Forgery Vulnerability Dell EMC Streaming Data Platform < 1.3 SQL Injection Vulnerability Indirect Object Reference Vulnerability in Dell EMC Streaming Data Platform versions before 1.3 Privilege Escalation Vulnerability in Lenovo Driver Management Insufficient Session Expiration Vulnerability in Dell EMC Streaming Data Platform versions before 1.3 Dell EMC CloudLink 7.1 and Prior Versions HTML and JavaScript Injection Vulnerability Dell EMC CloudLink Buffer Overflow Vulnerability Dell EMC CloudLink 7.1 and Prior Versions: CSV Formula Injection Vulnerability Arbitrary File Execution Vulnerability in Dell EMC CloudLink 7.1 and Prior Versions Deserialization Code Execution Vulnerability in Wyse Management Suite 3.3.1 and Below Insecure Transport Security Protocols in Dell Wyse Management Suite: A Threat to Confidentiality and Integrity Privilege Escalation Vulnerability in Unisphere for PowerMax Versions Prior to 9.2.2.2 Undocumented User Accounts Vulnerability in Dell EMC Virtual Appliances Vulnerability: Inconsistent Buffer Lengths in libssh Dell EMC SCG 5.00.00.10 and earlier - Sensitive Information Disclosure Vulnerability Sensitive Data Exposure Vulnerability in Dell Wyse Device Agent Version 14.5.4.1 and Below Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell iDRAC 8 Denial of Service Vulnerability Stack-based Buffer Overflow Vulnerability in iDRAC9 and iDRAC8 Input Injection Vulnerability in iDRAC9 Versions Prior to 5.00.20.00 Dell EMC Data Protection Central Server Side Request Forgery Vulnerability Linux Kernel Netfilter Netflow Command Panic Vulnerability Authentication Bypass Vulnerability in Dell PowerScale OneFS SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via GET Requests to nursing-station.php Stored XSS Vulnerability in Care2x Hospital Information Management 2.7 Alpha: POST Requests in patient_register.php Remote Code Execution in Kramer VIAware through August 2021 via ajaxPages/writeBrowseFilePathAjax.php Type Mismatch Vulnerability in OpenPOWER 2.6 Firmware Allows Timestamp Bypass OrbiTeam BSCW Classic XML Tag Injection Remote Code Execution Vulnerability Insecure Certificate Generation in OpenShift Service CA Incorrect Permission Assignment for migrate.php in Nagios XI before 5.8.5 Wildcard Injection Vulnerability in Nagios XI before 5.8.5 Incorrect Permission Assignment for repairmysql.sh in Nagios XI before 5.8.5 Wildcards in manage_services.sh in Nagios XI before 5.8.5 Vulnerability PuTTY 0.75 Vulnerability: Insecure SSH Session Establishment OpenSSH Vulnerability: Silent Modification of Server for None Authentication Vulnerability: Non-RFC-Compliant Authentication Method Check in Dropbear SSH Denial of Service Vulnerability in keycloak-model-infinispan Unauthenticated SFTP Server Connection Vulnerability Bypassing Client Certificate Requirements in Emissary-Ingress Apache Ozone Block Token Persistence and Unauthorized Access Vulnerability Apache Ant TAR Archive Memory Allocation Vulnerability Apache Ant Out-of-Memory Vulnerability in ZIP Archive Processing Relative Path Execution Vulnerability in dandavison delta before 0.8.3 on Windows TLS Certificate Validation Bypass in Fossil Versions 2.14.2 and 2.15.x ATI VGA Device Emulation Out-of-Bounds Memory Access Vulnerability Unauthenticated OS Command Injection in Sunhillo SureLine before 8.7.0.1.1 via /cgi/networkDiag.cgi Arbitrary Text Injection Vulnerability in Edifecs Transaction Management Vulnerability: Private Key Interception via Man-in-the-Middle Attack in Devolutions Server Authorization Bypass Vulnerability in Xen Orchestra SQL Injection Vulnerability in Cerner Mobile Care 5.0.0 Allows Remote Code Execution Uninitialized vsnprintf va_list Argument Vulnerability in Fetchmail Stored Cross-Site Scripting Vulnerability in Yellowfin's Video Embed Functionality Insecure Direct Object Reference vulnerability allows unauthorized access to user profile pictures in Yellowfin before 9.6.1 Insecure Direct Object Reference vulnerability in Yellowfin before 9.6.1 allows unauthorized image enumeration and download Vulnerability: Open Redirect in mod_auth_mellon Logout URLs Critical SQL Injection Vulnerability Found in Moodle's Enrolled Courses Library Critical SQL Injection Vulnerability Found in Moodle's Recent Courses Library Critical Remote Code Execution Vulnerability in Moodle Shibboleth Authentication Plugin Moodle File Repository URL Parsing Vulnerability Blind SSRF Risk in Moodle: Insufficient Redirect Handling Moodle Vulnerability: Unrestricted Message Deletions Stored XSS Risk in Moodle Web Service Token List Stored XSS Risk in Moodle Quiz Override Screens Use-After-Free Vulnerability in Linux Kernel HCI Subsystem Allows Privilege Escalation Moodle Vulnerability: Unauthorized Removal of Calendar URL Subscriptions Moodle HTML Data Export Vulnerability: Local Stored XSS Risk Moodle Vulnerability: Account Confirmation Email Allows Self-Registration Phishing Hidden Link Phishing Vulnerability in Moodle Email Notifications Heap-use-after-free vulnerability in libde265 v1.0.8: Heap-use-after-free in intrapred.h when decoding file using dec265 Assertion Failure in libde265 v1.0.8: Denial of Service Vulnerability Improper Link Resolution Before File Access ('Link Following') Vulnerability in Bitdefender Endpoint Security Tools for Windows Stack Buffer Overflow in libde265 v1.0.8 via fallback-motion.cc in put_epel_hv_fallback function Remote Denial of Service Vulnerability in libde265 v1.0.8 Heap-based Buffer Overflow Vulnerability in MP4Box via gp_rtp_builder_do_mpeg12_video Function MP4Box in GPAC 1.0.1 Heap-Based Buffer Overflow Vulnerability Heap-based Buffer Overflow Vulnerability in GPAC v1.0.1: Arbitrary Code Execution via Crafted File Timing Attack Vulnerability in Wildfly Elytron: Confidentiality Risk Arbitrary Code Execution Vulnerability in phpwcms 1.9.25 Installation Arbitrary File Deletion Vulnerability in PHPcms 1.9.25 Arbitrary Code Execution via File Upload in phpwcms 1.9.25 Global Buffer Overflow in lsx_adpcm_init Function in sox 14.4.1 SQL Injection Vulnerability in jocms 0.8 via jo_json_check() Function SQL Injection Vulnerability in jocms 0.8 via jo_set_mask() Function SQL Injection Vulnerability in jocms 0.8: Arbitrary SQL Command Execution and Sensitive Information Disclosure SQL Injection Vulnerability in jocms 0.8 via jo_json_check function in getmask.php Information Leakage in Mobicint Backend for Credit Unions v3 Vulnerability: Unauthorized Access to Vault Expressions in WildFly-Core Arbitrary Code Execution via Unrestricted File Upload in ShowDoc v2.9.5 Cross-Site Request Forgery Vulnerability in imcat 5.4 Allows Privilege Escalation CSRF Vulnerability in imcat 5.4 Allows Remote Privilege Escalation Merge Function Prototype Pollution Vulnerability XSS Vulnerability in Verint Workforce Optimization (WFO) 15.2.8.10048 via control/my_notifications NEWUINAV Parameter Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter in multiple files SQL Injection Vulnerability in Naviwebs Navigate CMS 2.9 via Quicksearch Parameter in comments.php Cross-site Scripting (XSS) Vulnerability in btcpayserver Insecure Local Password Hashing in VeryFitPro (com.veryfit2hr.second) 3.2.8 Arbitrary File Upload Vulnerability in Microweber 1.1.3: Exploiting the Settings Upload Picture Section URI.js Vulnerability: Untrusted Site URL Redirection Directory Traversal Vulnerability in AdminLTE 3.1.0: Privilege Escalation and Information Disclosure Arbitrary Code Execution via Insecure Deserialization in DevExpress.XtraReports.UI Arbitrary SQL Command Execution Vulnerability in JIZHICMS 1.9.5 Buffer Overflow Vulnerability in Allegro Image Addon (CVE-XXXX-XXXX) Vulnerability: Inefficient Regular Expression Complexity in Chatwoot Buffer Overflow Vulnerability in pdfimages in Xpdf 4.03: Application Crash via Crafted Command SQL Injection Vulnerability in native-php-cms 1.0: Remote Command Execution via cat Parameter Uninitialized Value Vulnerability in Synchronet BBS's scanallsubs Function Uninitialized Value Vulnerability in SignalWire FreeSWITCH Vulnerability: Authentication Bypass in 389-ds-base SQL Injection Vulnerability in I-Tech Trainsmart r1044 via evaluation/assign-evaluation?id= URI Improper Validation of VMCB int_ctl Field in KVM's AMD Code Allows Guest-to-Host Escape Heap Overflow in GetByteStr() in ngiflib 0.4 Heap Overflow Vulnerability in ngiflib 0.4's GetByte() Function Race Condition Vulnerability in portfolioCMS 1.0 Allows Remote Code Execution Cesanta mJS 1.26 Buffer Overflow Vulnerability in mjs_set_errorf Arbitrary Code Execution via Cross Site Scripting (XSS) in Gurock TestRail Improper Access Control in Instructure Canvas LMS Allows Unprivileged Users to Access Locked/Unpublished Files OpenStack Nova's Console Proxy Vulnerability: Arbitrary URL Redirection in noVNC CSRF Vulnerability in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 Allows Unauthorized Document Locking CSRF Vulnerability in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 Allows Unauthorized Document Unlocking Improper Access Control in tpcms 3.2 enables unauthorized access to sensitive information via URL path Arbitrary Code Execution via Cross Site Scripting (XSS) in tpcms 3.2 Improper Access Control Vulnerability in KiteCMS 1.1 Allows Unauthorized Information Disclosure Mara v7.5 Remote Code Execution (RCE) Vulnerability in dir.php?type=filenew Monstra v3.0.4 Remote Code Execution (RCE) Vulnerability in blog Template Editing Uninitialized Memory Read Vulnerability in Linux Kernel SCTP Packet Handling Cross-Site Scripting (XSS) Vulnerability in TikiWiki v21.4's tiki-browse_categories.php Component Cross-Site Scripting (XSS) Vulnerability in TikiWiki v21.4's tiki-calendar.php Component Improper Validation of virt_ext Field in KVM's AMD Code Allows for Guest-to-Host Escape Authentication Bypass Vulnerability in Phone Shop Sales Management System Unsanitized User Input in CheckMK Management Web Console (Versions 1.5.0 to 2.0.0) Allows for Stored XSS and Backdoor Creation Deserialization Vulnerability in ThinkPHP v6.0.8 via vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php Deserialization Vulnerability in ThinkPHP v6.0.8 via League\Flysystem\Cached\Storage\AbstractCache Arbitrary Topic Database XSS Vulnerability in Moodle Arbitrary Code Execution via Cross-Site Request Forgery in FUEL-CMS 1.4.13 Buffer Overflow Vulnerability in mbsync versions prior to 1.4.4 Arbitrary Code Execution via Cross-Site Request Forgery in FUEL-CMS 1.4.13 Arbitrary Code Execution via User Name Field in Feehi CMS Login Page Arbitrary Code Execution via Image Upload in Feehi CMS (<=2.1.1) Bluetoothd Vulnerability: Inadvertent Exposure of Bluetooth Stack to Nearby Attackers Open Redirect Vulnerability in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via Referer Parameter Insecure File Upload Vulnerability in Kooboo CMS 2.1.1.0 Remote Shell Upload Vulnerability in Kooboo CMS 2.1.1.0 Heap-based Buffer Overflow in GPAC 1.0.1: Denial of Service Vulnerability Linux Kernel IEEE 802.15.4 Wireless Networking Subsystem Local Denial of Service Vulnerability Cockpit Vulnerability: Clickjacking Exploit Cross-Site Scripting (XSS) Vulnerability in GetSimpleCMS 3.3.16 Remote Code Injection via Friendly Name 1 Field in Tasmota Firmware 6.5.0 Cross Site Scripting (XSS) vulnerability in engineercms 1.03 allows execution of arbitrary JavaScript code in user's browser XSS Vulnerability in webTareas 2.2p1: Name Field in /projects/editproject.php XSS Vulnerability in webTareas 2.2p1: Name Field in /linkedcontent/editfolder.php HP Workstation BIOS Vulnerability: Mitigations for Arbitrary Code Execution Memory Corruption Vulnerability in MikroTik RouterOS PTP Process Leads to Denial of Service Memory Corruption Vulnerability in MikroTik RouterOS Tr069-Client Process Stored Cross Site Scripting (XSS) Vulnerability in HP Enterprise LaserJet and PageWide MFPs SQL Injection Vulnerability in Sourcecodester Online Covid Vaccination Scheduler System 1.0 Arbitrary File Upload Vulnerability in Sourcecodester Online Covid Vaccination Scheduler System 1.0 Arbitrary File Upload Vulnerability in Sourcecodester Phone Shop Sales Management System 1.0 Remote SQL Injection Vulnerability in Sourcecodester Phone Shop Sales Management System v1.0 Allows Authentication Bypass SQL Injection Vulnerability in Dolibarr ERP/CRM 13.0.2 via country_id Parameter in UPDATE Statement Firefly-III Vulnerability: Excessive Authentication Attempts Restriction eAut Module DDOS Reflection Amplification Vulnerability in Ruckus Wireless SmartZone Controller Untrusted Search Path Vulnerability in Baidunetdisk Version 7.4.3 and Earlier URL-Parse Vulnerability: Untrusted Site Redirection Arbitrary Code Execution Vulnerability in KodExplorer 4.45 via XSS in /index.php Vulnerability: RSA Private Key Recovery through Broken Cryptographic Algorithm in Mbed TLS Authenticated Stored Cross Site Scripting Vulnerability in CMSuno 1.7 Prototype Pollution in body-parser-xml Privilege Escalation Vulnerability in Druva 6.9.0 for macOS Local Privilege Escalation in Druva 6.9.0 for MacOS via inSyncDecommission Command Injection Vulnerability in Druva inSync 6.9.0 for MacOS Arbitrary URL Visit Vulnerability in Driva inSync 6.9.0 for MacOS Improper Locking in virStoragePoolLookupByTargetPath API of libvirt Arbitrary Code Execution via Cross Site Scripting (XSS) in yapi 1.9.1 Insufficient PIN Length in Streetside Samourai Wallet 0.99.96i Allows Brute Force Attack and Data Decryption Linux Kernel Vulnerability: Resource Exhaustion and DoS via Shared Memory Usage Segmentation Fault Vulnerability in SQLite 3.36.0 via idxGetTableInfo Function Denial of Service Vulnerability in libjxl v0.5.0 via Malicious GIF File Encoding Divide By Zero Denial of Service Vulnerability in libjxl v0.3.7 Cross-Site Scripting (XSS) Vulnerability in Deskpro 2021.1.6 and Earlier Cross-Site Scripting (XSS) Vulnerability in Deskpro 2021.1.6 and Earlier Arbitrary Code Execution via .htaccess File Overwrite in Artica Pandora FMS Cross-Site Scripting (XSS) Vulnerability in Pandora FMS Event Filter Samba AD DC LDAP Vulnerability: MaxQueryDuration Bypass Arbitrary File Deletion Vulnerability in htmly version 2.8.1 Storage Cross Site Scripting (XSS) Vulnerability in Content Field of Regular Post Page in htmly 2.8.1 Storage XSS Vulnerability in htmly 2.8.1 Dashboard's Blog Title Field Command Injection Vulnerability in ProLink PRC2402M V1.0.18 and Older Command Injection Vulnerability in ProLink PRC2402M V1.0.18 and Older Command Injection Vulnerability in ProLink PRC2402M V1.0.18 and Older Password Reset Vulnerability in ProLink PRC2402M V1.0.18 and Older Null Pointer Dereference Vulnerability in Samba Kerberos Server Kernel Privilege Escalation via Improper MMU Management and Low GDT Address in ToaruOS 1.99.2 Remote Code Execution via Mishandled Tentacles Upload in OctoBot YZMCMS 6.1 Image Clipping Function XSS Vulnerability Arbitrary Code Execution via Cross Site Scripting (XSS) in DataTables Plug-in 1.9.2 Segment is-email Package: Regular Expression Denial of Service (ReDoS) Vulnerability Directory Traversal Vulnerability in Synerion TimeNet Version 9.21 Allows Unauthorized Access to Restricted Files Default Credentials and Sensitive Data Exposure in SYNEL eharmonynew / Synel Reports Remote Code Execution Vulnerability in PineApp Mail Secure c-ares Library Vulnerability: DNS Hostname Validation Flaw Cross-Site Scripting (XSS) Vulnerability in PineApp Mail Secure Sysaid API User Enumeration Vulnerability Emuse - eServices / eNvoice SQL Injection Vulnerability Emuse - eServices / eNvoice: Vulnerability in Identification Mechanisms Exposes Private Personal Information SecureConnector Local Service Denial of Service Vulnerability Resource Exhaustion and DoS Vulnerability in Radare2 5.3.1 Cross-Site Scripting (XSS) Vulnerability in Apache Pluto UrlTestPortlet Cross-Site Scripting (XSS) Vulnerability in Apache Pluto Applicant MVCBean CDI Portlet Cross-Site Scripting (XSS) Vulnerability in Apache Pluto 3.1.0 MVCBean JSP Portlet Maven Archetype Out-of-Bounds Read Vulnerability in Rizin's create_section_from_phdr Function Varnish Cache HTTP/2 Request Smuggling and VCL Authorization Bypass Vulnerability Arbitrary File Upload Vulnerability in Trend Micro Security Products Privilege Escalation Vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 Directory Junction Vulnerability in Trend Micro Security (Consumer) 2021 and 2020: Privilege Escalation and Denial of Service Exploit Authentication Bypass Vulnerability in Trend Micro ServerProtect XSS Vulnerability in Blackboard Learn 9.1 Assignment Instructions HTML Editor Authenticated User XSS Vulnerability in Blackboard Learn 9.1 via Feedback to Learner Form SQL Injection in Prestahome Blog Module Allows Remote Data Extraction HTTP InputSource allows unauthorized access to data sources beyond intended scope Heap Tag Overwrite Vulnerability in Synaptics Fingerprint Driver Key Derivation Vulnerability in ENC DataVault and VaultAPI v67 Ciphertext Malleability Vulnerability in ENC DataVault 7.2.3 and Earlier Versions Arbitrary Code Execution in sharkdp BAT before 0.18.2 PowerDNS Authoritative Server 4.5.0 Out-of-Bounds Exception Vulnerability XSS Vulnerability in Nightscout Web Monitor 14.2.2 via Crafted X-Forwarded-For Header Missing SSL Certificate Validation in CFEngine Enterprise 3.15.0 through 3.15.4 Privilege Escalation via Insecure Secrets Automation Access Tokens in 1Password Connect Server DOM-Based XSS and Open Redirect Vulnerability in WSO2 Identity Server 5.7.0's Account Recovery Endpoint SSRF Vulnerability in Qlik Sense April 2020 Patch 4 GeoAnalytics Feature Unbounded Filename Length Vulnerability in HCC Embedded InterNiche NicheStack Access Control Vulnerability in CODESYS V3 Web Server Null Pointer Dereference Vulnerability in CODESYS Gateway V3 Null Pointer Dereference Vulnerability in CODESYS EtherNet/IP Stack Arbitrary PHP Object Injection in Concrete5 through 8.5.5 Weak Challenge-Response Authentication Vulnerability in Digi RealPort Message Reordering Vulnerability in Telegram Arbitrary Memory Read Vulnerability in PostgreSQL Privilege Escalation via Trojan Horse Encode::ConfigLocal Library Reflected XSS Vulnerability in Zoho ManageEngine ADManager Plus before 7110 Stored XSS Vulnerability in Zoho ManageEngine ADManager Plus before 7110 Arbitrary Depth Parameter Nesting Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in Apache Kylin Privilege Retention Vulnerability in SUSE Rancher Arbitrary User Impersonation Vulnerability in SUSE Rancher Rancher (Versions prior to 2.5.10) Untrusted Input Handling in openSUSE Build Service Login Proxy Unauthorized Access to Credentials in SUSE Rancher: Exploiting Incorrect Authorization Missing Authentication for Critical Function in SUSE Longhorn: Unauthenticated Execution of Binaries Critical Security Vulnerability: Weak PRNG in ShowDoc Exposes Sensitive Data Unauthenticated Access to Longhorn Engine Replica in SUSE Longhorn Incorrect Default Permissions in parsec Package of openSUSE Factory: Impersonation and DoS Vulnerability Cleartext Storage of Sensitive Information Vulnerability in SUSE Rancher Cleartext Credential Exposure Vulnerability in SUSE Rancher Privilege Escalation Vulnerability in SUSE Rancher Allows Restricted-Admin Users to Gain Full Admin Access Cross-Site Scripting (XSS) Vulnerability in miniorange_saml Extension for TYPO3 Sensitive Data Exposure in miniorange_saml TYPO3 extension Cross-Site Scripting (XSS) Vulnerability in femanager Extension for TYPO3 Yoast SEO Extension for TYPO3: Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Dated News Extension for TYPO3 Denial of Service Vulnerability in Linux Kernel Tracing Module Cross-Site Scripting (XSS) Vulnerability in Dated News Extension for TYPO3 Information Disclosure Vulnerability in Dated News Extension for TYPO3 Incorrect Access Control in Dated News Extension for TYPO3 (Versions 5.1.1 and below) Sensitive Information Disclosure in TYPO3 Extbase Yaml Routes Extension Global TLS Verification Disabling in Siren Investigate Cluster Feature (CVE-2021-12345) Privilege Escalation Vulnerability in Cohesity Linux Agent (Versions 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1) Default Root Access Vulnerability in Victron Energy Venus OS Cobalt Strike Team Server Denial-of-Service (DoS) Vulnerability Hard-coded Password Vulnerability in Unsupported KNX ETS5 Versions Vulnerability: Missing Cryptographic Step in showdoc Code Injection Vulnerability in Akaunting Version 2.1.12 and Earlier Authentication Bypass Vulnerability in Akaunting Version 2.1.12 and Earlier Denial-of-Service Vulnerability in Akaunting Version 2.1.12 and Earlier Persistent Cross-Site Scripting (XSS) Vulnerability in Akaunting Version 2.1.12 and Earlier Password Reset Spoofing Vulnerability in Akaunting Version 2.1.12 and Earlier Persistent XSS Vulnerability in Akaunting Sales Invoice Processing Component Open Redirect Vulnerability in Sophos Email Appliance (Versions Older than 4.5.3.4) SQL Injection Vulnerability in SG UTM User Portal (Version 9.708 MR8) Allows Code Execution Race condition vulnerability in Sophos Secure Workspace for Android before 9.7.3115 allows local attackers to bypass app password. Arbitrary File Overwrite Vulnerability in Sophos SSL VPN Client Insecure File Inclusion Vulnerability in Ansible Galaxy Collections USB Redirector Device Emulation Vulnerability in QEMU Unauthenticated Stored XSS Vulnerability in WPMU DEV Forminator Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WordPress Absolutely Glamorous Custom Admin Plugin <= 6.8 Stored Cross-Site Scripting (XSS) Vulnerability in weDevs WP Project Manager Plugin <= 2.4.13 Stored Cross-Site Scripting (XSS) Vulnerability in Ninja Forms Contact Form Plugin <= 3.6.9 via label Title: Authenticated Stored Cross-Site Scripting (XSS) in WP Maintenance Plugin <= 6.0.7 MyThemeShop Launcher Plugin <= 1.0.11 Authenticated Stored XSS Vulnerability Critical CSRF Vulnerability Found in ShowDoc Documentation Tool Stored XSS Vulnerability in Comment Guestbook Plugin <= 0.8.0 for WordPress Icegram WordPress Plugin (<= 2.0.2) Headline Input Vulnerability Stored XSS Vulnerability in MC4WP Plugin <= 4.8.6 for WordPress Title: Authenticated Stored XSS Vulnerability in Social Media Follow Buttons Bar Plugin <= 4.73 for WordPress OpenShift Assisted Installer: Image Pull Secret Leakage Vulnerability YITH Maintenance Mode Plugin <= 1.3.7 - Authenticated Stored XSS Vulnerability Title: Authenticated Stored XSS Vulnerability in WordPress Floating Social Media Icon Plugin (<= 4.3.5) Social Media Configuration Form MyThemeShop WP Subscribe Plugin <= 1.2.12 Authenticated Stored XSS Vulnerability Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8 Premio Chaty WordPress Plugin <= 2.8.3 Authenticated Stored XSS Vulnerability Webba Booking Plugin <= 4.2.21 Authenticated Stored XSS Vulnerability Social Media Feather WordPress Plugin <= 2.0.4 Authenticated Stored XSS Vulnerability Title: Authenticated Stored XSS Vulnerability in René Hermenau's Social Media Share Buttons Plugin <= 3.8.1 for WordPress CSRF Vulnerability in WordPress Media File Renamer Plugin (<= 5.1.9) Allows Unauthorized Media Manipulation Cross-Site Scripting (XSS) Vulnerability in Web-Settler Testimonial Slider Plugin CSRF Vulnerability in ThimPress WP Hotel Booking Plugin <= 1.10.5 Booking Ultra Pro Plugin <= 1.1.4 WordPress Vulnerability: Multiple Cross-Site Request Forgery (CSRF) Flaws Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) in Booking Ultra Pro plugin <= 1.1.4 for WordPress Authenticated Stored XSS Vulnerability in wpshopmart Testimonial Builder Plugin <= 1.6.1 Stored Cross-Site Scripting (XSS) Vulnerability in Themepoints Testimonials Plugin <= 2.6 on WordPress CSRF Vulnerability in Rich Reviews by Starfish Plugin Allows Unauthorized Review Deletion Stored Cross-Site Scripting (XSS) Vulnerability in ExpressTech Quiz And Survey Master Plugin <= 7.3.4 on WordPress ExpressTech Quiz And Survey Master Plugin <= 7.3.4 WordPress Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability IDOR Vulnerability in ExpressTech Quiz And Survey Master Plugin Allows Unauthorized Content Modification Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Fatcat Apps Easy Pricing Tables Plugin <= 3.1.2 for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Psychological Tests & Quizzes Plugin for WordPress Title: WordPress Ivory Search Plugin (<= 4.6.6) Reflected XSS Vulnerability via &post Parameter Title: Multiple Authenticated Persistent XSS Vulnerabilities in WordPress WP Google Maps Plugin (<= 8.1.12) WordPress WP Google Maps Pro Plugin <= 8.1.11 - Multiple Authenticated Persistent XSS Vulnerabilities Title: Authenticated Persistent XSS Vulnerability in WordPress Popular Posts Plugin (<= 5.3.3) via widget-wpp[2][post_type] Parameter Title: Authenticated Persistent XSS Vulnerability in WordPress iQ Block Country Plugin (<= 1.2.11) Authenticated Insecure Direct Object References (IDOR) Vulnerability in WordPress uListing Plugin (<= 2.0.5) Authenticated Reflected XSS Vulnerability in WordPress uListing Plugin (<= 2.0.5) CSRF Vulnerabilities in WordPress uListing Plugin (<= 2.0.5) CSRF Vulnerability in WordPress uListing Plugin Allows Unauthorized User Role Modification CSRF Vulnerability in WordPress uListing Plugin (<= 2.0.5) Allows Unauthorized Settings Update Unauthenticated Privilege Escalation in WordPress uListing Plugin (<= 2.0.5) with User Registration Enabled Vulnerability: Path Traversal in Red Hat JBoss Core Services HTTP Server Unauthenticated SQL Injection Vulnerability in WordPress uListing Plugin (<= 2.0.3) Title: WordPress Backup Migration Plugin <= 1.1.5 Authenticated Persistent XSS Vulnerability Unauthenticated Stored XSS Vulnerability in CFDB7 WordPress Plugin (<= 1.2.6.1) CSRF Vulnerability in Contact Form 7 Database Addon – CFDB7 WordPress Plugin (<= 1.2.5.9) CSRF and XSS Vulnerabilities in tarteaucitron.js WordPress Plugin (<= 1.5.4) Image Hover Effects Ultimate Plugin: Unauthenticated Arbitrary Options Update Vulnerability Stored Authenticated Cross-Site Scripting (XSS) Vulnerabilities in tarteaucitron.js – Cookies Legislation & GDPR WordPress Plugin (Versions <= 1.6) Vulnerability in Yii2: Predictable Algorithm Used in Random Number Generator CSRF Vulnerability in Social Share Buttons by Supsystic Plugin CSRF Vulnerability in Photo Gallery by Supsystic Plugin Allows Unauthorized Settings Modification Stored Cross-Site Scripting (XSS) Vulnerability in Responsive Tabs WordPress Plugin <= 4.0.5 Unauthenticated XSS Vulnerability in Tripetto Plugin via SVG Image Upload Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Pricing Table (WordPress Plugin) Versions <= 1.5.2 SQL Injection Vulnerability in Quiz And Survey Master Plugin <= 7.3.4 on WordPress Authenticated Reflected XSS vulnerability in Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 for WordPress Undertow WebSocket PONG Message Buffer Leak Vulnerability Unauthenticated Stored XSS Vulnerability in Phil Baker's Age Gate Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerabilities in Quiz And Survey Master Plugin <= 7.3.4 on WordPress ExpressTech Quiz And Survey Master Plugin <= 7.3.6 on WordPress Multiple Insecure Direct Object References (IDOR) Vulnerabilities CSRF Vulnerability in WP Reset PRO Plugin <= 5.98 Authenticated Database Reset Vulnerability in WordPress WP Reset PRO Premium Plugin (Versions <= 5.98) WP-Appbox Plugin <= 4.3.20 Authenticated Stored XSS Vulnerability Critical Stored XSS Vulnerability in WordPress Comment Engine Pro Plugin (<= 1.0) Stored Cross-Site Scripting (XSS) Vulnerability in Andrea Pernici News Sitemap for Google Plugin <= 1.0.16 on WordPress Qube One Redirection for Contact Form 7 Plugin Unauthenticated Options Change and Content Injection Vulnerability CSRF Vulnerability Exploiting Reflected XSS in CalderaWP License Manager (WordPress Plugin) <= 1.2.11 CSRF Vulnerability in Cozmoslabs Profile Builder Plugin Allows Unauthorized JSON File Upload and Option Update SQL Injection Vulnerability in Hide My WP WordPress Plugin (<= 6.2.3) Allows Remote Code Execution Unauthenticated Deactivation Vulnerability in WordPress Hide My WP Plugin (<= 6.2.3) WordPress Awesome Support Plugin <= 6.0.6 - Multiple Authenticated Reflected XSS Vulnerabilities Vulnerability in Yii2: Predictable Algorithm Used in Random Number Generator Download Monitor WordPress Plugin <= 4.4.6 Authenticated Reflected XSS Vulnerability Improper Authentication Vulnerability in MONITORAPP AIWAF Manager 2.1.0 Vulnerability in Realtek RtsUpx USB Utility Driver Allows Unauthorized Access to USB Devices Privilege Escalation and Code Execution Vulnerability in Realtek RtsUpx USB Utility Driver Pool Overflow Vulnerability in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 Arbitrary Memory Access Vulnerability in Realtek RtsUpx USB Utility Driver Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Digital TV Tuner Device Registration Application Privilege Escalation Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Unveiling Sensitive Information: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Unvalidated HTML Fragment Injection in LedgerSMB Allows for Remote Code Execution and Information Disclosure Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Overly Permissive ACLs on System Files Lead to Elevation of Privilege Vulnerability PrintNightmare: Windows Print Spooler Remote Code Execution Vulnerability Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Windows Cryptographic Primitives Library Information Disclosure Vulnerability Remote Code Execution and Information Disclosure Vulnerability in LedgerSMB Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Windows LSA Spoofing: A Critical Security Vulnerability Azure CycleCloud Privilege Escalation Vulnerability Windows 10 Update Assistant Privilege Escalation Vulnerability Exploiting Cross-site Scripting Vulnerability in Microsoft Dynamics Business Central PrintNightmare: Windows Print Spooler Remote Code Execution Vulnerability Windows Update Medic Service Privilege Escalation Vulnerability Azure Active Directory Connect Authentication Bypass Vulnerability Heap Corruption Vulnerability in Grub2 Prior to Version 2.12 Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Exploiting Visual Studio Remote Code Execution Vulnerability Windows TCP/IP Denial of Service Vulnerability: Disrupting Network Communication Windows Bind Filter Driver Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Azure Sphere Information Leakage Vulnerability Windows Desktop Bridge Privilege Escalation Vulnerability Windows Print Spooler Service Remote Code Execution Vulnerability Windows Authenticode Signature Spoofing Vulnerability Heap Out-of-Bounds Write Vulnerability in PNG Reader of Grub2 Windows SMB Information Leakage Vulnerability Windows Installer DoS Vulnerability Windows Installer Data Exposure Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Wireless Network Service Remote Code Execution Vulnerability in Windows WSL Elevation of Privilege Vulnerability Windows WLAN AutoConfig Service Privilege Escalation Vulnerability Windows DNS Privilege Escalation Vulnerability Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability JPEG Image Underflow Vulnerability in Grub2 Print Spooler Spoofing: A Critical Windows Vulnerability Windows SMB Information Leakage Vulnerability Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Windows SMB Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Use-after-free vulnerability in libarchive 3.4.1 through 3.5.1 Heap-Based Buffer Overflow in matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 Heap-based Buffer Overflow in QPDF's Pl_ASCII85Decoder::write() Function Out-of-Bounds Write Vulnerability in Unicorn Engine 1.0.2 Cockpit Authentication Bypass Vulnerability Use-after-free vulnerability in Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 in decode_NXAST_RAW_ENCAP. Insecure Java Deserialization in SerNet verinice before 1.22.2 Allows Remote Code Execution OS Command Injection in AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 Local Privilege Escalation via Symlink Attack in Replay Sorcery 0.6.0 Code Injection Vulnerability in Huawei Smartphone Can Cause System Restart Kernel Tampering Vulnerability in Huawei Smartphones Allows Privilege Escalation Race Condition Vulnerability in Huawei Smartphone Linked List Node Deallocation Parameter Verification Issue in Huawei Smartphone: Threat to Service Integrity Kernel Crash Vulnerability in Huawei Smartphone Allows Privilege Escalation Kernel Tampering Vulnerability in Huawei Smartphones Allows Privilege Escalation Unstandardized Path Input Vulnerability in Huawei Smartphone Allows Unauthorized File Access Public Key Verification Vulnerability in Huawei Smartphone: Threat to Service Confidentiality Memory Leaks Vulnerability in Huawei Smartphone: Impact on Service Availability Race Condition Vulnerability in Huawei Smartphone Trustlist Management Unauthorized File Access Vulnerability in Huawei Smartphone Allows Tampering of Restored Backup Files Improper Verification Vulnerability in Huawei Smartphone Allows Unauthorized Transmission of Virtual Information Unlimited Image Size Vulnerability in Huawei Smartphone Leads to Low Memory Error Out-of-Bounds Array Read Vulnerability in Huawei Smartphone Remote Code Execution Vulnerability in Huawei Smartphone via Malicious Images Use-After-Free Vulnerability in usbredirparser_serialize() in usbredir Register Tampering Vulnerability in Huawei Smartphone Allows Unauthorized Modification Memory Out-of-Bounds Access Vulnerability in Huawei Smartphone Allows Execution of Malicious Code Huawei Smartphone Kernel Crash Vulnerability Huawei Smartphone Kernel Crash Vulnerability Huawei Smartphone Kernel Crash Vulnerability Huawei Smartphone Improper Preservation of Permissions Vulnerability Out-of-bounds Read Vulnerability in Huawei Smartphone Leads to Kernel Crash Huawei Smartphone Kernel Crash Vulnerability Confidentiality Compromise Vulnerability in Huawei Smartphone Configuration Vulnerability: Insecure Default Temporary Files Configuration in Ansible-Runner Confidential Information Exposure Vulnerability in Huawei Smartphone Stack-based Buffer Overflow Vulnerability in Huawei Smartphone Allows Out-of-bounds Read Kernel Crash Vulnerability in Huawei Smartphone due to Data Processing Errors Huawei Smartphone Improper Input Validation Vulnerability: Impact on User Availability Critical Stack-based Buffer Overflow Vulnerability in Huawei Smartphone Out-of-bounds Read Vulnerability in Huawei Smartphone Leads to Kernel Crash Out-of-bounds Read Vulnerability in Huawei Smartphone: Risk of Information Disclosure and Denial of Service Huawei Smartphone Kernel Crash Vulnerability Kernel Crash Vulnerability in Huawei Smartphone due to Data Processing Errors Huawei Smartphone Kernel Crash Vulnerability Race Condition Vulnerability in Ansible-Runner Allows Unauthorized Access to Private Data Directory Stack-based Buffer Overflow Vulnerability in Huawei Smartphone Allows Out-of-bounds Read Stack-based Buffer Overflow Vulnerability in Huawei Smartphone Allows Out-of-bounds Read Root Permission Escalation: Heap-based Buffer Overflow Vulnerability in Huawei Smartphone Improper Access Control Vulnerability in Huawei Smartphone Allows Unauthorized Access to Media Files Huawei Smartphone Kernel Crash Vulnerability Huawei Smartphone Kernel Crash Vulnerability Huawei Smartphone Kernel Crash Vulnerability Smartphone Denial of Service Vulnerability: Threat to Service Integrity Command Injection Vulnerability in HG8045Q Product Identity Verification Vulnerability in Huawei Smartphone: Implications on Service Availability Incorrect Mention of Fixed Vulnerabilities in RHSA for Serverless 1.16.0 and Serverless Client kn 1.16.0 Improper Permission Vulnerability in Huawei Smartphone Affects Service Availability Remote Denial of Service Vulnerability in Huawei Smartphone Bypass Vulnerability in Huawei Smartphone: Implications for Digital Balance Functionality Critical Injection Attack Vulnerability in Huawei Smartphone: Threat to Service Availability Unstandardized Field Names Vulnerability in Huawei Smartphones: A Threat to Service Confidentiality Remote Denial of Service Vulnerability in Huawei Smartphone Information Leakage Vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10 Critical Vulnerability in Huawei Smartphone Allows Remote Restart Improper Access Control Vulnerability in Huawei Smartphone: Threat to Service Confidentiality Bluetooth DoS Vulnerability in Huawei Smartphone HP LaserJet Pro Printer Vulnerability: Denial of Service Exploit Parameter Injection Vulnerability in Huawei Smartphone Allows Privilege Escalation via CIFS Share Mounting Huawei Smartphone Improper Verification Vulnerability: Out-of-Bounds Read Huawei Smartphone Improper Verification Vulnerability: Out-of-Bounds Read Stack-based Buffer Overflow Vulnerability in Huawei Smartphone Allows Resource Occupation by Malicious Applications Permission Control Vulnerability in Huawei Smartphone: Impact on Service Availability UAF Vulnerability in Huawei Smartphone Allows Unexpected Device Restart and Kernel-Mode Code Execution Memory Leak Vulnerability in Huawei Smartphone's Codec Detection Module Input Verification Vulnerability in Huawei Smartphone Leads to Service Restart Improper Input Validation Vulnerability in Huawei Smartphone Allows for Remote Control and Unauthorized Access Heap-based Buffer Overflow Vulnerability in Huawei Smartphone Unauthorized Device Reconfiguration Vulnerability on HP LaserJet Pro Printers Critical Vulnerability: Missing Sensitive Data Encryption in Huawei Smartphone Out-of-bounds Read Vulnerability in Huawei Smartphone Address Information Leakage Vulnerability in Huawei Smartphone Service Logic Vulnerability in Huawei Smartphone: Potential WLAN DoS Exploitation Huawei Smartphone Identity Spoofing and Authentication Bypass Vulnerability Logic Bypass Vulnerability in Huawei Smartphone Allows Unauthorized Access to Device Information Improper Permission Control Vulnerability in Huawei Smartphone Allows Unauthorized Access to Device Information Huawei Smartphone Vulnerability: Array Index Validation Issue Nickname Tampering Vulnerability in Huawei Smartphone Design Flaw Vulnerability: Weaknesses in Initial Design AdminLTE Vulnerability: Sensitive Cookie Without 'HttpOnly' Flag Huawei Smartphone SAMGR Heap Address Leakage Vulnerability Uncontrolled Resource Consumption Vulnerability in Huawei Smartphone Allows for Screen Projection Application Denial of Service Huawei Smartphone Array Index Validation Vulnerability Critical Cryptographic Vulnerability in Huawei Smartphone Allows Unauthorized Image Access and Deletion Arbitrary File Creation Vulnerability in Huawei Smartphone Integer Overflow or Wraparound Vulnerability in Huawei Smartphone: Confidentiality and Availability Impacted Out-of-bounds Read Vulnerability in Huawei Smartphone: Potential Process Crash Confidential Information Exposure Vulnerability in Huawei Smartphone Denial of Service Vulnerability in Huawei Smartphone: Resource Management Errors Race Condition Vulnerability in Huawei Smartphone: A Threat to Availability CVE-2021-3708: Unauthorized Configuration Modification Vulnerability in D-Link Router DSL-2750U Out-of-bounds Read Vulnerability in Huawei Smartphone: Potential Process Crash Persistent Denial of Service Vulnerability in Huawei Smartphone Huawei Smartphone Buffer Size Calculation Vulnerability Race Condition Vulnerability in Huawei Smartphone Allows Tampering of Detection Results Race Condition Vulnerability in Huawei Smartphone Allows Root Privilege Escalation Credentials Management Errors in Huawei Smartphone: A Confidentiality Breach Vulnerability Out-of-bounds Read Vulnerability in Huawei Smartphone: Impact on Availability Kernel Crash Vulnerability in Huawei Smartphone due to NULL Pointer Dereference Uncaught Exception Vulnerability in Huawei Smartphone: Remote Denial of Service Exploit Huawei Smartphone Vulnerability: Arbitrary File Deletion via Improper Input Validation D-Link Router DSL-2750U Firmware vME1.16 OS Command Injection Vulnerability Incomplete Cleanup Vulnerability in Huawei Smartphone: A Potential Threat to Availability Huawei Smartphone Improper Input Validation Vulnerability: Potential Nearby Crash Race Condition Vulnerability in Huawei Smartphone Leads to MotionHub Crash NULL Pointer Dereference Vulnerability in Huawei Smartphone Enables Denial of Service Attacks Huawei Smartphone Text Message Function Remote Code Execution Vulnerability Denial of Service Vulnerability in Huawei Smartphone: Encoding Timing Exploit Improper Preservation of Permissions in Huawei Smartphone Allows Unauthorized Access to Synchronization Files Path Traversal Vulnerability in Huawei Smartphone Allows Arbitrary File Creation Path Traversal Vulnerability in Huawei Smartphone Allows Unauthorized File Manipulation Incomplete Cleanup Vulnerability in Huawei Smartphone: Kernel Restart Exploit Exposure of Private Data via Constructed Crash File in Apport Out-of-bounds Read Vulnerability in Huawei Smartphone: Potential Process Crash Confidentiality Breach Vulnerability in Huawei Smartphone's Permissions, Privileges, and Access Controls Incomplete Cleanup Vulnerability in Huawei Smartphone: A Potential Threat to Availability Improper Access Control Vulnerability in Huawei Smartphone Allows SMS Theft Huawei Smartphone Improper Input Validation Vulnerability Critical Integer Overflow Vulnerability in Huawei Smartphone Allows Remote Code Execution Huawei Smartphone Improper Input Validation Vulnerability: Privacy Disclosure Risk Code Injection Vulnerability in Huawei Smartphone Allows System Restart Data Processing Errors Vulnerability in Hilinksvc Service: Potential Application Crash Path Traversal Vulnerability in Huawei Smartphone Allows File Deletion Path Traversal Information Disclosure in apport/hookutils.py read_file() Account Authentication Bypass Vulnerability in Huawei Smartphone Improper Authorization Vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00) Allows Arbitrary Code Execution Command Injection Vulnerability in FusionCompute CMA Service Module Improper Permission Management Vulnerability in Wallet Apps: A Threat to Service Confidentiality Server-Side Request Forgery Vulnerability in HUAWEI P40 (10.1.0.118(C00E116R3P3)) Improper File Upload Control Vulnerability in FusionCompute Command Injection Vulnerability in FusionCompute CMA Service Module Improper Memory Access Permission Configuration on ACPU: Potential Out-of-Bounds Access Vulnerability Modem Security Protection Bypass Vulnerability: Memory Protection Failure Buffer Overflow Vulnerability in SM2 Decryption Code Timing Design Defects in Smartphones: A Threat to Service Confidentiality Smartphone Memory Leakage Vulnerability: Risk of Memory Exhaustion External Control of System or Configuration Setting Vulnerability in Hisuite Module: Potential Firmware Leak Smartphone File System Privilege Escalation Vulnerability: Threat to Service Confidentiality Smartphone Out-of-bounds Read Vulnerability: Impact on Service Confidentiality ACPU Memory Access Management Module Unauthorized Rewriting Vulnerability PIN Change Vulnerability in PCManager Software Smartphone Service Logic Vulnerability: Exploiting WLAN DoS HwNearbyMain Module: Improper Exception Handling Vulnerability Leading to Message Leak Smartphone Service Logic Vulnerability: Exploiting WLAN DoS Buffer Overrun Vulnerability in OpenSSL ASN.1 String Processing Double Free Vulnerability in Smartphone: Kernel Crash and Privilege Escalation Risk Smartphone Configuration Defect Allows Unauthorized MEID (IMEI) Permission Elevation Title: Use-After-Free Vulnerability in Huawei Products Allows for Service Disruption Improper Authentication Vulnerability in Hero-CT060 Software Path Traversal Vulnerability in Huawei PC Product Arbitrary File Exposure: Confidentiality Breach Vulnerability Arbitrary File Exposure: Unauthorized Directory Traversal Vulnerability Huawei Products Signature Management Vulnerability: Signature Forgery and Bypass Path Traversal Vulnerability in HwPCAssistant Allows Arbitrary File Writing Out of Bounds Write Vulnerability in Huawei Products Out-of-Bounds Write Vulnerability in QEMU's UAS Device Emulation Path Traversal Vulnerability in Huawei FusionCube 6.0.2 CSV Injection Vulnerability in ManageOne, iManager NetEco, and iManager NetEco 6000 PackageManagerService Vulnerability: Unauthorized Access to Harmony App List Smartphone Unauthorized File Access Vulnerability: Threat to Service Confidentiality Race Condition Vulnerability in Location-Related APIs Allows for Unauthorized Interface Invocation with Elevated Permissions Bzip2Decoder Allows DoS Attack via Out-of-Memory Exception Unrestricted Chunk Length and Buffering Vulnerability in Snappy Frame Decoder Title: Exploiting Memory Deduplication in Linux Kernel via Networked Service Arbitrary File Deletion Vulnerability in CSZ CMS 1.2.9 Command-Injection Vulnerability in Unsupported Poly CX5500 and CX5100 1.3.5: Privilege Escalation and Remote Code Execution Denial of Service Vulnerability in Open Robotics ros_comm XMLRPC Server Apache Traffic Server Header Parsing Vulnerability Header Smuggling Vulnerability in Apache Traffic Server Apache Traffic Server Header Parsing Vulnerability Use-after-free vulnerability in Linux kernel's Traffic Control networking subsystem allows privilege escalation Apache Traffic Server Header Parsing Vulnerability Username Enumeration Vulnerability in CyberArk Identity 21.5.131 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sonatype Nexus Repository Manager 3 before 3.33.0 Authentication Bypass Vulnerability in ForgeRock Access Management (AM) with Active Directory Identity Store XML Injection Vulnerability in ForgeRock Access Management (AM) SAML2 Implementation wolfSSL OCSP Serial Number Mismatch Vulnerability Session Persistence Vulnerability in Redmine 4.2.0 and 4.2.1 Cleartext Root Password Vulnerability in OpenGamePanel OGP-Agent-Linux Command Injection Vulnerability in OpenGamePanel OGP-Agent-Linux Use-after-free and Double Free Vulnerability in hso_free_net_device in Linux Kernel Improper Caching of Plaintext State in nbdkit: Potential NBD Session Termination Firmware Validation Issue in Swisslog Healthcare Nexus Panel Buffer Overflow Vulnerability in Swisslog Healthcare Nexus Panel Buffer Overflow Vulnerability in Swisslog Healthcare Nexus Panel Hardcoded Passwords in Swisslog Healthcare Nexus HMI3 Control Panel Stack-based Buffer Overflow in HMI3 Control Panel of Swisslog Healthcare Nexus Panel Buffer Overflow Vulnerability in Swisslog Healthcare Nexus Panel Buffer Overflow Vulnerability in Swisslog Healthcare Nexus Panel Insecure Permissions Vulnerability in Swisslog Healthcare Nexus Panel JBOSS_LOCAL_USER Access Vulnerability in Wildfly Authentication Bypass Vulnerability in SIMATIC S7-1200 CPU Family Privilege Escalation Vulnerability in RUGGEDCOM ROX Series Devices Privilege Escalation Vulnerability in RUGGEDCOM ROX Series Devices (All versions < V2.14.1) File System Traversal Vulnerability in RUGGEDCOM ROX Series (All versions < V2.14.1) Out-of-Bounds Read Vulnerability in Simcenter Femap SINEMA Remote Connect Server Vulnerability: Unauthorized Status Manipulation XML External Entity (XXE) Injection Vulnerability in Solid Edge SE2021 (All Versions < SE2021MP7) Use-after-free vulnerability in Solid Edge SE2021 (All Versions < SE2021MP7) allows remote code execution (ZDI-CAN-13777) ThinkPad Denial of Service Vulnerability: Enhanced Biometrics Setting Crash Out-of-Bounds Access Vulnerability in Solid Edge SE2021 (ZDI-CAN-13775) Arbitrary Code Execution Vulnerability in Cerberus DMS and Desigo CC Vulnerability in SCALANCE XM and XR Series Routers: Unverified OSPF LS Update Messages Denial-of-Service Vulnerability in SINEMA Remote Connect Server (All versions < V3.0 SP2) Password Manipulation Vulnerability in Industrial Edge Management (All versions < V1.3) Denial-of-Service Vulnerability in SIMATIC Drive Controller and PLCs ISN Spoofing Vulnerability in LOGO! CMR2020, LOGO! CMR2040, SIMATIC RTU3010C, SIMATIC RTU3030C, SIMATIC RTU3031C, and SIMATIC RTU3041C Vulnerability: Password File Disclosure on Digi TransPort Devices Unauthenticated Firmware Loading Vulnerability on Digi TransPort Devices Insecure Cookie Handling in Digi TransPort Gateway Devices Local Privilege Escalation Vulnerability in SMI Callback Function of ThinkCentre and ThinkStation Models Information Disclosure Vulnerability in SINEMA Remote Connect Server (All versions < V3.0 SP2) Allows Retrieval of VPN Connection for Known User Title: Unauthenticated Brute Force Vulnerability in SINEMA Remote Connect Server (All versions < V3.0 SP2) Information Disclosure Vulnerability in SINEMA Remote Connect Server (All versions < V3.0 SP2) SINEMA Remote Connect Server Vulnerability: User Manipulation Arbitrary File Upload Vulnerability in COMOS Web Component Arbitrary Code Execution Vulnerability in COMOS Web Component Unrestricted File Storage Vulnerability in COMOS Web Component SQL Injection Vulnerability in COMOS Web Component CSRF Vulnerability in COMOS Web Component Denial-of-Service Vulnerability in SINUMERIK 808D and 828D Time Weather Widget on Legion Phone Pro and Legion Phone2 Pro: GPS Data Access Vulnerability Arbitrary File Download Vulnerability in SINEC NMS (All versions < V1.0 SP1) Cross-Site Request Forgery (CSRF) Vulnerability in SINEC NMS (All versions < V1.0 SP1) Use-After-Free Vulnerability in NX 1980 Series and Solid Edge SE2021 Out-of-Bounds Read Vulnerability in NX 1980 Series and Solid Edge SE2021 Denial-of-Service Vulnerability in SIMATIC Drive Controllers and PLCs Denial-of-Service Vulnerability in SIMATIC Drive Controller and PLCs SIPROTEC 5 Relays Remote Restart Vulnerability Improper Access Rights and Privilege Escalation Vulnerability in SENTRON PowerManager V3 Cross-Site Scripting (XSS) Vulnerability in RUGGEDCOM Devices Weak Cipher Vulnerability in RUGGEDCOM Devices Local Denial of Service Vulnerability in Lenovo PCManager Stored XSS Vulnerability in Flygo Bulletin Function Insecure Direct Object Reference (IDOR) Vulnerability in Flygo Bulletin Function Insecure Direct Object Reference (IDOR) Vulnerability in Flygo's Check-in Record Page Insecure Direct Object Reference (IDOR) Vulnerability in Flygo's Employee Management Page Insecure Direct Object Reference (IDOR) Vulnerability in Flygo's Employee Management Page Unfiltered Special Characters in QSAN Storage Manager Header Page Parameters Allow Remote XSS Attacks Privilege Escalation in HashiCorp Nomad and Nomad Enterprise Raft RPC Layer Consul and Consul Enterprise 1.10.1 Raft RPC Layer Privilege Escalation Vulnerability Denial of Service Vulnerability in Lenovo PCManager Prior to Version 4.0.40.2175 Allows Unauthorized Configuration File Writing Out-of-Bounds Write Vulnerability in MuPDF through 1.18.1 Arbitrary PHP File Upload Vulnerability in Sourcecodester Customer Relationship Management System 1.0 Remote Code Execution and Denial of Service Vulnerability in RCDCAP Parsers (Versions prior to 1.0.5) Server-Side Request Forgery (SSRF) vulnerability in NagiosXI schedulereport.php allows unauthorized access to internal resources Command Injection Vulnerability in IBM System x 3550 M3 and System x 3650 M3 Servers' Integrated Management Module (IMM) Stack Buffer Overflow in Atomicparsley 20210124.204813.840499f: Missing Boundary Check in APar_readX() Stack Overflow Vulnerability in Atomicparsley 20210124.204813.840499f Remote Information Disclosure Vulnerability in Modern Honey Network Command Injection Vulnerability in dirhistory Plugin Denial of Service Vulnerability in M-Files Web (CVE-2021-3151) Unauthenticated Access to 3rd Party Component License Key Information in M-Files Web Product Vulnerability in `title` function in Oh My Zsh JFinal_cms 5.1.0 Regex Injection Vulnerability Leading to Denial of Service KindEditor XSS Vulnerability: User Cookie Information Exposure Command Injection Vulnerability in `rand-quote` and `hitokoto` Plugins Unauthorized Access Vulnerability in CMS Enterprise Website Construction System 5.0 Allows for Unauthorized Administrative Access UEditor v1.4.3.3 Cross Site Scripting (XSS) Vulnerability Allows Cookie Information Theft Denial of Service Vulnerability in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0 Privilege Escalation Vulnerability in Kingdee KIS Professional Edition Allows Unauthorized Administrator Access CSRF Vulnerability in firefly-iii: Unauthorized Actions Exploitation Insecure Permissions in Planex MZK-DP150N Administration Interface: Remote Command Execution CSRF Vulnerability in firefly-iii: Exploiting Cross-Site Request Forgery SQL Injection Vulnerability in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via input_id Parameter in index.php Undocumented Backdoor Account Allows Unauthorized System Control in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 Directory Traversal Vulnerability in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 CSRF Vulnerability in firefly-iii: Cross-Site Request Forgery (CSRF) Insecure Permissions in jeecg-boot 2.4.5: Unauthorized Access to Sensitive Information via httptrace Interface Insecure Permissions in jeecg-boot 2.4.5 and earlier: Remote Privilege Escalation and Sensitive Information Exposure Insecure Permissions Vulnerability in jeecg-boot 2.4.5 and Earlier Allows Privilege Escalation and Information Disclosure Clickjacking Vulnerability in LedgerSMB: Exploiting Insufficient Guarding against Wrapping Buffer Overflow Vulnerability in fcitx5 5.0.8: Denial of Service via Crafted Message Arbitrary File Write Vulnerability in ASUS RT-AC68U Router Firmware SQL Injection Vulnerability in ASUS RT-AC68U Router Firmware: Unauthorized Access to /etc/shadow Arbitrary File Write Vulnerability in ASUS RT-AC68U Router Firmware Local Privilege Escalation Vulnerability in Linux Kernel's OverlayFS Subsystem Use-After-Free Vulnerability in GCC c++filt v2.26 via cplus-dem.c Component Unintended Code Strings in NetSarang Xshell 7 Paste Operations Vulnerability Title: AbstractBasicAuthHandler in urllib Vulnerability: Remote ReDoS Attack Exploiting Authentication Requests Cross-Site Scripting (XSS) Vulnerability in Laravel Booking System Booking Core 2.0 Incorrect Access Control in Laravel Booking System Booking Core 2.0: Unauthorized Access to Vendor/User ID Cards and Trade Licenses Session Management Vulnerability in Laravel Booking System Booking Core 2.0 Umbraco Forms File Upload Vulnerability: Remote Code Execution and Arbitrary File Deletion Yourls Vulnerability: Improper Restriction of Rendered UI Layers or Frames Path Traversal Vulnerability in Nagios XI AutoDiscovery Component (Versions < 5.8.5) Leading to Post-Authenticated Remote Code Execution Nagios XI Switch Wizard Remote Code Execution Vulnerability Local Privilege Escalation in Nagios XI before version 5.8.5 Nagios XI WatchGuard Wizard Remote Code Execution Vulnerability Local Privilege Escalation in Nagios XI before version 5.8.5 Local File Inclusion Vulnerability in Nagios XI before 5.8.5 Local Privilege Escalation in Nagios XI before version 5.8.5 via Unsantized Input in cleaner.php AHCI Controller Deadlock Vulnerability in QEMU SQL Injection Vulnerability in Nagios XI Bulk Modifications Tool Insecure Permissions Vulnerability in Nagios XI Allows Unauthenticated Access to Guarded Pages Open Redirect Vulnerability in Nagios XI before Version 5.8.5 Allows for Spoofing via Specially Crafted URLs SSRF Vulnerability in Nagios XI Docker Wizard (<=1.1.3) Buffer Overflow Vulnerability in Xerox Phaser 4622 v35.013.01.000 via TIMEZONE Variable Arbitrary Code Execution Vulnerability in SEACMS v210530 (2021-05-30) via admin_ajax.php?action=checkrepeat&v_name= Memory Leak Vulnerability in Linux Kernel's VFIO Mediated Devices (mbochs_ioctl) Insecure Permissions and Unquoted Service Path Vulnerabilities in Gestionale Open 11.00.00 Insecure Permissions and Unquoted Service Path Vulnerabilities in OpenClinic GA 5.194.18 Cross-Site Scripting (XSS) Vulnerability in CTparental Admin Panel CSRF and XSS Vulnerabilities in CTparental Admin Panel CTparental before 4.45.07 Directory Traversal Code Execution Vulnerability HTTP Response Loop Vulnerability in Python HTTP Client Unauthenticated SQL Injection Bypass Vulnerability in Online Student Admission System 1.0 Insecure File Upload Vulnerability in Online Student Admission System 1.0 Allows Remote Code Execution Arbitrary Code Execution via Cross Site Scripting (XSS) in Teradek Slice 1st Generation Firmware Teradek Clip Firmware XSS Vulnerability Arbitrary Code Execution via Cross Site Scripting (XSS) in Teradek VidiU / VidiU Mini Firmware 3.0.8 and Earlier Arbitrary Code Execution via XSS in Teradek Bond Firmware (7.3.x and earlier) Arbitrary Code Execution via Cross Site Scripting (XSS) in Teradek Brik Firmware 7.2.x and Earlier Arbitrary Code Execution via Cross Site Scripting (XSS) in Teradek Cube and Cube Pro Firmware 7.3.x and Earlier Teradek Sphere Firmware XSS Vulnerability DCE/RPC Association Group Use-After-Free Vulnerability CSRF Vulnerability in Southsoft GMIS 5.0 Allows Unauthorized Access to User Photos Furukawa Electric LatAM Web Interface Remote Command Execution Vulnerability HTML Injection Vulnerability in Furukawa Electric LatAm 423-41W/AC and LD421-21W Title: Buffer Overflow Vulnerability in D-Link DIR-615 C2 3.03WW Allows Remote Code Execution Stored XSS Vulnerability in Chamilo 1.11.14 via main/install/index.php and main/install/ajax.php NULL Pointer Dereference Vulnerability in btrfs_rm_device Function in Linux Kernel Chamilo LMS 1.11.14 Reflected XSS Vulnerability in Social Network Search Stored XSS Vulnerability in Chamilo LMS 1.11.14 Allows Unauthorized User to Execute Arbitrary Code Stored XSS vulnerability in RPCMS v1.8 and below via unsanitized nickname variable Stored XSS vulnerability in RPCMS v1.8 and below via unsanitized nickname variable RPCMS v1.8 and Below: API Exploit Allows Unauthorized Admin User Registration Credentials Exposure and Unauthorized Access to PLC User Program File Server and Backup Repository Vulnerability: Unauthorized Access and Manipulation of PLC User Program Cross-Site Scripting (XSS) Vulnerability in OX App Suite Cross-Site Scripting (XSS) Vulnerability in OX App Suite Heap Buffer Overflow Vulnerability in Apache Hadoop libhdfs Native Code Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products TechRadar App 1.1 for Confluence Server XSS Vulnerability via Title Field SQL Injection Vulnerability in GRANDCOM DynWEB Admin Login Interface Unauthenticated APIKEY Retrieval Vulnerability in Zoho ManageEngine DesktopCentral Authentication Bypass Vulnerability in Zoho ManageEngine ServiceDesk Plus Reflected XSS Vulnerability in Zoho ManageEngine ADSelfService Plus version 6103 and prior CAPTCHA Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus SSRF Vulnerability in Zoho ManageEngine ADSelfService Plus before 6112 Mail Spoofing Vulnerability in Zoho ManageEngine ADSelfService Plus before 6112 Zoho ManageEngine ADSelfService Plus 6103 and prior: Admin Portal Access-Restriction Bypass Vulnerability SQL Injection Vulnerability in Zoho ManageEngine ADSelfService Plus 6111 and Prior Vulnerability in Zoho ManageEngine ADSelfService Plus Allows Linked Applications Takeover Domain User Account Takeover Vulnerability in ManageEngine ADSelfService Plus XXE Vulnerability in Altova MobileTogether Server before 7.3 SP1 Allows Information Disclosure and Certificate Compromise Qualcomm IPC Router Protocol OOB Memory Read Vulnerability Vulnerability: Unauthorized Access to Sensitive Information via Factory Reset Exploit on Amazon Echo Dot Devices Path Traversal Vulnerability in NCH FlexiServer v6.00 Memory Leak Vulnerability in Linux Kernel's ccp_run_aes_gcm_cmd() Function Path Traversal Vulnerability in NCH Axon PBX v2.22 and Earlier Path Traversal Vulnerability in NCH Axon PBX v2.22 and Earlier Path Traversal Vulnerability in NCH IVM Attendant v5.12 and Earlier Path Traversal Vulnerability in NCH IVM Attendant v5.12 and Earlier Directory Traversal Vulnerability in NCH IVM Attendant v5.12 and Earlier Directory Traversal Vulnerability in NCH Quorum v2.03 and Earlier Directory Traversal Vulnerability in NCH Quorum v2.03 and Earlier Directory Traversal Vulnerability in NCH Quorum v2.03 and Earlier Cross Site Scripting (XSS) Vulnerability in NCH IVM Attendant v5.12 and Earlier via Mailbox Name (Stored) Reflected Cross Site Scripting (XSS) in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= Unrestricted File Upload Vulnerability in flatcore-cms Reflected Cross Site Scripting (XSS) Vulnerability in NCH IVM Attendant v5.12 and Earlier Reflected Cross Site Scripting (XSS) in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= Local File Disclosure Vulnerability in NCH Quorum v2.03 and Earlier Stored Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Stored Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Stored Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Stored Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Stored Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Stored Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Stored Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Boundary Access Vulnerability in libtpms Reflected Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Reflected Cross Site Scripting (XSS) Vulnerability in NCH Axon PBX v2.22 and Earlier Reflected Cross Site Scripting (XSS) in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= Cross-Site Scripting (XSS) Vulnerability in NCH Quorum v2.03 and Earlier via User Display Name (Stored) Stored XSS Vulnerability in NCH Quorum v2.03 and Earlier via Conference Description Reflected XSS Vulnerability in NCH Quorum v2.03 and Earlier via /uploaddoc?id= Reflected XSS Vulnerability in NCH Quorum v2.03 and Earlier via /conference?id= Reflected XSS Vulnerability in NCH Quorum v2.03 and Earlier Cleartext User Account Information Disclosure in NCH Reflect CRM 3.01 Path Traversal Vulnerability in NCH WebDictate v2.13 and Earlier Incorrect Owner Vulnerability in Multipass for MacOS (1.7.0 - 1.7.2) Persistent XSS Vulnerability in NCH WebDictate v2.13 Vulnerability: Restricted Shell Escape Sequence in Cradlepoint IBR900-600 Devices Arbitrary SQL Query Execution Vulnerability in NavigateCMS 2.9.4 and Below SQL Injection Vulnerability in NavigateCMS version 2.9.4 and below SQL Injection Vulnerability in NavigateCMS v2.9.4 and Below SQL Injection Vulnerability in NavigateCMS Version 2.9.4 and Below SQL Injection Vulnerability in NavigateCMS 2.9.4 and Below: Arbitrary SQL Query Execution via `block-order` Parameter Use-After-Free Vulnerability in QEMU's virtio-net Device Axios Vulnerability: Inefficient Regular Expression Complexity Sensitive Information Exposure in Dogecoin Core's CWallet::CreateTransaction() Function Information Disclosure Vulnerability in Ravencoin Core's CWallet::CreateTransactionAll() Function PbootCMS 3.0.5 SQL Injection Vulnerability SSRF Vulnerability in Reprise License Manager (RLM) Web Interface Allows Remote Attackers to Trigger Outbound Requests CRLF Injection Vulnerability in Reprise License Manager (RLM) Web Interface USB EHCI Controller Emulation DMA Reentrancy Vulnerability in QEMU Directory Traversal Vulnerability in Reprise License Manager (RLM) Web Interface Allows Arbitrary File Overwrite Buffer Overflow Vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0: Denial of Service via h5tools_str_sprint Arbitrary Code Execution via User Name Field in automad 1.7.5 Arbitrary Code Execution via Cross-Site Scripting (XSS) in jQuery-Upload-File v4.0.11 Out-of-bounds Write Vulnerability in libmobi Access Control Vulnerability in Dolibarr ERP/CRM 13.0.2: Denial of Service via Email Address Usernames Vimium Extension 1.66 and Earlier Universal Cross Site Scripting (UXSS) Vulnerability in Omnibar Feature Buffer Overflow Vulnerability in memcached 1.6.9: Denial of Service via Crafted Authentication File Use-After-Free Vulnerability in Linux Kernel's Bluetooth Subsystem Allows Privilege Escalation and System Crash SQL Injection Vulnerability in HKing2802 Locke-Bot 2.0.2 Unsanitized path Parameter in FusionPBX 4.5.26 Login Allows Cross Site Scripting (XSS) Double-Free Vulnerability in fig2dev through 3.28a: Denial of Service via free_stream function in readpics.c Race Condition Vulnerability in Linux Kernel's vt_k_ioctl Denial of Service Vulnerability in fig2dev 3.28a: Segfault in open_stream Function SAP NetWeaver Knowledge Management XML Forms XSLT Vulnerability Improper Input Validation in SAP Business One Version 10 Allows Unauthorized Directory Access Apache Commons Net FTP Client Host Trust Vulnerability Stored XSS Vulnerability in MISP 2.4.146 when Forking a Galaxy Cluster Insufficient Authorization Checks in SAP NetWeaver Application Server Java (JMS Connector Service) SQL Injection Vulnerabilities in SmartDataSoft SmartBlog for PrestaShop Unrestricted File Vulnerability in Zoho ManageEngine ADManager Plus before 7111 Leading to Remote Code Execution Username Spoofing Vulnerability in Keycloak Insufficient Content Security Policy (CSP) in JetBrains Hub Widget Deployment Feature HTML Injection Vulnerability in JetBrains Hub Password Reset Email Cross-Site Scripting (XSS) Vulnerability in JetBrains TeamCity before 2020.2.3 Untrusted Projects Code Execution Vulnerability in JetBrains RubyMine Insecure Deserialization Vulnerability in JetBrains TeamCity (before 2020.2.4) Insufficient Authentication Checks in JetBrains TeamCity: A Security Vulnerability Insecure Key Generation Mechanism in JetBrains TeamCity: A Potential Vulnerability Insufficient File Upload Checks in JetBrains TeamCity (CVE-2020-XXXX) Cleartext Password Storage Vulnerability in JetBrains TeamCity Insufficient Sandbox in JetBrains YouTrack Workflow (CVE-2021-11111) Time-Unsafe Comparisons in JetBrains YouTrack before 2021.2.16363 Insecure Password Hashing in JetBrains YouTrack Stored XSS Vulnerability in JetBrains YouTrack before 2021.2.17925 Insecure PRNG Vulnerability in JetBrains YouTrack Unauthenticated Access to Boards in JetBrains YouTrack Vulnerability: Unauthorized Root Access via Telnet Service on TX9 Automatic Food Dispenser v3.2.57 SQL Injection Vulnerability in Centreon Reporting Export SQL Injection Vulnerability in Centreon Image Generation SQL Injection Vulnerability in Centreon MediaWiki Script Heap-based Buffer Overflow in libmysofa Vulnerability in MediaTek Microchips: WPS Protocol Mishandling Vulnerability in MediaTek Microchips: WPS Protocol Mishandling Vulnerability: Out-of-bounds read in MediaTek microchips' WPS protocol handling Vulnerability in MediaTek Microchips: WPS Protocol Mishandling Vulnerability: Out-of-bounds read in MediaTek microchips handling IEEE 1905 protocols Vulnerability: Out-of-bounds read in MediaTek microchips handling IEEE 1905 protocols Vulnerability: Out-of-bounds write in MediaTek microchips handling IEEE 1905 protocols Vulnerability: Out-of-bounds read in MediaTek microchips handling IEEE 1905 protocols Vulnerability: Out-of-bounds write in MediaTek microchips handling IEEE 1905 protocols Vulnerability: Out-of-bounds write in MediaTek microchips handling IEEE 1905 protocols Prototype Pollution Vulnerability in immer Library Vulnerability: Out-of-bounds read in MediaTek microchips handling IEEE 1905 protocols Vulnerability: Out-of-bounds write in MediaTek microchips handling IEEE 1905 protocols Vulnerability: Unauthorized Access via Mishandling of IEEE 1905 Protocols in MediaTek Microchips TTiny Java Web Server (TJWS) <=1.115 Reflected XSS Vulnerability on 404 Error Page Memory Corruption Vulnerability in Linux Kernel on PowerPC Platform via rtas_args.nargs Remote Code Execution via Deserialization in Apache jUDDI Dubbo Provider Security Bypass Vulnerability Unveiling the Threat: Server-Side Request Forgery (SSRF) Vulnerability in BookStack Authentication Bypass Vulnerability in Apache ShenYu Admin Vulnerability: Out-of-bounds write in MediaTek microchips handling IEEE 1905 protocols Vulnerability in MediaTek Microchips: WPS Protocol Mishandling Insufficient Validation in Mitel Interaction Recording Multitenancy Systems Allows Unauthorized Replay of Recorded Conversations Vulnerability: Decryption of DAC-MACS and MA-ABE-YJ14 Data by Single User in Charm 0.43 Collusion Vulnerability in Charm 0.43 Allows Decryption of YCT14 Data SQL Injection Vulnerability in Virtua Cobranca Login Page Memory Overflow Vulnerability in Linux Kernel's ipc Functionality of memcg Subsystem Allows Denial of Service TCP Evasion Vulnerability in Suricata Remote SQL Injection Vulnerability in PEEL Shopping Version 9.4.0 Missing Input Checks in FreeRDP's wf_cliprdr_server_file_contents_request Function Missing Input Checks in FreeRDP's wf_cliprdr_server_file_contents_request Function Cross-Site Scripting (XSS) Vulnerability in Telegram Web K Alpha 0.6.1 via Document Name MFA Bypass Vulnerability in WP Cerber before 8.9.3 Bypassing WP Cerber Access Control via Trailing ? Character SQL Injection Vulnerability in Nuance Winscribe Dictation 4.1.0.99 Exporter/Login.aspx Login Form Linux Kernel NFC Stack Use-After-Free Vulnerability: A Threat to Confidentiality, Integrity, and System Availability Integer Overflow Vulnerability in util-linux through 2.37.1 Information Disclosure in muc.lib.lua in Prosody 0.11.0 through 0.11.9 Frame Counter Validation Bypass and Replay Attack Vulnerability in Microchip MiWi Software Critical Vulnerability: Inadequate Message Integrity Check Validation in Microchip MiWi Software Timing-based collision inference vulnerability in Meow Hash 0.5/Calico Remote Code Execution via Unrestricted File Upload in Apache OFBiz Vulnerability: CA Issuer Trickery in OctoRPKI Prior to 1.3.0 Denial of Service Vulnerability in Stormshield Network Security (SNS) 1.0.0 through 4.2.3 SQL Injection Vulnerability in Progress MOVEit Transfer Web Application Null Pointer Dereference in Exiv2 v0.27.4 and Earlier: Denial of Service Vulnerability Null Pointer Dereference in Exiv2 v0.27.4 and Earlier: Denial of Service Vulnerability Privilege Escalation via Untrusted Uninstall.exe Execution in Nextcloud Desktop Client Out-of-Bounds Read Vulnerability in Exiv2 v0.27.4 and Earlier Out-of-Bounds Read Vulnerability in Exiv2 v0.27.4 and Earlier Directory Traversal Vulnerability in ClairCore Engine Allows for Remote Code Execution Out-of-Bounds Read Vulnerability in Exiv2 v0.27.4 and Earlier Infinite Loop Denial of Service Vulnerability in Exiv2 Infinite Loop Denial of Service Vulnerability in Exiv2 v0.27.4 and Earlier Infinite Loop Denial of Service Vulnerability in Exiv2 v0.27.4 and Earlier Unauthenticated SIP MESSAGE Requests in FreeSWITCH Prior to Version 1.10.7 Skytable Database Server Denial of Service Vulnerability Contao CMS Insert Tag PHP File Loading Vulnerability Privilege Escalation Vulnerability in Contao CMS Bypassing File Drop Security in Nextcloud Richdocuments App Lack of Rate Limiting in Nextcloud Richdocuments OCS Endpoint Confidentiality Vulnerability in Red Hat AMQ Broker Management Console (Version 7.8) Unrestricted Access to Secret Circles in Nextcloud Circles Application Access Control Bypass in Nextcloud Deck SuperMartijn642's Config Lib 1.0.4-1.0.8 Remote Code Execution Vulnerability XSS Vulnerability in Discourse's d-popover Tooltips Cross-site Scripting (XSS) Vulnerability in Leafkit Templating Language Out-of-bounds Heap Access in Sparse Reduction Operations in TensorFlow Division by 0 vulnerability in TensorFlow's `tf.raw_ops.SparseDenseCwiseDiv` implementation Null Pointer Dereference Vulnerability in TensorFlow's `tf.raw_ops.CompressElement` Null pointer dereference and undefined behavior in `tf.raw_ops.RaggedTensorToTensor` API due to invalid argument for `row_partition_types` Null Pointer Dereference and Out-of-Bounds Read Vulnerability in TensorFlow's Tensors Restoration Linux Kernel Memory Leak Vulnerability in ccp_run_aes_gcm_cmd() Function Potential Division by 0 Vulnerability in TensorFlow's `tf.raw_ops.SparseReshape` Heap buffer overflow vulnerability in TensorFlow's `tf.raw_ops.RaggedGather` Division by 0 vulnerability in TensorFlow's `tf.raw_ops.ResourceScatterDiv` implementation Null pointer dereference vulnerability in TensorFlow's `tf.raw_ops.MatrixDiagPartOp` Negative element in `num_elements` list argument of `tf.raw_ops.TensorListReserve` leads to process abort in TensorFlow Integer Overflow Vulnerability in TensorFlow's `tf.raw_ops.QuantizeAndDequantizeV4Grad` Implementation Integer Overflow Vulnerability in TensorFlow's `tf.raw_ops.StringNGrams` Implementation Null Pointer Dereference in TensorFlow's SparseTensorSliceDataset Implementation Null Pointer Dereference in TensorFlow's `tf.raw_ops.SaveV2` Null Pointer Dereference Vulnerability in TensorFlow's `tf.raw_ops.UncompressElement` Inefficient Regular Expression Complexity Vulnerability in validator.js Heap Buffer Overflow and Segmentation Fault in TensorFlow's ExperimentalDatasetToTFRecord and DatasetToTFRecord Implementation Out-of-Bounds Heap Access in TensorFlow's FractionalAvgPoolGrad Implementation Use-after-free vulnerability in TensorFlow's BoostedTreesCreateEnsemble implementation Floating Point Exception in TensorFlow's ResourceGather Function Out-of-Bounds Read Vulnerability in TensorFlow's ResourceGather API Out-of-Bounds Read Vulnerability in TensorFlow's ResourceScatterUpdate Null pointer dereference vulnerability in TensorFlow's `tf.raw_ops.RaggedTensorToSparse` Null Pointer Dereference in TensorFlow's MatrixDiagV* Operations Null Pointer Dereference in TensorFlow's MatrixSetDiagV* Operations Null pointer binding vulnerability in TensorFlow's binary cwise operations Prototype Pollution Vulnerability in objection.js Floating Point Exception in TensorFlow's Inplace Operations Denial of Service Vulnerability in TensorFlow's `boosted_trees_create_quantile_stream_resource` Null pointer dereference vulnerability in TensorFlow's BoostedTreesCalculateBestGainsPerFeature and BoostedTreesCalculateBestFeatureSplitV2 functions Incomplete Validation in tf.raw_ops.QuantizeV2 Allows for Undefined Behavior and Heap Overflow Out-of-Bounds Read Vulnerability in TensorFlow's BoostedTreesSparseCalculateBestFeatureSplit Incomplete Validation in MKL Implementation of Requantization in TensorFlow Null Pointer Dereference in tf.raw_ops.RaggedTensorToVariant Null Pointer Dereference in TensorFlow's `tf.raw_ops.UnicodeEncode` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.UnravelIndex` Denial of Service Vulnerability in TensorFlow's NonMaxSuppressionV5 and CombinedNonMaxSuppression Bookstack: Cross-Site Scripting Vulnerability Out-of-bounds Read Vulnerability in TensorFlow's `tf.raw_ops.UpperBound` and `tf.raw_ops.LowerBound` Null Pointer Dereference in TensorFlow's Map Operations Heap Overflow Vulnerability in TensorFlow's SdcaOptimizerV2 Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.MapStage` Denial of Service Vulnerability in TensorFlow's MaxPoolGrad Function Division by 0 vulnerability in TensorFlow convolution operators leading to denial of service Null pointer dereference vulnerability in TensorFlow's `tf.raw_ops.SparseFillEmptyRows` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.Dequantize` Shape Inference Code Arbitrary Code Execution Vulnerability in TensorFlow and Keras Model Deserialization Uninitialized Memory Leak in TensorFlow's `tf.map_fn` with `RaggedTensor` Input Bookstack: Cross-Site Scripting Vulnerability Division by Zero Vulnerability in TensorFlow's TFLite Fully Connected Layers Null Pointer Error in SVDF Implementation in TensorFlow Lite Uninitialized Values in TFLite Operations with Quantization Division by 0 vulnerability in TensorFlow Lite Division by 0 vulnerability in TFLite pooling implementation TFLite's `expand_dims.cc` Heap Data Read Vulnerability Logic bug in TensorFlow Lite's strided slice implementation allows for infinite loop (CVE-2021-41117) Arbitrary Data Read Vulnerability in TFLite's GatherNd and Gather Implementations Null Pointer Dereference Vulnerability in TensorFlow Null Pointer Dereference in TensorFlow MLIR Optimization of L2NormalizeReduceAxis Operator Vulnerability in Oh My Zsh Themes: Remote Code Execution via Specially-Crafted Branch Names Vulnerability: Segfault triggered by accessing shape information in TensorFlow Division by Zero Vulnerability in TensorFlow LSH Projection Implementation Segfault Vulnerability in TensorFlow's String Deallocation Email Token Reuse Vulnerability in Discourse Arbitrary Code Injection in @asyncapi/java-spring-cloud-stream-template (CVE-2021-12345) CKEditor 4 Fake Objects Package HTML Injection Vulnerability Vulnerability in tmerc-cogs Allows Unauthorized Access to Sensitive Information Vulnerability in tmerc-cogs Allows Unauthorized Access to Sensitive Information Unverified TLS Certificate Vulnerability in Icinga 2.5.0 - 2.13.0 Open Redirect Vulnerability in Next.js Heap-based Buffer Overflow Vulnerability in Vim Cross-Site Scripting (XSS) vulnerability in @github/paste-markdown before version 0.3.4 Arbitrary File Creation and Code Execution Vulnerability in npm package tar Vulnerability: Formular Injection in Pimcore Data Object CSV Import User Read State Exposure in Discourse Versions 2.7.8 and 2.8.0.beta5 Exposure of `phpinfo()` in PhpFastCache versions before 6.1.5, 7.1.2, and 8.0.7 Incomplete Authorization Check in OneFuzz Allows Unauthorized API Calls and Data Access Integer Underflow Vulnerability in PJSIP's STUN Message Handling Vulnerability in Shopware API allows manipulation of product reviews Command Injection Vulnerability in Shopware Mail Agent Settings Insecure Direct Object Reference in Shopware's Import/Export Log Files Cross-Site Scripting (XSS) Vulnerability in Shopware Prior to 6.4.3.1 via SVG Media Files Authenticated Server-Side Request Forgery Vulnerability in File Upload via URL Arbitrary File Creation and Code Execution Vulnerability in npm package tar (node-tar) Arbitrary File Creation and Code Execution Vulnerability in npm package tar (node-tar) Denial of Service (DoS) Vulnerability in jsoup versions prior to 1.14.2 Aruba AirWave Management Platform XSS Vulnerability Aruba SD-WAN Software and Gateways Remote Buffer Overflow Vulnerability Aruba SD-WAN Software and Gateways Remote Arbitrary Command Execution Vulnerability Aruba SD-WAN Software and Gateways Remote Arbitrary Command Execution Vulnerability Aruba SD-WAN Software and Gateways Remote Arbitrary Command Execution Vulnerability Linux SCTP Stack Vulnerability: Blind Association Killing via Invalid Chunks and IP Spoofing Aruba SD-WAN Software and Gateways Remote Arbitrary Command Execution Vulnerability Aruba SD-WAN Software and Gateways Remote Arbitrary Command Execution Vulnerability Aruba SD-WAN Software and Gateways Remote Arbitrary Command Execution Vulnerability ArubaOS Remote Arbitrary Command Execution Vulnerability ArubaOS Remote Arbitrary Command Execution Vulnerability Aruba SD-WAN Software and Gateways Remote CSRF Vulnerability Remote Buffer Overflow Vulnerability in HPE Aruba Instant (IAP) 8.7.x.x: 8.7.0.0 through 8.7.1.2 Aruba Instant (IAP) Remote Arbitrary Command Execution Vulnerability ArubaOS Remote Path Traversal Vulnerability Aruba SD-WAN Software and Gateways Remote Path Traversal Vulnerability Netfilter Vulnerability: Exposing OpenVPN Connection Endpoint Information Title: HPE Aruba Instant (IAP) Remote Arbitrary Command Execution Vulnerability Aruba SD-WAN Software and Gateways Local Path Traversal Vulnerability Title: HPE Aruba Instant (IAP) Remote Arbitrary Command Execution Vulnerability Aruba SD-WAN Software and Gateways Remote Path Traversal Vulnerability Aruba Instant Remote Unauthorized Read Access Vulnerability Aruba Instant Remote Denial of Service Vulnerability Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote SQL Injection Vulnerability Aruba ClearPass Policy Manager Remote Disclosure of Sensitive Information Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Open Wi-Fi Access Point Vulnerability in Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X) Denial of Service Vulnerability in MDT KNXnet/IP Secure Router and IP Interface Pre-authentication RCE Vulnerabilities in ManageEngine ADManager Plus (before 7111) Stored XSS vulnerability in MISP 2.4.147 allows malicious code execution when viewing galaxy cluster relationships Stored XSS Vulnerability in MISP 2.4.147: Galaxy Cluster Elements JSON Viewer Insufficient Link Checks in Claws Mail and Sylpheed: Potential Click Vulnerability Arbitrary Code Execution Vulnerability in Grandstream HT801 Devices Blind SQL Injection in Hexagon GeoMedia WebMap 2020 Critical CSRF Vulnerability Found in ShowDoc Documentation Tool NULL Pointer Dereference in MIT Kerberos 5 Key Distribution Center (KDC) Session ID Leak in Graylog DEBUG Log File: Privilege Escalation Vulnerability CSRF Vulnerability in ShowDoc Session ID Leak in Graylog Audit Log: Privilege Escalation Vulnerability Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (Version 7110 and Prior) Unrestricted File Overwrite Vulnerability in Zoho ManageEngine ADManager Plus (Version 7110 and Prior) Arbitrary File Deletion Vulnerability in XOS-Shop 1.0.9 Inefficient Regular Expression Complexity in nodejs-tmpl File Upload Vulnerability in Nucleus CMS v3.71 Allows Remote Code Execution Arbitrary Code Execution Vulnerability in TL-WDR7660 2.0.30 Insecure Direct Object Reference (IDOR) Vulnerability in Gila CMS 2.2.0 Allows Unauthorized Access to Thumbnails Buffer Overflow Vulnerability in gps-sdr-sim v1.0: Exploiting Long Command Line Parameters for DoS and Code Execution Heap-based Buffer Overflow Vulnerability in Vim Cross Site Scripting (XSS) Vulnerability in Employee Record Management System v 1.2 via editempprofile.php SQL Injection Vulnerability in Employee Record Management System v 1.2 via editempprofile.php Vulnerability: Denial of Service via Crafted QR Code in COVID Certificate Apps Clickjacking Vulnerability in Gurock TestRail v5.3.0.3603 Web UI Heap-Based Buffer Overflow in stb_image.h 2.27: Potential Information Disclosure or Denial of Service Vulnerability Unauthenticated Local File Content Retrieval Vulnerability in ruby-mysql Incorrect Access Control Vulnerability in MyAdmin v1.0's Personal Center View Stored Cross-Site Scripting (XSS) Vulnerability in FileBrowser < v2.16.0 Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in Peertube SQL Injection Vulnerability in Sourcecodester Online Covid Vaccination Scheduler System 1.0 Stored XSS Vulnerability in Sourcecodeste Vehicle Parking Management System v1.0 via add-vehicle.php Endpoint Time-Based SQL Injection Vulnerability in Vehicle Parking Management System 1.0 SQL Injection Vulnerability in Online Shopping Portal 3.1 via Email Parameter SQL Injection Vulnerabilities in phpgurukul.com News Portal Project 3.1 Ghostscript Interpreter Sandbox Escape Vulnerability Infinite Loop Vulnerability in PDF Labs pdftk-java v3.2.3 Buffer Pool Reference Count Overflow Vulnerability SQL Injection Vulnerability in OpenCart 3.0.3.7 Allows Unauthorized Access to Database and Server Files Cross-site Scripting (XSS) Vulnerability in Yourls SQL Injection Vulnerability in Hotel Druid 3.0.2 with SQLite Database Arbitrary JavaScript Execution Vulnerability in Hotel Druid Application (Version 3.0.2) Apache Superset 1.5.1 - Unauthorized Access to Dataset Metadata Insecure User Creation and Authentication Vulnerability in Garuda Linux Cross-Site WebSocket Hijacking (CSWH) Vulnerability in aaPanel 6.8.12 Privilege Escalation Vulnerability in Docker Desktop Couchbase Server 7.0.0 Cleartext Storage Vulnerability: Remote Cluster XDCR Credentials Leakage in Debug Logs SAML SSO Vulnerability in Atlassian Products Allows Remote Login with Only Username Session Fixation Vulnerability in Citadel WebCit Timing Information Leakage in Pengutronix barebox through 2021.07.0 due to Timing-Dependent memcmp in crypto/digest.c Timing Information Leakage in Pengutronix Barebox through 2021.07.0 due to Timing-Unsafe Hash Comparison Cross-site Scripting (XSS) Vulnerability in Yourls Critical Vulnerability in ESET macOS Products Allows Disabling of Protection Local Privilege Escalation Vulnerability in ESET Windows Products Privilege Escalation Vulnerability in ESET Products for Windows Bypass for Reflected Cross-Site Scripting Vulnerability in OAuth-enabled Mattermost Instances SMI Callback Function Vulnerability in Lenovo Notebook and ThinkPad Systems: Data Leakage Risk Arbitrary Web Script Injection in Mattermost 5.38 and Earlier Insecure Password Logging in Mattermost 6.0.2 and Earlier Email Address Spoofing Vulnerability in Mattermost 6.0 and Earlier Client-Side Crash Vulnerability in Mattermost 6.0 and Earlier Insufficient Validation of Permissions in Mattermost 6.1 and Earlier Allows Unauthorized Access to Archived Channels Server-Side Denial of Service Vulnerability in Mattermost 6.2 and Earlier Session Token Reuse Vulnerability in Mattermost Boards Plugin v0.10.0 and Earlier Email Address Disclosure Vulnerability in Mattermost Boards Plugin v0.10.0 and Earlier Local Access Vulnerability in Motorola Binatone Hubble Cameras: Unauthorized Backend Service Access Vulnerability in Motorola Binatone Hubble Cameras: Exposed Debug Interface Allows Unauthorized Access Physical Access Vulnerability in Motorola Binatone Hubble Cameras Allows Encryption Key Disclosure Buffer Overflow Vulnerability in Motorola Binatone Hubble Cameras Allows for Denial-of-Service Attacks Unfiltered User Input in WriteRegistry Function Allows Remote Registry Hijack Motorola Binatone Hubble Cameras: Information Disclosure Vulnerability ASUS Routers Vulnerability: Remote Disconnection via Specially Crafted SAE Authentication Frames Privilege Escalation Vulnerability in BenQ Smart Wireless Conference Projector Command Injection Vulnerability in HGiga OAKlouds Mobile Portal Command Injection Vulnerability in HGiga OAKlouds Mobile Portal Expression Template Injection Vulnerability in Argo Workflows Remote Code Execution via Malicious gdb_debug_server Variable Cross-Site Scripting (XSS) Vulnerability in Joplin before 2.0.9 Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Unencrypted Device Communications in Motorola Binatone Hubble Cameras: A Security Vulnerability Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Path Traversal Vulnerability in Zoho ManageEngine ADManager Plus (Version 7110 and Prior) Allows Unauthorized File Copying Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Post-Auth OS Command Injection Vulnerability in Zoho ManageEngine ADManager Plus (Version 7110 and Prior) Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Account Takeover Vulnerability in Zoho ManageEngine ADManager Plus version 7110 and prior via SSO Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Improper Access Control Vulnerability in Motorola Binatone Hubble Cameras Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) Unrestricted File Upload Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-40539) LDAP Injection Vulnerability in Huntflow Enterprise before 3.10.6 Allows Authentication Bypass Insufficient Server-Side Login-Attempt Limit Enforcement in Huntflow Enterprise before 3.10.14 LDAP Server Domain Name Information Disclosure Vulnerability Kibana HTML Injection Vulnerability Privilege Escalation Vulnerability in Fleet-Server API Key Creation Arbitrary File Loading Vulnerability in Kibana on Windows Kibana and IBM Resilient Connector Vulnerability Exposes Hidden Internal Hosts Vuelidate Vulnerability: Inefficient Regular Expression Complexity Workplace Search Github Enterprise Server Integration: Information Disclosure via Server-Side Request Forgery Vulnerability APM Java Agent Local Privilege Escalation Vulnerability APM Java Agent Local Privilege Escalation Vulnerability Vulnerability: Inefficient Regular Expression Complexity in semver-regex Use After Free Vulnerability in Google Chrome for Android (prior to 94.0.4606.54) Enables Remote Heap Corruption WebGPU Use After Free Vulnerability in Google Chrome (CVE-2021-37975) Remote Code Injection Vulnerability in Google Chrome on Windows (prior to version 94.0.4606.54) via Crafted HTML Page Task Manager Use After Free Vulnerability in Google Chrome (CVE-2021-37975) Vim Vulnerability: Exploitable Use After Free Flaw Remote Code Execution Vulnerability in Google Chrome Tab Strip (CVE-2021-37973) Use After Free Vulnerability in Google Chrome Performance Manager (CVE-2021-37975) Remote Code Execution via Side-Channel Information Leakage in Google Chrome DevTools ChromeOS Networking Vulnerability: Rogue Wireless Access Point Impersonation via Crafted ONC File Cross-Origin Data Leakage in Background Fetch API in Google Chrome (prior to 94.0.4606.54) Omnibox Spoofing Vulnerability in Google Chrome on Android (CVE-2021-37975) Cross-Origin Data Leakage in Background Fetch API in Google Chrome (CVE-2021-37976) Cross-Origin Data Leakage in Background Fetch API in Google Chrome (prior to 94.0.4606.54) Local Privilege Escalation Vulnerability in Google Chrome Updater Vulnerability: Use of Wrong Operator in String Comparison in HestiaCP Heap Corruption Vulnerability in Google Chrome File System API Omnibox Spoofing Vulnerability in Google Chrome (prior to 94.0.4606.54) Heap Corruption Vulnerability in libjpeg-turbo in Google Chrome (CVE-2021-37976) Sandbox Escape via Use After Free Vulnerability in Google Chrome Portals Use After Free Vulnerability in Safebrowsing in Google Chrome (prior to 94.0.4606.71) Allows Remote Heap Corruption Heap Corruption Vulnerability in V8 Engine in Google Chrome (CVE-2021-37960) Memory Disclosure Vulnerability in Google Chrome (prior to 94.0.4606.71) Remote Code Execution via Use After Free in Google Chrome's Garbage Collection Heap Buffer Overflow in Blink in Google Chrome: Remote Code Execution via Crafted HTML Page WebRTC Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Vulnerability: Invalid Curve Attack in openCryptoki Remote Code Execution via Sandbox Bypass in Google Chrome (prior to 94.0.4606.81) Skia Heap Buffer Overflow: Remote Sandbox Escape in Google Chrome Remote Code Execution Vulnerability in Google Chrome Incognito Mode Remote Code Execution via Use After Free in Google Chrome Dev Tools Heap Buffer Overflow in PDFium in Google Chrome: Remote Code Execution via Crafted HTML Page Remote Code Execution via Use After Free in V8 in Google Chrome Heap Buffer Overflow in Google Chrome Settings Prior to 95.0.4638.54 Heap Corruption Vulnerability in Google Chrome Network APIs Use After Free Vulnerability in Google Chrome Profiles Content Security Policy Abuse in Google Chrome Prior to 95.0.4638.54 Title: grav-plugin-admin Vulnerability: Improper Restriction of Rendered UI Layers or Frames Cross-Origin Data Leakage in WebView on Android Prior to Chrome 95.0.4638.54 Heap Corruption Vulnerability in V8 in Google Chrome (prior to 95.0.4638.54) Remote Code Execution via Out of Bounds Read in WebAudio in Google Chrome PDF Accessibility Use After Free Vulnerability in Google Chrome Bypassing Navigation Restrictions in Google Chrome iFrame Sandbox (CVE-2021-37973) Omnibox Overlay and Spoofing Vulnerability in Google Chrome Remote Code Execution via Malicious File Download in Google Chrome (CVE-2021-37973) Remote Code Execution via Use After Free in Google Chrome Sign-In Heap Corruption Vulnerability in Google Chrome Prior to 95.0.4638.69 Arbitrary Script Injection Vulnerability in Google Chrome New Tab Page (prior to 95.0.4638.69) Privilege Escalation Vulnerability in glib: Information Leakage via pkexec Arbitrary URL Redirection Vulnerability in Google Chrome on Android (CVE-2021-37973) Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (CVE-2021-37960) Remote Code Execution via Use After Free in Web Transport in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2021-37960) Cross-Origin Data Leakage in Google Chrome Autofill Remote Code Execution Vulnerability in Google Chrome Loader (CVE-2021-XXXX) Remote Code Execution Vulnerability in Google Chrome: Use After Free in Storage Foundation Type Confusion Vulnerability in V8: Remote Heap Corruption in Google Chrome (CVE-2021-37960) Remote Code Execution Vulnerability in Google Chrome Prior to 96.0.4664.45 via Use After Free in Media Cross-Origin Data Leakage Vulnerability in Google Chrome (prior to 96.0.4664.45) Prism Vulnerability: Inefficient Regular Expression Complexity Remote Code Execution via Inappropriate Service Worker Implementation in Google Chrome Remote Code Execution Vulnerability in Google Chrome: Use After Free in Storage Foundation Type Confusion Vulnerability in V8: Remote Heap Corruption in Google Chrome (CVE-2021-37960) Heap Buffer Overflow in Fingerprint Recognition in Google Chrome on ChromeOS Prior to 96.0.4664.45 Remote Code Execution Vulnerability in Swiftshader in Google Chrome Chrome Extension Bypasses Navigation Restrictions via Inappropriate Input Implementation Bypassing Same Origin Policy in Background Fetch in Google Chrome (CVE-2021-37975) Bypassing Navigation Restrictions in Google Chrome's iframe Sandbox Domain Spoofing Vulnerability in Google Chrome (prior to 96.0.4664.45) CORS Policy Enforcement Vulnerability in Google Chrome (prior to 96.0.4664.45) Allows Cross-Origin Data Leakage Kernel Panic Vulnerability in udisks2: Exploiting Specially Crafted Image Files/USB Omnibox Spoofing Vulnerability in Google Chrome on Android Referrer Bypass Vulnerability in Google Chrome (prior to 96.0.4664.45) Cross-Origin Data Leakage Vulnerability in Google Chrome WebAuthentication Vulnerability: Inefficient Regular Expression Complexity in nth-check Taro Vulnerability: Inefficient Regular Expression Complexity Prototype Pollution Vulnerability in object-path Path Traversal Vulnerability in Pardus Software Center's extractArchive Function Enables Unauthorized File Manipulation Vulnerability: Inefficient Regular Expression Complexity in ansi-regex HP PC BIOS Vulnerability: Mitigating Arbitrary Code Execution Risks Vulnerability: Command Injection in Courier Mail Server POP3 Component Privilege Escalation Vulnerability in Canon TR150 Print Driver Local Privilege Escalation via DLL Hijacking in Acronis Cyber Protect 15 and Acronis Agent for Windows Title: Acronis Cyber Protect 15 Login Page Vulnerable to Reflected Cross-Site Scripting (XSS) Prior to Build 27009 Local Privilege Escalation Vulnerability in Acronis Cyber Protect 15 for Windows HP PC BIOS Vulnerability: Mitigating Arbitrary Code Execution Risks Integer Overflow Vulnerability in filter16_roberts Function in Ffmpeg 4.2.1 Integer Overflow Vulnerability in filter16_sobel Function in Ffmpeg 4.2.1 Integer Overflow Vulnerability in filter_prewitt Function in Ffmpeg 4.2.1 Integer Overflow Vulnerability in filter_robert Function in Ffmpeg 4.2.1 Integer Overflow Vulnerability in filter_sobel Function in Ffmpeg 4.2.1 Sensitive User Account Data Exposure in Planview Spigit 4.5.3 REST API Out-of-bounds Write Vulnerability in Corel PDF Fusion 2.6.2.0 Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Corel PDF Fusion 2.6.2.0 Allows Arbitrary Code Execution Heap Corruption Vulnerability in Corel PDF Fusion 2.6.2.0 Allows Arbitrary Code Execution Out-of-bounds Write Vulnerability in Corel PhotoPaint Standard 2020 22.0.0.474 Title: Inefficient Regular Expression Complexity Vulnerability in code-server Out-of-bounds Write Vulnerability in Corel PhotoPaint Standard 2020 22.0.0.474 Out-of-bounds Write Vulnerability in Corel PhotoPaint Standard 2020 22.0.0.474 Out-of-bounds Read Vulnerability in Corel Presentations 2020 20.0.0.200 (IPPP82.FLT) Out-of-bounds Write Vulnerability in Corel Presentations 2020 20.0.0.200 Out-of-bounds Read Vulnerability in Corel Presentations 2020 20.0.0.200 Out-of-bounds Read Vulnerability in Corel Presentations 2020 20.0.0.200 (IPPP82.FLT) Out-of-bounds Read Vulnerability in Corel Presentations 2020 Out-of-bounds Read Vulnerability in Corel DrawStandard 2020 22.0.0.474 Out-of-bounds Read Vulnerability in Corel WordPerfect 2020 Out-of-bounds Read Vulnerability in Corel DrawStandard 2020 22.0.0.474 Cross-site Scripting (XSS) vulnerability in adminlte Out-of-bounds Write Vulnerability in Corel WordPerfect 2020 20.0.0.200 DEF CON 27 Badge NFMI Protocol Buffer Overflow Vulnerability Remote Code Execution Vulnerability in Amazon AWS WorkSpaces Client Stored XSS Vulnerability in OpenWebif's Add Bouquet Feature Unchecked Return Value Vulnerability in libavcodec/dnxhddec.c in FFmpeg 4.4 Out-of-Bounds Read Vulnerability in GD Graphics Library (LibGD) Allows Denial of Service Cross-site Scripting (XSS) vulnerability in adminlte Open Redirect Vulnerability in Micro Focus Network Automation Critical Remote Code Execution Vulnerability in Micro Focus ArcSight ESM (Versions 7.0.2 - 7.5) Unauthenticated Remote Code Execution in Micro Focus Operations Bridge Containerized Remote Cross-Site Scripting (XSS) Vulnerabilities in Micro Focus ArcSight Enterprise Security Manager Remote Cross-Site Scripting (XSS) Vulnerabilities in Micro Focus ArcSight Enterprise Security Manager Privilege Escalation Vulnerability in Micro Focus Operations Agent (Versions 12.x - 12.21) Privilege Escalation Vulnerability in GitHub Repository Chatwoot/Chatwoot prior to v2.2 Information Leakage Vulnerability in Micro Focus Voltage SecureMail Mail Relay Path Traversal Vulnerability in Corero SecureWatch Managed Services 9.7.2.0020 via snap_file Parameter Privilege Escalation Vulnerability in Corero SecureWatch Managed Services 9.7.2.0020 XSS Vulnerability in OneNav Beta 0.9.12 via Add Link Feature Access Token Validation Bypass in 3scale's APIdocs Potential Privilege Escalation in set_user Extension Module for PostgreSQL Unsecured Upgrade Mechanism in Barco MirrorOp Windows Sender Allows Remote Code Execution Stored XSS Vulnerability in Form Tools Allows Extraction of Admin PHPSESSID Cookie Reflected XSS Vulnerability in Form Tools 3.0.20 SQL Injection Vulnerability in Form Tools Arbitrary File Read Vulnerability in Wipro Holmes Orchestrator 20.4.1 Unauthenticated File Download Vulnerability in Wipro Holmes Orchestrator 20.4.1 Unauthenticated External URL Execution in Obsidian before 0.12.12 Cross-Site Scripting (XSS) Vulnerability in Chikitsa Patient Management System 2.0.0 Prototype Pollution Vulnerability in utils.js Memory Dump Vulnerability in SAP Business Client Versions 7.0 and 7.70: Exposing Sensitive Data and Credential Compromise Cross-Site Scripting (XSS) Vulnerability in Chikitsa Patient Management System 2.0.0 Cross-Site Scripting (XSS) Vulnerability in Chikitsa Patient Management System 2.0.0 Timing Attack Vulnerability in Apache Kafka Canon Catwalk Server Remote E-mail Address Modification Vulnerability Information Disclosure Vulnerability in OpenStack Keystone Cross-Site Scripting (XSS) Vulnerability in Nagios XI Dashboard Editing Unauthenticated Reflected XSS in LeoStream Connection Broker 9.x (CVE-XXXX-XXXX) SQL Injection Vulnerability in Progress MOVEit Transfer Web Application Arbitrary HTML Injection in Cacti 1.1.38 User Group Creation Buffer Overflow Vulnerability in Linux Kernel's virtio_console.c TLS Origin Verification Bypass in Apache Traffic Server: Enabling Man-in-the-Middle Attacks Boundary Confusion Vulnerability in SAP Web Dispatcher Arbitrary File Upload and Command Execution Vulnerability in SAP NetWeaver (Visual Composer 7.0 RT) Unauthorized Access to Financial Accounting Data in SAP ERP Cleartext Credential Exposure in Lynx through 2.8.9 Integer Overflow and Out-of-Bounds Write in Linux Kernel's BPF Hash Table Handling Roxy-WI 5.2.2.0 SQL Injection Vulnerability: Bypassing Authentication via check_login Authenticated SQL Injection in Roxy-WI through 5.2.2.0 via select_servers Command Injection Vulnerability in Roxy-WI 5.2.2.0 via /app/funct.py and /api/api_funct.py SQL Injection Vulnerability in wbce_cms Unchecked init_get_bits Vulnerability in FFmpeg 4.4 Buffer Overflow Vulnerability in perM 0.4.0's strncpy Function Remote Command Execution Vulnerability in Btrbk before 0.31.2 SAP 3D Visual Enterprise Viewer Version 9 File Manipulation Vulnerability SAP Analysis for Microsoft Office - Version 2.8 Privilege Escalation and Data Leakage Vulnerability Remote Code Execution Vulnerability in NZDT Function Modules Null Pointer Dereference Vulnerability in SAP CommonCryptoLib 8.5.38 or Lower ABAP Code Transfer Vulnerability in SAP NetWeaver AS ABAP and ABAP Platform Default Debug Function in SAP Business One Integration Admin UI Exposes User Credentials Grav Vulnerability: Lack of Validation and Integrity Checking for Cookies CSV Injection Vulnerability in SAP Business One 10.0 Allows Arbitrary Command Execution Denial of Service Vulnerability in SAP NetWeaver AS ABAP and ABAP Platform Header Injection Vulnerability in Kyma Allows Privilege Escalation and Cluster Compromise SAP NetWeaver Cross-Site Scripting Vulnerability Arbitrary Code Execution via Crafted Pattern File in GNU cpio XSS Vulnerability in comrak crate before 0.10.1 Soundness Violation: Conversion of *u8 to *u64 in anymap crate (Rust) Unsafe Usage of slice.get_unchecked() in Decoder::new() in iced-x86 crate SMTP Command Injection Vulnerability in Lettre Crate CSRF Vulnerability in firefly-iii: Cross-Site Request Forgery (CSRF) Out-of-Bounds Memory Access in nalgebra Crate Incorrect Thread Dropping Vulnerability in Tokio Crate Overflow Vulnerability in prost-types Crate Cross-Site Scripting (XSS) Vulnerability in Ammonia Crate Unsound Verification Vulnerability in ark-r1cs-std Crate Overflow Vulnerability in libsecp256k1 Crate Remote Code Execution Vulnerability in better-macro Crate Directory Traversal Vulnerability in go-unarr 0.1.1 via ../ in TAR Archive Pathname Incorrect Computation of Shadow Page Access Permissions in Linux Kernel Incorrect Connection-Setup Ordering Vulnerability in Linux Kernel NFSv4 Client Title: Inefficient Regular Expression Complexity Vulnerability in Inflect NULL pointer dereference and OOPS vulnerability in Linux kernel's perf core-book3s.c Denial of Service Vulnerability in Linux Kernel's NFS 4.2 READ_PLUS Operations Out-of-Bounds Read in strlen Vulnerability in Linux Kernel NFS Traffic Handling Denial of Service Vulnerability in btrfs File System Allocation Use-after-free vulnerability in Linux kernel USB host driver (max3421-hcd.c) allows for denial of service Kernel Pointer Disclosure in Xilinx Emaclite Driver Denial of Service Vulnerability in Linux Kernel's mac80211 Subsystem Buffer Overflow Vulnerability in Xilinx LL TEMAC Driver Denial of Service Vulnerability in Linux Kernel's NFC LLCP Socket Handling Leakage of Net Namespace Changes in Linux Kernel Denial of Service Vulnerability in HP Multifunction Printers Running Workpath Solutions SQL Injection Vulnerability in SEMCMS v 1.2 via SEMCMS_User.php Vulnerability: Inefficient Regular Expression Complexity in jsoneditor Stored XSS Vulnerability in bbs-go <= 3.3.0 (Custom Edition) Arbitrary Code Execution via Path Traversal in Bitdefender GravityZone UpdateServer SQL Injection Vulnerability in DataEase Before 1.2.0: Unauthorized Access to Sensitive Information Arbitrary Web Script Injection in OpenVPN Access Server 2.9.0-2.9.4 Remote Code Execution Vulnerability in Ruoyi before 4.6.1 via Shiro Framework Deserialization Critical Remote Code Execution Vulnerability in xunruicms <=4.5.1 Regular Expression Denial of Service (ReDoS) Vulnerability in cbioportal 3.6.21 and Older via POST Request to /ProteinArraySignificanceTest.json Unsecured API in LiderAhenk Software Allows Leakage of LDAP Credentials Buffer Overflow Vulnerability in NXP MCUXpresso SDK v2.7.0's USB_HostProcessCallback() Function Heap/Stack Buffer Overflow in dlang_lname Function in libiberty Buffer Overflow Vulnerability in NXP MCUXpresso SDK v2.7.0's USB_HostParseDeviceConfigurationDescriptor() Function Arbitrary Web Script Injection in Liferay Portal and Liferay DXP Arbitrary Script Injection in Liferay Portal 7.4.0 and 7.4.1 via Frontend Taglib Module Arbitrary Script Injection in Liferay Portal Asset Module LDAP User Impersonation Vulnerability Arbitrary Script Injection in Liferay Portal and Liferay DXP Blogs Module Improper Default Permissions in Liferay Portal and Liferay DXP Arbitrary Web Script Injection in Liferay Portal and Liferay DXP Keycloak Vulnerability: Bypassing MFA Authentication via Default ECP Binding Flow Buffer Overflow Vulnerability in Tenda AC10-1200 v15.03.06.23_EN NLTK Vulnerability: Inefficient Regular Expression Complexity Information Disclosure Vulnerability in Wipro Holmes Orchestrator 20.4.1 Privilege Escalation and Information Disclosure Vulnerability in Novastar-VNNOX-iCare Novaicare 7.16.0 OpenWhyd Vulnerability: URL Redirection to Untrusted Site Host Header Attack Vulnerability in FUEL CMS 1.5.0 Assertion Failure in FFmpeg Version: de8e6e67e7523e48bb27ac224a0b446df05e1640 Remote Code Execution (RCE) via Command Injection in Apache Storm's getTopologyHistory Service Privilege Escalation via HTML Attachment in Apache CouchDB Apache Spark Mutual Authentication Protocol Vulnerability Buffer Overflow Vulnerability in Go (GOARCH=wasm GOOS=js) before 1.16.9 and 1.17.x before 1.17.2 Blind XXE Vulnerability in Zoho ManageEngine ADManager Plus before 7110 Incorrect Access Control in Webauthn Framework 3.3.x before 3.3.4 Allows Unauthorized Login via FIDO2 Authenticator Cross-site Scripting (XSS) Vulnerability in btcpayserver Unprivileged cBPF Program Execution Vulnerability in Linux Kernel SQL Injection Vulnerability in TYPO3 Newsletter Extension SQL Injection Vulnerability in Sureline SUREedge Migrator 7.0.7.29360 Privilege Escalation Vulnerability in National Instruments NI-PAL Driver Arbitrary Code Execution via Crafted Schema File in 23andMe Yamale (before 3.0.8) OS Command Injection Vulnerability in LG N1T1*** 10124 Network Attached Storage Cross-site Scripting (XSS) Vulnerability in gnuboard5 Nonterminating Acknowledgment Loops in Contiki 3.0 Telnet Service Arbitrary Plugin Installation and Post Editing Vulnerability in Gutenberg Template Library & Redux Framework Plugin Unauthenticated AJAX Actions Vulnerability in Gutenberg Template Library & Redux Framework Plugin Attribute-based Reflected Cross-Site Scripting Vulnerability in SP Project & Document Manager WordPress Plugin (up to version 4.25) Reflected Cross-Site Scripting Vulnerability in WP Academic People List WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Konnichiwa! Membership WordPress Plugin Reflected Cross-Site Scripting Vulnerability in 3D Cover Carousel WordPress Plugin Reflected Cross-Site Scripting Vulnerability in More From Google WordPress Plugin Integria IMS 5.0.92 - Remote Code Execution via File Upload Vulnerability Reflected Cross-Site Scripting Vulnerability in simpleSAMLphp Authentication WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Custom Menu Plugin WordPress Plugin (up to version 1.3.3) Reflected Cross-Site Scripting Vulnerability in Twitter Friends Widget WordPress Plugin Reflected Cross-Site Scripting Vulnerability in RentPress WordPress Plugin (Versions up to 6.6.4) SQL Injection Vulnerability in SP Rental Manager WordPress Plugin (Versions up to 1.5.3) Reflected Cross-Site Scripting Vulnerability in User Activation Email WordPress Plugin Vulnerability Alert: Reflected Cross-Site Scripting in Post Title Counter WordPress Plugin (up to version 1.1) Reflected Cross-Site Scripting Vulnerability in YouTube Video Inserter WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Notices WordPress Plugin (Versions up to 6.1) Reflected Cross-Site Scripting Vulnerability in DJ EmailPublish WordPress Plugin (Versions up to 1.7.2) Insecure Password Comparison Vulnerability in Integria IMS Reflected Cross-Site Scripting Vulnerability in Yet Another bol.com Plugin WordPress Plugin (up to version 1.4) Reflected Cross-Site Scripting Vulnerability in WP-T-Wap WordPress Plugin (Versions up to 1.13.2) Reflected Cross-Site Scripting Vulnerability in On Page SEO + Whatsapp Chat Button Plugin WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP Scrippets WordPress Plugin (Versions up to 1.5.1) Reflected Cross-Site Scripting Vulnerability in WP Design Maps & Places WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Wise Agent Capture Forms WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Edit Comments XT WordPress Plugin Reflected Cross-Site Scripting Vulnerability in RSVPMaker Excel WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Border Loading Bar WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Simple Matted Thumbnails WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Integria IMS 5.0.92 Reflected Cross-Site Scripting Vulnerability in Wordpress Simple Shop Plugin (Versions up to 1.2) Reflected Cross-Site Scripting Vulnerability in WooCommerce Payment Gateway Per Category WordPress Plugin Cross-Site Request Forgery Vulnerability in Nested Pages WordPress Plugin <= 3.1.15 Open Redirect Vulnerability in Nested Pages WordPress Plugin <= 3.1.15 Stored XSS Vulnerability in Brizy Page Builder Plugin for WordPress Arbitrary Content Modification Vulnerability in Brizy Page Builder Plugin for WordPress Arbitrary File Upload and Execution in Brizy Page Builder Plugin for WordPress Reflected Cross-Site Scripting Vulnerability in Custom Website Data WordPress Plugin (Versions up to 2.2) Reflected Cross-Site Scripting Vulnerability in Advance Search WordPress Plugin (up to version 1.1.2) Reflected Cross-Site Scripting Vulnerability in Moneybird for WooCommerce WordPress Plugin Heap-based Buffer Overflow in USB Device Class in Zephyr Versions >= v2.6.0 Reflected Cross-Site Scripting Vulnerability in spideranalyse WordPress Plugin (Versions up to 0.0.1) Reflected Cross-Site Scripting Vulnerability in OSD Subscribe WordPress Plugin (Versions up to 1.2.3) Reflected Cross-Site Scripting Vulnerability in Feedify – Web Push Notifications WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Dropdown and Scrollable Text WordPress Plugin Reflected Cross-Site Scripting Vulnerability in GNU-Mailman Integration WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Bug Library WordPress Plugin (Versions up to 2.0.3) Reflected Cross-Site Scripting Vulnerability in NextScripts: Social Networks Auto-Poster WordPress Plugin Reflected Cross-Site Scripting Vulnerability in SMS OVH WordPress Plugin Reflected Cross-Site Scripting Vulnerability in MoolaMojo WordPress Plugin (Versions up to 0.7.4.1) Reflected Cross-Site Scripting Vulnerability in WordPress InviteBox Plugin DBeaver Vulnerability: Improper Restriction of XML External Entity Reference Vulnerability: Restrictive Local File Inclusion in wp-publications WordPress Plugin Reflected Cross-Site Scripting Vulnerability in .htaccess Redirect WordPress Plugin Insecure Direct Object Reference (IDOR) Vulnerability in RSA Archer 6.x through 6.9 SP3 (6.9.3.0) Persistent Pending Intent Vulnerability in ONOS 2.5.1 Flow Rule Manipulation Vulnerability in ONOS 2.5.1 Glowworm Attack: Remote Recovery of Speech Signals from Winner Desktop Speakers Arbitrary File Upload and Remote Code Execution in Sitecore 10.1 OpenWhyd: Unauthorized Access Vulnerability IMAP Server Vulnerability: Accepting Untagged Responses Before STARTTLS in Alpine Exim STARTTLS Response Injection Vulnerability Vulnerability: Unauthenticated Creation of Folders in KDE Trojita 0.7 due to Insecure IMAP Response Handling SMTP STARTTLS Bypass Vulnerability in KDE KMail 19.12.3 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.5 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.5 via IMG alt Attribute Incorrect Access Control in OX App Suite Login API Call XSS Vulnerability in OX App Suite 7.10.5 via Truncated E-mail with Predictable UUID Information Exposure in OX App Suite 7.10.5: Modified By Response Name Disclosure Insecure Permissions in CFEngine Enterprise Hub: Local Information Disclosure Vulnerability Live555 through 1.08 MP3 Stream Huge Request DoS Vulnerability Use-After-Free Vulnerability in Live555 RTSP Server Use-After-Free Vulnerability in Live555 RTSP Server Use-After-Free Vulnerability in OwnTone Server's net_bind() Function Inconsistent Trailing Slash Handling in Serverless Offline 8.0.0 Leads to Misconfigured Access Control Batch-Signature Verification Vulnerability in Tor Versions 0.3.5.16, 0.4.5.10, and 0.4.6.7 (TROVE-2021-007) Buffer Overflow Vulnerability in Contiki 3.0 Telnet Service Silent Quit Vulnerability in Contiki 3.0 Telnet Server Central Dogma Privilege Escalation via Mirroring and Authorization File Manipulation Stack-Based Buffer Overflow in Advantech WebAccess Versions 9.02 and Prior: Remote Code Execution Vulnerability Out-of-Bounds Memory Read/Write Vulnerability in DPDK vhost Library Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie Version 1.7.5 and Prior Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie Version 1.7.5 and Prior Physical Access Vulnerability Allows Unauthorized Manipulation of Implantable Device Telemetry Region Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie Version 1.7.5 and Prior Physical Access Vulnerability: Reverse Engineering of Hardware Key Binary Remote Code Execution and Denial-of-Service Vulnerability in Honeywell Experion PKS Controllers Lack of Cryptographic Authenticity Check in Programmer Installation Utility Allows Unauthorized Software Installation via USB Unrestricted File Upload Vulnerability in Honeywell Experion PKS Controllers Unpatched Vulnerabilities in Off-the-Shelf Software Components Pose Physical Access Exploitation Risk Honeywell Experion PKS Controllers: Relative Path Traversal Vulnerability Remote Code Execution Vulnerability in Antilles Software Prior to Version 1.0.1 Physical Access Vulnerability in Boston Scientific Zoom Latitude Model 3120: Password Hash Extraction and Brute Force Attack Untrusted Pointer Dereference Vulnerability in Fuji Electric V-Server Lite and Tellus Lite V-Simulator Stack-based Buffer Overflow in Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) Cross-Site Scripting (XSS) Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Heap-based Buffer Overflow in Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) Memory Corruption Vulnerability in Datalogics APDFL Library Out-of-Bounds Write Vulnerability in Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) Cross-Site Scripting (XSS) Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Stack-based Buffer Overflow Vulnerability in Advantech WebAccess Versions 9.02 and Prior: Remote Code Execution Uninitialized Pointer Access Vulnerability in Fuji Electric V-Server Lite and Tellus Lite V-Simulator DLL Hijacking Vulnerability in AVEVA Software Platform Common Services (PCS) Portal Cross-Site Scripting (XSS) Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Unauthenticated Access and SNMP Manipulation Vulnerability in Digi PortServer TS 16 Rack Stack-Based Buffer Overflow in Fuji Electric V-Server Lite and Tellus Lite V-Simulator (v4.0.12.0 and earlier) Allows Code Execution Heap-Based Buffer Overflow in Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 DLL Hijacking Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Improper Access Control in VISAM VBASE version 11.6.0.6 Allows Unauthenticated Directory Listing Default HTTP Configuration in Delta Electronics DIALink Allows Unauthorized Information Access Out-of-Bounds Write Vulnerability in Fuji Electric V-Server Lite and Tellus Lite V-Simulator NLTK Vulnerability: Inefficient Regular Expression Complexity Default Permissions Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Out-of-Bounds Read Vulnerability in Fuji Electric V-Server Lite and Tellus Lite V-Simulator Cleartext Storage of Sensitive Information in Delta Electronics DIALink Application Buffer Overflow Vulnerability in GurumDDS Formula Injection Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Denial-of-Service and Information Exposure Vulnerability in eProsima Fast DDS versions prior to 2.4.0 Out-of-Bounds Write Vulnerability in FATEK Automation WinProladder Stack-based Buffer Overflow in RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 Cross-Site Scripting (XSS) Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Denial-of-Service and Information Exposure Vulnerability in OCI OpenDDS Versions Prior to 3.18.1 ThinkPad SMI Function EEPROM Access Vulnerability Stack-based Buffer Overflow in FATEK Automation WinProladder Versions 3.30 and Prior Information Disclosure Vulnerability in Advantech WebAccess SCADA Stack-based Buffer Overflow in FATEK Automation Communication Server Versions 1.13 and Prior Stack-based Buffer Overflow in RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 Arbitrary Code Execution Vulnerability in FATEK Automation WinProladder Buffer Overflow Vulnerability in RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 Memory-Corruption Vulnerability in FATEK Automation WinProladder Versions 3.30 and Prior Use After Free Vulnerability in FATEK Automation WinProladder Allows Arbitrary Code Execution Heap-Based Buffer Overflow Vulnerability in GurumDDS Insufficient Session Expiration in Rapid7 InsightVM Out-of-Bounds Read Vulnerability in FATEK Automation WinProladder Versions 3.30 and Prior Eclipse CycloneDDS XML Parser Write-What-Where Vulnerability Heap-Corruption Vulnerability in FATEK Automation WinProladder Versions 3.30 and Prior Arbitrary Value Write Vulnerability in Eclipse CycloneDDS XML Parser Remote Code Execution in OCI OpenDDS versions prior to 3.18.1 Denial-of-Service Vulnerability in OCI OpenDDS Versions Prior to 3.18.1 Code Injection Vulnerability Arbitrary Memory Rewrite Vulnerability External Control of File Name or Path Vulnerability in ws-scrcpy Code Injection Vulnerability Out-of-Bounds Data Read Vulnerability in CSC Protocol Path Traversal Vulnerability in Moxa MXview Network Management Software Versions 3.x to 3.2.2 Registry Manipulation Vulnerability in API Functions Path Traversal Vulnerability in Moxa MXview Network Management Software Versions 3.x to 3.2.2 Unvalidated Parameter Passing Vulnerability Hard-coded Password Vulnerability in Moxa MXview Network Management Software Unauthenticated Session Initiation Vulnerability Path Traversal Vulnerability in Moxa MXview Network Management Software Versions 3.x to 3.2.2 Network Capture Vulnerability: Unauthorized SYSDBA Authentication and Database Manipulation Unrestricted File Upload Vulnerability in firefly-iii Path Traversal Vulnerability in Moxa MXview Network Management Software Versions 3.x to 3.2.2 Hard-coded Blowfish Key Vulnerability Inefficient Password Policy in InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 Uncontrolled Resource Allocation Vulnerability Weak Encryption Vulnerability in InHand Networks IR615 Router Versions 2.3.0.r4724 and 2.3.0.r4870 Unlimited Resource Consumption Vulnerability in Golang Webinstaller Reflected Cross-Site Scripting Vulnerability in InHand Networks IR615 Router Versions 2.3.0.r4724 and 2.3.0.r4870 Use-After-Free Vulnerability in Specific Function Code Stored Cross-Site Scripting Vulnerability in InHand Networks IR615 Router Versions 2.3.0.r4724 and 2.3.0.r4870 Uncontrolled Search Path Vulnerability Privilege Escalation Vulnerability in Linux Kernel OverlayFS Subsystem Remote Command Injection Vulnerability in InHand Networks IR615 Router Versions 2.3.0.r4724 and 2.3.0.r4870 API Function Code Vulnerability: Unrestricted File Modification and Creation Missing X-FRAME-OPTIONS Header in InHand Networks IR615 Router's Management Portal Stack Overflow Vulnerability in Product's Code Base No Account Lockout Policy in InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 API Vulnerability: Privilege Escalation via Database Connection Authentication Process Response Enumeration Vulnerability API Function Codes Vulnerability: File Manipulation and Deletion Risk Remote Command Injection Vulnerability in InHand Networks IR615 Router Versions 2.3.0.r4724 and 2.3.0.r4870 Remote Code Execution via Manipulation of Raw Pointers in API Functions Arbitrary File Creation Privilege Escalation Vulnerability in Trend Micro Security Software Cross-Site Request Forgery (CSRF) Vulnerability in InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 Unsanitized JOB ID Input Allows SQL Injection in Scheduler Service Stored Cross-Site Scripting Vulnerability in InHand Networks IR615 Router's Website Privilege Escalation via Misconfigured Binaries Unauthenticated File Upload Vulnerability in InHand Networks IR615 Router Versions 2.3.0.r4724 and 2.3.0.r4870 Improper Input Validation in Restore File Allows for Arbitrary File Replacement Unauthenticated Self-Registration Vulnerability in InHand Networks IR615 Router's Cloud Portal Denial-of-Service and Information Exposure Vulnerability in RTI Connext DDS Cross-Site Scripting (XSS) Vulnerability in Delta Electronics DIALink Versions 1.2.4.0 and Prior Title: Lenovo Fan Power Controller2 and System Management Module Authentication Bypass Vulnerability XML Exponential Entity Expansion Vulnerability in Altova MobileTogether Server Mixed-Content Vulnerability in Firefox < 92: Inadequate Analysis of Opaque Origins Firefox 'mk' Scheme Vulnerability Allows Unprivileged Script Execution in Internet Explorer Memory Corruption Vulnerabilities in Firefox 91 and Firefox ESR 78.13 Memory Corruption Vulnerabilities in Firefox 91: Potential Arbitrary Code Execution Memory Corruption Vulnerabilities in Thunderbird 78.13.0 Memory Corruption and Exploitable Crash Vulnerability in Thunderbird and Firefox Cross-Origin Overlay Attack: User Confusion and Spoofing Vulnerability Use-after-free vulnerability during process shutdown in Firefox, Thunderbird, and Firefox ESR Memory Corruption Vulnerabilities in Firefox 92: Potential Arbitrary Code Execution GitHub Repository adodb/adodb Prior to 5.20.21 Authentication Bypass Vulnerability Memory Corruption Vulnerabilities in Firefox 92 and Firefox ESR 91.1 Memory Corruption Vulnerabilities in Firefox 92 and Firefox ESR 91.1 SMTP STARTTLS Security Bypass Vulnerability in Thunderbird IFrame Sandbox Bypass in XSLT Stylesheets Use-after-free vulnerability in HTML input element's file picker dialog with webkitdirectory (Firefox < 94, Thunderbird < 91.3, Firefox ESR < 91.3) Cloud Clipboard Data Leakage Vulnerability in Firefox Full-Screen Spoofing Vulnerability in Firefox, Thunderbird, and Firefox ESR Opportunistic Encryption Bypass in HTTP2 Form Validity Message Overlay Vulnerability Arbitrary Javascript Alert Dialog Overlay Vulnerability URL Redirection Vulnerability in firefly-iii Mac OS Flaw Allows Execution of Commands via .inetloc File Downloads Arbitrary Directory Creation via Symlink Traversal in TAR Extraction HTTP/1 Request Smuggling Vulnerability in actix-http Crate Authentication Bypass Vulnerability in Certain NETGEAR Devices Authentication Bypass Vulnerability in Multiple NETGEAR Devices Denial of Service Vulnerability in NETGEAR Routers Function Level Access Control Vulnerability in NETGEAR Devices Title: Out-of-Bounds Read and Write Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Authorization Bypass Vulnerability in Growi: User-Controlled Key Exploitation Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Stack-Based Buffer Overflow in NETGEAR R6400 Devices Stack-Based Buffer Overflow in NETGEAR R6400 Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in NETGEAR RAX35, RAX38, and RAX40 Routers Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Chaskiq Vulnerable to Cross-Site Scripting (XSS) Unauthenticated Command Injection Vulnerability in NETGEAR Devices Incorrect Configuration of Security Settings in Certain NETGEAR Devices Incorrect Configuration of Security Settings in NETGEAR WAC104 Devices (CVE-2021-XXXX) Stored XSS Vulnerability in NETGEAR RAX40 Devices (Versions before 1.0.3.64) Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Privilege Escalation Vulnerability in NETGEAR Devices SQL Injection Vulnerability in Useroam Hotspot Unauthenticated Access to Variable Import Endpoint in Apache Airflow >=2.0.0, <2.1.3 Buffering Attack Vulnerability in Apache James Glowworm Attack: Recovering Speech Signals from TP-Link UE330 USB Splitters Glowworm Attack: Recovering Speech Signals from Sony SRS-XB33 and SRS-XB43 Devices Glowworm Attack: Recovering Speech Signals from Raspberry Pi's Power Indicator LED Glowworm Attack: Recovering Sound Signals from CREATIVE Pebble Devices via Power Indicator LEDs Glowworm Attack: Recovering Sound Signals from Logitech Z120 and S120 Speakers via Power Indicator LEDs Glowworm Attack: Recovering Speech Signals from JBL Go 2 Devices via Power Indicator LEDs Glowworm Attack: Exploiting Speech Signal Recovery via USB Splitter's Power Indicator LED Command Injection Vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) Excessive Filesystem Permissions in HashiCorp Vault Integrated Storage (CVE-2021-3121) Vulnerability: Caching and Exposure of User-Viewed Secrets in HashiCorp Vault UI XML External Entity (XXE) Injection Vulnerability in Any23 StreamUtils.java Command Injection Vulnerability in RaspAP 2.6.6 Insecure Sudoers Permissions in RaspAP 2.6.6 Allow Command Execution as Root XSS Vulnerability in DigitalDruid HotelDruid 3.0.2: Exploiting fineperiodo1 Parameter in prenota.php Arbitrary File Disclosure Vulnerability in ClassLoaderTheme and ClasspathThemeResourceProviderFactory Reflected XSS Vulnerability in Ivanti Service Manager 2021.1 via appName Parameter Out-of-Bounds Read Vulnerability in golang.org/x/text/language Timing Attack Vulnerability in Best Practical Request Tracker (RT) Array Size Mismatch Vulnerability in Foxit PDF Reader and PDF Editor Out-of-Bounds Read Vulnerability in Foxit PDF Reader and PDF Editor Arbitrary File Writing Vulnerability in Foxit PDF Reader and PDF Editor Stack Consumption Vulnerability in Foxit PDF Reader and PDF Editor NULL Pointer Dereference Vulnerability in Foxit PDF Editor and PDF Reader on macOS (CNVD-C-2021-95204) Memory Corruption Vulnerability in Foxit Reader and PhantomPDF Stack Consumption Vulnerability in Foxit Reader and PhantomPDF Chaskiq Vulnerable to Cross-Site Scripting (XSS) Arbitrary File Deletion Vulnerability in Foxit Reader and PhantomPDF DLL Hijacking Vulnerability in Foxit Reader and PhantomPDF Arbitrary File Writing Vulnerability in Foxit Reader and PhantomPDF Arbitrary File Writing Vulnerability in Foxit Reader and PhantomPDF SQL Injection Vulnerability in Foxit Reader and PhantomPDF Remote Buffer Overflow Vulnerability in NetworkPkg/IScsiDxe Critical BIOS Bug: Platform Authorization Vulnerability Leads to TPM Bricking and System DoS Underflow Vulnerability in SmmEntryPoint CommBuffer Checks Snipe-IT Vulnerability: Cross-Site Request Forgery (CSRF) Reflected Cross-Site Scripting (XSS) Vulnerability in openBaraza HCM 3.1.6 XXE Vulnerability in WHM Locale Upload Feature (SEC-585) Unserialization Vulnerability in WHM Locale Upload Feature (SEC-585) Unsafe File Operations in cPanel's /scripts/cpan_config (SEC-589) Insecure Temporary File Creation in cPanel (SEC-586) Unverified Downloads Vulnerability in cPanel (SEC-587) File Overwriting Vulnerability in cPanel Scripts Undertow HTTP2 Client-Side Invocation Timeout Denial of Service Vulnerability Weak Permissions on cPanel Web Stats: Information Disclosure Vulnerability (SEC-584) LG Mobile Devices with Android OS P and Q Software NvRAM Content Misconfiguration Vulnerability Heap-Based Buffer Overflow in Wasm3 0.5.0's op_Const64 Function Out-of-Bounds Write Vulnerability in Qt 5.x and 6.x OCSP Verification Bypass Vulnerability in wolfSSL before 4.8.1 Hardware Address Impersonation Vulnerability in OpenStack Neutron Vulnerability: Silent Ignoring of Encryption Key in WAL-G Before 1.1 Blind SQL Injection Vulnerability in JFrog Artifactory (Enterprise+ deployments) PluXML 5.8.7 - Stored XSS Vulnerability in Article Editing Stored XSS vulnerability in PluXML 5.8.7 via Information field in core/admin/profil.php NULL Pointer Dereference in librt in GNU C Library (glibc) through 2.34 Predictable Directory Name Vulnerability in reNgine 0.5 Cross-Site Scripting (XSS) Vulnerability in Crocoblock JetEngine Plugin Privilege Escalation via Tranquil WAPT Enterprise's Incorrect Access Control Heap-based Buffer Overflow Vulnerability in RNDIS USB Device Class (CWE-122) in Zephyr versions >= v2.6.0 Command-Injection Vulnerability in NASCENT RemKon Device Manager 4.0.0.0 Image Upload Function Directory Traversal Vulnerability in NASCENT RemKon Device Manager 4.0.0.0 Allows Unauthorized File Access Remote Code Execution Vulnerability in NASCENT RemKon Device Manager 4.0.0.0 Image Upload Feature Heap-based Buffer Overflow in Unsupported Polipo Versions Unrestricted Access to SSO Configuration Endpoint in Eigen NLP 3.10.1 Unrestricted User Permissions Modification in Eigen NLP 3.10.1 Privilege Escalation via Unauthorized Super User Creation in Eigen NLP 3.10.1 Authentication Bypass Vulnerability in GFOS Workforce Management 4.8.272.1 Stored Cross-Site Scripting (XSS) Vulnerability in openBaraza HCM 3.1.6 Cross-site Scripting (XSS) Vulnerability in Icecoder File Ownership Mishandling in netless Agora Flat Server's remove API Denial of Service Vulnerability in TYPO3 Deferred Image Processing Extension Windows Key Storage Provider Security Bypass Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability WinSock Elevation of Privilege Vulnerability in Windows Ancillary Function Driver Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability: Exposing Sensitive Data Cross-site Scripting (XSS) Vulnerability in Snipe-IT Windows Event Tracing Privilege Escalation Vulnerability Exposed Secrets: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability BitLocker Security Feature Bypass: A Critical Vulnerability in Data Encryption Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Update Client Privilege Escalation Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Windows Storage Information Disclosure WinSock Elevation of Privilege Vulnerability Win32k Privilege Escalation Vulnerability SUID Binary Dumpable Flag Vulnerability Edge for Android Spoofing Vulnerability iOS Spoofing Vulnerability in Microsoft Edge MPEG-2 Video Extension Remote Code Execution Vulnerability OMI Elevation of Privilege Vulnerability Access Engine Remote Code Execution OMI Remote Code Execution Vulnerability OMI Elevation of Privilege Vulnerability OMI Elevation of Privilege Vulnerability Microsoft Office Spoofing Vulnerability SharePoint Server Spoofing Vulnerability SharePoint Server Spoofing Vulnerability Visio Remote Code Execution Vulnerability Visio Remote Code Execution Vulnerability Excel Remote Code Execution Word Remote Code Execution Vulnerability Microsoft Office Graphics Component Information Disclosure Office Graphics Remote Code Execution Vulnerability Office Graphics Remote Code Execution Vulnerability Stored Cross-site Scripting (XSS) in Zulip GitHub Repository Office Graphics Remote Code Execution Vulnerability HEVC Video Extensions RCE Vulnerability Fast FAT File System Driver Information Disclosure exFAT File System Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Remote Desktop Client RCE Vulnerability Print Spooler Privilege Escalation Vulnerability Edge Tampering Vulnerability Print Spooler Privilege Escalation Vulnerability Hyper-V Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in QTS, QuTS hero, and QuTScloud Image2PDF XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in QcalAgent Fixed in Versions 1.1.7 and Later Open Redirect Vulnerability in QcalAgent Improper Authentication Vulnerability in QNAP NAS Kazoo Server Cross-Site Scripting (XSS) Vulnerability in QNAP Kazoo Server Reflected Cross-Site Scripting (XSS) Vulnerability in QNAP NAS with Ragic Cloud DB Stack Buffer Overflow Vulnerability in QNAP QVR Elite, QVR Pro, and QVR Guard Stack Buffer Overflow Vulnerability in QNAP NAS Multimedia Console QNAP VioStor Command Injection Vulnerability Improper Authentication Vulnerability in QNAP VioStor Devices QNAP NAS Surveillance Station Stack Buffer Overflow Vulnerability Improper Authentication Vulnerability in Android App Qfile Stack Buffer Overflow Vulnerability in QNAP QVR Elite, QVR Pro, QVR Guard Improper Restriction of XML External Entity Reference in CoreNLP Stack Buffer Overflow Vulnerability in QNAP QVR Elite, QVR Pro, QVR Guard Stack Buffer Overflow Vulnerability in QNAP QVR Elite, QVR Pro, QVR Guard Stack Buffer Overflow Vulnerability in QNAP QVR Elite, QVR Pro, QVR Guard Path Traversal Vulnerability in QNAP Devices SQL Injection in SoftVibe SARABAN for INFOMA 1.1 Stored Cross-Site Scripting (XSS) Vulnerability in SoftVibe SARABAN for INFOMA 1.1 Incorrect Access Control in SoftVibe SARABAN for INFOMA 1.1 Allows Unauthorized Access to Signature Files Unauthenticated Unrestricted File Upload Vulnerability in SoftVibe SARABAN for INFOMA 1.1 Proxy Registration Vulnerability in HashiCorp Consul and Consul Enterprise 1.10.1 Cross-Site Scripting (XSS) Vulnerabilities in TastyIgniter 3.0.7 Cross-Site Scripting (XSS) Vulnerability in Motorola Solutions Avigilon Devices Cross-Site Scripting (XSS) Vulnerability in Cyberoam NetGenie C0101B1-20141120-NG11VO Devices Remote Code Execution via Unsanitised User Input in Arcadyan-derived Firmware Arbitrary JavaScript Injection and Session Token Theft in ClinicCases 7.3.3 Cross-Site Request Forgery (CSRF) Vulnerability in ClinicCases 7.3.3 Allows Creation of Secondary Administrator Account Blind SQL Injection Vulnerability in ClinicCases 7.3.3 messages_load.php Persistent Cross-Site Scripting (XSS) Vulnerability in ClinicCases 7.3.3 Allows Account Takeover via Session Token Theft Cross-Site Scripting (XSS) Vulnerability in ocProducts Composr CMS before 10.0.38 Cross-Site Scripting (XSS) Vulnerability in ocProducts Composr CMS before 10.0.38 Static (Persistent) XSS Vulnerability in Yclas 4.3.0: Exploiting SITE_NAME Parameter in install/view/form.php Information Leakage Vulnerability in gitit Export Feature Information Disclosure Vulnerability in OneNav 0.9.12 XSS Vulnerability in imgURL 2.31 via X-Forwarded-For HTTP Header Integer Overflow Vulnerability in ssgLoadTGA() Function in Plib Heap-based Buffer Overflow Vulnerability in Vim Critical CSRF Vulnerability Found in FUEL CMS 1.5.0 Login.php SQL Injection Vulnerability in FUEL CMS 1.5.0 via 'col' Parameter in /fuel/index.php/fuel/pages/items Brute Force Vulnerability in Fuel CMS 1.5.0 Login Controller SQL Injection Vulnerability in FUEL CMS 1.5.0 via 'col' Parameter in /fuel/index.php/fuel/logs/items Cross Site Scripting (XSS) Vulnerability in SEMCMS SHOP v 1.1 via Ant_M_Coup.php SQL Injection Vulnerability in SEMCMS SHOP v 1.1 via Ant_Plist.php SQL Injection Vulnerability in SEMCMS SHOP v 1.1 via Ant_Info.php SQL Injection Vulnerability in SEMCMS SHOP v1.1 via Ant_Zekou.php SQL Injection Vulnerability in SEMCMS SHOP v 1.1 via Ant_Message.php SQL Injection Vulnerability in SEMCMS SHOP v 1.1 via Ant_BlogCat.php SQL Injection Vulnerability in SEMCMS SHOP v 1.1 via Ant_Menu.php SQL Injection Vulnerability in SEMCMS Shop V 1.1 via Ant_Global.php SQL Injection Vulnerability in SEMCMS v 1.1 via Ant_Pro.php Unveiling the Path Traversal Vulnerability in BookStack Zero Click Code Injection Vulnerability in Chamilo LMS v1.11.14 via Crafted Plugin Heap-based Buffer Overflow Vulnerability in Vim HTTP Host Header Attack in ExponentCMS 2.6 and Below: Exploiting Arbitrary Link Modification Vulnerability Arbitrary Code Injection Vulnerability in Online Catering Reservation System Unrestricted File Upload Vulnerability in Simple Image Gallery Web App Allows Remote Code Execution SQL Injection Vulnerability in Hospital Management System: Exploiting Weak Input Validation in messearch.php Unauthenticated Doctor Entry Deletion Vulnerability in Hospital Management System Persistent XSS Vulnerability in Hospital Management System: Exploiting prescribe.php to Target Web Admin Persistent XSS Vulnerability in Hospital Management System: Exploiting Web Admin via contact.php Directory Traversal Vulnerability in Online Catering Reservation System 1.0 Default Password Vulnerability in Raspberry Pi OS Buffer Overflow Vulnerability in Tenda AC10-1200 v15.03.06.23_EN CoreNLP Vulnerability: Improper Restriction of XML External Entity Reference Out-of-Bound Write Vulnerability in Allwinner R818 SoC Android Q SDK V1.0 Camera Driver NULL Pointer Dereference Vulnerability in Allwinner R818 SoC Android Q SDK V1.0 NULL Pointer Dereference Vulnerability in Allwinner R818 SoC Android Q SDK V1.0 Camera Driver NULL Pointer Dereference Vulnerability in Allwinner R818 SoC Android Q SDK V1.0 Integer Overflow Vulnerability in Allwinner R818 SoC Android Q SDK V1.0 ION Driver Denial of Service Vulnerability in Allwinner R818 SoC Android Q SDK V1.0 Background Service Incorrect Access Control Vulnerability in Allwinner R818 SoC Android Q SDK V1.0 Allows Unauthorized System Settings Modification Cross-site Scripting (XSS) Vulnerability in Snipe-IT Out-of-bounds Read Vulnerability in libmobi SQL Injection Vulnerability in Simple Image Gallery System 1.0 via id Parameter on Album Page Insecure Session Cookie Handling in LedgerSMB Stored Cross Site Scripting Vulnerability in IceHrm 30.0.0.OS: Arbitrary Execution of JavaScript Commands via Malicious File Upload Session Hijacking Vulnerability in IceHrm 30.0.0 OS Website Account Takeover Vulnerability in Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 Vulnerability: Plain-Text Traffic Sniffing in Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 SQL Injection Vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 Remote Code Execution in easy-mock v1.5.0-v1.6.0 SQL Injection Vulnerability in Simple Water Refilling Station Management System 1.0 via Login.php Remote Code Execution in Simple Water Refilling Station Management System 1.0 via System Logo Option Arbitrary File Upload Vulnerability in S-Cart v6.4.1 and Below Information Disclosure Vulnerability in IBM Security Verify Privilege On-Premises 11.5 Weak Cryptographic Algorithms in IBM Data Risk Manager (iDNA) 2.0.6: A Potential Decryption Vulnerability Clear Text Storage of User Credentials in IBM Security Verify Bridge 1.0.5.0 Improper Certificate Validation in IBM Security Verify Bridge 1.0.5.0 Allows Unauthorized Access to Sensitive Information Cross-Site Request Forgery Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises (All Versions) Idle Timeout Bypass Vulnerability in IBM QRadar SIEM 7.3, 7.4, and 7.5 Stored Cross-Site Scripting Vulnerability in IBM Aspera Cloud Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 Denial of Service Vulnerability in IBM DataPower Gateway 10.0.2.0 - 2018.4.1.17 CSV Injection Vulnerability in IBM Planning Analytics 2.0 Cross-Tenant and Domain Information Leakage in IBM QRadar SIEM 7.3, 7.4, and 7.5 Denial of Service Vulnerability in IBM MQ 8.0 and 9.x Cross-Site Scripting (XSS) Vulnerability in IBM i 7.2, 7.3, and 7.4 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management 1.1.3.10 Impersonation Vulnerability in IBM QRadar 7.3, 7.4, and 7.5 IBM Jazz Team Server Information Disclosure Vulnerability Out-of-range Pointer Offset Vulnerability in libmobi Privileged Admin Exploit: Filesystem Audit Logging Destruction in IBM Spectrum Scale Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager Cross-Site Request Forgery Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 Sensitive Information Disclosure in IBM InfoSphere Information Server 11.7 Out-of-range Pointer Offset Vulnerability in libmobi Inadequate Account Lockout Setting in IBM Sterling Connect:Direct Web Services 1.0 and 6.0 Weak Cryptographic Algorithms in IBM Sterling Connect:Direct Web Services 1.0 and 6.0 Stored Cross-Site Scripting Vulnerability in IBM Business Process Manager and IBM Business Automation Workflow Sensitive Information Disclosure in IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar Advisor 2.5 through 2.6.1 Local Privilege Escalation Vulnerability in IBM Cloud Pak for Data 2.5 (IBM X-Force ID: 209575) Improper Access Controls in IBM Business Process Manager and IBM Business Automation Workflow Local User Information Disclosure Vulnerability in IBM Spectrum Protect Operations Center 7.1 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 Credential Leakage via Incorrect Autocomplete Settings in IBM Cognos Analytics Unauthorized Access to Report Pages in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 Improper Input Validation in IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 Allows Remote Security Bypass Clear Text Storage of User Credentials in IBM Security Risk Manager on CP4S 1.7.0.0 Vulnerability: Plain Text Storage of User Credentials in IBM Data Risk Manager 2.0.6 Arbitrary Memory Access Vulnerability in IBM PowerVM Hypervisor FW860, FW940, and FW950 IBM PowerVM Hypervisor Isolation Violation Vulnerability Unauthorized Disclosure of Authorized Service Tokens in IBM QRadar SIEM Weak Cryptographic Algorithms in IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0: High-Risk Information Decryption Vulnerability IBM PowerVM Hypervisor FW1010 Duplicate WWPN Vulnerability Sensitive Information Disclosure in IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 Weak Cryptographic Algorithms in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 Privilege Escalation in IBM Db2 for Linux, UNIX and Windows Cross-Site Scripting (XSS) Vulnerability in IBM Aspera Console 3.4.0 CORS Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 Unpublished URL Information Disclosure Vulnerability in IBM System Storage DS8000 Management Console (HMC) Unpublished URL Information Disclosure Vulnerability in IBM System Storage DS8000 Management Console IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 Information Disclosure Vulnerability Weak Cryptographic Algorithms in IBM Sterling Connect:Direct for UNIX 1.5 Allow Decryption of Highly Sensitive Information Cross-Site Scripting (XSS) Vulnerability in IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 Weak Password Policy in IBM Maximo Asset Management 7.6.1.2 Privileged User Information Disclosure in IBM QRadar SIEM 7.3, 7.4, and 7.5 IBM PowerVM Hypervisor FW940, FW950, and FW1010 Denial of Service Vulnerability CVE-2021-38938 Sensitive Information Exposure in IBM QRadar SIEM Log Files Privileged Container Vulnerability in IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 HTTP Header Injection Vulnerability in IBM DataPower Gateway Arbitrary File Upload Vulnerability in IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 Weak Cryptographic Algorithms in IBM Spectrum Copy Data Management 2.2.13 and Earlier: A Potential Decryption Vulnerability XML External Entity Injection (XXE) Vulnerability in IBM InfoSphere Information Server 11.7 Clear Text Storage of User Credentials in IBM MQ Versions 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS Privilege Escalation Vulnerability in IBM MQ on HPE NonStop 8.0.4 and 8.1.0 Denial of Service Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Information Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition File Creation Vulnerability in IBM AIX and VIOS Audit Commands Sensitive Version Information Disclosure in IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 Hazardous Input Validation in IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 QR Code Generation IBM MQ Appliance 9.2 CD and 9.2 LTS Denial of Service Vulnerability Arbitrary File Write Vulnerability in IBM SPSS Statistics for Windows Unauthenticated Information Disclosure in IBM OPENBMC OP920, OP930, and OP940 Cross-Site Scripting (XSS) Vulnerability in IBM OPENBMC OP910 Arbitrary Command Execution Vulnerability in IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Automation 21.0.2 Local Privilege Escalation Vulnerability in IBM MQ Appliance 9.2 CD and 9.2 LTS Unauthorized Access Vulnerability in IBM Spectrum Virtualize 8.2, 8.3, and 8.4 Title: Authentication Bypass Vulnerability in Lenovo Fan Power Controller2 and System Management Module Firmware Data Masking Bypass Vulnerability in IBM Data Virtualization on Cloud Pak for Data Input Validation Vulnerability in IBM Tivoli Key Lifecycle Manager Input Validation Vulnerability in IBM Tivoli Key Lifecycle Manager Denial of Service Vulnerability in IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability in IBM Tivoli Key Lifecycle Manager Clear Text Storage of User Credentials in IBM Tivoli Key Lifecycle Manager Insecure Cookie Handling in IBM Tivoli Key Lifecycle Manager HTTP Strict Transport Security Bypass in IBM Tivoli Key Lifecycle Manager Lack of Salt in Cryptographic Hashing in IBM Tivoli Key Lifecycle Manager Insecure Server Certificate Verification in Motorola Ready For and Motorola Device Help Android Applications Sensitive Information Disclosure in IBM Tivoli Key Lifecycle Manager Sensitive Information Disclosure Vulnerability in IBM Tivoli Key Lifecycle Manager Cross-Site Scripting Vulnerability in IBM Tivoli Key Lifecycle Manager Weak Cryptographic Algorithms in IBM Tivoli Key Lifecycle Manager: Decrypting Sensitive Information Vulnerability Weak Cryptographic Algorithms in IBM Tivoli Key Lifecycle Manager: Vulnerability Disclosure Input Validation Vulnerability in IBM Tivoli Key Lifecycle Manager Session Invalidation Vulnerability in IBM MQ Appliance 9.2 CD and 9.2 LTS AIX Kernel Denial of Service Vulnerability AIX Kernel Denial of Service Vulnerability Local Privilege Escalation Vulnerability in IBM AIX, VIOS, and mount Command Vulnerability in lscore Command Allows Code Execution on IBM AIX and VIOS Denial of Service Vulnerability in IBM AIX and VIOS AIX Kernel Denial of Service Vulnerability AIX Kernel Denial of Service Vulnerability AIX Kernel Denial of Service Vulnerability HTTP Header Injection Vulnerability in IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 Sensitive Information Disclosure in IBM MQ Appliance through Trace Inclusion CSRF Vulnerability in firefly-iii: Exploiting Cross-Site Request Forgery Sensitive Information Disclosure in IBM MQ Appliance 9.2 CD and 9.2 LTS Weak Cryptographic Algorithms in IBM DB2 for Linux, UNIX and Windows Missing Best Practices in IBM QRadar WinCollect Agent 10.0 and 10.0.1: Vulnerability Exposes Sensitive Information Privileged User Information Disclosure Vulnerability in IBM QRadar WinCollect Agent Clear Text Storage of User Credentials in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 CSRF Vulnerability in firefly-iii: Cross-Site Request Forgery (CSRF) Sensitive Information Exposure in IBM Cloud Pak for Security (CP4S) Log Files Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) Stored Cross-Site Scripting Vulnerability in IBM Cloud Object System 3.15.8.97 Cross-Site Scripting Vulnerability in IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 Network Traffic Volume Exceedance Vulnerability in IBM Engineering Lifecycle Optimization - Publishing Arbitrary File Upload Vulnerability in IBM Engineering Lifecycle Optimization - Publishing SQL Error Message Disclosure Vulnerability in IBM Engineering Lifecycle Optimization - Publishing Information Disclosure Vulnerability in IBM Engineering Lifecycle Optimization - Publishing Sensitive Information Disclosure in IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower Username Enumeration Vulnerability in IBM Guardium Data Encryption (GDE) 5.0.0.2 Command Injection in IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 via CSV File Sensitive Information Disclosure in IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 Information Disclosure Vulnerability in IBM Guardium Data Encryption (GDE) Improper HTTP Strict Transport Security Configuration in IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 Improper Data Encoding in IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 HTTP Header Injection Vulnerability in IBM Engineering Lifecycle Optimization - Publishing Heap-based Buffer Overflow Vulnerability in Vim LDAP Injection Vulnerability in IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 Local User Information Disclosure Vulnerability in IBM Sterling Gentran:Server for Microsoft Windows 5.3 Sensitive Information Disclosure in IBM Sterling B2B Integrator Denial of Service Vulnerability in IBM MQ 9.1 LTS Channel Process (IBM X-Force ID: 213964) Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.1 and 11.2 Clickjacking Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Cross-site Scripting (XSS) Vulnerability in Grav Unvalidated File Upload Vulnerability in IBM Planning Analytics Workspace 2.0 Partial Denial of Service Vulnerability in IBM QRadar SIEM 7.3, 7.4, and 7.5 Stored Cross-Site Scripting Vulnerability in IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 Cross-Site Request Forgery Vulnerability in IBM Financial Transaction Manager 3.2.4 Information Disclosure Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Clear Text Storage of User Credentials in IBM Business Automation Workflow and IBM Business Process Manager Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics and IBM Cognos Analytics Stack Based Buffer Overflow in IBM Spectrum Protect Client 7.1 and 8.1 Stack-based Buffer Overflow in IBM i2 Analyst's Notebook 9.2.x Open vSwitch (OVS) Memory Leak Vulnerability in Userspace IP Fragmentation Processing Stack-based Buffer Overflow in IBM i2 Analyst's Notebook 9.2.x Server-Side Request Forgery in IBM Spectrum Copy Data Management Unauthorized Access to IBM Spectrum Copy Data Management Spring Boot Console Improper Handling of Requests in IBM Spectrum Copy Data Management Admin Console Allows for Information Disclosure Remote Click Hijacking Vulnerability in IBM Spectrum Copy Data Management Cross-Site Scripting (XSS) Vulnerability in IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 IBM i EDRSQL Remote Denial of Service Vulnerability IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x Server-Side Request Forgery (SSRF) Vulnerability Weak Cryptographic Algorithms in IBM Spectrum Copy Data Management 2.2.13 and Earlier: High-Risk Data Decryption Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Foundation File Upload Vulnerability in BookStack: Unrestricted Upload of Dangerous File Types Misconfigured CORS in IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x allows for privileged actions and sensitive information retrieval Weak Authentication and Password Rules in IBM Spectrum Copy Data Management 2.2.13 and Earlier Arbitrary Command Execution Vulnerability in IBM Spectrum Copy Data Management Session Hijacking Vulnerability in IBM Financial Transaction Manager 3.2.4 Cross-Site Scripting (XSS) Vulnerability in IBM Curam Social Program Management 8.0.1 and 7.0.11 Remote Code Execution Vulnerability in OctoRPKI Authentication Bypass Vulnerability in IBM Security Verify Access 10.0.0.0, 10.0.1.0, and 10.0.2.0 IBM Security Guardium 11.3 HTTP Strict Transport Security Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.4 Weak Cryptographic Algorithms in IBM Security Guardium 10.5 and 11.3: Vulnerability Disclosure IBM Security Guardium Local Privileged User Credential Exposure Vulnerability Vulnerability: Plain Text Storage of User Credentials in IBM Security Guardium 10.5 Cross-Site Scripting Vulnerability in IBM Cognos Analytics Mobile for Android (Version 1.1.14 and below) Unbounded Certificate Chain Depth Vulnerability Weak Obfuscation in IBM Cognos Analytics Mobile for Android Allows Code Reverse Engineering Weak Cryptographic Algorithms in IBM UrbanCode Deploy (UCD) 7.1.1.2: A Potential Threat to Sensitive Data SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.x.x.x Sensitive Information Disclosure in IBM Sterling File Gateway Improper Permission Controls in IBM Sterling B2B Integrator Standard Edition Local Privilege Escalation Vulnerability in IBM QRadar SIEM 7.3, 7.4, and 7.5 Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 OctoRPKI Vulnerability: Slowloris Denial of Service (DoS) Attack CVE-2021-39090 Invalid ROA Response Causes OctoRPKI to Crash Path Traversal Vulnerability in renderWidgetResource Resource of Atlasian Atlasboard OctoRPKI Vulnerability: Crash due to ROA Returning Excessive Bits for IP Address Cross-Site Scripting (XSS) vulnerability in Atlassian Jira Server and Data Center Editor Plugin Reverse Tabnapping Vulnerability in Atlassian Jira Server and Data Center's Project Shortcuts Feature Broken Access Control Vulnerability in Atlassian Jira Server and Data Center Arbitrary Code Execution Vulnerability in Atlassian Confluence Server and Data Center Server_Side Template Injection vulnerability in Atlassian Jira Service Management Server and Data Center Denial of Service (DoS) Vulnerability in Atlassian Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in AssociateFieldToScreens Page in Atlassian Jira Server and Data Center User Enumeration Vulnerability in Atlassian Jira Server and Data Center Broken Access Control in Atlassian Jira Server and Data Center allows unauthorized issue notifications Memory Exhaustion Vulnerability in OctoRPKI Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Denial of Service (DoS) Vulnerability in Atlassian Jira Server and Data Center (CVE-2021-26084) CSRF Failure Retry Vulnerability in Atlassian Jira Server and Data Center User Enumeration Vulnerability in Atlassian Jira Server and Data Center CSRF Vulnerability in Atlassian Jira Server and Data Center Broken Access Control vulnerability in Atlassian Jira Server and Data Center allows anonymous remote attackers to access JQL endpoint Server-side Template Injection Vulnerability in Atlassian Jira Service Management Email Template Feature Vulnerability: Crash in ced v0.1.0 when passing non-Buffer data types Rundeck Untrusted Code Execution Vulnerability CSRF Vulnerability in Rundeck Allows Execution of Untrusted Code Arbitrary File Write Vulnerability in @npmcli/arborist Arbitrary File Write Vulnerability in @npmcli/arborist Cross-Site Scripting Vulnerability in baserCMS File Upload Function Consensus Vulnerability in go-ethereum (Geth) Leading to Chain Split Improper Session Classification in Parse Server's Anonymous Signup Arbitrary Code Execution Vulnerability in XStream Cross-Site Scripting Vulnerability in SmallRye Health Metrics UI Component Denial of Service Vulnerability in XStream Library Arbitrary Code Execution Vulnerability in XStream Path Traversal Vulnerability in Spinnaker's AppEngine TAR File Deployment Remote Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream File Upload Vulnerability in BookStack: Unrestricted Upload of Dangerous File Types Remote Data Request Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Remote Data Request Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Arbitrary Code Execution Vulnerability in XStream Istio Authorization Bypass Vulnerability due to Case Sensitivity Istio URI Path Bypass Vulnerability Crash vulnerability in detect-character-encoding v0.6.0 and earlier Vulnerability: Malicious Files Injection in NVCaffe's Python Dependencies Remote Code Execution Vulnerability in BinderHub Unveiling the Path Traversal Vulnerability in BookStack Arbitrary Code Execution Vulnerability in nbgitpuller Cross-site Scripting (XSS) Vulnerability in Discourse Category Names Abnormal Termination Vulnerability in Pomerium Proxy Unauthorised Access to Room Information in Matrix Ecosystem Unauthorised Access to Room Membership in Matrix Ecosystem SQL Injection Vulnerability in Cachet 2.3.18 and Earlier XSS Vulnerability in Pimcore Prior to Version 10.1.2 Privilege Escalation Vulnerability in OpenZepplin's TimelockController Privilege Escalation Vulnerability in OpenZepplin's TimelockController Cross-Site Scripting (XSS) Vulnerability in Misskey versions prior to 12.51.0 World-readable access permissions in coreos-installer allow local attackers to compromise data confidentiality Cross-Site Scripting (XSS) Vulnerability in Pimcore Prior to Version 10.1.2 Denial-of-Service Vulnerability in Passport-SAML Prior to Version 3.1.0 Arbitrary Code Execution via New Line Injection in Cachet Configuration Edition Arbitrary Code Execution Vulnerability in Cachet Information Leakage in Cachet Status Page System (CVE-2021-XXXX) Arbitrary JavaScript Injection in HedgeDoc Slide-Mode Speaker Notes Memory Leak in detect-character-encoding v0.3.0 and earlier Geyser 1.4.2-SNAPSHOT Vulnerability: Impersonation via Manipulated JWT Token Cross-Site Scripting (XSS) Vulnerability in Next.js 10.0.0 - 11.0.0 SQL Injection Vulnerability in DHIS2 Tracker Component Prototype Pollution Vulnerability in json-schema Path Traversal and File Overwrite Vulnerability in OpenOLAT LMS Arbitrary Code Execution Vulnerability in OpenOlat Learning Management System Insecure MD5 Hashing Vulnerability in EnroCrypt Remote Code Execution via Inline Scripts in Owncast Arbitrary File Thumbnail Retrieval Vulnerability in Electron Origin Reflection and Null Origin Vulnerability in http4s Stored XSS Vulnerability in GlobalNewFiles MediaWiki Extension Vulnerability: Parse Server Crash Due to Invalid Value in `explain` Option Username Enumeration Vulnerability in Pimcore Versions Prior to 10.1.3 OMEN Gaming Hub and HP Command Center Vulnerability: Privilege Escalation and Denial of Service Risk Publicly Accessible Read-Only Configuration Page in SCCM Plugin for GLPI (Versions Prior to 2.3.0) Open Redirect Vulnerability in mod_auth_openidc Privilege Escalation Vulnerability in Ghost CMS Allows Unauthorized Access to Admin-Level API Keys Bug in `pallet-ethereum` allows inclusion of invalid transactions in Ethereum block state Denial of Service Vulnerability in kaml's Polymorphic Serialization Server-Side Request Forgery Vulnerability in Misskey's Upload from URL and Remote Attachment Handling Unprivileged User Packet Capture and Download Vulnerability in pcapture Cross-origin vulnerability in better_errors prior to 2.8.0 allows for CSRF attacks CSRF Vulnerability in OroCRM Allows Lead Disqualification Unsanitized User Input in remark-html Library Leads to XSS Vulnerability Cross-site Scripting (XSS) vulnerability in grav-plugin-admin WordPress wp_die() Function Data Leakage Vulnerability XSS Vulnerability in WordPress Editor for Low-Privileged Users Stored XSS Vulnerability in WordPress 5.8 Beta 1 Custom HTML Widget Bypassing Restrictions in WordPress Block Editor for Authenticated Users HTTP/2 Stream Reset Vulnerability in Pomerium Client-side Cross-Site Scripting Vulnerability in Jitsi Meet Versions Prior to 2.0.6173 Vulnerability: Authorization Bypass and Routing Misconfiguration in Pomerium YAML Deserialization Attack in ParlAI Framework (CVE-2021-XXXX) Partial Path Traversal Vulnerability in SharpCompress (Versions prior to 0.29.0) CSRF Bypass Vulnerability in GLPI Versions Prior to 9.5.6 CSRF Vulnerability in firefly-iii: Cross-Site Request Forgery (CSRF) Vulnerability: Cookie Accessible by Scripts in GLPI Versions Prior to 9.5.6 Information Disclosure Vulnerability in GLPI Telemetry Endpoint Postscript File Vulnerability in ImageMagick API Bypass with Custom Header Injection in GLPI HTTP Request Smuggling Vulnerability in mitmproxy 7.0.2 and below Authorization Bypass Vulnerability in Jitsi Meet Use-after-free vulnerability in Wasmtime when passing externrefs from host to guest Wasm content Arbitrary Command Execution Vulnerability in OpenMage LTS Memory Unsoundness Vulnerability in Wasmtime 0.26.0 - 0.30.0: Invalid Free and Out-of-Bounds Read/Write with Externrefs Type Confusion Vulnerability in Wasmtime's Linker::func_* APIs Race Condition Vulnerability in Lenovo System Interface Foundation's IMController Nextcloud Mail Application Image Rendering Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Nextcloud Contacts Application Stored Cross-Site Scripting (XSS) Vulnerability in Nextcloud Talk Application Path Disclosure Vulnerability in Nextcloud Richdocuments Application Full Path Disclosure Vulnerability in Nextcloud OfficeOnline Application Missing Permission Check in Nextcloud Deck Allows Unauthorized Access to User Cards Unauthenticated Snapshot Data Exposure and Deletion in Grafana Prototype Pollution in ZRender's `merge` and `clone` Helper Methods Memory Safety Issue in Tremor Event Processing System Denial of Service Vulnerability in Apprise IFTTT Plugin Privileged Local Account Information Leak in Linux Kernel's RDMA over Infiniband Implementation JPNS Kernel Discontinuation: Urgent Update to Trinity Kernel Required Apache Ozone Server-to-Server RPC Endpoint Data Exposure and Ratis Replication Configuration Modification Vulnerability Privilege Escalation in Apache Ozone SCM Commands Unauthenticated Container Access in Apache Ozone Datanode Block Access Bypass Vulnerability in Apache Ozone Apache Ozone Datanode Access Mode Parameter Vulnerability User Impersonation Vulnerability in Apache Ozone Potential Information Disclosure Vulnerability in HP Printers Buffer Overflow Vulnerability in HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, and HP PageWide Managed Printers XML External Entity (XXE) Vulnerability in Apache Jena: Exposing Local File Contents Path Traversal Vulnerability in Grav CMS Improper URI Validation in HAProxy HTTP Method Name Space Vulnerability HTTP Host Header Mismatch Vulnerability in HAProxy CSRF Vulnerability on Altus Nexto, Nexto Xpress, and Hadron Xtorm Devices Authenticated Semi-Blind Command Injection via getlogs.cgi tcpdump feature on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices Hardcoded .htaccess Credentials Vulnerability in Altus Nexto, Nexto Xpress, and Hadron Xtorm Devices Correlation Attack Vulnerability in Tor Browser: Compromising Privacy of v2 Onion Addresses Buffer Over-read Vulnerability in Zint Barcode Generator XSS Vulnerability in Open edX Lilac.1: Exploiting LaTeX Content in Discussions Predictable Filename Brute-Force XSS Vulnerability in Invision Community Stored XSS and Code Execution via Uploaded File in Invision Community NTFS-3G < 2021.8.22: Crafted NTFS Image NULL Pointer Dereference Vulnerability Crafted NTFS Image Out-of-Bounds Read Vulnerability in NTFS-3G Out-of-Bounds Read Vulnerability in NTFS-3G < 2021.8.22 Heap-based Buffer Overflow in NTFS-3G < 2021.8.22 due to Integer Overflow in memmove NTFS-3G Out-of-Bounds Read Vulnerability in Crafted NTFS Image Heap-Based Buffer Overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22 via Crafted NTFS Image Stack Consumption Vulnerability in NTFS-3G < 2021.8.22 via Crafted NTFS Image Out-of-Bounds Read Vulnerability in NTFS-3G < 2021.8.22 Unsanitized Attribute Length Vulnerability in NTFS-3G < 2021.8.22 Out-of-Bounds Access Vulnerability in NTFS-3G < 2021.8.22 via Crafted NTFS Image Heap-based Buffer Overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22 via Crafted NTFS Image Crafted NTFS Image Triggers Out-of-Bounds Access in NTFS-3G < 2021.8.22 Heap-based Buffer Overflow in NTFS-3G < 2021.8.22 Caused by Crafted NTFS Image Arbitrary JavaScript Execution via Content-Type Filter Bypass in SuiteCRM Persistent Cross-Site Scripting (XSS) via Malicious SVG Files in SuiteCRM before 7.11.19 Heap-based Buffer Overflow Vulnerability in Vim User Impersonation Vulnerability in Ping Identity RSA SecurID Integration Kit before 3.2 Authenticated Remote Code Execution in OrbiTeam BSCW Classic before 7.4.3 via Python Code Injection in .bscw File Class Attribute STARTTLS Session Encryption Bypass in Fetchmail Insecure Permissions in XeroSecurity Sn1per 9.0: Arbitrary Code Execution with Root Privileges Insecure Directory Permissions in XeroSecurity Sn1per 9.0 Allow Arbitrary Code Execution with Root Privileges Buffer Overflow Vulnerability in ap_escape_quotes() Function in Apache HTTP Server 2.4.48 and Earlier Reflected XSS Vulnerability in MOXA Devices via Config Import Menu Authenticated Command Injection Vulnerability in Certain MOXA Devices via /forms/web_importTFTP Vulnerability: Uninitialized Variable Usage in Vim Arbitrary Code Execution Vulnerability in Korenix JetWave Devices Memory Leak in Live555 AC3AudioStreamParser for AC3 Files Assertion Failure and Application Exit Vulnerability in Live555 through 1.08 XSS Vulnerability in Versa Director Release 16.1R2 Build S8: Exploiting the Administration Web Interface URL Cross-Site Scripting (XSS) Vulnerability in Webrecorder pywb before 2.6.0 Insecure Password Handling in NetModule Devices: Firmware Versions 4.3.0.113, 4.4.0.111, and 4.5.0.105 Affected NVME Controller Emulation DMA Reentrancy Vulnerability Limited Session Fixation Vulnerability in NetModule Devices NetModule Devices CLI-PHP Credential Injection Vulnerability Archive Header Denial of Service Vulnerability Crafted IPMI Messages Vulnerability in OpenBMC 2.9 Allows Denial of Service via netipmid Interface OpenBMC 2.9 Vulnerability: Authentication Bypass and System Takeover via Crafted IPMI Messages Critical UEFI Firmware Vulnerabilities: Privilege Escalation and Code Execution Risks AMD System Management Mode (SMM) Vulnerability: Arbitrary Code Execution via UEFI Firmware Bypass Critical UEFI Firmware Vulnerabilities: Privilege Escalation and Code Execution Risks Off-by-one error in QEMU SCSI Device Emulation Allows Denial of Service Critical UEFI Firmware Vulnerabilities: Privilege Escalation and Code Execution Risks Critical UEFI Firmware Vulnerabilities: Privilege Escalation and Code Execution Risks SQL Injection Vulnerability in MISP 2.4.148 via app/Model/Log.php $conditions['org'] SSRF Vulnerability in Jamf Pro 10.32.0 (PI-006352) Security Control Bypass Vulnerability in Proofpoint Enterprise Protection Stack Buffer Overflow Vulnerability in Realtek RTL8195AM Device Arbitrary JavaScript Code Execution via Hyperlinks in PDFTron's WebViewer UI 8.0 or Below Reflected Cross-Site Scripting Vulnerability in WooCommerce myghpay Payment Gateway WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Parsian Bank Gateway for Woocommerce WordPress Plugin Snipe-IT Vulnerability: Cross-Site Request Forgery (CSRF) Reflected Cross-Site Scripting Vulnerability in Real WYSIWYG WordPress Plugin (Versions up to 0.0.2) Reflected Cross-Site Scripting Vulnerability in Link-List-Manager WordPress Plugin Arbitrary File Access Vulnerability in True Ranker Plugin for WordPress Reflected Cross-Site Scripting Vulnerability in Simple Image Gallery WordPress Plugin (Versions up to 1.0.6) Reflected Cross-Site Scripting Vulnerability in WooCommerce EnvioPack WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Magic Post Voice WordPress Plugin (Versions up to 1.2) Arbitrary File Download Vulnerability in Zoomsounds Plugin for WordPress Vulnerability: File Upload Vulnerability in AccessPress Themes and Plugin Reflected Cross-Site Scripting Vulnerability in H5P CSS Editor WordPress Plugin Reflected Cross-Site Scripting Vulnerability in duoFAQ WordPress Plugin (Versions up to 1.4.8) Twill: Critical Cross-Site Request Forgery (CSRF) Vulnerability Discovered Reflected Cross-Site Scripting Vulnerability in underConstruction Plugin for WordPress PHP Object Injection Vulnerability in Sassy Social Share WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Easy Social Icons Plugin for WordPress Reflected Cross-Site Scripting Vulnerability in OptinMonster WordPress Plugin (Versions up to 2.6.0) Vulnerability: Sensitive Information Disclosure in BulletProof Security WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Job Board WordPress Plugin (Versions up to 2.9.4) Stored Cross-Site Scripting Vulnerability in JobBoardWP WordPress Plugin (Versions up to 1.0.7) OpenEXR Integer Overflow Vulnerability Stored Cross-Site Scripting Vulnerability in Business Manager WordPress Plugin (Versions up to 1.4.5) Vulnerability: Insecure Nonce Handling in Hashthemes Demo Importer Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Job Board Vanila WordPress Plugin Stored Cross-Site Scripting Vulnerability in WpGenius Job Listing WordPress Plugin Stored Cross-Site Scripting Vulnerability in Job Manager WordPress Plugin Stored Cross-Site Scripting Vulnerability in Job-Portal WordPress Plugin Stored Cross-Site Scripting Vulnerability in MyBB Cross-Poster WordPress Plugin Open Proxy and Server-Side Request Forgery Vulnerability in Telefication WordPress Plugin (Versions up to 1.8.0) Vulnerability: Improper Neutralization of Special Elements in OS Command (ohmyzsh) Stored Cross-Site Scripting Vulnerability in Notification WordPress Plugin Vulnerability: Sensitive Information Disclosure and Unauthorized Setting Updates in OptinMonster WordPress Plugin Credova_Financial WordPress Plugin: Plaintext Disclosure of API Account Credentials Stored Cross-Site Scripting Vulnerability in MPL-Publisher WordPress Plugin Stored Cross-Site Scripting Vulnerability in KJM Admin Notices WordPress Plugin Stored Cross-Site Scripting Vulnerability in HAL WordPress Plugin (Versions up to 2.1.1) Stored Cross-Site Scripting Vulnerability in Google Maps Easy WordPress Plugin Unauthenticated Account Takeover in Stripe for WooCommerce WordPress Plugin Stored Cross-Site Scripting Vulnerability in LearnPress WordPress Plugin (Versions up to 4.1.3.1) Stored Cross-Site Scripting Vulnerability in Author Bio Box WordPress Plugin Arbitrary SQL Injection in PgBouncer with cert Authentication Reflected Cross-Site Scripting Vulnerability in FV Flowplayer Video Player WordPress Plugin Authenticated SQL Injection in WP Bannerize WordPress Plugin Arbitrary File Upload Vulnerability in Catch Themes Demo Import WordPress Plugin Cross-Site Request Forgery Vulnerability in Easy Registration Forms WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Easy Digital Downloads WordPress Plugin Stored Cross-Site Scripting Vulnerability in Indeed Job Importer WordPress Plugin Stored Cross-Site Scripting Vulnerability in Content Staging WordPress Plugin Stored Cross-Site Scripting Vulnerability in Leaky Paywall WordPress Plugin (Versions up to 4.16.5) Unverified TLS Certificates in GNOME libgfbgraph: Network MITM Vulnerability Unverified TLS Certificates in GNOME libgda through 6.0.0 Unverified TLS Certificate Vulnerability in GNOME libzapojit through 0.0.3 Unverified TLS Certificates Vulnerability in GNOME Evolution-RSS XSS Vulnerability in ReCaptcha Solver 5.7 Allows Remote Browser Control Video Replay Attack Vulnerability in Honeywell HDZP252DI and HBW2PER1 Devices Command Spoofing Vulnerability in Honeywell HDZP252DI and HBW2PER1 Devices Unverified TLS Certificates in GNOME Grilo (CVE-2021-XXXXX) Host Header Injection Vulnerability in Canon Oce Print Exec Workgroup 1.3.2 Cross-Site Scripting (XSS) Vulnerability in Canon Oce Print Exec Workgroup 1.3.2 via lang Parameter Path Traversal Vulnerability in Philips Vue MyVue PACS 12.2.x.x XML External Entity (XXE) Injection in PyWPS and OWSLib: File System Access Vulnerability Vulnerability: Password Exposure in Samsung Drive Manager 2.0.104 on Samsung H3 Devices SQL Injection Vulnerability in Philips Healthcare Tasy EMR 3.06 via WAdvancedFilter/getDimensionItemsByCode FilterValue Parameter SQL Injection Vulnerability in Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 SQL Injection Vulnerability in openSIS 8.0 with MySQL (MariaDB) Database SQL Injection Vulnerability in openSIS 8.0 with MySQL (MariaDB) Database SQL Injection Vulnerability in openSIS 8.0 via ResetUserInfo.php Cross-site Scripting (XSS) Vulnerability in Snipe-IT Remote Command Execution (RCE) Vulnerability in DWSurvey v3.2.0 via /sysuser/SysPropertyAction.java Arbitrary File Write Vulnerability in DWSurvey v3.2.0 Vulnerability: Accountsservice Fallback Locale Freeing in Ubuntu Stored XSS in PartKeepr 1.4.0: Edit Section Vulnerability via Name Parameter XSS Vulnerability in Beego v2.0.1 Admin Panel via URI Path in HTTP Request Arbitrary Code Execution Vulnerability in MyLittleBackup Management Tool Cross-Site Scripting (XSS) Vulnerability in mm-wiki v0.2.1 Markdown Editor CSRF Vulnerability in mm-wiki v0.2.1 Allows Unauthorized User Account Manipulation Code Injection Vulnerability in MaianAffiliate v.1.0 Allows Unauthorized Product Addition and Payload Reflection XSS Vulnerability in MaianAffiliate v1.0 Online Student Rate System 1.0 XSS Vulnerability via index.php's page Parameter Unauthenticated User Registration Vulnerability in Online Student Rate System v1.0 Divide-by-Zero Vulnerability in RGBtoXYZ() Routine of OpenEXR Multiple Cross Site Scripting (XSS) Vulnerabilities in PHPGurukul Hospital Management System 4.0 Multiple Cross Site Scripting (XSS) Vulnerabilities in PHPGurukul Shopping v3.1 Multiple Cross Site Scripting (XSS) Vulnerabilities in SEO Panel v4.8.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Remote Clinic v2.0 Vulnerability: Remote Code Execution and Buffer Overflow in HP Print and Digital Sending Products via LLMNR Multiple Cross Site Scripting (XSS) Vulnerabilities in VFront 0.99.5 via s and msg Parameters Cross-Site Scripting (XSS) Vulnerability in SeedDMS v6.0.15 Allows Arbitrary Code Execution Open Redirect Vulnerability in SeedDMS v6.0.15: Redirecting Users to Arbitrary Web URLs Arbitrary PHP Code Execution in Seacms 11.4 via admin_notify.php Cross-Site Scripting (XSS) Vulnerability in 188Jianzhan 2.10 Arbitrary Code Execution and Privilege Escalation via Cross Site Scripting (XSS) in eyoucms 1.5.4 Remote Code Execution Vulnerability in Moodle Backup File Restoration Double Free Vulnerability in diplib v3.0.0 Local File Inclusion (LFI) Vulnerability in BIQS IT Biqs-drive v1.83 and Below Default Administrator Account Credentials Vulnerability in ZKTeco ZKTime 10.0 through 11.1.0 Bookstack Vulnerability: Cross-Site Request Forgery (CSRF) Cross-site Scripting (XSS) vulnerability in django-helpdesk Vulnerability: Information Leakage via Error Page in Yakamara Media Redaxo CMS 5.12.1 Remote Code Execution in Yakamara Media Redaxo CMS 5.12.1 via Malicious PHP Code in Modules QEMU NVME Component Stack Buffer Overflow Vulnerability Cross Site Scripting (XSS) Vulnerability in Saibamen HotelManager v1.2 Command Execution Vulnerability in Docsis 3.0 UBC1319BA00 Router (Version 1319010201r009) Default Permissions Vulnerability in mig-controller Allows Unauthorized Workload Migration Memory Allocation Failure in Bingrep v0.8.5: A Denial of Service Vulnerability Stored XSS via Malicious File Upload in Gila CMS 2.2.0: Exploiting Browser Vulnerabilities Cross Site Scripting (XSS) Vulnerability in Yogesh Ojha reNgine v1.0 via Scan Engine Deletion Confirmation Modal Box Reflected XSS vulnerability in Eyoucms 1.5.4 due to lack of input sanitization in `filename` parameter. Blind SSRF Vulnerability in eYouCMS 1.5.4 via saveRemote() Function Cross-site Scripting (XSS) Vulnerability in Qiong ICP EyouCMS 1.5.4 Users' Bind Email Function Cross-site Scripting (XSS) vulnerability in django-helpdesk Directory Traversal Vulnerability in Eyoucms 1.5.4 Open Redirect Vulnerability in EyouCMS 1.5.4 via Logout Function Remote Code Execution Vulnerability in PHPMyWind 5.6 Command Injection Vulnerability in D-Link DIR-816 Router Command Injection Vulnerability in D-Link DIR816_A1_FW101CNB04 750m11ac Wireless Router Floating Point Exception in ACLosslessScan::ParseMCU() Function Allows for Denial of Service NULL Pointer Dereference in libjpeg's SampleInterleavedLSScan::ParseMCU() Function Allows for Denial of Service NULL Pointer Dereference in HuffmanDecoder::Get() Function Allows for Denial of Service NULL Pointer Dereference in BlockBitmapRequester::ReconstructUnsampled() Function in libjpeg Heap-based Buffer Overflow in libjpeg's LineBuffer::FetchRegion() NULL Pointer Dereference in BlockBitmapRequester::PullQData() Function Allows for Denial of Service NULL Pointer Dereference in BlockBitmapRequester::PushReconstructedData() Function Leading to Denial of Service NULL Pointer Dereference in bit_read_BB() Function Allows for Denial of Service in libredwg Heap-based Buffer Overflow in bit_wcs2len() function in libredwg NULL Pointer Dereference in check_POLYLINE_handles() Function Allows for Denial of Service in libredwg Heap-based Buffer Overflow in bit_read_fixed() function of libredwg Heap-based Buffer Overflow in appinfo_private() function of libredwg Double Free Vulnerability in libredwg through v0.10.1.3751 Heap-based Buffer Overflow in bit_wcs2nlen() in libredwg Stack-based Buffer Overflow in slaxLexer() in libslax through v0.22.1 NULL Pointer Dereference in slaxLexer() Function Leading to Denial of Service Heap-based Buffer Overflow in slaxLexer() Function Heap-based Buffer Overflow in slaxIsCommentStart() Function NULL Pointer Dereference in libxsmm JIT Code Allows for Denial of Service Heap-Based Buffer Overflow in libxsmm JIT Code Heap-based Buffer Overflow in _nc_captoinfo in ncurses NULL Pointer Dereference in pdftools: Denial of Service Vulnerability NULL Pointer Dereference in pdftools: Denial of Service Vulnerability Stack-buffer-overflow in Analyze::AnalyzePages() function allows code execution NULL Pointer Dereference in Analyze::AnalyzeXref() Function Allows for Denial of Service NULL Pointer Dereference in Font::Size() Function Allows for Denial of Service NULL Pointer Dereference in Analyze::AnalyzeRoot() Function Allows for Denial of Service Heap-Based Buffer Overflow in sela through 20200412 NULL Pointer Dereference in rice::RiceDecoder::process() Function Allows for Denial of Service Heap-Based Buffer Overflow in rice::RiceDecoder::process() in sela through 20200412 NULL Pointer Dereference in lpc::SampleGenerator::process() Function Allows for Denial of Service NULL Pointer Dereference in frame::FrameDecoder::process() Function Allows for Denial of Service NULL Pointer Dereference in WavFile Constructor Leads to Denial of Service Heap-Based Buffer Overflow in SelaFile::readFromFile() in sela_file.cpp Heap-Based Buffer Overflow in SelaFile::readFromFile() in sela_file.c Heap-Based Buffer Overflow in sela through 20200412 NULL Pointer Dereference in grealloc() Function Leads to Denial of Service in swftools NULL Pointer Dereference in Lexer::Lexer() Function Allows for Denial of Service NULL Pointer Dereference in InfoOutputDev::type3D0() Function Allows for Denial of Service NULL Pointer Dereference in InfoOutputDev::type3D1() Function Allows for Denial of Service NULL Pointer Dereference in copyString() Function Leads to Denial of Service in swftools Stack Buffer Overflow in VectorGraphicOutputDev::drawGeneralImage() Allows Code Execution NULL Pointer Dereference in GString::~GString() Function Leading to Denial of Service in swftools Lenovo XClarity Controller (XCC) Firmware Read-Only Authentication Bypass Vulnerability Stack Buffer Overflow in Gfx::opSetFillColorN() Function Allows Code Execution NULL Pointer Dereference in FileStream::makeSubStream() Function Allows for Denial of Service NULL Pointer Dereference in swf_DumpActions() Function Leading to Denial of Service Heap-Buffer-Overflow Vulnerability in swftools (CVE-2020-XXXX) Heap-buffer-overflow in OpAdvance() function leading to code execution in swftools Critical CSRF Vulnerability Found in Kimai2 Time-Tracking Software Heap-buffer-overflow in pool_read() function leading to code execution in swftools NULL Pointer Dereference in dump_method() Function Allows for Denial of Service in swftools Heap-buffer-overflow vulnerability in swftools allows code execution Heap-Buffer-Overflow Vulnerability in swftools (CVE-2020-XXXX) Blind SQL Injection Vulnerability in Ipack SCADA Software Heap-buffer-overflow vulnerability in swf_GetPlaceObject() function allows code execution NULL Pointer Dereference in pool_lookup_string2() Function Allows for Denial of Service in swftools NULL Pointer Dereference in namespace_set_hash() Function in swftools (CVE-2020-XXXX) NULL Pointer Dereference in traits_dump() Function Allows for Denial of Service in swftools NULL Pointer Dereference in swf_DumpABC() Function Leads to Denial of Service Vulnerability NULL Pointer Dereference in swf_ReadABC() Function Allows for Denial of Service NULL Pointer Dereference in parse_metadata() Function Allows for Denial of Service in swftools Server-Side Request Forgery (SSRF) Vulnerability in Bitdefender Endpoint Security Tools NULL Pointer Dereference in params_dump() Function Allows for Denial of Service in swftools NULL Pointer Dereference in swf_GetShapeBoundingBox() Function Allows for Denial of Service NULL Pointer Dereference in pool_lookup_uint() Function Allows for Denial of Service in swftools NULL Pointer Dereference in swf_FontExtract_DefineFontInfo() Function Allows for Denial of Service NULL Pointer Dereference in swftools' updateusage() Function Allows for Denial of Service Stack Buffer Overflow in rfx_alloc() Function Allows Code Execution NULL Pointer Dereference in code_parse() Function Allows for Denial of Service in swftools NULL Pointer Dereference in code_dump2() Function Allows for Denial of Service in swftools NULL Pointer Dereference in swftools code.c Function (CVE-2020-XXXX) Multiple Cross Site Scripting (XSS) Vulnerabilities in CXUUCMS 3.1 Arbitrary Code Execution Vulnerability in Bitdefender GravityZone UpdateServer Component Buffer Overflow Vulnerability in Miniftpd 1.0: Remote Denial of Service Exploit Remote Code Execution (RCE) Vulnerability in FlatCore-CMS 2.0.7 via Upload Addon Plugin XSS Vulnerability in FlatCore-CMS 2.0.7 Upload Image Function Cross-site Scripting (XSS) Vulnerability in Snipe-IT Hard-coded Credentials and Weak Passwords in Unsupported D-Link DVG-3104MS Versions Hard-coded Credentials and Weak Passwords in D-Link DVX-2000MS Hard-coded Credentials Vulnerability in D-Link DSR-500N v1.02 Title: Android SoC Vulnerability (A-204686438) Unsafe PendingIntent in EuiccNotificationManager.java allows for unauthorized installation of packages Possible bypass of security and privacy settings in app usage due to unusual root cause in UsageStatsService.java Use-after-free vulnerability in ImageMagick Use-after-free vulnerability in ipcSetDataReference of Parcel.cpp allows for local privilege escalation without additional execution privileges needed Potential Permissions Bypass in LegacyModeSmsHandler.java's sendLegacyVoicemailNotification() Method Vulnerability in GBoard Allows Bypassing Factory Reset Protection and Local Privilege Escalation Out-of-bounds Write Vulnerability in SimpleDecodingSource.cpp PackageManager Resource Exhaustion Vulnerability Unsafe PendingIntent in showCarrierAppInstallationNotification of EuiccNotificationManager.java allows for local privilege escalation with user execution privileges required Possible Permission Bypass Vulnerability in onAttach of ConnectedDeviceDashboardFragment.java Potential Permissions Bypass in LegacyModeSmsHandler.java's sendLegacyVoicemailNotification() Method Lockscreen Notification Content Disclosure Vulnerability Race condition vulnerability in phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc allows for local privilege escalation Critical CSRF Vulnerability Found in Kimai2 Time-Tracking Software Possible Privilege Escalation via Fabricated Overlays in Android OverlayManagerService Misleading Message in Clear Storage Functionality Leads to Local Information Disclosure Out-of-bounds Write Vulnerability in inotify_cb of events.cpp Possible page fault vulnerability in gre_handle_offloads of ip_gre.c leading to local information disclosure in Android kernel Use-after-free vulnerability in fs/eventpoll.c allows local attackers to escalate privileges on Android. Unauthenticated Access to VoLTE Sensitive Information in unisoc Devices Uninitialized Data Leak Vulnerability in do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c Out-of-bounds Read Vulnerability in CreateDeviceInfo of trusty_remote_provisioning_context.cpp Out-of-Bounds Write Vulnerability in periodic_io_work_func of lwis_periodic_io.c Missing Permission Check in fvp.c Allows for Local Privilege Escalation Critical Vulnerability: Authorization Bypass in Elgg via User-Controlled Key Out of Bounds Write Vulnerability in __dwc3_gadget_ep0_queue of ep0.c Android Kernel Vulnerability: A-126949257 Race condition vulnerability in synchronous_process_io_entries of lwis_ioctl.c in Android kernel allows local attackers to escalate privileges and execute arbitrary code with system privileges. Missing Validation of Return Value in ic_startRetrieveEntryValue of acropora/app/identity/ic.c Android Kernel Vulnerability: A-199809304 Android Kernel Vulnerability: A-199805112 Android Kernel Vulnerability: A-201537251 Improper Locking in mon_smc_load_sp of Exynos9845 Could Lead to Local Information Disclosure Race condition vulnerability in gadget_dev_desc_UDC_show in configfs.c allows local attackers to disclose kernel heap memory, leading to local information disclosure with System execution privileges. Use-after-free vulnerability in regmap_exit of regmap.c allows for local privilege escalation in Android kernel Unauthenticated HTTP Request Vulnerability in HP DesignJet Products Allows Unauthorized Access to Print Job Previews Possible Out of Bounds Write Vulnerability in Android Kernel PIN Bypass Vulnerability in Android Kernel Out-of-Bounds Write Vulnerability in sec_ts_parsing_cmds of Android Kernel Hidden Debug Policy Vulnerability in Android Kernel Android Kernel Vulnerability: A-192641593 Use-after-free vulnerability in __configfs_open_file in file.c allows for local privilege escalation in Android kernel Out of Bounds Read Vulnerability in ufshcd_eh_device_reset_handler of ufshcd.c Permission Leak in ismsEx Service Allows Arbitrary Modification of System Properties Unhandled Exception in sortSimPhoneAccountsForEmergency Leads to Local Denial of Service Vulnerability USB Device Bluetooth Class Buffer Overflow Vulnerability Race Condition Vulnerability in Android Kernel Allows Arbitrary Code Execution Out of Bounds Write Vulnerability in PowerVR Kernel Driver Missing Permission Check in checkUriPermission of MediaProvider.java Allows Unauthorized Access to Media Provider Collections Possible bypass of permissions check in openFileAndEnforcePathPermissionsHelper of MediaProvider.java leading to local privilege escalation Out of Bounds Read Vulnerability in LoadedPackage::Load of LoadedArsc.cpp Heap Buffer Overflow in checkSpsUpdated of AAVCAssembler.cpp Allows Remote Information Disclosure Possible Out of Bounds Read Vulnerability in MediaMetricsItem.h Heap Buffer Overflow in ih264d_parse_decode_slice of ih264d_parse_slice.c Intent Redirect Vulnerability in onActivityViewReady of DetailDialog.kt Misleading CA Installation Circumstances Vulnerability Improper Access Control in GitHub Repository zulip/zulip Prior to Version 4.10 Potential Permanent Denial of Service (DoS) Vulnerability in WallpaperManager.setStream() Method Uninitialized Data Out-of-Bounds Read Vulnerability in aidl_const_expressions.cpp Secure Boot Bypass Vulnerability in Android Fastboot Possible Use After Free Vulnerability in btm_sec_connected and btm_sec_disconnected of btm_sec.cc File Heap Buffer Overflow in GKI_getbuf of gki_buffer.cc Allows for Remote Privilege Escalation Improper Input Validation in writeThrowable of AndroidFuture.java Allows for Local Privilege Escalation Potential Out-of-Bounds Read Vulnerability in startVideoStream() Function Bypass of Factory Reset Protection in Android Kernel Race Condition Use-After-Free Vulnerability in Android Kernel Heap-based Buffer Overflow Vulnerability in Vim Uninitialized Data Vulnerability in sec_SHA256_Transform of sha256_core.c Use-after-free vulnerability in delete_protocol function in main.c allows for arbitrary code execution Out of Bounds Write Vulnerability in mgm_alloc_page of memory_group_manager.c Out-of-bounds Write Vulnerability in copy_from_mbox of sss_ice_util.c Possible Allocation of RWX Memory in target_init of gs101/abl/target/slider/target.c Out of Bounds Write Vulnerability in USB Gadget Subsystem Race condition vulnerability in binder.c allows for local privilege escalation in Android kernel Heap Buffer Overflow in HandleTransactionIoEvent of actuator_driver.cc Possible Out of Bounds Read Vulnerability in Android Kernel Local Privilege Escalation Vulnerability in odsign_main.cpp TOCTOU Vulnerability in Lenovo System Interface Foundation Allows Privilege Escalation Persistent Denial of Service Vulnerability in setDisplayPadding of WallpaperManagerService.java Tapjacking Vulnerability in WindowManager Allows Local Privilege Escalation Possible Work Profile Bypass Vulnerability in SetupLayoutActivity.java Potential Privilege Escalation Vulnerability in AppOpsService.java Android Permissions Bypass Vulnerability in RoleParser.java Possible Permission Bypass in BasePermission.java's createOrUpdate Method Confused Deputy Vulnerability in Task.java Allows Local Privilege Escalation Bypassing External Storage Private Directories Protection in DownloadProvider.java Use-after-free vulnerability in aio_poll_complete_work in aio.c allows local attackers to gain privileges via a crafted application. LenovoVariable SMI Handler Vulnerability: Arbitrary Code Execution Logic Error in adbd.te Allows for Local Information Disclosure Improper Input Validation in ControlsProviderLifecycleManager.kt Allows Local Privilege Escalation Possible Tapjacking/Overlay Attack in RequestManageCredentials.java Allows Unauthorized Certificate Installation Possible Unauthorized File Access Vulnerability in UsbDeviceManager.java Foreground Service Permission Bypass in deleteNotificationChannelGroup of NotificationManagerService.java Missing Permission Check in onResume of CredentialStorage.java Allows Local Privilege Escalation Potential Local Privilege Escalation in AppRestrictionsFragment.java Out-of-Bounds Write Vulnerability in gatt_process_notification of gatt_cl.cc Potential Permission Bypass in sendSipAccountsRemovedNotification of SipAccountRegistry.java BIOS Image Vulnerability in Lenovo Notebook Devices Allows Unauthorized Firmware Modification Android Kernel Vulnerability: A-202160245 Possible Out of Bounds Read in bpf_prog_test_run_skb of test_run.c Race Condition User After Free Vulnerability in Android Kernel Android Kernel Vulnerability: A-173788806 Possible Use-After-Free Vulnerability in ion_buffer_kmap_get of ion.c Possible kernel memory and address leak in __show_regs of process.c in Android kernel (A-178379135) Android Kernel Vulnerability: A-206977562 Out-of-bounds Read Vulnerability in iaxxx-btp.c Out of Bounds Write Vulnerability in ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp Integer Overflow Vulnerability in lwis_top_register_io of lwis_device_top.c Lenovo Notebook BIOS Vulnerability: Unauthorized Modification of Secure Boot Setting Android Kernel Vulnerability: A-207433926 Out of Bounds Write Vulnerability in Android Kernel (A-195726151) Out-of-Bounds Read Vulnerability in ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp Android Kernel Vulnerability: A-209014813 Out of Bounds Read Vulnerability in TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc Double Free Vulnerability in gasket_page_table.c Allows for Local Privilege Escalation Out-of-bounds Read Vulnerability in cd_ParseMsg of cd_codec.c Race condition vulnerability in eicPresentationRetrieveEntryValue in Acropora Android Kernel allows for local information disclosure Out of Bounds Write Vulnerability in TitanM Chip Allows Local Privilege Escalation Heap-based Buffer Overflow Vulnerability in Vim Out of Bounds Read Vulnerability in Android Kernel Out of Bounds Write Vulnerability in ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp Integer Overflow in copy_io_entries of lwis_ioctl.c leading to Local Privilege Escalation Out-of-bounds Write Vulnerability in amcs_cdev_unlocked_ioctl of audiometrics.c Potential Local Privilege Escalation in OneToOneChatImpl.java Race condition vulnerability in gasket_alloc_coherent_memory of gasket_page_table.c allows for local privilege escalation Integer Overflow Vulnerability in lwis_ioctl.c and lwis_periodic_io.c Allows for Local Privilege Escalation Android Kernel Vulnerability: A-208229524 Bluetooth Device Pairing Vulnerability in CarSettings ArrayMap Log Information Disclosure Vulnerability Vim Vulnerability: Use After Free Exploit Improper Input Validation in Messaging App Allows Bypass of Attachment Restrictions Out of Bounds Write Vulnerability in Keymaster Allows Local Privilege Escalation Android Voicemail Vulnerability: Trackable Identifier Retrieval and Local Information Disclosure Missing Permission Check Allows Unauthorized Update of Last Usage Time in PackageManager Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Unsafe PendingIntent in PermissionController allows for local file deletion vulnerability in Android-12L (A-194696395) Information Disclosure Vulnerability in Android Settings Provider Unsafe PendingIntent in InputMethodEditor Allows Local Information Disclosure Unprotected Activity Start Vulnerability in WindowManager Use-after-free vulnerability in libvirt allows for denial of service attack Splash Screen Theme Privilege Escalation Vulnerability in PackageManager Bluetooth Device Name Information Disclosure Vulnerability Android-12L Permissions Bypass Vulnerability Allows Local Privilege Escalation in Bubbles Missing Permission Check in DomainVerificationService Allows Local Information Disclosure Side Channel Information Disclosure in ContextImpl Allows App Installation Detection without Query Permissions Side Channel Information Disclosure in DevicePolicyManager Allows Package Existence Revelation Side Channel Information Disclosure Vulnerability in Android-12L Allows App Installation Detection without Query Permissions Potential Permission Bypass in PermissionController via Unsafe PendingIntent Foreground Activity Start Vulnerability in WindowManager Integer Overflow Vulnerability in libstagefright Allows Local Privilege Escalation Critical CSRF Vulnerability Found in Kimai2 Time-Tracking Software Side Channel Information Disclosure in AudioService Allows App Installation Detection without Query Permissions Android Media App Installation Detection Vulnerability Integer Overflow Vulnerability in Tremolo: Remote Information Disclosure without User Interaction Improper Input Validation in WiFi Settings Enables Local Privilege Escalation on Android Improper Input Validation in Android Settings Allows App Spoofing and Privilege Escalation Possible Permission Bypass Vulnerability in Gallery App on Android-12L (A-201535427) Side Channel Information Disclosure Vulnerability in Android Settings Insecure Default Value Allows Unauthorized Access to Recovery System Properties in miniadb Android Settings Auto-Connect WiFi Vulnerability: Local Privilege Escalation without User Consent Unauthenticated App Detection Vulnerability in Android Device Policy Cross-Site Scripting (XSS) Vulnerability in InvoiceNinja Android Framework Local Information Disclosure Vulnerability Improper Input Validation in Android Settings Allows Misrepresentation of App Adding WiFi Network Bluetooth A2DP Audio Control Switch Vulnerability in Android-12L Side Channel Information Disclosure in VpnManagerService Allows for Local Information Disclosure Android Bluetooth Out of Bounds Read Vulnerability Android Side Channel Information Disclosure Vulnerability Allows App Installation Detection Without Query Permissions NFC Use After Free Vulnerability in Android-12L (A-192614125) Telephony App Installation Disclosure Vulnerability Improper Input Validation in Telecomm Allows for App Installation Detection and Local Information Disclosure Missing Permission Check in getCallStateUsingPackage of Telecom Service Allows Local Information Disclosure Missing Permission Check in Traceur Allows Local Privilege Escalation in Android-12L (A-204992293) Possible Information Disclosure and Privilege Escalation in SmsController Unauthenticated Modification of PLMN SIM File in Android-12L: Local Privilege Escalation Vulnerability Local Privilege Escalation Vulnerability in rcsservice Missing Permission Check in CellBroadcastReceiver Allows Local Privilege Escalation NFC Out of Bounds Write Vulnerability in Android-12L (A-192551247) Arbitrary Activity Launch Vulnerability in SystemUI Side Channel Information Disclosure in TelecomManager Allows Unauthorized Access to Self-Managed Phone Accounts Android TTY Mode Change Vulnerability Allows Local Privilege Escalation Key Length Flaw in Red Hat Ceph Storage Allows for Encryption Exploitation Local Privilege Escalation in Dialer App: Exploiting Visual Voicemail Settings Vulnerability Information Disclosure Vulnerability in WallpaperManagerService Allows App Installation Detection without Query Permissions Race condition in usb_gadget_giveback_request leads to use-after-free vulnerability with local information disclosure Out-of-bounds Write Vulnerability in kbase_jd_user_buf_pin_pages of mali_kbase_mem.c Potential Local Privilege Escalation Vulnerability in AdbService.java Tapjacking/Overlay Attack in HarmfulAppWarningActivity of HarmfulAppWarningActivity.java Possible Privilege Escalation in LauncherApps.java Arbitrary Code Execution in Bitmap_createFromParcel of Bitmap.cpp Possible Permission Bypass in AttributionSource.java Allows Local Privilege Escalation Critical Vulnerability: Unauthorized Access to Private Personal Information in Elgg Use-after-free vulnerability in ion_ioctl in ion-ioctl.c allows local attackers to leak kernel head data and potentially disclose sensitive information without additional execution privileges. Use-after-free vulnerability in ion_ioctl in ion-ioctl.c allows local users to escalate privileges via crafted ioctl calls. Possible Privilege Escalation in change_pte_range of mprotect.c in Android Kernel Out of Bounds Read Vulnerability in C2AllocatorIon.cpp Null Pointer Dereference Vulnerability in HeifDecoderImpl.cpp Out of Bounds Read Vulnerability in l2cble_process_sig_cmd of l2c_ble.cc Double Free Vulnerability in label_backends_android.c Allows for Local Privilege Escalation NFC Privilege Escalation Vulnerability in SecureNfcEnabler.java Improper Input Validation in createNotificationChannelGroup of PreferencesHelper.java Allows Service to Run in Foreground Without User Notification Out-of-bounds Read Vulnerability in avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc Insecure Permission Settings in grub.cfg Allows Unauthorized Access to Encrypted Passwords Unauthenticated Default Contactless Payment App Setup Vulnerability in NFC Out of Bounds Read Vulnerability in Android Kernel Out-of-bounds Write Vulnerability in ppmp_validate_wsm of drm_fw.c PowerVR GPU Driver Vulnerability: Unprivileged App Exploitation for Kernel Memory Corruption Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Linux Distributions with CAP_SYS_NICE for gnome-shell Adobe InDesign TIFF File Out-of-bounds Write Vulnerability Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Heap Buffer Overflow Vulnerability in Adobe SVG-Native-Viewer Memory Corruption Vulnerability in Adobe Premiere Elements 2021.2235820 and Earlier Arbitrary Code Execution via Malicious TTF File in Photoshop Elements 2021 Arbitrary Command Execution Vulnerability in Adobe Digital Editions Arbitrary File Write Vulnerability in Adobe Digital Editions Installer Privilege Escalation Vulnerability in Adobe Digital Editions Installer Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution via Malicious PDF Cross-site Scripting (XSS) vulnerability in kimai2 Memory Corruption Vulnerability in Adobe Framemaker Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution via Malicious PDF Memory Corruption Vulnerability in Adobe Framemaker Out-of-Bounds Read Vulnerability in Adobe Framemaker Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Framemaker Allows Memory Disclosure Use-After-Free Vulnerability in Adobe Framemaker Allows Memory Disclosure via Malicious PDF Use-After-Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Vim Use-After-Free Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Type Confusion Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Use-After-Free Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Stack Overflow Vulnerability in Acrobat Reader DC Stack Overflow Vulnerability in Acrobat Reader DC Stack-based Buffer Overflow in XMP Toolkit SDK version 2020.1 (and earlier) Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Acrobat Reader DC Cross-site Scripting (XSS) vulnerability in kimai2 Null Pointer Dereference Vulnerability in Acrobat Reader DC Null Pointer Dereference Vulnerability in Acrobat Reader DC Null Pointer Dereference Vulnerability in Acrobat Reader DC Null Pointer Dereference Vulnerability in Acrobat Reader DC Null Pointer Dereference Vulnerability in Acrobat Reader DC Acrobat Reader DC ActiveX Control Information Disclosure Vulnerability Acrobat Reader DC ActiveX Control Information Disclosure Vulnerability Information Disclosure Vulnerability in Adobe Acrobat Reader DC Add-on for Internet Explorer Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Use After Free Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Null Pointer Dereference Vulnerability in Adobe Acrobat Pro DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions 2021.005.20060 and Earlier Out-of-Bounds Read Vulnerability in Adobe Framemaker Allows Memory Disclosure Buffer Overflow Vulnerability in Acrobat Reader DC Cross-Site Request Forgery (CSRF) Vulnerability in Adobe Commerce Allows Unauthorized Cart Additions Out-of-Bounds Read Vulnerability in Adobe Framemaker Allows Memory Disclosure Persistent Access Vulnerability in GitLab 13.6 and Later: Exploiting Business Logic Error in Project Deletion Process DNS Rebinding Vulnerability in GitLab CE/EE Gitea Importer Allows SSRF Attacks Unlimited Repository Size Vulnerability in GitLab CE/EE (Versions 8.12 and above) Exposure of Trigger Tokens in GitLab CE/EE Project Exports Bypassing Disable Repo by URL Import Setting in GitLab CE/EE (Versions 11.11 and above) Bypassing Bitbucket Server Import Disable Setting in GitLab CE/EE (CVE-2021-22214) Improper Access Control Vulnerability in GitLab CE/EE Allows Access with Expired Passwords Content Spoofing Vulnerability in GitLab CE/EE Allows for Malicious Website Redirection GitLab CE/EE Vulnerability: 2FA Enforcement Bypass in Git Commands Exposure of Pending Invitations in GitLab CE/EE (Versions 13.6 and above) Information Disclosure Vulnerability in GitLab CE/EE Assignee Auto-Complete Endpoint Uncontrolled Resource Consumption Vulnerability in GitLab 12.2+ Stored Reflected Cross-Site Scripting Vulnerability in Jira Integration in GitLab (Versions 13.0 - 14.3.1) Vulnerability: Session-based Two-Factor Authentication Bypass in GitLab CE/EE Denial of Service Vulnerability in apollo_upload_server Ruby Gem in GitLab CE/EE OAuth Client Application Spoofing Vulnerability in GitLab CE/EE User Information Disclosure Vulnerability in GitLab CE/EE Improper Authorization Checks Allow Subgroup Members to Access Parent Subgroup Epics Information Disclosure Vulnerability in GitLab EE Allows Unauthorized Access to Private Group Names Stored XSS Vulnerability in Gitlab EE Merge Request Creation Page GitLab Vulnerability: Unauthorized Access to Confidential Epic References during Project Migration Stored Cross-Site Scripting Vulnerability in GitLab Flavored Markdown Sensitive Information Disclosure in GitLab EE API Endpoint Insecure Direct Object Reference Vulnerability in GitLab EE: Exposing Protected Branch Names URL Redirection Vulnerability in ShowDoc Vulnerability: Bypassing 2FA and Accessing Pages with Basic Authentication in GitLab 14.1.1 and Above Access Token Persistence Vulnerability in GitLab CE/EE Impersonation User Email Disclosure Vulnerability in GitLab CE/EE Versions 12.0 and Above Unauthorized File Parsing Vulnerability in GitLab 9.1 and Later Versions GitLab CE/EE DNS Rebinding Vulnerability in Fogbugz Importer Pipeline Schedules Activation Vulnerability in GitLab CE/EE Impersonation Vulnerability in GitLab CE/EE: Repudiation Risk Inherited Access Control Bypass in GitLab CE/EE Version 10.5 and Above Project Export Webhook Token Leakage Vulnerability Vulnerability: Brute Force Password Attack via Change Password Function in GitLab CE/EE Critical Security Vulnerability: Weak PRNG in ShowDoc Exposes Sensitive Data GitLab Information Disclosure Vulnerability: Exposing Artifacts URL via Rails Logs Exposure of SCIM Token in GitLab CE/EE Versions 11.10 and Later Guest users in GitLab CE/EE 13.4 or above can unauthorizedly modify incident severity Privileged User Bypasses Restricted Visibility Setting in GitLab CE/EE Improper Access Control Vulnerability in GitLab GraphQL API Allows Unauthorized Resolution of Discussions and Application of Suggestions GitLab CE/EE API Information Disclosure Vulnerability: Exposing Private Group Information via Public Project Sharing Arbitrary JavaScript Code Execution in GitLab CE/EE version 13.5 and above via ipynb File Validation GitLab CE/EE 13.7+ Vulnerability: EXIF Stripping Causes CPU Exhaustion Unicode Character Abuse Vulnerability in GitLab CE/EE Email Address Ownership Verification Bypass in GitLab CODEOWNERS Feature HTML Injection Vulnerability in GitLab CE/EE through Swagger UI Improper Access Control Vulnerability Exposing Private Email Addresses in GitLab CE/EE GitLab CE/EE DoS Vulnerability: Memory Exhaustion via Malformed TIFF Images Accidental Logging of System Root Password in GitLab Migration Logs Regular Expression Denial of Service (ReDoS) Vulnerability in GitLab User Provisioning GraphQL API Access Control Vulnerability in GitLab CE/EE: Unauthorized Access to Project Access Token Names Unauthorized Access to External Status Check Configuration in GitLab EE Catastrophic Backtracking Vulnerability in GitLab CE/EE Unauthorized Comment Addition Vulnerability in GitLab EE Information Disclosure Vulnerability in GitLab CE/EE Versions 14.0 - 14.5.2 Kimai2 Vulnerability: Improper Access Control Denial of Service Vulnerability in Wireshark 3.4.0 to 3.4.9: NULL Pointer Exception in IPPUSB Dissector Denial of Service Vulnerability in Wireshark Modbus Dissector (CVE-2021-22191) C12.22 Dissector Buffer Overflow Vulnerability in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 Denial of Service Vulnerability in Wireshark PNRP Dissector (Versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17) Bluetooth DHT Dissector Denial of Service Vulnerability Bluetooth SDP Dissector Buffer Overflow Vulnerability Bluetooth HCI_ISO Dissector Buffer Overflow Vulnerability Vulnerability: Server Side Request Forgery (SSRF) Bypass in GitLab CE/EE versions 8.4 - 14.4.4, 14.5.0 - 14.5.2, and 14.6.0 - 14.6.1 Denial of Service Vulnerability in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17: NULL Pointer Exception in IEEE 802.11 Dissector Bluetooth DHT Dissector Uncontrolled Recursion Vulnerability in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 CSRF Vulnerability in ShowDoc Unauthorized Access to Custom Project and Group Templates in GitLab EE Versions 12.4 - 14.3.6, 14.4.0 - 14.4.4, and 14.5.0 - 14.5.2 Vulnerability: Unauthorized Deletion of Protected Branches in GitLab GitLab CE/EE Vulnerability: High Load Time Exploitation via Diff Feature Catastrophic Backtracking Vulnerability in GitLab CE/EE Improper Access Control Vulnerability in GitLab CE/EE Versions 12.10 - 14.5.2 Allows Unauthorized Retrieval of Service Desk Email Address Unauthorized Server Side Requests via CI Lint API in GitLab CE/EE Vulnerability: Unauthorized Access to Disabled Wiki in GitLab CE/EE Privilege Escalation Vulnerability in GitLab CE/EE Versions before 14.5.2 GitLab CE/EE Vulnerability: Denial of Service via Crafted Deploy Slash Commands Resource Exhaustion Vulnerability in GitLab Runner Cross-site Scripting (XSS) vulnerability in django-helpdesk Regular Expression Denial of Service in GitLab Maven Package Registry Default Branch Name Disclosure Vulnerability in GitLab CE/EE File Size Bypass Vulnerability in GitLab CE/EE: Potential Denial of Service Exploit Authorization Logic Error in GitLab EE External Status Check API Privilege Escalation Vulnerability in GitLab CE/EE Versions 11.0 - 14.5.2 Unauthorized Approval of Merge Requests in GitLab API XSS Vulnerability in GitLab CE/EE Versions 14.3 to 14.5.2: Abusing Emoji HTML Code Generation File Descriptor Reuse Vulnerability in GitLab Runner Versions 14.3.4 to 14.5.2 Unprivileged User Unmount Vulnerability in libmount Library Privilege Escalation Vulnerability in libmount Library of util-linux Uninitialized AOD Driver Structure Vulnerability in Smartphones: Implications for Service Confidentiality Improper Broadcast Permission Settings in Smartphones: A Threat to Service Confidentiality Business Logic Errors in Changlian Blocklist: Expanding Attack Surface of Message Class Smartphone Unauthorized File Access Vulnerability: Threat to Service Confidentiality Denial of Service Vulnerability in systemd-tmpfiles Improper Input Validation in HwPCAssistant Allows Unauthorized File Creation Password Vault External Control of System or Configuration Setting Vulnerability: Confidentiality Compromise Confidential Information Exposure in MyHuawei-App: A Critical Vulnerability Kernel Breakdown Vulnerability: Null Pointer Dereference in Smartphones Smartphone Out-of-bounds Read Vulnerability: Implications for Service Confidentiality Hilinksvc Data Processing Errors Vulnerability: Potential Denial of Service Attacks Privilege Escalation Vulnerability in CloudEngine 5800 V200R020C00SPC600 NULL Pointer Dereference Vulnerability in HwNearbyMain Module Telephony Application SQL Injection Vulnerability: Privacy and Security Risks Code Injection Vulnerability in HHEE System: Threat to System Integrity Glibc realpath() Function Information Leakage Vulnerability Telephony Application Sensitive Information Disclosure Vulnerability Chang Lian Application Vulnerability: Exploitable Caller ID Spoofing Improper Privilege Management in Phone Manager Application Allows Arbitrary File Access Data Processing Errors Vulnerability in HwNearbyMain Module Out-of-bounds Read Vulnerability in Huawei IDAP Module: Potential Denial of Service Improper Validation of Array Index in HwNearbyMain Module: Potential Process Restart Vulnerability ACPU Memory Access Management Module Unauthorized Rewriting Vulnerability Data Processing Errors Vulnerability in HwNearbyMain Module NULL Pointer Dereference Vulnerability in HwNearbyMain Module Sensitive Information Exposure in HwNearbyMain Module with Potential Process Restart Buffer Overflow Vulnerability in glibc's getcwd() Function Stack-based Buffer Overflow Vulnerability in Screen Lock Module Affects User Experience ACPU Memory Access Management Module Unauthorized Rewriting Vulnerability Improper Security Permission Configuration Vulnerability on ACPU ACPU Integer Overflow Vulnerability: Potential Out-of-Bounds Access in Smartphones Arbitrary Address Access Vulnerability in Product Line Test Code Out-of-Bounds Read Vulnerability in Huawei OpenHpi Software: Denial of Service Risk NFC Module Heap-based Buffer Overflow Vulnerability in Smartphones Unstrict Input Parameter Verification in Audio Assembly: Potential Out-of-Bounds Access Vulnerability Concurrent API Calls Vulnerability in HwConnectivityExService: System Crash and Restart Exploit Buffer Overflow Vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200 URL Redirection Vulnerability in ShowDoc Out-of-Bounds Write Vulnerability in Bluetooth Module Allows Remote Command Execution CaasKit Module Path Traversal Vulnerability: Potential Disruption of MeeTime Application Availability Out-of-Bounds Write Vulnerability in Bluetooth Module Allows Remote Command Execution Path Traversal Vulnerability in HwPCAssistant: A Threat to Data Confidentiality Cellular Module Vulnerability: Permission Management Flaw Jeopardizes Data Confidentiality Data Access Control Vulnerability in Distributed Data Service Component Design Defects in Security Algorithm Component: A Threat to Confidentiality eCNS280_TD V100R005C10SPC650 Information Leak Vulnerability Memory Leak Vulnerability in CloudEngine Switches Critical Out-of-bounds Write Vulnerability in AOD Module Poses Service Integrity Risk Race Condition in Linux Kernel's ebpf Verifier Allows Unauthorized Modification of Frozen Mapped Address Space Heap Overflow Vulnerability in Bone Voice ID TA Uncontrolled Resource Consumption Vulnerability in Display Module: Threat to Integrity Pointer Misuse Vulnerability in Video Framework: Confidentiality at Risk Bluetooth Module Improper Permission Control Vulnerability Heap Overflow Vulnerability in Bone Voice ID Trusted Application (TA) Race Condition Vulnerability in Binder Driver Subsystem: Impact on Kernel Stability Bluetooth Module Permission Control Vulnerability Key Format Validation Vulnerability in HW_KEYMASTER Module Null Pointer Reference Vulnerability in eID Module: A Threat to Data Confidentiality Heap-based out-of-bounds read vulnerability in HW_KEYMASTER module Hugetlbfs Memory Leak Vulnerability in Linux Kernel Allows Unauthorized Data Access Out-of-bounds Array Read Vulnerability in Smartphone Security Storage Module: Implications for Service Confidentiality eID Module Out-of-Bounds Memory Write Vulnerability: Risk to Data Confidentiality Parameter Type Verification Vulnerability in Weaver Module: A Threat to Data Confidentiality Confidentiality Impacting Vulnerability in Secure OS Module due to Configuration Defects WLAN Module Interfaces Information Disclosure Vulnerability Memory Initialization Vulnerability in eID Module: Implications for Data Confidentiality Heap-based Buffer Overflow Vulnerability in AOD Module of Smartphones: Threat to Service Integrity Buffer Length Calculation Vulnerability in Bone Voice ID TA eID Module Out-of-Bounds Memory Write Vulnerability: Threat to Data Integrity Samba Server File Management Module Buffer Overflow Vulnerability Data Confidentiality Vulnerability in My HUAWEI App Critical Null Pointer Dereference Vulnerability in Smartphone Camera Module Information Management Vulnerability in Bone Voice ID TA: Risk to Data Confidentiality Information Exposure Vulnerability in Huawei Products Memory Overwriting Vulnerability in Video Framework: A Threat to Availability Samba Server File Management Module Buffer Overflow Vulnerability Memory Overwrite Vulnerability in Bone Voice ID TA: Risk of Malicious Code Execution Title: Type Confusion Vulnerability in MPTCP Subsystem Leads to System Crash and Restart in Smartphones Double Free Vulnerability in AOD Module: Threat to Service Integrity Critical Null Pointer Dereference Vulnerability in Smartphone Camera Module Arbitrary Address Write Vulnerability in HW_KEYMASTER Module: Confidentiality Impact HUAWEI WS318n Product Cross-Site Scripting (XSS) Vulnerability Invalid Pointer Vulnerability in Huawei Products: Process and Service Abnormality Title: AIS-BW80H-00 Laser Command Injection Vulnerability Allows Unauthorized Voice Command Execution Bluetooth Module Permission Verification Vulnerability: Unauthorized Operations Signature Verification Failure in System Upgrade: A Threat to Service Confidentiality Privilege Escalation Vulnerability in PCManager Versions 11.1.1.95 Memory Leakage Vulnerability in Bastet Module: Implications for Integrity Video Framework Buffer Size Calculation Vulnerability: A Threat to Availability Permission Control Vulnerability in PMS Module Allows Unauthorized Access to Sensitive System Information CSRF Vulnerability in firefly-iii: Cross-Site Request Forgery (CSRF) IFAAModule Out-of-Bounds Read Vulnerability Leading to Stack Overflow Confidentiality Breach Vulnerability: Unauthorized Access in System Components Video Framework Buffer Size Calculation Vulnerability Nearby Module Permission Control Vulnerability: Impact on Availability and Integrity Integer Underflow Vulnerability in atcmdserver Module: Threat to Integrity Man-in-the-Middle Attack Vulnerability in Recovery Mode System Update Download Buffer Overflow Vulnerability in Video Framework: A Threat to Availability Critical Buffer Overflow Vulnerability in Video Framework Threatens System Availability Critical Heap-Based Buffer Overflow Vulnerability in Video Framework Wi-Fi Module Permission Control Vulnerability: Confidentiality Impact Critical Heap-Based Buffer Overflow Vulnerability in Video Framework Type Confusion Vulnerability in Bastet Module: A Threat to Integrity Buffer Overflow Vulnerability in Video Framework: A Threat to Availability Improper Access Control Vulnerability in Video Module: Confidentiality Impact Critical Heap-Based Buffer Overflow Vulnerability in System Components Service Logic Error Vulnerability in Communication Module: A Threat to Data Confidentiality Improper Validation of User Access Permissions in Mobility Read-Only API Improper Validation of User Access Permissions in Mobility Read-Write API Local Privilege Escalation in Rapid7 Insight Agent 3.0.1 to 3.1.2.34 Out-of-Bounds Access Vulnerability in xorg-x11-server Remote Assertion Failure in Knot Resolver 5.3.2 and Earlier Command Execution Vulnerability in opensysusers through 0.6 OpenStack Neutron DNSMasq Configuration Vulnerability Reflected Enrollment Secret Exposure in PrimeKey EJBCA Cleartext Logging of Enrollment Secret Modifications in PrimeKey EJBCA Vulnerability: Cross-Tenant Certificate Revocation in PrimeKey EJBCA Vulnerability: Unauthorized Execution of General Purpose Custom Publisher Out-of-Bounds Access Vulnerability in xorg-x11-server SSRF Vulnerability in SquaredUp for SCOM 5.2.1.6654 Arbitrary Web Script Injection Vulnerability in SquaredUp for SCOM Image Tile Arbitrary Web Script Injection Vulnerability in SquaredUp for SCOM 5.2.1.6654 DOM-based XSS Vulnerability in SquaredUp for SCOM 5.2.1.6654 Allows Code Injection Local File Inclusion Vulnerability in SquaredUp for SCOM 5.2.1.6654 Cross-Site Scripting (XSS) Vulnerability in SquaredUp for SCOM Integration Configuration Authenticated Path Traversal and Remote Code Execution via Uploaded PHP Code in Concrete CMS Path Traversal Vulnerability Leading to Remote Code Execution in Concrete CMS Remote Code Execution Vulnerability in Concrete CMS through 8.5.5 via HTTP Update JSON Fetching Out-of-Bounds Access Vulnerability in xorg-x11-server Stored XSS Vulnerability in Concrete CMS Conversations with Rich Text Editor Unauthenticated Password Change Vulnerability in Concrete CMS Arbitrary File Deletion via PHAR Deserialization in Concrete CMS Path Traversal Vulnerability in Concrete CMS through 8.5.5: Arbitrary File Reading and SSRF SVG Sanitizer Bypass Vulnerability in Concrete CMS through 8.5.5 XSS Vulnerability in Concrete CMS through 8.5.5 via Markdown Comments Unauthenticated Stored XSS in Concrete CMS Blog Comments via Website Field CSRF Vulnerability in Concrete CMS Calendar SSRF Vulnerability in Concrete CMS Allows Access to Forbidden Local Network Files Out-of-Bounds Access Vulnerability in xorg-x11-server Vulnerability: Denial of Service in Apache James IMAP LIST Command Apache James IMAP Parsing Stack Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Catalyst PON Series Switches ONT Web Management Interface Multiple Vulnerabilities in Cisco Catalyst PON Series Switches ONT Web Management Interface Cisco Products Vulnerable to ICMP Traffic Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Video Mesh Vulnerability in Snort Rules Allows Remote DoS Attack on Cisco Products Denial of Service Vulnerability in Cisco ASA and FTD Software's SSL/TLS Message Handler Cisco ASA and FTD Software Denial of Service Vulnerability Static SSH Key Reuse Vulnerability in Cisco Policy Suite Allows Unauthorized Root Access Arbitrary Command Injection Vulnerability in Cisco Small Business RV Series Routers Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Software Denial of Service Vulnerability in Cisco Meeting Server Call Bridge API Cisco Identity Services Engine (ISE) Web Interface File Download Vulnerability Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows IKEv2 Denial of Service Vulnerability in Cisco ASA and FTD Software Email Enumeration Vulnerability in Cisco Umbrella Web Dashboard Denial of Service Vulnerability in Cisco Small Business Switches' Web-based Management Interface Arbitrary Domain Activation Link Vulnerability in Cisco Webex Meetings SQL Injection Vulnerability in Cisco Common Services Platform Collector (CSPC) Configuration Dashboard Improper Restriction of Syslog Configuration in Cisco CSPC Web Application Cross-Site Scripting (XSS) Vulnerability in Cisco Common Services Platform Collector (CSPC) Web Interface OPC Foundation Local Discovery Server (LDS) Denial of Service Vulnerability HTTP Header Injection Vulnerability in Sonatype Nexus Repository 3.x through 3.33.1-01 Double Free Vulnerability in gdImageGd2Ptr in LibGD Any23 YAMLExtractor.java Remote Code Execution Vulnerability EmTec ZOC before 8.02.2 Vulnerability: Unauthenticated Remote Code Execution via \e[201~ Pasting Modem EMM Vulnerability: Remote Information Disclosure without User Interaction E1 Zoom Camera Web Server SSL Private Key Disclosure Vulnerability CSRF Vulnerability in firefly-iii: Cross-Site Request Forgery (CSRF) Information Disclosure Vulnerability in E1 Zoom Camera Web Server Directory Traversal Vulnerability in Squashfs-Tools 4.5 Buffer Over-read Vulnerability in NXP LPC55S69 Devices Allows Disclosure of Protected Flash Memory Arbitrary Code Execution Vulnerability in Autodesk Navisworks DWG File Parsing Arbitrary Code Execution Vulnerability in Autodesk Navisworks DWG File Parsing Untrusted Pointer Dereference Vulnerability in FBX Review 1.5.0 and Prior: Exploiting Malicious FBX Files Boundary Read Vulnerability in Autodesk Inventor and AutoCAD Code Execution via Information Disclosure Vulnerability in Autodesk Inventor JT Files Improper Access Control Vulnerability in Rapid7 Insight Agent (Versions Prior to 3.1.3) Arbitrary Code Execution Vulnerability in PDFTron Prior to 9.0.7 Memory Corruption Vulnerability in PDFTron (Versions prior to 9.0.7) Allows Code Execution via Malicious DLL Files Arbitrary Code Execution Vulnerability in Autodesk Image Processing Component Autodesk Image Processing DLL File Memory Corruption Vulnerability Heap-based Buffer Overflow in File Parsing Vulnerability Buffer Overflow Vulnerability in Autodesk Image Processing Component Arbitrary Code Execution Vulnerability in Autodesk Image Processing Component Memory Corruption Vulnerability in DesignReview.exe CSRF Vulnerability in ShowDoc RF Replay Attack Vulnerability in SecuritasHome Home Alarm System Silent RF Jamming Attack Exploits Lack of Notifications in SecuritasHome Alarm System CSRF Vulnerability in Zoho ManageEngine Log360 before Build 5219 CSRF Vulnerability in Zoho ManageEngine Cloud Security Plus CSRF Vulnerability in Zoho ManageEngine Log360 Allows Disabling Logon Security Settings Unrestricted File Upload Vulnerability in Zoho ManageEngine Log360 before Build 5219 Stored XSS vulnerability in Zoho ManageEngine Log360 before Build 5225 Remote Code Execution Vulnerability in Zoho ManageEngine Log360 (Build 5225) via BCP File Overwrite Stored XSS Vulnerability in Zoho ManageEngine Log360 (Build 5224) via LOGO_PATH Key Value Cross-site Scripting (XSS) Vulnerability in Snipe-IT WeChat 8.0.10 Mini Program Address Book Information Leakage Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in DNN CMS Platform Arbitrary File Upload Vulnerability in PHPFusion 9.03.110 Remote Code Execution Vulnerability in PHPFusion 9.03.110 Heap-based Buffer Overflow Vulnerability in Vim Cross-Site Scripting (XSS) Vulnerability in Dzzoffice Version 2.02.1 Cross-site Scripting (XSS) Vulnerability in Janus-Gateway Radare2 ELF64 Binary Mapping DoS Vulnerability Division by zero vulnerability in ImageMagick 7.1.0-4's ReadEnhMetaFile function in coders/emf.c Critical Out-of-Bounds Write Vulnerability in PotPlayer 1.7.21523 Build 210729 Stored XSS Vulnerability in Gibbon v22.0.00 Wall Messages Component Remote Code Execution Vulnerability in Bolt CMS <= 4.2 via Unsafe Theme Rendering Rizin Vulnerability: Crash Caused by Uninitialized Memory Address in ELF64 Binary Analysis Rittal CMC PU III Web Management Remote Code Execution Vulnerability Rittal CMC PU III Web Management XSS Vulnerability Critical Buffer Overflow Vulnerability in xpdfreader 4.03 Linux Kernel Panic Vulnerability: Improper Cancellation Operation Triggers io-uring Panic Unauthenticated Remote Code Execution via XSS in Webuzo Admin Panel Buffer Overflow Vulnerability in Miniftpd's do_retr Function Podman `gvproxy` API allows unauthorized access to host services Buffer Overflow Vulnerability in xfig 3.2.7 SQL Injection Vulnerability in Sourcecodester Budget and Expense Tracker System v1: Arbitrary SQL Command Execution via Username Field Unveiling the Weakness: Improper Access Control in BookStack Multiple Cross Site Scripting (XSS) Vulnerabilities in SourceCodester Tailor Management 1.0 Multiple Cross Site Scripting (XSS) Vulnerabilities in SourceCodester CASAP Automated Enrollment System 1.0 Stack Exhaustion Vulnerability in FreeImage PluginRAW.cpp Heap Overflow Vulnerability in FreeImage 1.18.0 via ofLoad function in PluginTIFF.cpp FreeImage NULL Pointer Dereference Vulnerability in FreeImageTag.cpp Heap Overflow Vulnerability in FreeImage PluginJPEG.cpp Null Pointer Dereference Vulnerability in FreeImage's ReadPalette Function OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 Cross Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in zzcms 8.2, 8.3, 2020, and 2021 via id parameter in admin/bad.php Use-after-free vulnerability in Linux kernel's RDMA communications manager listener code SQL Injection Vulnerability in zzcms 8.2, 8.3, 2020, and 2021 via id Parameter in admin/dl_sendmail.php SQL Injection Vulnerability in zzcms 8.2, 8.3, 2020, and 2021 during User Registration SQL Injection Vulnerability in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_download.php during User Registration Buffer Overflow Vulnerability in D-Link DSL-3782 EU v1.01:EU v1.03 Web Interface Arbitrary File Deletion Vulnerability in htmly v2.8.1 Remote Denial-of-Service Vulnerability in TP-Link AX10v1 Wireless Routers Cross Site Scripting (XSS) vulnerability in mm-wki v0.2.1 Command Injection Vulnerability in Zyxel ARMOR Z1/Z2 Firmware Allows Arbitrary OS Command Execution Stored XSS Vulnerability in DzzOffice 2.02.1 via settingnew Parameter Cross-Site Request Forgery Vulnerability in Zyxel ARMOR Z1/Z2 Firmware Cross Site Scripting (XSS) Vulnerability in Perfex CRM 1.10 via /clients/profile SQL Injection Vulnerability in OpenSIS 8.0's Take Attendance Functionality Unauthenticated Payment Bypass in Syltek Application (Versions < 10.22.00) Cross-Site Scripting (XSS) Vulnerability in OpenSIS Community Edition 8.0 via cp_id_miss_attn Parameter in TakeAttendance.php Piwigo v11.5 SQL Injection Vulnerability in /admin/batch_manager_global.php SQL Injection Vulnerability in Piwigo 11.5.0 via admin.php and id parameter Denial of Service Vulnerability in Linux Kernel's KVM Subsystem Cobbler Log Poisoning and Remote Code Execution Vulnerability Arbitrary File Write Vulnerability in Cobbler before 3.3.0 Authorization Bypass Vulnerability in Cobbler before 3.3.0 Arbitrary File Write and Controlled Content Display Vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF Insecure Access Control in Trusted Firmware-M (TF-M) 1.4.0 with Profile Small External Password Management Vulnerability in PingFederate Authentication API Critical CSRF Vulnerability Found in Kimai2 Time-Tracking Software Newline Character Injection in Git Repository Path Apache Ranger Hive Plugin Incorrect Permission Assignment Vulnerability Insufficient Password Strength Requirements in Hitachi Energy FOX61x and XCM20 Missing Handler Vulnerability in Hitachi Energy FOX61x and XCM20 Management Protocol Cross Site Request Forgery (CSRF) Vulnerability in Hitachi Energy MSM V2.2 and Prior Versions HTTP Response Splitting Vulnerability in Hitachi Energy MSM V2.2 and Prior Versions Hitachi Energy LinkOne Cross-Site Scripting (XSS) Vulnerability Path Disclosure Vulnerability in Hitachi Energy LinkOne Web Server Lack of HTTP Headers in Hitachi Energy LinkOne Application Allows Information Retrieval Local Privilege Escalation Vulnerability in polkit's pkexec Utility ASP Server Information Exposure in Hitachi Energy LinkOne Application Inadequate Encryption Strength in Hitachi Energy FOXMAN-UN and UNEM Products Default Key Vulnerability in Hitachi Energy's DES Implementation Privilege Escalation via Insecure File Permissions in Nagios XI 5.8.5 Arbitrary File Upload Vulnerability in Nagios XI 5.8.5 Command Injection Vulnerability in Nagios XI 5.8.5 Integer Overflow in HAProxy 2.0 through 2.5 Allows HTTP Request Smuggling Unauthenticated User Unsubscribe and Subscription Disclosure Vulnerability in GNU Mailman Postorius Code Injection Vulnerability in Spacewalk 2.10 and Uyuni 2021.08 Path-Traversal Vulnerability in e7d Speed Test (aka speedtest) 0.5.3 Allows Information Disclosure Stored Cross-Site Scripting Vulnerability in Report Comments Authentication Bypass and Arbitrary Action Vulnerability in Christie Digital DWU850-GS V06.46 Devices Insecure Direct Object Reference in OpenEMR 6.0.0 Allows Unauthorized Access to User Messages SQL Injection Vulnerability in openSIS 8.0 with MySQL/MariaDB Database Account Takeover Vulnerability in Teamcenter Versions < 13.2.0.2 Insecure Direct Object Reference (IDOR) Vulnerability in Teamcenter Versions < 13.2.0.2 XML External Entity Injection (XXE) Vulnerability in Teamcenter Versions < 13.2.0.2 Path Traversal Vulnerability in Teamcenter Active Workspace Path Traversal Vulnerability in SIMATIC PCS 7 and WinCC Vulnerability: Path Traversal in Siemens Industrial Software Title: Password Hash Disclosure and Brute Force Vulnerability in SIMATIC PCS 7 and WinCC Outdated Cipher Algorithm Exposes Local System Account Credentials in SIMATIC PCS 7 and WinCC Sensitive Information Exposure in SIMATIC PCS 7 and WinCC Systems Denial of Service Vulnerability in Port 102/TCP Processing Unencrypted Data Transmission Vulnerability in Climatix POL909 (AWB and AWM modules) Out-of-Bounds Write Vulnerability in syngo fastView (All Versions) Title: Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs XSS Vulnerability in Apache JSPWiki Denounce Plugin Allows Remote Code Execution Vulnerability in Linux Kernel: Inconsistent Group Ownership and Permissions in XFS File-System Creation Directory Traversal Vulnerability in Gridpro Request Management for Windows Azure Pack before 2.0.7912 Arbitrary Code Execution in playSMS before 1.4.5 via core_main_config and index.php URI Stored XSS Vulnerability in Apperta Foundation OpenEyes 3.5.1 via Address1 Parameter OpenEyes 3.5.1 Information Disclosure Vulnerability Local and Remote Privilege Escalation in otris Update Manager 1.2.1.0 Stored XSS Vulnerability in SmarterTools SmarterMail 16.x before build 7866 Data Deletion Vulnerability in Compro IP70, IP570, IP60, and TN540 Devices Unauthenticated Access to rstp://.../medias2 on Compro IP Cameras XSS Vulnerability in McAfee Network Security Manager (NSM) Prior to 10.1 Minor 7 Credential Disclosure in Compro IP Cameras Video Access Vulnerability on Compro IP70, IP570, IP60, and TN540 Devices Vulnerability: Unauthorized Video Screenshot Access in Compro IP Cameras Privilege Escalation Vulnerability in Kaseya Unitrends Backup Software Remote Code Execution Vulnerability in Kaseya Unitrends Client/Agent through 10.5.5 Authenticated Remote Code Execution in Kaseya Unitrends Backup Software Privilege Escalation Vulnerability in Advantech SQ Manager Server 1.0.6 Privilege Escalation Vulnerability in Advantech DeviceOn/iEdge Server 1.0.2 Zyxel NWA-1100-NH Firmware Command Injection Vulnerability Authentication Bypass Vulnerability in Moxa MXView Series 3.2.4 Web Application Out-of-Bounds Write Vulnerability in Gerbv's Drill Format T-Code Tool Number Functionality Information Disclosure Vulnerability in Moxa MXView Series 3.2.4: Network Sniffing Exploitation RS-274X Aperture Macro Variables Handling Out-of-Bounds Write Vulnerability in Gerbv RS-274X Aperture Macro Variables Handling Out-of-Bounds Write Vulnerability in Gerbv Privilege Escalation Vulnerability in Advantech DeviceOn/iService 1.1.7 Privilege Escalation Vulnerability in Advantech WISE-PaaS/OTA Server 3.0.9 Accusoft ImageGear 19.10 parse_raster_data Out-of-Bounds Write Vulnerability Use-After-Free Vulnerability in WPS Spreadsheets Allows Remote Code Execution AMQ Broker Vulnerability: Out of Memory (OOM) Condition Leading to Availability Disruption RS-274X Aperture Macro Outline Primitive Out-of-Bounds Read Vulnerability in Gerbv Use-After-Free Vulnerability in Gerbv's RS-274X Aperture Definition Tokenization Functionality RS-274X Aperture Macro Multiple Outline Primitives Out-of-Bounds Read Vulnerability in Gerbv Information Disclosure Vulnerability in Gerbv's Pick-and-Place Rotation Parsing Functionality Authentication Bypass Vulnerability in reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102's cgiserver.cgi Upgrade API Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 OS Command Injection Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 OS Command Injection Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 OS Command Injection Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Improper Shell Command Escaping in ansible-runner Leads to Command Execution in Host OS Command Injection Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 OS Command Injection Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 OS Command Injection Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Incorrect Default Permission Vulnerability in Reolink RLC-410W Firmware Upgrade API Default Permission Vulnerability in reolink RLC-410W v3.0.0.136_20121102 Incorrect Default Permission Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Incorrect Default Permission Vulnerability in reolink RLC-410W v3.0.0.136_20121102 Heap-based Buffer Overflow due to Integer Overflow in DPDecoder Service Arbitrary Code Execution Vulnerability in R3D SDK Firmware Update Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Use-After-Free Vulnerability in Foxit PDF Reader 11.1.0.52543 Authentication Bypass Vulnerability in Swift Sensors Gateway SG3-1010 Allows Remote Code Execution Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102's cgiserver.cgi API Command Parser Out-of-Bounds Read Vulnerability in Webroot Secure Anywhere 21.4 IOCTL GetProcessCommand and B_03 Out-of-Bounds Read Vulnerability in Webroot Secure Anywhere 21.4 IOCTL GetProcessCommand and B_03 Heap-Based Buffer Overflow in Sound Exchange libsox 14.4.2 and master commit 42b3557e NULL Pointer Dereference Vulnerability in gpac/gpac prior to 1.1.0 Vulnerability: Remote User-Selected Origin Server Forwarding in Apache HTTP Server Apache OpenOffice Vulnerability: Billion Laughs Denial of Service Attack via Crafted XML Files Vulnerability: Mishandling of SSL_ERROR_WANT_RETRY_VERIFY in OpenSSL 3.0 Exploiting Cross-site Scripting Vulnerability in Microsoft Dynamics Business Central Windows Media Center Privilege Escalation Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Windows Common Log File System Driver Privilege Escalation Vulnerability Remote Code Execution Vulnerability in MSHTML Affects Microsoft Windows Print Spooler Privilege Escalation Vulnerability in Windows Microsoft Accessibility Insights for Android: Information Disclosure Vulnerability Exposed Windows Kernel Win32k Elevation of Privilege Vulnerability Unauthenticated Remote Code Execution (RCE) Vulnerability in TP-Link Tapo C200 IP Camera Windows Kernel Win32k Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Exposed Content Vulnerability in Rich Text Edit Control Windows Installer Impersonation Vulnerability AD FS Security Feature Bypass Vulnerability in Windows Uncovering the Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 Customer Engagement Persistent XSS Vulnerability in TCMAN GIM v8.01 Windows RPC Runtime Security Bypass Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability Windows NAT DoS Vulnerability Windows Nearby Sharing Privilege Escalation Vulnerability Windows Text Shaping RCE Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Bind Filter Driver Information Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Missing Patch for CVE-2021-39242 in OpenShift 4.9.6 Release Exploiting the DirectX Graphics Kernel for Privilege Escalation Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Data Leakage Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability AppContainer Privilege Escalation Vulnerability in Windows Windows Event Tracing Privilege Escalation Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Out-of-Bounds Read Vulnerability in LAPACK and OpenBLAS Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Server Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word SharePoint Server Remote Code Execution Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Critical CSRF Vulnerability Found in LiveHelperChat Software Race Condition in ext4_write_inline_data_end in Linux Kernel FTP Client Address Validation Vulnerability in GNU Inetutils Reflected XSS Vulnerability in Gibbon Application Version 22 Allows for Arbitrary JavaScript Execution SQL Injection Vulnerability in Zoho ManageEngine OpManager's Support Diagnostics Module Hardcoded JWT Secret Key Vulnerability in AdaptiveScale LXDUI Denial-of-Service Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform SAP ICM Authentication Bypass Vulnerability SAP BusinessObjects Analysis (edition for OLAP) - Sensitive Data Exposure Vulnerability Denial of Service Vulnerability in SAP SuccessFactors Mobile Application for Android Code Injection Vulnerability in SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP Cross-site Scripting (XSS) Vulnerability in livehelperchat Unauthenticated File Retrieval Vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Reports) Privilege Escalation Vulnerability in SAP ABAP Platform Kernel Privilege Escalation Vulnerability in SAP Commerce SAP GUI for Windows Information Disclosure Vulnerability Transport Authorization Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform ALU Unit Overflow Flag Update Vulnerability Incorrect Overflow Flag Update in OR1200 ALU Unit Cross-Site Scripting (XSS) Vulnerability in JForum2 2.7.0 User Signature Field XXE Vulnerability in OBDA Systems' Mastro 1.0 Allows Remote File Reading Vulnerability: XML Entity Expansion Attack in OBDA Systems' Mastro 1.0 Denial of Service Vulnerability in WeeChat Relay Plugin via Crafted WebSocket Frame Stored Cross Site Scripting (XSS) Vulnerability in Airangel HSMX Gateway Devices CSRF Vulnerability in Airangel HSMX Gateway Devices Hard-coded Database Credentials in Airangel HSMX Gateway Devices Use After Free Vulnerability in Google Chrome Extension Installation Weak SSH Credentials in Airangel HSMX Gateway Devices Remote Code Execution Vulnerability in Airangel HSMX Gateway Devices (up to version 5.2.04) Contiki 3.0 Telnet Option Negotiation Denial of Service Vulnerability Unbounded File Upload Vulnerability in Pure-FTPd before 1.0.50 Path Traversal Vulnerability in Apache James ManagedSieve Implementation Buffer Overflow Vulnerability in Peleton TTR01: Denial of Service Attack via GymKit Daemon Sensitive Information Exposure in com.onepeloton.erlich Mobile App (v1.7.22) ElGamal Implementation Vulnerability in Libgcrypt: Cross-Configuration Attack against OpenPGP ElGamal Implementation Vulnerability: Plaintext Recovery via Cross-Configuration Attack Remote Code Execution via Use After Free in Google Chrome on Linux ElGamal Implementation in Crypto++: Cross-Configuration Attack against OpenPGP Remote Code Execution via Library Feeds Bypass in Sketch before 75 Document Extension Mishandling in Telegram Web K Alpha before 0.7.2 Title: Critical Server Side Request Forgery (SSRF) Vulnerability in ownCloud User_LDAP App Zoho ManageEngine ADSelfService Plus Authentication Bypass and Remote Code Execution Vulnerability Domain Spoofing Vulnerability in Google Chrome Autofill Missing con_info initialization and NULL check in ulfius_uri_logger Cross-Site Scripting (XSS) Vulnerability in PHPFusion 9.03.110's preg patterns filter html tag in descript() function Cross-Site Scripting (XSS) Vulnerability in Opensis-Classic Version 8.0 SQL Injection Vulnerability in Opensis-Classic Version 8.0's PasswordCheck.php File Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin Denial of Service Vulnerability Heap Buffer Overflow in Google Chrome Extensions: Exploiting Heap Corruption via Malicious Extension Installation Piwigo 11.5.0 LocalFiles Editor Remote Code Execution Vulnerability Arbitrary Code Execution via XSS Vulnerability in flatCore-CMS 2.2.15 Stack Overflow Vulnerability in ASUS RT-AX56U Router Version 3.0.0.4.386.44266 Null Pointer Dereference Vulnerability in gpac 1.0.1: Denial of Service via naludmx_parse_nal_avc Type Confusion Vulnerability in Google Chrome Loader Denial of Service Vulnerability in Gpac through 1.0.1 via mp4box's naludmx_enqueue_or_dispatch Function Null Pointer Dereference Vulnerability in Gpac through 1.0.1: Denial of Service via naludmx_create_avc_decoder_config Function Null Pointer Dereference Vulnerability in Gpac through 1.0.2: Denial of Service via avc_parse_slice Function Null Pointer Dereference Vulnerability in Gpac through 1.0.1: Denial of Service via gf_avc_parse_nalu function Heap Use After Free Vulnerability in Gpac through 1.0.1: Denial of Service via Segmentation Fault Segmentation Fault Vulnerability in Gpac through 1.0.1: Denial of Service via gf_odf_size_descriptor Function Buffer Overflow Vulnerability in Gpac through 1.0.1: Denial of Service, Code Execution, and Privilege Escalation Double-Free Vulnerability in MP4Box Allows for Denial of Service Use After Free Vulnerability in Google Chrome File API Double-Free Vulnerability in MP4Box in Gpac 1.0.1: Denial of Service, Code Execution, and Privilege Escalation Double-Free Vulnerability in MP4Box in Gpac 1.0.1: Denial of Service, Code Execution, and Privilege Escalation Double-Free Vulnerability in MP4Box in Gpac 1.0.1: Denial of Service Exploit Double-Free Vulnerability in MP4Box in Gpac 1.0.1: Denial of Service Exploit Double-Free Vulnerability in Gpac 1.0.1's MP4Box Allows for Denial of Service and Code Execution Null Pointer Dereference Vulnerability in MP4Box of Gpac 1.0.1 Null Pointer Dereference Vulnerability in MP4Box of Gpac 1.0.1 Stored XSS Vulnerability in Sourcecodester Online Enrollment Management System and PayPal Free Source Code 1.0 via Name Parameter Authenticated Blind & Error-based SQL Injection Vulnerability in Online Enrollment Management System and PayPal Free Source Code 1.0 Incorrect Access Control in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0: Remote Privilege Escalation Vulnerability Heap Buffer Overflow in ANGLE in Google Chrome: Remote Code Execution Vulnerability Integer Underflow Vulnerability in ZAngband Zangband-Data 2.7.5 Cross-Origin Data Leakage in Google Chrome Loader Infinite Loop Denial of Service Vulnerability in GPAC ISOBMFF Reader Filter SQL Injection Vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23 SQL Injection Vulnerability in Login.php of Online Learning System v2 by oretnom23 Hardcoded Administrator Credentials in EDIMAX IC-3140W Version 3.11 Firmware Server-Side Request Forgery (SSRF) Vulnerability in IPS Community Suite before 4.6.2 Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Type Confusion Vulnerability in V8: Remote Heap Corruption in Google Chrome (CVE-2021-37960) Emlog Pro v 1.0.4 Cross-Site Scripting (XSS) Vulnerability in Background Management Unauthenticated Command Execution Vulnerability in Opmantek Open-AudIT Unauthorized Password Modification Vulnerability in thinkcmf v5.1.7 SQL Injection Vulnerability in openSIS Community Edition 8.0 via ForgotPassUserName.php SQL Injection Vulnerability in openSIS Classic 8.0 via HoldAddressFields.php Parameters BFCache Heap Buffer Overflow in Google Chrome (CVE-2021-37975) Remote Code Execution Vulnerability in Google Chrome Developer Tools Memory Leak Vulnerability in gif2rgb.c in giflib 5.1.4 SQL Injection Vulnerability in OS4ED openSIS 8.0: ChooseCpSearch.php and ChooseRequestSearch.php SQL Injection Vulnerability in OS4ED openSIS 8.0's CheckDuplicateName.php Allows Database Information Extraction Cross-Site Scripting (XSS) Vulnerability in OS4ED openSIS 8.0's EmailCheckOthers.php Improper Access Control in Jfinal CMS 5.1.0 Allows Unauthorized Access to Sensitive Information Remote Code Execution via Use After Free in ChromeOS Screen Capture Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability Remote Code Execution Vulnerability in EyesOfNetwork's Mail Options Configuration SQL Injection Vulnerability in Oasys OA_System Notice Mapper SQL Injection Vulnerability in glorylion JFinalOA's FlowTaskController Heap Overflow Vulnerability in man2html 1.6g Arbitrary Memory Freeing Vulnerability in man2html 1.6g Missing HttpOnly Flag in Connx Version 6.2.0.1269 (20210623) Cookie Critical Use After Free Vulnerability in Google Chrome Autofill (CVE-2021-37975) Cookie Issuance Vulnerability: Insecure Flag Not Set in Connx Version 6.2.0.1269 (20210623) Local File Inclusion Vulnerability in OS4Ed OpenSIS Community 8.0 Modules.php (modname parameter) Information Disclosure Vulnerability in D-LINK-DIR-615 B2 2.01mt: Unauthorized Access to User Credentials Information Disclosure Vulnerability in D-LINK-DIR-605 B2 Firmware Version : 2.01MT Buffer Overflow Vulnerability in libsixel/src/quant.c:867 HTML Injection Vulnerability in Textpattern 4.8.7 via Content>Write>Body Heap Corruption via Crafted HTML Page in Google Chrome ReDoS Vulnerability in Delight Nashorn Sandbox 0.2.0 Allows for Denial of Service (DoS) Attack Remote Unauthenticated Directory Traversal Vulnerability in IND780 Advanced Weighing Terminals CSRF Vulnerability in Chamilo LMS 1.11.14 Allows Arbitrary Command Execution Prototype Pollution in deep.assign npm package 0.0.0-alpha.0 Path Traversal Vulnerability in Android Application HTTP File Server (Version 1.4.1) by 'slowscript' SQL Injection Vulnerability in Wuzhi CMS 4.1.0 via keywords Parameter in coreframe/app/promote/admin/index.php Use After Free Vulnerability in Google Chrome Window Manager on ChromeOS SQL Injection Vulnerability in Wuzhi CMS 4.1.0 via iparameter in card.php SQL Injection Vulnerability in Wuzhi CMS v4.1.0 via KeyValue Parameter in coreframe/app/order/admin/index.php Persistent Cross-Site Scripting Vulnerability in Piwigo 11.5.0's Single Mode Function Cross-Origin Data Leakage in Google Chrome New Tab Page (prior to 96.0.4664.93) Directory Traversal Vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via filename parameter in main.cgi Unquoted Path Vulnerability in Akamai EAA Client Unauthenticated Jolokia HTTP Endpoint Vulnerability in Talend ESB Runtime Vim Vulnerability: Use After Free Exploit XPath Transform Abuse in Apache Santuario - XML Security for Java Shibboleth Authentication Plugin Vulnerability: Session Hijack Risk Teacher Privilege Escalation: Unauthorized User Download Vulnerability Type Juggling Vulnerability Allows Authentication Bypass in External Database Authentication LaTeX Preamble Vulnerability Allows Unauthorized File Access Pre-release Quiz Grade Viewing Vulnerability Out-of-Bounds Read Vulnerability in Adobe Framemaker Allows Memory Disclosure Inherently Dangerous Function Vulnerability in ColdFusion 2021 and 2018.10 Improper Access Control Vulnerability in ColdFusion Versions 2021 Update 1 and Earlier Off-by-one Error in v2fly/v2ray-core prior to 4.44.0 Memory Corruption Vulnerability in Adobe Premiere Elements 2021.2235820 and Earlier Memory Corruption Vulnerability in Adobe Premiere Elements 2021.2235820 and Earlier Memory Corruption Vulnerability in Adobe Premiere Elements 2021.2235820 and Earlier Memory Corruption Vulnerability in Adobe Premiere Elements 2021.2235820 and Earlier Privilege Escalation Vulnerability in Adobe Genuine Service Installer Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Pro 15.4 and Earlier: Arbitrary Code Execution via Malicious .svg File Stored XSS Vulnerability in Adobe Experience Manager 6.5.9.0 and Earlier: Arbitrary Code Execution via Content Fragments Improper Input Validation Vulnerability in Adobe Experience Manager 6.5.9.0 and Earlier Improper Certificate Validation Vulnerability in Adobe Experience Manager Cold Storage Component Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.9.0 and Earlier via accesskey Parameter Memory Corruption Vulnerability in Adobe Premiere Pro 15.4 and Earlier: Arbitrary Code Execution via Malicious .exr File Out-of-Bounds Read Vulnerability in XMP Toolkit SDK 2021.07 and Earlier Arbitrary Remote Code Execution Vulnerability in Adobe Connect Server Elgg Vulnerability: Cross-Site Scripting (XSS) Deserialization of Untrusted Data Vulnerability in Ops CLI 2.0.4 and Earlier Allows Arbitrary Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect 11.2.3 and Earlier Versions XML External Entity (XXE) Injection Vulnerability in AEM Forms Cloud Service and Version 6.5.10.0 (and below) Leading to Remote Code Execution (RCE) Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions Path Traversal Vulnerability in Acrobat Reader for Android: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC Allows Arbitrary Code Execution Buffer Overflow Vulnerability Use-After-Free Vulnerability in Adobe Acrobat Reader DC Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader DC Unauthenticated User Login Vulnerability in RegistrationMagic WordPress Plugin Use-after-free vulnerability in Adobe Acrobat Reader DC allows remote attackers to disclose sensitive information Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader DC Null Pointer Dereference Vulnerability in XMP Toolkit 2020.1 and Earlier Memory Corruption Vulnerability in Adobe Animate 21.0.9 and Earlier: Arbitrary Code Execution via Malicious .psd File Memory Corruption Vulnerability in Adobe Audition: Arbitrary Code Execution via SVG Parsing Memory Corruption Vulnerability in Adobe Audition 14.4 and Earlier: Potential Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Audition 14.4 and Earlier: Potential Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Audition 14.4 and Earlier: Application Denial-of-Service via Malicious File Memory Corruption Vulnerability in Adobe Audition WAV File Parsing Memory Corruption Vulnerability in Adobe Audition 14.4 (and earlier) Allows Arbitrary Code Execution Stored Cross-Site Scripting Vulnerability in WHMCS Bridge WordPress Plugin Memory Corruption Vulnerability in Adobe Audition 14.4 (and earlier) Allows Arbitrary Code Execution Adobe Audition 14.4 (and earlier) Access of Memory Location After End of Buffer Vulnerability Null Pointer Dereference Vulnerability in Adobe Audition 14.4 and Earlier: Application Denial-of-Service via Malicious File Path Traversal Vulnerability in Adobe Campaign Version 21.2.1 and Earlier: Arbitrary Server File Reading Snipe-IT Vulnerability: Server-Side Request Forgery (SSRF) Null Pointer Dereference Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows for Application Denial-of-Service Memory Corruption Vulnerability in Adobe After Effects 18.4 and Earlier Memory Corruption Vulnerability in Adobe After Effects 18.4 and Earlier Memory Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe After Effects 18.4.1 and Earlier Null Pointer Dereference Vulnerability in Adobe After Effects 18.4.1 and Earlier Memory Corruption Vulnerability in Adobe After Effects 18.4.1 and Earlier Memory Corruption Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe After Effects 18.4.1 and Earlier: Arbitrary Code Execution via Malicious .m4a File Tang Vulnerability: Private Key Leakage in Network-based Cryptographic Binding Server Memory Corruption Vulnerability in Adobe After Effects 18.4.1 (and earlier) Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe After Effects 18.4.1 and Earlier Null Pointer Dereference Vulnerability in Adobe Character Animator: Application Denial-of-Service via Crafted File Memory Corruption Vulnerability in Adobe Character Animator 4.4 and Earlier: Arbitrary Code Execution via WAF File Parsing Memory Corruption Vulnerability in Adobe Character Animator 4.4 and Earlier: Arbitrary Code Execution via M4A File Parsing Memory Corruption Vulnerability in Adobe Character Animator 4.4 and Earlier: Arbitrary Code Execution via M4A File Parsing Out-of-Bounds Read Vulnerability in Adobe Character Animator Allows Memory Disclosure Adobe Character Animator 4.4 (and earlier) Access of Memory Location After End of Buffer Vulnerability Null Pointer Dereference Vulnerability in Adobe Character Animator: Application Denial-of-Service via Malicious File Out-of-Bounds Read Vulnerability in Adobe Character Animator Allows Memory Disclosure Memory Corruption Vulnerability in Adobe Prelude 10.1 (and earlier) Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Prelude 10.1 and Earlier: Arbitrary Code Execution via Malicious WAV File Memory Corruption Vulnerability in Adobe Prelude 10.1 (and earlier) Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Prelude 10.1 and Earlier: Application Denial-of-Service via Malicious File Null Pointer Dereference Vulnerability in Adobe Prelude 10.1 and Earlier: Application Denial-of-Service via Malicious File Memory Corruption Vulnerability in Adobe Prelude 10.1 (and earlier) Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Adobe Lightroom Classic Offline Installer Memory Corruption Vulnerability in Adobe Media Encoder 15.4.1 (and earlier) Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Media Encoder 15.4.1 (and earlier) Allows Application Denial-of-Service Memory Corruption Vulnerability in Adobe Media Encoder 15.4.1 (and earlier) Allows Arbitrary Code Execution Type Confusion Vulnerability in V8: Remote Heap Corruption in Google Chrome (CVE-2021-37960) Memory Corruption Vulnerability in Adobe Media Encoder 15.4.1 (and earlier) Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Media Encoder 15.4.1 (and earlier) Allows Application Denial-of-Service Null Pointer Dereference Vulnerability in Adobe Media Encoder 15.4.1 (and earlier) Allows Application Denial-of-Service Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Premiere Elements Memory Corruption Vulnerability in Adobe Premiere Elements Memory Corruption Vulnerability in Adobe Premiere Elements Null Pointer Dereference Vulnerability in Adobe Premiere Elements Null Pointer Dereference Vulnerability in Adobe Premiere Elements WebRTC Out of Bounds Write Vulnerability in Google Chrome (CVE-2021-37973) Use-After-Free Vulnerability in Adobe Premiere Pro Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Premiere Pro Allows Memory Disclosure Memory Corruption Vulnerability in Adobe Premiere Pro (CVE-2021-12345) Memory Corruption Vulnerability in Adobe Premiere Pro (CVE-2021-12345) Memory Corruption Vulnerability in Adobe Premiere Pro (CVE-2021-12345) Out-of-Bounds Read Vulnerability in Adobe Premiere Pro Allows Code Execution Null Pointer Dereference Vulnerability in Adobe Premiere Pro 15.4.1 and Earlier Allows for Application Denial-of-Service API Performance Degradation and Denial of Service Vulnerability in OpenStack Neutron Crater Vulnerability: Unrestricted Upload of Dangerous File Types Privilege Escalation Vulnerability in Jamf Pro Pimcore Cross-Site Scripting Vulnerability Out-of-Bounds Read Vulnerability in LibGD 2.3.2 Cross-Site Scripting (XSS) Vulnerability in Element-IT HTTP Commander 3.1.9 Zip Content Feature SQL Injection Vulnerability in Customer Photo Gallery Addon for PrestaShop Buffer Overflow Vulnerability in Glewlwyd SSO Server's FIDO2 Signature Validation Pimcore Cross-Site Request Forgery (CSRF) Vulnerability SSRF Vulnerability in GeoServer through 2.18.5 and 2.19.x through 2.19.2 Vulnerability: Room Key Sharing Logic Error in matrix-js-sdk Vulnerability: Room Key Sharing Logic Error in Element Android and Matrix SDK for Android Default Key Vulnerability in nLight ECLYPSE (nECY) System Controllers Clementine Music Player 1.3.1 User Mode Write Access Violation Vulnerability Clementine Music Player MP3 File Parsing Remote Code Execution Vulnerability Improper Server Certificate Hostname Verification in AWS IoT Device SDK v2 for Java, Python, C++, and Node.js on Windows Unverified Server Certificate Hostname Vulnerability in AWS IoT Device SDK v2 for Java, Python, C++, and Node.js on macOS Race Condition Vulnerability in Linux Kernel's Unix Domain Socket File Handlers Vulnerability: AWS IoT Device SDK v2 for Java, Python, C++, and Node.js CA Pinning Bypass Vulnerability: AWS IoT Device SDK v2 for Java, Python, C++, and Node.js CA Pinning Bypass on macOS F-Secure Atlant Denial-of-Service (DoS) Vulnerability Remote Exploitation of F-Secure Antivirus Engine via UPX File Unpacking Vulnerability F-Secure SAFE Browser for Android: User Interface Overlay Vulnerability URL Address Bar Spoofing Vulnerability in Safe Browser for iOS Remote Exploitable Denial-of-Service Vulnerability in F-Secure Antivirus Engine via Scanning MS Outlook .pst Files Remote Denial-of-Service Vulnerability in F-Secure Antivirus Engine Infinite Loop Remote Attack in rencode Package for Python Pimcore Cross-Site Scripting Vulnerability Stored XSS Vulnerability in LiveConfig 2.12.2 Admin/User Administration Form LiveConfig 2.12.2 Path Traversal Vulnerability: Unauthorized File Read SQL Injection Vulnerability in Proofpoint Insider Threat Management Server Unsafe Deserialization Vulnerability in Proofpoint Insider Threat Management Server Web Console Unrestricted File Upload and PHP Code Execution in Zenitel AlphaCom XE Audio Server Cleartext HTTP Vulnerability in Rhinode Trading Paints Remote Code Execution Vulnerability in Circle Parental Control Service on NETGEAR Routers CSV Injection Vulnerability in Mahara Web Services Token Account Vulnerability SQL Injection Vulnerability in TCMAN GIM WebService.asmx Lack of Authorization Vulnerability in TCMAN GIM WebService Methods Open Redirect Vulnerability in TCMAN GIM Allows Remote Information Disclosure Unauthorized Access to Privileged Resources Privilege Escalation via Open Chat Log Feature in AnyDesk Mismanagement of Certificate Governance in EU Technical Specifications for Digital COVID Certificates: Potential Use of Non-Production Public Key Certificate in Production Authentication Bypass Vulnerability in Auerswald COMfortel 1400 IP and 2600 IP Devices Privilege Escalation Vulnerability in Auerswald COMpact 5500R Devices Arbitrary File Disclosure Vulnerability in Auerswald COMpact 5500R Devices Critical Backdoor Vulnerability in Auerswald COMpact 5500R 7.8A and 8.0B Devices Grants Full Administrative Access SQL Injection Vulnerability in Genesys Intelligent Workload Distribution (IWD) Component SQL Injection Vulnerability in Genesys Intelligent Workload Distribution (IWD) 9.0.017.07 API Endpoint Information Disclosure Vulnerability in HashiCorp Terraform Enterprise Unescaped Fields Vulnerability in Translate Plugin for ONLYOFFICE Document Server Unsafe Deserialization Vulnerability in Apache Storm Supervisor Server Allows Pre-Auth Remote Code Execution Remote Admin Password Change Vulnerability in Certain NETGEAR Smart Switches Authentication Hijacking Race-Condition Vulnerability in Certain NETGEAR Smart Switches Reflected XSS Vulnerability in Cloudron 6.2 Login Page's returnTo Parameter Unrestricted File Upload and Arbitrary Code Execution Vulnerability in Aviatrix Controller 6.x Denial of Service Vulnerability in Softing Industrial Automation OPC UA C++ SDK Denial of Service and Unauthorized Access Vulnerability in Softing Industrial Automation uaToolkit Embedded Double Free Vulnerability in Softing Industrial Automation OPC UA C++ SDK and uaToolkit Embedded Authentication Bypass Vulnerability in LemonLDAP::NG 2.0.13 Sensitive Information Exposure through Improper Access Control in Gurock TestRail SQL Injection Vulnerability in Data Loss Protection (DLP) ePO Extension: Remote Code Execution and Privilege Escalation Arbitrary Code Execution Vulnerability in PublicCMS v4.0 BAT File Parameters Cross Site Scripting (XSS) Vulnerability in Piwigo 11.5.0 via System Album Name and Location Description emlog 5.3.1 Remote Code Execution (RCE) Vulnerability via content/plugins Sensitive Information Disclosure in Projectsend Version r1295 Directory Traversal Vulnerability in Projectsend Version r1295 Directory Traversal Vulnerability in Projectsend Version r1295 Cross Site Scripting (XSS) Vulnerability in Projectsend r1295 PHP Code Execution Vulnerability in CMSUno Version 1.7.2 Snipe-IT Vulnerability: Improper Access Control ReDOS Vulnerability in validate-color v2.1.0 Title: validate-data v0.1.1: ReDOS Vulnerability in Email Validation Title: underscore-99xp v1.7.2: ReDOS Vulnerability in deepValueSearch Function ReDOS Vulnerability in todo-regex v0.1.1 when Matching Invalid TODO Statements ReDOS Vulnerability in that-value v0.1.3: Crafted Invalid Email Validation Title: split-html-to-chars v1.0.5: Regular Expression Denial of Service (ReDOS) Vulnerability in HTML Splitting Scaffold-helper v1.2.0: Regular Expression Denial of Service (ReDOS) Vulnerability ReDOS Vulnerability in repo-git-downloader v0.1.1 NFSD Out-of-Bounds Memory Write Vulnerability in Linux Kernel ReDOS Vulnerability in regexfn v1.0.5: Denial of Service via Invalid Email Validation Title: scniro-validator v1.0.1: ReDOS Vulnerability in Email Validation Cross Site Scripting (XSS) Vulnerability in flatCore-CMS 2.0.8 Create New Page Option Static Secret String Vulnerability in Antminer Monitor 0.50.0 Remote Code Execution via Misconfigured Dokuwiki in CheckMK Raw Edition Web Management Console Remote Code Execution via Unsanitised Upload of .mkp Extension Packages in CheckMK Enterprise Edition Unauthenticated Reflected XSS Vulnerability in CheckMK Raw Edition (1.5.0 to 1.6.0) SQL Injection Vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23 SQL Injection Vulnerability in Login.php of Sourcecodester Purchase Order Management System v1 by oretnom23 Remote Code Execution via Cross-Site Scripting (XSS) in sourcecodester PHP CRUD Tutorial v1 Double-Free Vulnerability in 389-ds-base PHPCMS V9.6.3 Management Side Reflective XSS Vulnerability Critical CSRF Vulnerability Discovered in YetiForceCRM Arbitrary Web Script Injection Vulnerability in Detector 0.8.5 and Below Arbitrary Web Script Injection Vulnerability in bugs 1.8 and below Arbitrary Web Script Injection via Email Parameter in Bugs 1.8 and Below Arbitrary Web Script Injection Vulnerability in bugs 1.8 and below Arbitrary Web Script Injection Vulnerability in infaveo-helpdesk v1.11.0 and below Arbitrary Web Script Injection in getID3 1.X and v2.0.0-beta Arbitrary Web Script Injection Vulnerability in Spotify-for-Alfred 0.13.9 and Below FlexTV Beta Development Version index.php PHP_SELF Parameter Cross-Site Scripting (XSS) Vulnerability SEV-ES Vulnerability: Out-of-Bounds Access in KVM's AMD Code Unrestricted File Upload Vulnerability in Monstra 3.0.4 Denial of Service (DOS) Vulnerability in Bento4 1.6.0-638 Heap-buffer-overflow vulnerability in GPAC MP4Box v1.1.0 filter_parse_dyn_args function Null Pointer Reference Denial of Service Vulnerability in Bento4 1.6.0-638 Null Pointer Reference Denial of Service Vulnerability in GPAC MP4Box 1.1.0 NULL Pointer Dereference Vulnerability in Linux Kernel's KVM with Dirty Ring Logging Arbitrary File Upload Vulnerability in Laiketui 3.5.0 Critical SQL Injection Vulnerability in LaiKetui v3.5.0 Admin List SQL Injection Vulnerability in LaiKetui v3.5.0 Menu Management Function Fancy Product Designer Plugin for WordPress: Cross-Site Request Forgery Vulnerability in FPD_Admin_Import Class Directory Traversal Vulnerability in Galera WebTemplate 1.0 Exposes Sensitive System Files SQL Injection in CMS Made Simple <=2.2.15: Exploiting modules/News/function.admin_articlestab.php Path Traversal Vulnerability in TinyFileManager Allows Arbitrary File Upload and Directory Traversal CSRF Vulnerability in TinyFileManager Allows Unauthorized File Upload and Command Execution Stored XSS Vulnerability in TinyFileManager Arbitrary Web Script Injection Vulnerability in spotweb 1.5.1 and below Arbitrary Web Script Injection via firstname Parameter in spotweb 1.5.1 and Below Vulnerability: Improper Neutralization of CRLF Sequences in phpservermon Arbitrary Web Script Injection via Username Parameter in spotweb 1.5.1 and Below Arbitrary Web Script Injection Vulnerability in spotweb 1.5.1 and below Arbitrary Web Script Injection via mail Parameter in spotweb 1.5.1 and Below Arbitrary Web Script Injection via lastname Parameter in spotweb 1.5.1 and Below Arbitrary Script Injection in Ecommerce-CodeIgniter-Bootstrap via search_title Parameter Directory Traversal Vulnerability in mkdocs 1.2.2 Dev-Server (CVE-2021-40978) Sandbox Escape Vulnerability in Mojo in Google Chrome (CVE-2021-37975) Privilege Escalation Vulnerability in ASUS ROG Armoury Crate Lite Stack-based Buffer Under-read Vulnerability in htmldoc before 1.9.12 Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Directory Traversal Vulnerability Aruba ClearPass Policy Manager Local Escalation of Privilege Vulnerability Remote Code Execution Vulnerability in Swiftshader in Google Chrome Aruba ClearPass Policy Manager Remote Disclosure of Sensitive Information Vulnerability Aruba ClearPass Policy Manager Remote Disclosure of Sensitive Information Vulnerability Aruba ClearPass Policy Manager Remote SQL Injection Vulnerability Aruba ClearPass Policy Manager Remote SQL Injection Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Arbitrary Command Execution Vulnerability Heap Corruption Vulnerability in ANGLE in Google Chrome AOS-CX Command Line Interface Remote Code Execution Vulnerabilities in Aruba Switch Series Authenticated Remote Code Execution Vulnerability in Aruba AOS-CX Network Analytics Engine (NAE) Aruba AOS-CX Command Line Interface Remote Path Traversal Vulnerabilities Unauthenticated Command Injection Vulnerabilities in Aruba AOS-CX API Interface Aruba Instant On 1930 Switch Series Remote Code Execution Vulnerability Aruba Instant On 1930 Switch Series Remote Code Execution Vulnerability Heap Buffer Overflow in Swiftshader in Google Chrome Potential Information Exposure Vulnerability in LINE iOS Client Improper Access Control Vulnerability in FortiWeb Log & Report Browse Section Uncontrolled Resource Consumption Vulnerability in Fortinet FortiWeb Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiWeb SAML Login Handler Command Injection Vulnerability in Fortinet FortiExtender Versions 7.0.1 and below, 4.2.3 and below, 4.1.7 and below Heap-based Buffer Overflow Vulnerabilities in FortiWeb Web API Controllers OS Command Injection Vulnerability in Fortinet FortiWeb FortiOS LDAP Server Connection Vulnerability Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-30563) Improper Access Control Vulnerability in FortiIsolator 2.3.2 and Below Allows Unauthorized CA Certificate Regeneration FortiNAC Privilege Escalation Vulnerability: Admin User Exploitation via Sudo Command Improper Privilege Management in Fortinet FortiSIEM Windows Agent 4.1.4 and Below: Exploiting Privileged Code Execution via PowerShell Scripts Unprotected Storage of Credentials in Fortinet FortiSIEM Windows Agent: Disclosure of Agent Password Relative Path Traversal Vulnerability in FortiOS and FortiProxy Authentication Bypass Vulnerabilities in FortiWeb's Confd Authentication Mechanism Relative Path Traversal Vulnerability in FortiWeb Versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 Stack-Based Buffer Overflow in Fortinet FortiWeb Allows Unauthorized Code Execution via Crafted Certificates Man-in-the-Middle Attack Vulnerability in FortiClientEMS and FortiClient Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiWLM Version 8.6.1 and Below Stored Cross-site Scripting (XSS) vulnerability in GitHub repository vanessa219/vditor prior to version 1.0.34 SAML Authentication Bypass Vulnerability in FortiClient EMS FortiClient for Windows Privilege Escalation via Relative Path Traversal Vulnerability Improper Access Control Vulnerability in FortiOS Versions 6.4.8 and Prior and 7.0.3 and Prior Vulnerability: Man-in-the-Middle Attack Exploiting HTTP p2 Repos in Eclipse Equinox Vulnerability: Insecure Binary Retrieval in Eclipse Che 6 Stacks Vulnerability: JVM Allows Invocation of Inaccessible Interface Methods in Eclipse Openj9 Unvalidated rem_len Size in Eclipse Paho MQTT C Client's readpacket Vulnerability Unauthenticated Code Execution during Eclipse p2 Installation Webview Hijacking Vulnerability in Eclipse Theia Plugin-Ext (CVE-2021-12345) Excessive CPU Usage and Denial of Service Vulnerability in Eclipse Mosquitto MQTT v5 Client Log4j 1.2 JMSAppender Remote Code Execution Vulnerability Unsanitized CoAP Parsing in Eclipse Wakaama Unverified Method Invocation Vulnerability in Eclipse Openj9 XML External Entity (XXE) Vulnerability in Eclipse Lyo AddressSanitizer Triggered by Use After Free Vulnerability in tcpslice Remote Code Inclusion Vulnerability in BG-TEK COSLAT Firewall Buffer Overflow in tftpd_file.c in atftp through 0.7.4 Denial of Service Vulnerability in Gajim XMPP Client Unrestricted Overwriting of Linked Files via Crafted CmDongles Symbolic Link in WIBU CodeMeter Runtime Privilege Escalation Vulnerability in Snow Inventory Java Scanner Nonce Reuse Vulnerability in RIOT-OS 2021.01's 802.15.4 Encryption Aanderaa GeoView Webservice Prior to Version 2.1.3 SQL Injection Vulnerability Privilege Escalation via Named Pipe Impersonation in Listary Bypassing UAC Protection in Listary Insecure Update Process Allows for MITM Exploitation and Installation of Malicious Content Cross-Site Scripting (XSS) Vulnerability in YetiForceCRM Directory Traversal and Symbolic Link Vulnerability in Squashfs-Tools 4.5 Privilege Escalation via loop_rw_iter in Linux Kernel 5.10 through 5.14.6 SQL Injection Vulnerability in Zoho ManageEngine OpManager NetFlow Analyzer Unintended Secret Data Sharing Vulnerability in Travis CI Activation Process Arbitrary Code Execution Vulnerability in Nameko (through 2.13.0) via Config File Deserialization Denial of Service Vulnerability in Apache Tomcat TLS Packet Validation Cross-site Scripting (XSS) Vulnerability in Snipe-IT SQL Injection Vulnerability in Zoho ManageEngine Network Configuration Manager's Hardware Details Search SQL Injection Vulnerability in Zoho ManageEngine Network Configuration Manager Exposure of Private Message Titles and Participating Users in Discourse CSRF Vulnerability in Dada Mail Allows Unauthorized List Control Panel Access Vulnerability: Response-Splitting and Request-Splitting Attacks in http4s DOM-based XSS vulnerability in jsuites allows for JavaScript injection via clipboard content In-toto-golang Vulnerability: Bypassing DISALLOW Rules via Path Traversal Remote Code Execution Vulnerability in Elvish Web UI Backend Vulnerability: Privilege Escalation via Docker Engine's `docker cp` Command Exposure of Inline Secrets in Grafana Agent Insufficiently Restricted Permissions in Moby (Docker Engine) Allows Unauthorized Execution of Programs Vulnerability: Docker CLI Misconfigured Configuration File Credential Leakage Account Takeover Vulnerability in Wire Messenger Bypassing Encryption at Rest in Wire Messenger by Disabling Device Passcode Cross-Site Scripting (XSS) Vulnerability in Discourse Versions 2.7.7 and Earlier Weak Cryptographic Algorithm Vulnerability in Rucky USB HID Rubber Ducky Launch Pad for Android Prototype Pollution Vulnerability in aurelia-path (<=1.1.6) Allows Manipulation of Object Prototype Nokogiri Rubygem SAX Parser External Entity Resolution Vulnerability Integer Overflow Vulnerability in Redis String Library NULL Pointer Dereference Vulnerability in mruby Privilege Escalation via Short-Lived Token in Wire-Server CORS Misconfiguration Allows XSS-based Cookie Theft in wire-server Insufficiently Restricted Permissions in containerd Allows Unauthorized Access and Execution Vulnerability: Unauthenticated OTA Updates in ESPHome Denial of Service Vulnerability in FreeSWITCH Prior to Version 1.10.7 Vulnerability: Incorrect Usage of HMAC-based Algorithms with Local File Reference Key in JWT Library Session Token Leakage in Parse Server LiveQuery Payloads Business Logic Errors in YetiForceCRM: A Critical Vulnerability Deserialization of Untrusted Data Vulnerability in cwlviewer Unauthorized Access to Webhook Definitions and Tokens in Rundeck Unauthorized Modification and Deletion of Calendars in Rundeck TYPO3 v11 Backend Deep Link Cross-Site Request Forgery Vulnerability Host Spoofing Vulnerability in TYPO3 CMS Denial-of-Service Vulnerability in Zulip's Linkifiers Configuration Command Injection Vulnerability in Composer for Windows Users Vulnerability: Insecure Random Number Generation in keypair Library (`GHSL-2021-1012`) Regex Denial of Service (ReDoS) Vulnerability in DynamicPageList3 Extension Denial of Service Vulnerability in wire-server Releases Prior to v2022-03-01 Job Isolation Escape Vulnerability in Ansible Tower Vulnerability: Predictable Payment Page URL and Personally Identifiable Information Exposure in Sylius/PayPalPlugin Memory Corruption Vulnerability in Vyper Smart Contract Language Decimal Argument Validation Vulnerability in Vyper Smart Contract Language Vulnerability: Unrestricted Access to /metrics Endpoint in Survey Solutions Exposure of Credentials in Scrapy-Splash HttpAuthMiddleware Exposing HTTP Authentication Credentials in Scrapy Requests Vulnerability: Persistent Administrator Account Access in October CMS v2.0 Vulnerability: Arbitrary File Overwrite in Rasa's Model Loading Functionality CSV Injection Vulnerability in Hygeia Application Arbitrary User Authentication Bypass in Pterodactyl Game Server Management Panel Vulnerability: ESPv1 allows multiple X-Endpoint-API-UserInfo headers, leading to potential authorization bypass Path traversal vulnerability in python-tuf allows arbitrary file overwrite Cross-Site Scripting (XSS) Vulnerability in OMERO.web Privilege Escalation via AF_UNIX Sockets in Flatpak Stored Cross-Site Scripting (XSS) Vulnerability in nbdime's diffNotebookCheckpoint Function Non-deterministic Behavior in ValidateBasic Method of Cosmos-SDK x/authz Module Leads to Consensus Halt HTTP Request Smuggling Vulnerability in Puma Server Vulnerability: Policy Restriction Bypass in Minio Kubernetes Application Frontier-Specific Extrinsic Validation Bypass Vulnerability Cross-Site Scripting (XSS) vulnerability in Anuko Time Tracker Visibility of Reactions in Secure Topics and Private Messages in Discourse-Reactions Plugin PJSIP Denial of Service Vulnerability Cross-Site Scripting Vulnerability in Tuleap Open ALM Arbitrary Code Execution Vulnerability in OpenMage LTS Remote Code Execution Vulnerability in OpenMage LTS Denial of Service via SIP Flooding in FreeSWITCH Arbitrary Code Execution via qutebrowserurl: URL Handler Arbitrary SQL Query Execution Vulnerability in Tuleap Open ALM Arbitrary SQL Query Execution in Tuleap Open ALM Arbitrary Content Overwrite Vulnerability in Tough Library Polkit Vulnerability: Unprivileged User Can Cause Process Crash and Service Outage Improper Sanitization of Delegated Role Names in Tough Library (CVE-2021-38154) Sensitive File Exfiltration via Custom Scaffolder Template in Backstage Arbitrary File Read Vulnerability in OpenOlat LMS Vulnerability: Incorrect Order of Checks in JUMPI Opcode in EVM Crate Arbitrary SQL Query Execution in Tuleap SVN Core Repository SQL Injection Vulnerability in Tuleap CVS Repository Browsing and Search Cross-Site Scripting (XSS) Vulnerability in Anuko/TimeTracker Unauthenticated SUBSCRIBE Vulnerability in FreeSWITCH SIP Digest Leak Vulnerability in FreeSWITCH Out-of-Bounds Memory Write Vulnerability in FreeRDP Cross-Site Scripting (XSS) Vulnerability in YetiForceCRM Out of Bound Write Vulnerability in FreeRDP CSV Injection Vulnerability in Combodo iTop Cross-Site Scripting Vulnerability in Combodo iTop 3.0.0 Beta Releases Remote Code Execution Vulnerability in Discourse CKEditor 4 Advanced Content Filter (ACF) HTML Injection Vulnerability CKEditor 4 HTML Processing Module Malformed Comments Injection Vulnerability Sensitive Information Disclosure in Nextcloud Android App Unpatched Concurrency Bug in modern-async Library's forEachSeries and forEachLimit Functions Weak Hash Function Vulnerability in Snudown Markdown Parser Stored Cross-Site Scripting Vulnerability in Sulu CMS Business Logic Errors in YetiForceCRM: A Critical Vulnerability Vulnerability: Execution of Closures in neoan3-apps/template eLabFTW Brute-Force Protection Bypass Vulnerability Self-XSS vulnerability in AS_Redis plugin for AntSword prior to version 0.5 allows code execution Crash Vulnerability in Go Ethereum Prior to v1.10.9 Arbitrary JavaScript Execution in Grafana Login Page Cross-Site Scripting Vulnerability in Pi-hole's Web Interface User Logout Vulnerability in Pterodactyl Game Server Management Panel Unlimited Rate-Limiting Vulnerability in Nextcloud Server File Traversal and SVG Download Vulnerability in Nextcloud Unauthenticated Access to Nextcloud Talk Channels via Public Pages Title: PyTorch-Lightning Deserialization Vulnerability Open-Redirect Vulnerability in Nextcloud Talk Android Client Insecure Lockscreen Detection in Nextcloud Android Talk App Untrusted Code Execution in jQuery UI Datepicker's altField Option Untrusted Code Execution in jQuery UI Datepicker Widget Untrusted Code Execution in jQuery UI's `.position()` Util File Download Vulnerability in Mycodo Versions Prior to 8.12.7 Regular Expression Denial of Service (ReDoS) Vulnerability in Fluentd's parser_apache2 Plugin SQL Injection Vulnerability in DHIS2 API Endpoints Cross-Site Scripting Vulnerability in Shopware Versions Prior to 5.7.6 Vulnerability: Privilege Escalation in DSpace 7.0 Unveiling the Weakness: Improper Access Control in BookStack Ambiguous Content-Type Header Vulnerability in OCI Distribution Specification Unauthenticated Access to Roblox Product Files in Roblox-Purchasing-Hub Default value vulnerability in Redash installations Remote Format String Vulnerability in wire-avs 7.1.12 and Earlier Versions Unauthenticated Account Access in FirstUseAuthenticator Denial of Service Vulnerability in TensorFlow's `tf.math.segment_*` Operations Vulnerability: Segfault Triggered by Negative or Zero Pool Size in TensorFlow's Keras Pooling Layers Integer Overflow in TensorFlow's Tensor Dimensions (CVE-2021-29584) Integer Overflow Vulnerability in TensorFlow's tf.tile() Function TensorFlow Crash Vulnerability Due to Integer Overflow in tf.image.resize Inadequate Validation in snapd 2.54.2 Allows Arbitrary AppArmor Policy Injection Crash vulnerability in TensorFlow's tf.summary.create_file_writer with non-scalar arguments Uninitialized Variable Access in TensorFlow's EinsumHelper::ParseEquation() Function Vulnerability: Integer Overflow in TensorFlow's tf.range Kernel Vulnerability: Checkpoints Loading Infrastructure Missing Validation in TensorFlow Resource tensor deep copy vulnerability in TensorFlow's Grappler optimizer phase Heap Overflow Vulnerability in TensorFlow's QuantizeAndDequantizeV* Operations Missing Shape Validation in TensorFlow Operations: Potential Crashes and Heap Manipulation Vulnerability Division by 0 vulnerability in TensorFlow's ParallelConcat implementation Unvalidated Code in TensorFlow Boosted Trees API Allows for Denial of Service and Heap Buffer Manipulation Division by 0 vulnerability in TensorFlow convolution operators Cross-Site Scripting (XSS) Vulnerability in YetiForceCRM Out-of-Bounds Read Vulnerability in TensorFlow's `SparseCountSparseOutput` Shape Inference Functions Heap Out-of-Bounds Read in TensorFlow's QuantizeV2 Shape Inference Code Out-of-Bounds Read Vulnerability in TensorFlow's `tf.ragged.cross` Shape Inference Code Deadlock Vulnerability in TensorFlow's `tf.function` API Null Pointer Dereference in TensorFlow's `tf.ragged.cross` Shape Inference Code Null Pointer Dereference in TensorFlow's DeserializeSparse Shape Inference Heap Buffer Overflow in TensorFlow's Shape Inference Function for Transpose Null Pointer Exception in TensorFlow Control Flow Graph Building Division by 0 vulnerability in TensorFlow's shape inference code for `AllToAll` Vulnerability in TensorFlow's Sparse Matrix Multiplication with Nullptr Binding LUKS Header Vulnerability: Forced Encryption Disabling via Crafted Header Memory Leak and Use After Free Vulnerability in TensorFlow's async implementation of CollectiveReduceV2 Heap Buffer Overflow in TensorFlow's Shape Inference Code for Cudnn Operations Segfault Vulnerability in TensorFlow's `SplitV` Implementation Heap OOB Access Vulnerability in TensorFlow's FusedBatchNorm Kernels Heap OOB Access in TensorFlow's SparseFillEmptyRows Implementation Uninitialized Variable Vulnerability in TensorFlow's Grappler Optimizer Heap OOB Access Vulnerability in TensorFlow's SparseBinCount Implementation Arbitrary Memory Read Vulnerability in TensorFlow's ImmutableConst Operation Code Injection Vulnerability in TensorFlow's `saved_model_cli` Tool Memory Leak Vulnerability in BlueZ Bluetooth Protocol Stack Critical CSRF Vulnerability Found in LiveHelperChat Software Inconsistent Policy Evaluation in Pomerium Identity-Aware Access Proxy Arbitrary Code Execution Vulnerability in OpenMage LTS LDAP Injection Vulnerability in Thunderdome Vulnerability: Information Disclosure in Nextcloud Text Application XSS Vulnerability in OroPlatform Email Template Preview Vulnerability: Hangfire Dashboard Allows Remote Requests by Default User Enumeration Vulnerability in Nextcloud Server Cross-site Scripting (XSS) Vulnerability in Janus-Gateway Lack of Permission Check in Nextcloud Groupfolders Application Allows Unauthorized Access Path Traversal Vulnerability in OpenOlat Prior to Versions 15.5.12 and 16.0.5 Zip Slip and OS Command Injection Vulnerabilities in baserCMS Management System Unauthorized Access to Users in Multiple Organizations in Grafana CSRF Token Bypass in Combodo iTop Versions Prior to 2.7.6 and 3.0.0 Session Fixation Vulnerability in Express OpenID Connect (<=2.5.1) Incomplete Logout Vulnerability in JupyterHub Vulnerability: Cross-Site Scripting (XSS) in GraphiQL GraphQL Playground React XSS Vulnerability Incomplete Removal of JndiLookup.class Files in OpenShift Metering Hive Containers (CVE-2021-44228 and CVE-2021-45046) Bypassing Moderation Filters by Combining Non-Blacklisted URLs and Triggering Filter Tokens Vulnerability: User Information Leakage in Destination Caching Cross-Site Scripting (XSS) Vulnerability in Kirby's Writer Field Heap Buffer Overflow in Zydis Versions v3.2.0 and Older Privilege Escalation via Kubernetes Secrets in kustomize-controller Arbitrary Intent Reflection Vulnerability in Nextcloud News-Android Cross-Site Scripting (XSS) vulnerability in Kirby CMS image block snippet Inadequate Signature Validation in Thunderbird < 91.4.1 Cross Site Request Forgery Vulnerability in Galette Versions Prior to 0.9.6 Stored Cross Site Scripting Vulnerability in Galette 0.9.6 and Earlier Versions SQL Injection Vulnerability in Galette Membership Management Web Application Vulnerability in Rails Multisite Allows Cookie Reuse in Multi-Site Applications Uninitialized Implementation Contracts Vulnerability in OpenZeppelin Contracts Improper Authentication Vulnerability in Flask-AppBuilder REST API Authentication Bypass Vulnerability in Minio Operator Console Web Cache Poisoning Vulnerability in Symfony/Http-Kernel 5.2 Vulnerability: Insecure Remember Me Cookie Handling in Symfony/SecurityBundle Template Injection in cron-utils allows for unauthenticated Remote Code Execution (RCE) vulnerability Critical Vulnerability in Outdated Graphics Library Puts Thunderbird and Firefox ESR at Risk CSV Injection Vulnerability in Symfony/Serializer Caching Vulnerability in Discourse Allows for Content Confidentiality Loss Signed Type Coercion Error in Besu Ethereum Client CSRF-based Attack on Pterodactyl Game Server Management Panel CSRF Vulnerability in solidus_auth_devise Allows User Account Takeover CSRF Vulnerability in spree_auth_devise Allows User Account Takeover Improper Sanitization of LDAP Search Filter in Tuleap Vulnerability: Local File Inclusion in Metabase Custom GeoJSON Map Support Broken Encryption in AES Transform in EdgeX Foundry Releases Path Traversal Vulnerability in BaserCMS Memory Corruption Vulnerability in Firefox on MacOS during Fullscreen Mode Transition Command Injection Vulnerability in Sharetribe Go Arbitrary File Download Vulnerability in Synapse Media Repository Sed Data Injection Vulnerability in pfSense 2.5.2's diag_routes.php Privilege Escalation in Ballistix MOD Utility through 2.0.2.5 via MODAPI.sys Driver Component Client-side authentication vulnerability in Omikron MultiCash Desktop 4.00.008.SP5 allows unauthorized access to administrative accounts SQL Injection Vulnerability in Zoho ManageEngine OpManager's getReportData API Memory Buffer Overflow Vulnerability in ASUS P453UJ BIOS Memory Corruption Vulnerabilities in Firefox 94 Arbitrary File Write and Path Traversal Vulnerability in ECOA BAS Controller Path Traversal Content Disclosure Vulnerability in ECOA BAS Controller Authentication Bypass Vulnerability in ECOA BAS Controller: Exploiting Cookie Poisoning to Compromise Smart Homes and Buildings Path Traversal Vulnerability in ECOA BAS Controller Allows Arbitrary File Disclosure Path Traversal Vulnerability in ECOA BAS Controller Allows Arbitrary File Deletion Cross-Site Request Forgery Vulnerability in ECOA BAS Controller Allows Remote Command Execution Weak Default Administrative Credentials in ECOA BAS Controller: A Gateway to Full System Control Weak Access Control Mechanism in ECOA BAS Controller Allows Remote Privilege Escalation via Plain-Text Credential Disclosure Insecure Direct Object References in ECOA BAS Controller: Remote Authorization Bypass and Privileged Functionality Execution Vulnerability: Hard-coded Credentials in ECOA BAS Controller's Linux Distribution Image Snipe-IT Vulnerability: Cross-Site Request Forgery (CSRF) Vulnerability: ECOA BAS Controller Exposes User Account and Passwords in Plain Text Vulnerability: ECOA BAS Controller Configuration Disclosure via HTTP GET Request Clear-text storage of sensitive data in ECOA BAS controller allows remote attacker to obtain user privileges and passwords. Authentication Bypass Vulnerability in Apache Shiro with Spring Boot Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Insecure Direct Object References (IDOR) Vulnerability in Atlassian Jira Server and Data Center Insecure Direct Object References (IDOR) Vulnerability in Atlassian Jira Server and Data Center Insecure Direct Object References (IDOR) vulnerability in Atlassian Jira Server and Data Center allows unauthorized access to private project and filter names via Workload Pie Chart Gadget Broken Access Control vulnerability in Atlassian Jira Server and Data Center allows unauthorized modification of File Replication settings Broken Authentication Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Audit Log Export Critical CSRF Vulnerability Found in LiveHelperChat Software Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Broken Authentication Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Modification of Users & Roles Improper Authentication Vulnerability in Atlassian Jira Service Management Issue Collectors Improper Authorization Vulnerability in Atlassian Jira Server and Data Center (CVE-2021-26084) Unauthenticated File Creation and Admin Privilege Escalation in NETGEAR Smart Switches Arbitrary OS Command Execution and Privilege Escalation in Device42 Remote Collector Arbitrary File Overwrite Vulnerability in Device42 Main Appliance Improper Authentication Enforcement in XSS Hunter Express before 2021-09-17 Unsanitized Input Vulnerability in In Progress WhatsUp Gold Cross-site Scripting (XSS) Vulnerability in livehelperchat Hardcoded Credentials Vulnerability in Wallstreet Suite TRM 7.4.83 (64-bit edition) Privilege Escalation: Low-privileged users can change Admin password in Poly VVX 400/410 5.3.1 Directory Traversal Vulnerability in Pydio Cells 2.2.9 Compress Feature Directory Traversal Vulnerability in Pydio Cells 2.2.9 Copy, Move, and Delete Features Broken Access Control for User Creation in Pydio Cells 2.2.9: Unauthorized User Creation and Admin Privilege Escalation Shell Command Injection in MISP OpendataExport.php Information Exposure in Datalust Seq before 2021.2.6259 due to View Filter Bypass Keycloak Vulnerability: Unauthorized Creation of Default User Accounts via Administrative REST API Windows Media Foundation Remote Code Execution Vulnerability Windows Media Audio Decoder RCE Vulnerability Windows Print Spooler Information Disclosure Vulnerability Exposes Sensitive Data Print Spooler Privilege Escalation Vulnerability in Windows Windows Desktop Bridge Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Information Leakage Vulnerability Active Directory Security Feature Bypass Vulnerability: A Critical Flaw in User Authentication Windows AppContainer Firewall Rules Bypass Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability SQL Injection Vulnerability in Fancy Product Designer WordPress Plugin (Versions up to 4.7.4) Exploiting the Windows Graphics Component for Remote Code Execution Critical Remote Code Execution Vulnerability in Windows MSHTML Platform Windows Fast FAT File System Driver Information Disclosure Vulnerability SharePoint Server Remote Code Execution Vulnerability Storage Spaces Controller Privilege Escalation Vulnerability Console Window Host Security Bypass Vulnerability Windows AppX Deployment Service Privilege Escalation Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Linux Kernel eBPF Memory Leak Vulnerability in Simulated Networking Device Driver Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication IE Mode Spoofing Vulnerability in Microsoft Edge (Chrome based) SCOM Data Exposure Vulnerability Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability: Impersonation Risk for Users Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Sensitive Information Exposure in .NET Core and Visual Studio Windows System Crash Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Heap-based Buffer Overflow Vulnerability in Vim Critical Remote Code Execution Vulnerability in HEVC Video Extensions Identity Spoofing Vulnerability in Active Directory Federation Server Intune Management Extension Security Bypass Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Defender for IoT CredSSP Elevation of Privilege Vulnerability NTFS Privilege Escalation Vulnerability Access Remote Code Execution Vulnerability NTFS Privilege Escalation Vulnerability Exposed Secrets: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Power BI Report Server Template File XSS and CSRF Vulnerability FSLogix Information Leakage Vulnerability Azure Sphere Information Leakage Vulnerability Azure Sphere Information Leakage Vulnerability Azure Sphere Information Leakage Vulnerability Windows Fast FAT File System Driver Privilege Escalation Vulnerability NTFS Remote Code Execution: A Critical Windows Vulnerability Windows Installer Privilege Escalation Vulnerability Enhanced Host Header Validation to Mitigate Request Spoofing Vulnerability Denial of Service Vulnerability in RealVNC Viewer 6.21.406 Directory Traversal Vulnerability in Payara Micro Community 5.2021.6 and Below WebAdmin Server Management Interface Mishandling in Plastic SCM before 10.0.16.5622 Arbitrary Command Execution Vulnerability in NETGEAR R6020 1.0.0.48 via setup.cgi SSRF Vulnerability in Securonix SNYPR 6.3.1 Build 184295_0302 Privilege Escalation in seatd-launch in seatd 0.6.x before 0.6.2 Local Privilege Escalation Vulnerability in Netskope Client for macOS Pimcore Cross-Site Scripting Vulnerability CSV Injection Vulnerability in Ericsson ECM User Profile Management Section Stored XSS Vulnerability in Ericsson ECM User Profile Management Endpoint Remote Command Execution via IPC Interface in Boost Note Forgery of SSH Host Certificates in Teleport Versions 4.4.11 and below, 5.x versions before 5.2.4, 6.x versions before 6.2.12, and 7.x versions before 7.1.1 Build Artifact Alteration Vulnerability in Teleport Database Connection String Manipulation Vulnerability Heap-based Buffer Overflow in Live555 through 1.08 Allows for DoS Attack via Socket Connections XSLT Markup Bypass Vulnerability in Firefox ESR, Firefox, and Thunderbird Remote Code Execution Vulnerability in flatCore-CMS v2.0.8 Server-Side Request Forgery Vulnerability in flatCore-CMS version 2.0.8 SQL Injection Vulnerability in VoIPmonitor WEB GUI (Version 24.61) through api.php and user Parameter XML External Entity (XXE) Vulnerability in Drools KieModuleMarshaller.java Buffer Overflow Vulnerability in ok-file-formats Master 2021-9-12 Cross-Site Scripting (XSS) Vulnerability in Subscription-Manager v1.0 /main.js Unauthenticated Access Control Vulnerability in AriaNg v0.1.0~v1.2.2 Critical Vulnerability: Remote Code Execution in QVIS NVR DVR (Pre-2021-12-13) via Java Deserialization Improper Authentication Flaw in Candlepin Component of Red Hat Satellite Allows Unauthorized SCA Certificate Usage Stored XSS Vulnerability in MaianAffiliate v.1.0 Allows Arbitrary JavaScript Code Execution MaianAffiliate v.1.0: PHP Code Injection Vulnerability Enables Remote Code Execution CSRF Vulnerability in Beeline Smart Box 2.0.38 via mgt_end_user.htm Cross Site Scripting (XSS) Vulnerability in Beeline Smart Box 2.0.38 via choose_mac Parameter Cross-site Scripting (XSS) Vulnerability in bigbluebutton/bigbluebutton prior to 2.4.0 Stored Cross-Site Scripting (XSS) Vulnerability in FlatPress 1.2.1 Authentication Bypass via SQL Injection in Resumes Management and Job Application Website Application Stored Cross-Site Scripting (XSS) Vulnerability in Expense Management System Application Version 1.0 CAPTCHA Bypass Vulnerability in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911 HTTP Request Smuggling Vulnerability in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, leading to Denial of Service (DoS) HTTP Response Splitting Vulnerability in ASUS RT-AX88U Allows Unauthorized Access to Cloud Storage OS Command Injection Vulnerability in TP-Link TL-WR802N V4(JP) Wi-Fi Router Firmware Remote Unauthenticated DoS Vulnerability in D-Link DIR-X1860 Web Application HTTP Smuggling Vulnerability in D-Link DIR-X1860 Web Application Reflected Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-X1860 Web Application Path Traversal Vulnerability in Netgear RAX35, RAX38, and RAX40 Routers NULL Pointer Dereference Vulnerability in QEMU's Block Mirror Layer HTTP Request Smuggling Vulnerability in TP-Link AX10v1 before v1_211117 Cache Poisoning Vulnerability in TP-Link AX10v1 Web Interface Stack Buffer Overflow in MP4Box v1.0.1: Denial of Service Vulnerability in nhmldmx_send_sample() Function Stack Buffer Overflow in MP4Box 1.1.0: Denial of Service Vulnerability in nhmldmx_init_parsing Stack Buffer Overflow in GPAC MP4Box v1.1.0: Denial of Service Vulnerability Stack Buffer Overflow in MP4Box v1.0.1: Denial of Service Vulnerability in nhmldmx_send_sample() Function Critical Business Logic Errors in pimcore/pimcore: Vulnerability in Versions Prior to 10.2.6 ECShop 4.1.0 SQL Injection Vulnerability: Exploiting Sensitive Information Exposure Arbitrary Web Script Injection Vulnerability in concrete5-legacy 5.6.4.0 and below Arbitrary Web Script Injection Vulnerability in concrete5-legacy 5.6.4.0 and below Arbitrary Web Script Injection in concrete5-legacy 5.6.4.0 and below Arbitrary Web Script Injection Vulnerability in concrete5-legacy 5.6.4.0 and below Arbitrary Web Script Injection Vulnerability in concrete5-legacy 5.6.4.0 and Below Arbitrary Web Script Injection Vulnerability in JustWriting 1.0.0 and Below Denial of Service Vulnerability in libvirt libxl Driver SQL Injection Vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23 SQL Injection Vulnerability in Sourcecodester Simple Membership System v1 by oretnom23: Arbitrary SQL Command Execution Linux Kernel Block Invalidation Vulnerability NOKIA VitalSuite SPM 2020 SQL Injection Vulnerability via UserName' Improper Lock Operation in btrfs_alloc_tree_b Leads to Denial of Service Vulnerability Memory leaks in LazyPRM.cpp of OMPL v1.5.0: Potential for Unexpected Behavior Multiple SQL Injection Vulnerabilities in Sourcecodester Simple Cashiering System (POS) 1.0 Null Pointer Dereference Vulnerability in numpy.sort in NumPy 1.19 and earlier Buffer Overflow in array_from_pyobj function of NumPy < 1.19 Allows Denial of Service Attacks CMS_Conservative_increment_obj Null Pointer Reference Vulnerability in RaRe-Technologies Bounter v1.01 and v1.10 Buffer Overflow Vulnerability in ajaxsoundstudio.com Pyo &lt; 1.03: Denial of Service via Overlong Server Name Buffer Overflow Vulnerability in ajaxsoundstudio.com: Remote DoS Attack via Overlong Audio File Name Use-After-Free Vulnerability in Linux Kernel's add_partition Function Incomplete String Comparison Vulnerability in cvxopt.org cvxop <= 1.2.6 APIs Stored Cross-Site Scripting (XSS) Vulnerability in Subrion CMS v4.2.1 Outdated D-Link Cameras Vulnerable to Incorrect Access Control Elevated Privileges Vulnerability in Unsupported D-Link Cameras Static root account credentials in Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 firmware: Backdoor Vulnerability SQL Injection Vulnerability in Lodging Reservation Management System V1 Null Pointer Dereference DoS Vulnerability in Apache HTTP Server 2.4.49 Local Privilege Escalation Vulnerability in FlexNet Inventory Agent and Inventory Beacon Versions 2020 R2.5 and Prior Privilege Escalation Vulnerability in Windows Installer with InstallScript Custom Action TCP Reflected Amplification Vulnerability in Forcepoint NGFW Engine Invalid RTR Payload Vulnerability in NLnet Labs Routinator Unauthenticated Access to Apache Ozone Recon HTTP Endpoints Out of Bounds Read Vulnerability in NX 1980 Series and Solid Edge SE2021 Out-of-Bounds Read Vulnerability in NX 1980 Series and Solid Edge SE2021 Use-After-Free Vulnerability in NX 1953, NX 1980, and Solid Edge SE2021 Use-After-Free Vulnerability in Solid Edge SE2021 (All versions < SE2021MP8) Allows Code Execution (ZDI-CAN-13778) Use-After-Free Vulnerability in Solid Edge SE2021 (All versions < SE2021MP8) Allows Code Execution (ZDI-CAN-13789) Uninitialized Pointer Information Disclosure Vulnerability in NX 1953, NX 1980, and Solid Edge SE2021 Use-After-Free Vulnerability in Solid Edge SE2021 (ZDI-CAN-13773) Use-After-Free Vulnerability in Linux Kernel's cgroup v1 Parser Use-After-Free Vulnerability in Solid Edge SE2021 (All versions < SE2021MP8) Allows Code Execution (ZDI-CAN-13776) Cross-Site Scripting (XSS) Vulnerability in Climatix POL909 (AWB and AWM modules) Cross-Site Scripting (XSS) Vulnerability in Climatix POL909 (AWB and AWM modules) Information Disclosure Vulnerability in Climatix POL909 (AWB and AWM modules) Siemens Software Center DLL Hijacking Vulnerability BACnet Protocol Packet Vulnerability in Desigo Controllers: Potential Factory Reset Exploit Vulnerability: Permanent Denial-of-Service in RUGGEDCOM ROX Series Zip Path Traversal Vulnerability in Teamcenter Active Workspace XFS Filesystem Data Leak Vulnerability Remote Code Execution in Leostream Connection Broker 9.0.40.17 via Perl Code Upload Directory Traversal Vulnerability in Leostream Connection Broker 9.0.40.17 Command Injection Vulnerability in CommScope SURFboard SBG6950AC2 9.1.103AA23 Devices Session Token Reuse and Manipulation Vulnerability in ARCHIBUS Web Central 21.3.3.815 Unauthenticated Access and Privilege Escalation in ARCHIBUS Web Central 21.3.3.815 Cross-Site Scripting (XSS) Vulnerability in ARCHIBUS Web Central 21.3.3.815 Out-of-Bounds Read Vulnerability in Squirrel Interpreter Allows Code Execution Stored Cross Site Scripting (XSS) in Sofico Miles RIA 2020.2 Build 127964T via Crafted Work Order ProcessUtility_hook Bypass Vulnerability in set_user Extension Module for PostgreSQL Quadratic Blowup Vulnerability in Silverstripe Framework 4.8.1's Convert::xml2array() Method Out-of-Bounds Read Vulnerability in libsndfile's FLAC Codec Functionality Arbitrary Code Execution via File Upload in OpenCATS 0.9.6 Denial of Service (DoS) Vulnerability in Apache Parquet-MR Arbitrary File Deletion Vulnerability in Snow Snow Agent for Windows Unfiltered Special Characters in Tad Book3 Editing Function Enable Remote XSS Attacks Authorization Bypass Vulnerability in Tad Honor Viewing Book List Function TadTools Special Page Parameter Reflective XSS Vulnerability Unrestricted File Upload Vulnerability in TadTools File Upload Function Stored XSS vulnerability in Tad Uploader's new add subject parameter of view book list function Authorization Bypass Vulnerability in Tad Web Allows Remote Attackers to Access Bulletin Boards and Upload Files Local File Inclusion Vulnerability in SAS/Intrnet 9.4 Build 1520 and Earlier NFS Subsystem Out-of-Memory Bounds Write Vulnerability Cross-Site Scripting (XSS) Vulnerability in Veritas NetBackup OpsCenter Analytics 9.1 Unauthorized Access to Data in Apache Pulsar's BookKeeper Information Disclosure Vulnerability in Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and Later Directory Traversal Vulnerability in mySCADA myDESIGNER 8.20.0 and Below Allows Arbitrary File Write and Code Execution Control Bypass and Path Traversal Vulnerability in LCDS LAquis SCADA 4.3.1.1085 ACPI Code NULL Pointer Dereference Vulnerability in QEMU Insecure Authorization Handling in passport-oauth2 Package Stack-based Buffer Over-read in x509_constraints_parse_mailbox Remote OS Filesystem Access and VPN Privilege Escalation in vpn-user-portal (aka eduVPN or Let's Connect!) Unauthorized Information Disclosure in Gradle Enterprise via Crafted HTTP Request Apache Traffic Server Denial of Service Vulnerability SSRF Vulnerability in Gradle Enterprise Allows Password Reset by Attacker SSRF Vulnerability in Gradle Enterprise Allows Credential Discovery Arbitrary Deserialization Vulnerability in Gradle Enterprise (CVE-2021-XXXX) Cache Poisoning and Remote Code Execution in Gradle Enterprise Build Cache Node Linux Kernel EBPF Verifier Memory Leak Vulnerability SMTP Configuration Test Allows Probing of Server-Side Network Environment in Gradle Enterprise Dust HTLC Exposure Vulnerability in ACINQ Eclair Dust HTLC Exposure in Blockstream c-lightning 0.10.1: A Potential Loss of Funds Vulnerability Dust HTLC Exposure Vulnerability in Lightning Labs lnd before 0.13.3-beta Bypassing Precluded Functions in RSA Archer 6.9.SP1 P3 via API Request Interception Directory Traversal Information Disclosure in SuiteCRM Directory Traversal Information Disclosure in SuiteCRM CSRF Vulnerability in SuiteCRM UpgradeWizard Allows Remote Code Execution GitHub Enterprise Server UI Misrepresentation Vulnerability GitHub Enterprise Server Remote Code Execution Vulnerability in GitHub Pages Building MIPS32 and MIPS64 Squaring Procedure Carry Propagation Bug Sequential ID Parameter Manipulation Vulnerability in SelectSurvey.NET SQL Injection in UploadedImageDisplay.aspx Endpoint of SelectSurvey.NET before 5.052.000 Firmware Vulnerability Enables Traffic Sniffing and Admin Rights Exploitation Improper Certificate Validation in Squid Proxy Server Carry Flag Corruption in OpenRISC mor1kx ALU Unit Vulnerability: Unauthorized Write Access to Exception Effective Address Register (EEAR) in OpenRISC mor1kx Processor Controller Unit Privilege Escalation Vulnerability in OpenRISC mor1kx Processor's EPCR Access Control Insufficient Nonce Entropy in GoAhead WebServer 2.1.8 Insecure Deserialization in Apache DB DdlUtils 1.0 Privilege Escalation in OpenSSH 6.2 through 8.x Arbitrary Command Execution via Gradle Enterprise Application Startup Configuration Archivy Vulnerability: Cross-Site Request Forgery (CSRF) User Enumeration Vulnerability in MELAG FTP Server 2.2.0.4 Privilege Escalation Vulnerability in MELAG FTP Server 2.2.0.4 FTP Server 2.2.0.4 Directory Traversal Vulnerability Insecure Access Control Permissions in MELAG FTP Server 2.2.0.4 Incomplete Authentication Checks in MELAG FTP Server 2.2.0.4 Allow Remote Access to Local Files Unencrypted Password Storage in MELAG FTP Server 2.2.0.4 Cross-Site Request Forgery (CSRF) Vulnerability in calibre-web Deno <=1.14.0 File Sandbox Symlink Vulnerability Remote Code Execution (RCE) Vulnerability in Sourcecodester Church Management System 1.0 via Image Upload Field Remote Code Execution (RCE) Vulnerability in Sourcecodester Online Food Ordering System 2.0 via Image Upload Bypass Arbitrary Code Injection via Image Upload in Sourcecodester Budget and Expense Tracker System 1.0 Remote Code Execution (RCE) Vulnerability in Sourcecodester Online Reviewer System 1.0 via Bypassing Image Upload Filters Unauthenticated Blind SQL Injection Vulnerability in Kaushik Jadhav Online Food Ordering Web App 1.0 Unauthenticated SQL Injection in PuneethReddyHC Online Shopping System Unauthenticated SQL Injection in PuneethReddyHC Online Shopping System Blind SQL Injection Vulnerability in Raymart DG / Ahmed Helal Hotel-mgmt-system Insecure Permissions in BatFlat CMS v1.3.6 File Database.sdb Allows Database Dump Remote Code Execution Vulnerability in TP-Link TL-WR840N EU v5 Router SQL Injection Vulnerability in Wuzhicms v4.1.0 Clickjacking Vulnerability in SmartBear CodeCollaborator v6.1.6102 Web UI XSS Vulnerability in Sourcecodester Student Quarterly Grading System by oretnom23 SQL Injection Vulnerability in Sourcecodester Banking System v1: Arbitrary SQL Command Execution Out-of-bounds Read Vulnerability in Vim SQL Injection Vulnerability in Sourcecodester Patient Appointment Scheduler System v1: Arbitrary SQL Command Execution Church Management System v1.0 SQL Injection and Remote Code Execution Vulnerability Remote Code Execution via SQL Injection and File Upload Vulnerability in South Gate Inn Online Reservation System v1.0 Cross-Site Scripting (XSS) Vulnerability in Mini CMS V1.11 - Article Upload: post-edit.php Authenticated SQL Injection in PEEL Shopping CMS 9.4.0 utilisateurs.php SQL Injection Vulnerability in Sourcecodester E-Negosyo System 1.0 via user_email Parameter in /admin/login.php Remote Code Execution (RCE) Vulnerability in Sourcecodester E-Negosyo System 1.0 Critical SQL Injection Vulnerability in oretnom23 Pharmacy Point of Sale System 1.0 SQL Injection Vulnerability in openSIS 8.0 with MySQL/MariaDB SQL Injection Vulnerability in openSIS 8.0 via staff{TITLE] Parameter SQL Injection Vulnerability in openSIS 8.0 via InputFinalGrades.php CSRF Vulnerability in ShowDoc Heap-use-after-free vulnerability in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0 Stack-Overflow Vulnerability in JerryScript 2.4.0 at ecma-helpers.c:326 Memory Leak Vulnerability in DCMTK through 3.6.6 Double Free Vulnerability in DCMTK through 3.6.6 DCMTK through 3.6.6 Null Pointer Dereference Vulnerability Cross-site Scripting (XSS) Vulnerability in livehelperchat Memory Leak Vulnerability in DCMTK through 3.6.6 Incorrect Access Control Vulnerability in Premiumdatingscript 4.2.7.7 via Password Change Procedure in requests\user.php SQL Injection Vulnerability in Premiumdatingscript 4.2.7.7 via ip parameter in connect.php Weak Password Reset Mechanism in Premiumdatingscript 4.2.7.7 Allows Account Takeover Reflected XSS Vulnerability in Premiumdatingscript 4.2.7.7 via aerror_description Parameter in assets/sources/instagram.php Cross-site Scripting (XSS) vulnerability in calibre-web Business Logic Errors in calibre-web: A Critical Vulnerability Arbitrary File Download Vulnerability in Tipask < 3.5.9 Use After Free Vulnerability in libsixel/src/dither.c:379 Remote Account Takeover Vulnerability in Maharashtra State Electricity Board Mahavitara Android Application 8.20 and Prior Stored Cross-site Scripting (XSS) Vulnerability in showdoc prior to 2.10.2 XSS Vulnerability in Sourcecodester News247 CMS 1.0 via Article Search Function Arbitrary File Deletion Vulnerability in BaiCloud-cms v2.5.7 Vim Vulnerability: Use After Free Exploit XSS Vulnerability in Sourcecodester News247 News Magazine CMS HTTP Request Splitting Vulnerability in Zeek 4.1.0 Unvalidated URL Navigation Vulnerability in Oppia 3.1.4 Heap-Buffer Overflow Vulnerability in Faust v2.35.0's realPropagate() Function ZeroShell 3.9.5 Command Injection Vulnerability in /cgi-bin/kerbynet IP Parameter Artica Proxy 4.30.000000 OS Command Injection Vulnerability Command Injection Vulnerability in Yongyou PLM File Upload Vulnerability in ShowDoc 2.8.3 Allows Unauthorized Server Access SQL Injection Vulnerability in Yonyou TurboCRM via orgcode Parameter in changepswd.php Csdn APP 4.10.0 XSS Vulnerability Allows for Cookie Theft Server-Side Template Injection Vulnerability in SEOmatic Plugin for Craft CMS 3 Cross-site Scripting (XSS) Vulnerability in livehelperchat Cross-Site Scripting (XSS) Vulnerability in SEOmatic Plugin 3.4.10 for Craft CMS 3 Buffer Overflow Vulnerability in ecma-builtin-array-prototype.c:909 Unbounded Recursive Call in Jerryscript: Stack Overflow Vulnerability Wireless Client Disconnection Vulnerability in D-Link DIR-X1560 and DIR-X6060 Routers SQL Injection Vulnerability in dynamicMarkt <= 3.10: Parent Parameter in index.php SQL Injection Vulnerability in dynamicMarkt <= 3.10: Exploiting the kat1 Parameter in index.php SQL Injection Vulnerability in dynamicMarkt <= 3.10: Exploiting the kat Parameter in index.php Cross-site Scripting (XSS) Vulnerability in livehelperchat CSRF Vulnerability in Streama v1.10.3 Allows Arbitrary File Upload SQL Injection Vulnerability in ResourceSpace 9.5 and 9.6 < rev 18274 Unprotected Deserialization Vulnerability in Apache Karaf's JMX Implementation Insecure REST Response Handling in Apache Guacamole 1.3.0 and Older Unauthenticated Access to Device Information in SIPROTEC 5 and SIPROTEC 5 Compact Devices (V8.83 and below) Sensitive Information Disclosure Vulnerability in livehelperchat Ping Identity PingFederate XXE Vulnerability Out-of-Bounds Slice Access in ImportedSymbols of Go Debug/Macho (Open/OpenFat) Panic Vulnerability in Archive/Zip Reader.Open Path Traversal Vulnerability in Apache HTTP Server 2.4.49 Arbitrary Code Execution Vulnerability in Fabric 8 Kubernetes Client Use-After-Free Vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF Use-After-Free Vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF Use-After-Free Vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF Use-After-Free Vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF Use-After-Free Vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF Use-After-Free Vulnerability in Foxit PDF Reader, PDF Editor, and PhantomPDF Wi-Fi Authentication Flooding Vulnerability in MediaTek Microchips: Impact on NETGEAR Devices and Others Critical Vulnerability in WiFi Driver Allows Remote Denial of Service Attack Cross-site Scripting (XSS) Vulnerability in livehelperchat Arbitrary Code Execution via Script Action in Hyland org.alfresco:alfresco-content-services Stored XSS Vulnerability in Alfresco Share User Interface Blind SSRF Vulnerability in Hyland Alfresco Content Services and Transform Services Buffer Overflow Vulnerability in ogs_fqdn_parse in Open5GS Authorization Bypass Vulnerability in 1Password Safari App Extension Cross-Site Scripting (XSS) Vulnerability in MediaWiki before 1.36.2 Denial of Service Vulnerability in MediaWiki's ApiQueryBacklinks Information Exposure Vulnerability in openstack-tripleo-heat-templates Allows Discovery of Internal IP or Hostname Denial of Service Vulnerability in MediaWiki's Special:Contributions Page Incorrect Access Control in ReplaceText Extension for MediaWiki Allows Blocked Users to Run Replace Jobs Identity Merging Vulnerability in HashiCorp Vault and Vault Enterprise Improper Validation of Node and Segment Names in HashiCorp Consul JWT Claim Assertions Unintended Privilege Escalation in HashiCorp Consul Enterprise Unlimited Login Attempts Vulnerability in M-Files Server and M-Files Web Products Sensitive Information Exposure in M-Files Server Federated Authentication Logging SSRF Vulnerability in M-Files Server Products: Unauthorized External Entity Queries Sysdig Event Dissector Crash Vulnerability in Wireshark 3.6.0 and 3.4.0 to 3.4.10 Secure Admin Tool Vulnerability: Configuration Script Execution by Authorized Vault Administrators Integer Overflow and Buffer Overflow in CGI.escape_html in Ruby ReDoS Vulnerability in Date Gem through 3.2.0 for Ruby Security Prefix Mishandling in CGI::Cookie.parse and CGI gem for Ruby Denial of Service Vulnerability in Wireshark 3.6.0 and 3.4.0 to 3.4.10: Crash in RFC 7468 Dissector Remote Integer Underflow Vulnerability in Wazuh Manager (Versions up to 4.1.5) Leading to Denial of Service Bypassing XSS Protection Mechanism in Kemp LoadMaster 7.2.54.1 Web Application Firewall CSV Injection Vulnerability in Craft CMS before 3.7.14 HTML Injection Vulnerability in Verint Workforce Optimization (WFO) 15.2.5.1033 via /wfo/control/signin Username Parameter Open Redirect Vulnerability in PlaceOS Authentication Service Hardcoded Credentials in Zoho ManageEngine Remote Access Plus Hardcoded Credentials in Zoho ManageEngine Remote Access Plus: A Security Vulnerability Insecure Encryption Key Calculation in Zoho ManageEngine Remote Access Plus PCAPNG File Parser Crash Vulnerability in Wireshark 3.6.0 Vulnerability: Manipulation of Signed Documents and Macros in Apache OpenOffice (CVE-2021-25633) Timestamp Manipulation Vulnerability in Apache OpenOffice Vulnerability: Document Manipulation Exploit in Apache OpenOffice Unauthenticated Remote Code Execution Vulnerability in Zoho ManageEngine Patch Connect Plus Broken Access Control in JFrog Artifactory: Unauthorized Artifact Copy Vulnerability Lack of Transport Layer Encryption in Fresenius Kabi Agilia Link + Version 3.0 Stored Cross-Site Scripting Vulnerability in Fathom Analytics WordPress Plugin Untrusted Pointer Dereference Vulnerability in AhciBusDxe in Insyde InsydeH2O Arbitrary Code Execution via SMM Callout in Insyde InsydeH2O Untrusted Pointer Dereference Vulnerability in NvmExpressDxe in Insyde InsydeH2O Denial of Service Vulnerability in Wireshark 3.6.0 and 3.4.0 to 3.4.10: Infinite Loop in BitTorrent DHT Dissector Arbitrary Code Execution Vulnerability in NvmExpressDxe SMM Callout Vulnerability in AhciBusDxe in Insyde InsydeH2O Insyde InsydeH2O SMI Handler Code Execution Vulnerability Authenticated SQL Injection in OpenEMR Calendar Search Function Form Data Validation and Sanitization Vulnerability in Crocoblock JetEngine SQL Injection Vulnerability in ThycoticCentrify Secret Server (Versions 10.9.000032 - 11.0.000006) Zone-based Authorization Bypass and Data Exposure Vulnerability in 3xLogic Infinias Access Control Arbitrary Code Execution and Privilege Escalation via Spoofed Software Update in Luna Simo PPR1.180610.011/202001031830 Vulnerability: Unencrypted Transmission of Personally Identifiable Information (PII) to Chinese Servers Denial of Service Vulnerability in Wireshark 3.6.0 and 3.4.0 to 3.4.10: Infinite Loop in RTMPT Dissector Unrestricted Access to IMEI Values in Luna Simo PPR1.180610.011/202001031830 Gryphon Dissector Crash Vulnerability in Wireshark 3.4.0 to 3.4.10 Misleading UI Indication of Image Deletion in Telegram Android App Code Execution via Encoded BCEL Expression in AviatorScript 5.2.7 eBPF Multiplication Integer Overflow Vulnerability in Linux Kernel Denial of Service Vulnerability in HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 Stored XSS in MyBB Admin CP's Theme Management OnionShare 2.3 Information Disclosure Vulnerability: Unauthorized Retrieval of Non-Public Node Participants Remote Unauthenticated File Upload Vulnerability in OnionShare 2.3 Privilege Escalation Vulnerability in SuiteCRM 7.10.x and 7.11.x Vim Vulnerability: Use After Free Exploit Arbitrary .php File Upload Vulnerability in Socomec REMOTE VIEW PRO 2.0.41.4 Stored XSS Vulnerability in Socomec REMOTE VIEW PRO 2.0.41.4 Skyworth Digital Technology Penguin Aurora Box 41502 Denial of Service Vulnerability Unauthorized Remote Control Access Vulnerability in Penguin Aurora TV Box 41502 Unpatched Unauthorized Access Vulnerability in Portainer Allows for Sensitive Information Exposure Reflected Cross-Site Scripting (XSS) Vulnerability in i-Panel Administration System Version 2.0 NULL Pointer Dereference Vulnerability in mruby FTP Client Trusting Malicious PASV Response Vulnerability Kafka Dissector Loop Denial of Service Vulnerability in Wireshark 3.6.0 User Enumeration Vulnerability in GitLab CE/EE GraphQL API CSRF Vulnerability in webTareas Allows Unauthorized Creation of Administrative Profile Stored Cross-Site Scripting Vulnerability in webTareas Version 2.4 and Earlier Reflected Cross-Site Scripting Vulnerability in webTareas Version 2.4 and Earlier Arbitrary File Upload Vulnerability in webTareas Version 2.4 and Earlier Vim Vulnerability: Use After Free Exploit Unauthenticated SQL Injection Vulnerability in webTareas Version 2.4 and Earlier Unrestricted File Upload Vulnerability in Novel-Plus V3.6.1 Cross Site Scripting (XSS) Vulnerability in Webkul Krayin CRM before 1.2.2 SQL Injection Vulnerability in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23 Arbitrary Code Execution Vulnerability in Sourcecodester The Electric Billing Management System 1.0 by oretnom23 Out-of-bounds Read Vulnerability in Vim Arbitrary Code Execution via XSS Vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 SQL Injection Vulnerability in Company's Recruitment Management System Blind SQL Injection Vulnerability in TeamMate+ Audit Version 28.0.19.0 Arbitrary File Upload Vulnerability in ShopXO CMS 2.2.0 Unveiling the Weakness: Improper Access Control in BookStack SQL Injection Vulnerability in Magic CMS MSVOD v10 Video System Allows Unauthorized Database Access HTML Tag Injection in Logrhythm Web Console 7.4.9 Improper Input Validation in OSS httpx < 0.23.0: Vulnerability in `httpx.URL`, `httpx.Client`, and `httpx.URL.copy_with` Functions Stored XSS Vulnerability in FiberHome VDSL2 Modem HG150-Ub_V3.0's Parental Control Access Time Restriction Username Field Critical SQL Injection Vulnerability in Subrion CMS v4.2.1 Visual Mode Cross-Site Scripting (XSS) Vulnerability in Subrion CMS Contact Us Plugin Cross-site Scripting (XSS) Vulnerability in Firmanet Software and Technology Customer Relation Manager Allows Injection of Malicious Code into HTML Attributes Arbitrary File Deletion Vulnerability in ResourceSpace 9.6 Reflected Cross-Site Scripting Vulnerability in ResourceSpace before 9.6 rev 18290 via wordpress_user Parameter Cross Site Scripting (XSS) Vulnerability in Zenario CMS 9.0.54156 via SVG File Upload Memory Leak in JerryScript Git version 14ff5bf XSS Vulnerability in Sourcecodester Vehicle Service Management System 1.0 via Owner Fullname Parameter SQL Injection Vulnerability in ChurchCRM Version 2.0.0 to 4.4.5 Allows Arbitrary Database Commands Privilege Escalation Vulnerability in Linux Kernel's Control Groups and Namespaces Subsystem SQL Injection Vulnerability in Apache Superset 1.3.0 Apache Superset 1.3.1: Database Connection Password Leak for Authenticated Users Apache MINA HTTP Header Decoder Loop Vulnerability Unauthenticated Remote Access and Modification of Book Content Authorization Bypass Vulnerability in TadTools Special Page Allows Remote File Deletion Authorization Bypass Vulnerability in Tad Uploader's Edit Book List Function NULL Pointer Dereference vulnerability in messaging_ipc.dll component of Bitdefender products Heap-based Buffer Overflow in MikroTik RouterOS SCEP Server Insecure Permissions in Qlik NPrinting Designer Allow Creation of Temporary Files Insecure Permissions in QlikView Temporary File Creation Privilege Escalation Vulnerability in Bitdefender Total Security, Internet Security, Antivirus Plus, and Endpoint Security Tools for Windows Remote Integer Overflow in gmp Plugin of strongSwan Remote Integer Overflow in strongSwan's In-Memory Certificate Cache RSA Misconfiguration in PingID Windows Login: Offline MFA Bypass Vulnerability Vulnerability: RSA Misconfiguration in PingID Android App Prior to 1.19 Allows Offline MFA Bypass Vulnerability: RSA Misconfiguration in PingID iOS App Prior to 1.19 Allows Offline MFA Bypass RSA Misconfiguration in PingID Mac Login 1.1: Offline MFA Bypass via Pre-Computed Dictionary Attacks Improper Privilege Management in SUSE Rancher: Unrestricted Write Access to Catalog Parallel Password Reset Vulnerability Misconfiguration in Encryption Libraries in PingID Desktop Prior to 1.7.3: Sensitive Data Exposure and MFA Bypass Zoho ManageEngine ADManager Plus Filter Bypass Vulnerability: File-Upload Remote Code Execution Out-of-Bounds Access Vulnerability in GCLib 0.12.7 Slab Out-of-Bounds Write Vulnerability in Linux Kernel's 6pack.c Driver Arbitrary Email Sending Vulnerability in Apache Traffic Control Traffic Ops Session Hijacking Vulnerability in ForgeRock Access Management CRLF Log Injection Vulnerability in Heron Versions <= 0.20.4-incubating DLL Loading Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Privilege Escalation Vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 Insufficient Fix for Path Traversal Vulnerability in Apache HTTP Server 2.4.50 File Document Caching Vulnerability in Mendix Applications Vulnerability: Timing Attack in RUGGEDCOM Devices Vulnerability: CBC Encryption Mode Implementation Flaws in RUGGEDCOM Devices Heap Overflow Vulnerability in RUGGEDCOM Devices Integer-wrap vulnerability in RUGGEDCOM devices: Memory allocation failure Use-After-Free Vulnerability in NFC Controller Interface (NCI) in Linux Kernel Null Termination Vulnerability in RUGGEDCOM Devices' TFTP Functionality Path Traversal Vulnerability in Siveillance Video DLNA Server (2019-2021) Allows Unauthorized File Access Path Traversal Vulnerability in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3) Vulnerability: Inadequate Protection of RSA White-Box Private Keys in ModelSim and Questa Simulations Out-of-Bounds Write Vulnerability in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1) Uncontrolled Write Access Vulnerability in Mendix Applications Uncontrolled Read Access Vulnerability in Mendix Applications TLS Certificate Validation Vulnerability in SINUMERIK Edge (All versions < V3.2) Out-of-Bounds Write Vulnerability in syngo fastView (All Versions) Privilege Escalation Vulnerability in SIMATIC STEP 7 (TIA Portal) Web Server Use-After-Free Read Vulnerability in sock_getsockopt() in Linux Kernel Linux Kernel eBPF Improper Input Validation Vulnerability Infinite Loop Vulnerability in MediaWiki Loops Extension HTML and JavaScript Injection Vulnerability in CentralAuth Cross-Site Scripting (XSS) Vulnerability in SpecialEditGrowthConfig HTML and JavaScript Injection in Special:MediaSearch via intitle: Search Operator Unsanitized Input Vulnerability in GrowthExperiments Mentor Dashboard User-Agent Header Manipulation Vulnerability in SecurePoll Extension Cross-Site Scripting (XSS) Vulnerability in GlobalWatchlist Extension in MediaWiki Cross-Site Scripting (XSS) Vulnerability in MediaWiki Growth Extension Arbitrary JavaScript Code Execution in MediaWiki Growth Extension Vulnerability: Oversighters' Ability to Whitewash Revisions in Translate Extension DOM Based XSS Vulnerability in AbanteCart File Upload XSS Vulnerability in AbanteCart Path Traversal Vulnerability in IPESA e-Flow 3.3.6 Allows Unauthorized File Access XSS Vulnerability in Unicorn Framework for Django via component.name Out-of-Bounds Read Vulnerability in ACCEL-PPP 1.12.0 Insecure Permissions in ASUSTek ZenBook Pro Due 15 UX582 Laptop Firmware: Physical Proximity Attack Vulnerability Insecure Temporary Files Vulnerability in Thales Safenet Authentication Client (SAC) for Linux and Windows Eval Injection in Obsidian Dataview Markdown Files Stack-based Buffer Overflow in UEFI DisplayTypeDxe DXE Driver Integer Overflow and Heap-Based Buffer Overflow in QEMU's QXL Display Device Emulation InsydeH2O Kernel SMM Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) Version 420 Insufficient Authorization Checks in SAP ERP HCM Portugal Payroll Data Report SAP Knowledge Warehouse XSS Vulnerability Oracle Database Query Injection via Parameterized IN Clause SAP Business One Version 10.0: Critical Vulnerability Allows Admin User to View DB Password in Plain Text Unauthorized Access to Systems and Services via S/4 Hana Dashboard in SAP NetWeaver AS for ABAP and ABAP Platform SAP 3D Visual Enterprise Viewer 9.0 GIF File Crash Vulnerability SAP 3D Visual Enterprise Viewer 9.0 Denial of Service Vulnerability Double Fetch Vulnerability in QEMU's QXL Display Device Emulation Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer 9.0 when Opening Manipulated .jt Files Remote Command Execution Vulnerability in Visual Tools DVR VX16 4.2.28.0 Insufficient Client Identity Verification in Barrier Server Component Session Hijacking and Input Device Event Capture in Barrier Segmentation Fault Vulnerability in Barrier Server File Descriptor Exhaustion Vulnerability in Barrier Server Memory Exhaustion Vulnerability in Barrier Server SQL Injection Vulnerability in PHP Event Calendar Persistent Cross-Site Scripting (XSS) in PHP Event Calendar through 2021-11-04 Authenticated Administrator Exploits SSRF Vulnerability via POST Requests SQL Injection Vulnerability in ExportFeed WordPress Plugin Crafted URL allows for Reflected XSS Attack Remote Code Execution Vulnerability via API for Authenticated Administrators Root Privilege Escalation Vulnerability Stored XSS Vulnerability in Alert Creation Endless Loop Denial of Service Vulnerability in Zammad Stored XSS via Custom Avatar in Zammad Privilege Escalation Vulnerability in Zammad before 4.1.1 API Secret Exposure Vulnerability XSS Vulnerability in Zammad Chat Functionality Sensitive Information Disclosure in Zammad REST API GnuTLS NULL Pointer Dereference Vulnerability Remote Code Execution Vulnerability in Zammad Form Functionality SSRF Vulnerability in Zammad's GitHub and GitLab Integration Stored XSS Vulnerability in Zammad Ticket Attachment Remote Code Execution via Crafted Trigger Manipulation Command Injection via Custom Packages in Zammad Title: Xshell 7.0.0.76 Title Bar Crash Vulnerability CSRF Token Brute-Force Vulnerability in GNU Mailman CSRF Token Reuse Vulnerability in GNU Mailman Incomplete Permission Check in Devolutions Remote Desktop Manager (Before 2021.2.16): Bypassing Permissions via Batch Custom PowerShell File-Upload Remote Code Execution Vulnerability in Zoho ManageEngine M365 Manager Plus Local Privilege Escalation Vulnerability in Lenovo NVME Driver Uncontrolled Search Path Element Vulnerability in Trend Micro Apex One and Apex One as a Service Uncontrolled Search Path Element Vulnerability in Trend Micro Apex One and Apex One as a Service Agents Uncontrolled Search Path Element Vulnerability in Trend Micro Apex One and Apex One as a Service Local Privilege Escalation Vulnerability in Trend Micro Security Software Local Privilege Escalation Vulnerability in Trend Micro Security Software Local Privilege Escalation Vulnerability in Trend Micro Security Software Local Privilege Escalation Vulnerability in Trend Micro Security Software Privilege Escalation Vulnerability in Trend Micro Apex One and Worry-Free Business Security Root Privilege Escalation Vulnerability in VITEC Exterity IPTV Products (2021-04-30) Local Privilege Escalation Vulnerability in Lenovo SMBIOS Event Log Driver Privilege Escalation via DLL Hijacking in Allegro Windows FTP Module Vulnerability: PIN Code Retrieval on Jailbroken Devices in RCDevs OpenOTP iOS App Cross-Site Scripting (XSS) Vulnerability in LimeSurvey 3.x-LTS through 3.27.18 File Upload Functionality SMM Callout Vulnerability in Insyde InsydeH2O Blacksmith Fuzzer Uncovers Vulnerability in Modern DRAM Devices: Exploiting Non-Uniform Rowhammer Access Patterns Privilege Escalation via Missing HTTPOnly Flag in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 Improper Access Control in TopEase® Platform Version <= 7.1.27 Allows Unauthorized Access to Shape Editor and Settings HTML Injection Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 Persistent Cross Site Scripting in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via Structure Component Persistent Cross Site Scripting in TopEase® Platform Version <= 7.1.27 via Search Functionality SMI Callback Function Vulnerability in Lenovo Notebook Models Arbitrary String Insertion Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 Date Field Manipulation Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 Numeric Format Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 Unrestricted File Upload Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 Improper Access Control Vulnerability in Ivanti Avalanche Allows Session Takeover Unrestricted File Upload Vulnerability in Ivanti Avalanche Before 6.3.3 Privilege Escalation Vulnerability in Ivanti Avalanche before 6.3.3 Arbitrary Code Execution Vulnerability in Ivanti Avalanche before 6.3.3 Privilege Escalation Vulnerability in Ivanti Avalanche before 6.3.3 Command Injection Vulnerability in Ivanti Avalanche before 6.3.3 Allows Arbitrary Command Execution JSS Memory Leak Vulnerability Deserialization of Untrusted Data Vulnerability in Ivanti Avalanche Allows Arbitrary Code Execution SQL Injection Vulnerability in Ivanti Avalanche Allows Privilege Escalation Command Injection Vulnerability in Ivanti Avalanche before 6.3.3 Allows Arbitrary Command Execution Arbitrary File Write Vulnerability in Ivanti Avalanche before 6.3.3 Unicorn Framework XSS Vulnerability in Django (Incomplete Fix for CVE-2021-42053) Privilege Escalation via Glob-Related Policies in HashiCorp Vault Stored XSS Vulnerability in REDCap's Missing Data Codes Functionality Improper Privilege Enforcement in Zammad Ticket List View Weak Entropy Vulnerability in SafeNet Agent for Windows Logon Code Injection Vulnerability in Deno Standard Modules before 0.107.0 via Untrusted YAML File Heap Overflow Vulnerability in libpng's pngimage.c Denial of Service Vulnerability in Contiki-NG tinyDTLS Contiki-NG tinyDTLS Denial of Service and False-Positive Packet Drops Vulnerability Denial of Service and Information Disclosure Vulnerability in Contiki-NG tinyDTLS Buffer Over-read Vulnerability in Contiki-NG tinyDTLS Allows Information Disclosure Denial of Service Vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 DTLS Server Vulnerability: Reusing Epoch Number for Sensitive Data Leakage Buffer Over-read Vulnerability in dtls_sha256_update Function in Contiki-NG tinyDTLS Floating Point Exception Vulnerability in Mupdf's muraster.c Remote Root Access Vulnerability in MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 Devices XSS Vulnerability in Sourcecodester Try My Recipe CMS Remote SQL-Injection-Bypass-Authentication Vulnerability in Simple Payroll System Unzip Unicode String Handling Null Pointer Dereference Vulnerability Zenario CMS 9.0.54156 File Upload Vulnerability Denial of Service Vulnerability in Linux Kernel's SVC RDMA Counter Reading Implementation Path Traversal Vulnerability in MasaCMS 7.2.1's Image Asset API SQL Injection Vulnerability in wdja v2.1 Foreground Search Function ImageMagick Denial of Service Vulnerability Incorrect Access Control Vulnerability in Konga v0.14.9: Privilege Escalation via Specially Crafted Requests XML External Entity (XXE) Injection Vulnerability in EyouCms V1.5.4-UTF8-SP3 Heap-Buffer-Overflow Vulnerability in swftools (CVE-2020-XXXX) NULL Pointer Dereference in traits_parse() Function Allows for Denial of Service in swftools Memory Leak in swftools Allows Code Execution via swfdump NULL Pointer Dereference in swf_GetBits() Function Allows for Denial of Service Heap Buffer Overflow in swf_FontExtract_DefineTextCallback() Function NULL Pointer Dereference in swftools: Denial of Service Vulnerability Heap-Buffer-Overflow Vulnerability in swftools (CVE-2020-XXXX) NULL Pointer Dereference in swf_DeleteFilter() Function Allows for Denial of Service Heap-Use-After-Free Vulnerability in swftools (CVE-2020-XXXX) Heap-Buffer-Overflow Vulnerability in swftools (CVE-2020-XXXX) Double IOCTL Request Handling Vulnerability in ELAN Miniport Touchpad Driver RTL Character Domain Spoofing Vulnerability in Firefox for Android Insecure Cryptographic Algorithm in AnonAddy 0.8.5: VerificationController.php Vulnerability Memory Leak Vulnerability in OMPL v1.5.2 VFRRT.cpp Denial of Service Vulnerability in Go-Ethereum v1.10.9 Cross-Site Scripting (XSS) Vulnerability in WP-Paginate WordPress Plugin Cross Site Scripting (XSS) Vulnerability in Dolibarr Ticket Creation Flow XSS Vulnerability in Online DJ Booking Management System 1.0 SQL Injection Vulnerability in IFSC Code Finder Project 1.0 via searchifsccode Parameter KindEditor 4.1.x XSS Vulnerability via Google Search and File Upload KindEditor 4.1.x Cross Site Request Forgery (CSRF) Vulnerability Seowon 130-SLC Router: Remote Code Execution via queriesCnt Parameter Command Injection Vulnerability in TP-Link Archer A7 (US)_V5_210519 Stored Cross-Site Scripting (XSS) Vulnerability in Simple Blog Plugin for Wondercms 3.4.1 SQL Injection Vulnerability in osTicket Login and Password Reset Process Insecure Deserialization Attack in Sitecore XP 7.5 to 8.2 Update-7: Remote Command Execution Vulnerability Command Execution Vulnerability in JFinal CMS 5.0.1 via com.jflyfox.component.controller.Ueditor Cross-Site Scripting (XSS) Vulnerability in PaquitoSoftware Notimoo v1.2 Cross-Site Scripting (XSS) Vulnerability in FlatCore-CMS 2.0.9's pages.edit.php Regular Expression Denial of Service (ReDoS) Vulnerability in GJSON <= 1.9.2 Insufficient Security Checks in SP Project & Document Manager WordPress Plugin Enable Backdoor Uploads on Windows Servers Log Injection Vulnerability in Apache Superset Memory Overwrite Vulnerability in Aspeed LPC Control Interface Insecure Permissions Vulnerability in BeyondTrust Privilege Management Insecure Permissions in AppGuard Enterprise Allows Local Privilege Escalation Unprivileged User Drive Access Vulnerability in check_smart before 6.9.1 SQL Injection Vulnerability in BQE BillQuick Web Suite 2018-2021 (CVE-2021-XXXX) Bypassing IP Address Identification in RSFirewall Infinite Loop Denial of Service Vulnerability in TinyXML Directory Traversal Vulnerability in Revisor Video Management System (VMS) before 2.0.0 Out-of-Memory Crash Vulnerability in Softing OPC UA C++ SDK Null Pointer Dereference Vulnerability in Adobe Premiere Pro 15.4.1 and Earlier Allows for Application Denial-of-Service Null Pointer Dereference Vulnerability in Adobe Premiere Pro 15.4.1 and Earlier Allows for Application Denial-of-Service Out-of-Bounds Read Vulnerability in Adobe Premiere Pro Allows Memory Disclosure Memory Corruption Vulnerability in Adobe Animate 21.0.9 and Earlier: Arbitrary Code Execution via Malicious FLA File Memory Corruption Vulnerability in Adobe Animate 21.0.9 and Earlier: Arbitrary Code Execution via Malicious FLA File Null Pointer Dereference Vulnerability in Adobe Animate Allows for Application Denial-of-Service Use-After-Free Vulnerability in Adobe Animate Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in ark-commenteditor WordPress Plugin Arbitrary Code Execution Vulnerability in Adobe Animate 21.0.9 and Earlier Arbitrary Code Execution Vulnerability in Adobe Animate 21.0.9 and Earlier Arbitrary Code Execution Vulnerability in Adobe Animate 21.0.9 and Earlier Hyper-V DDA Denial of Service Vulnerability COM for Windows Remote Code Execution Vulnerability Windows Media Foundation Remote Code Execution Vulnerability Elevated Privilege Vulnerability in Diagnostics Hub Standard Collector Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services Chakra Scripting Engine Memory Corruption Vulnerability Default Hard-Coded TLS Certificate Vulnerability in Lanner Inc IAC-AST2500A Firmware Version 1.00.0 Windows Feedback Hub Privilege Escalation Vulnerability Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services NTFS Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows Kernel Privilege Escalation Vulnerability Windows Core Shell SI Host Extension Framework Privilege Escalation Vulnerability Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services Windows Hello Authentication Bypass Vulnerability Critical Vulnerability in ua-parser-js 0.7.29/0.8.0/1.0.0 Allows Crypto Mining Backdoor Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services Excel Security Feature Bypass Vulnerability Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability SharePoint Server Remote Code Execution Vulnerability Visual Basic for Applications Data Exposure Vulnerability Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word Windows 10 Update Assistant Privilege Escalation Vulnerability DefenderShield: Microsoft Defender Remote Code Execution Vulnerability Surface Pro 3 Security Feature Bypass Vulnerability: A Potential Breach in Microsoft's Flagship Device Critical Data Exposure Vulnerability in Airfield Online's MySQL Backup Handler Unveiling the Azure Sphere Tampering Vulnerability: A Critical Security Breach Azure RTOS Information Disclosure Vulnerability: Exposing Sensitive Data Azure RTOS Elevation of Privilege Vulnerability: Unauthorized Access Exploit Azure RTOS Elevation of Privilege Vulnerability: Unauthorized Access Exploit Azure RTOS Elevation of Privilege Vulnerability: Unauthorized Access Exploit Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Information Disclosure Vulnerability in Azure AD KeyCredential Unveiling Sensitive Information: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks SharePoint Server Remote Code Execution Vulnerability Angular Comment Handling Vulnerability: Remote Cross Site Scripting (CVE-2020-12345) Critical Remote Code Execution Vulnerability in Microsoft Defender for IoT Guarding the Gates: Microsoft Defender for IoT Remote Code Execution Vulnerability Exposed Critical Elevation of Privilege Vulnerability in Microsoft Defender for IoT Guarding the Gates: Microsoft Defender for IoT Remote Code Execution Vulnerability Exposed Guarding the Gates: Microsoft Defender for IoT Remote Code Execution Vulnerability Exposed Critical Remote Code Execution Vulnerability in Microsoft Defender for IoT Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 On-Premises Exploiting Visual Studio's Elevation of Privilege Vulnerability Cross-Site Scripting (XSS) Vulnerability in Zoo Management System 1.0 Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Code Execution Vulnerability in Visual Studio Code Azure RTOS Information Disclosure Vulnerability: Exposing Sensitive Data Privilege Escalation via Console Interface on DCN S4600-10P-SI Devices SQL Injection Vulnerability in Froxlor 0.10.29.1 via Custom DB Name User Information Disclosure in Redmine Activity Views Heap-based Buffer Overflow in AMD GPU Display Drivers Debug Filesystem Stored XSS Vulnerability in ShinHer StudyOnline System's Message Board Uncontrolled Access to User Credentials and Personal Information in ShinHer StudyOnline System Uncontrolled Access and Editing of Tutorial Schedules in ShinHer StudyOnline System Uncontrolled Access to Message Boards in ShinHer StudyOnline System SQL Injection Vulnerability in Easytest: Exploiting Learning History Parameters SQL Injection Vulnerability in Easytest: Exploiting Elective Course Management Page Stored XSS Vulnerability in Easytest Bulletin Board Management Function Permission Bypass Vulnerability in Easytest's Learning History Page Bypassing Permission Control in AIFU Cashier Management Salary Query Function Improper Validation of Cookie Allows Remote Authentication Bypass and Arbitrary File Manipulation in 4MOSAn GCB Doctor's Login Page OpenVPN Access Server 2.10 and Prior Versions: Limited Amplification Attack Vulnerability Memory Leak in Apache Tomcat's Fix for Bug 63362 Memory Corruption Vulnerability in checkpath function in OpenRC Unprefixed User Form Variable Injection in GoAhead Web Server Remote Code Execution Vulnerability in Dask Distributed Package Unbounded Alias Chasing Vulnerability Improper URL Parsing in Apache Knox SSO prior to 1.6.1 Allows for Open Redirect Attacks Cross-Site Request Forgery Vulnerability in Contact Form With Captcha WordPress Plugin Arbitrary Post Deletion Vulnerability in WP DSGVO Tools (GDPR) Plugin Nil Pointer Dereference in Web Sockets AuthenticateMethod Vulnerability: Remote Code Execution via Elementor Plugin in WordPress Stored Cross-Site Scripting Vulnerability in Contact Form Email WordPress Plugin Arbitrary File Upload Vulnerability in WordPress Popular Posts Plugin Reflected Cross-Site Scripting Vulnerability in Preview E-Mails for WooCommerce WordPress Plugin Cross-Site Request Forgery Vulnerability in Stetic WordPress Plugin Stored Cross-Site Scripting Vulnerability in Asgaros Forums WordPress Plugin Stored Cross-Site Scripting Vulnerability in Variation Swatches for WooCommerce WordPress Plugin SQL Injection Vulnerability in Imagicle Application Suite (for Cisco UC) Allows Unauthorized Database Access Cleartext Password Exposure in XoruX LPAR2RRD and STOR2RRD Hardcoded System Account Vulnerability in XoruX LPAR2RRD and STOR2RRD before 7.30 Shell Command Injection in XoruX LPAR2RRD and STOR2RRD SNMP Community (CVE-2021-12345) Denial of Service Vulnerability in Busybox's man Applet due to NULL Pointer Dereference exploits the vulnerability in Busybox's unlzma applet. Denial of Service Vulnerability in Busybox's ash Applet NULL Pointer Dereference Vulnerability in Busybox's Hush Applet Leads to Denial of Service Remote Code Execution Vulnerability in Busybox's Hush Applet via Crafted Shell Command Use-After-Free Vulnerability in Busybox's awk Applet: Denial of Service and Potential Code Execution in getvar_i Function Use-After-Free Vulnerability in Busybox's awk Applet: Denial of Service and Potential Code Execution Reduced Entropy in Randomly-Generated Alphanumeric Strings Use-After-Free Vulnerability in Busybox's awk Applet: Denial of Service and Potential Code Execution in clrvar Function Use-After-Free Vulnerability in Busybox's awk Applet: Denial of Service and Potential Code Execution Use-After-Free Vulnerability in Busybox's awk Applet: Denial of Service and Potential Code Execution Use-after-free vulnerability in Busybox's awk applet allows for denial of service and potential code execution Use-After-Free Vulnerability in Busybox's awk Applet: Denial of Service and Potential Code Execution Use-after-free vulnerability in Busybox's awk applet allows for denial of service and potential code execution Use-After-Free Vulnerability in Busybox's awk Applet: Denial of Service and Potential Code Execution via Crafted awk Pattern in nvalloc Function Heap Out-of-Bounds Read in Clickhouse's LZ4 Compression Codec Heap Out-of-Bounds Read in Clickhouse's LZ4 Compression Codec Clickhouse Delta Compression Codec Vulnerability: Divide-by-Zero Exploit Vulnerability: Cryptographic Security Weakening and Denial of Service in Noise Protocol Implementation Clickhouse DeltaDouble Compression Codec Divide-by-Zero Vulnerability Clickhouse's Gorilla compression codec allows for a divide-by-zero vulnerability when parsing a malicious query. Remote Code Execution via JNDI Injection in H2 Database's getConnection Method Predictable Algorithm in Random Number Generator Vulnerability in phpservermon (CVE-2021-213717) Predictable Algorithm in Random Number Generator Vulnerability in phpservermon Critical Remote Command Injection Vulnerability in Sapido BR270n, BRC76n, GR297, and RB1732 (VDB-214592) Cross-Site Scripting (XSS) Vulnerability in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5 Prototype Pollution Vulnerability in chbrown rfc6902 Critical SQL Injection Vulnerability in roxlukas LMeve Login Page (VDB-216176) Denial of Service Vulnerability in OWASP NodeGoat's Query Parameter Handler Insufficient Entropy in PRNG Vulnerability in Kapetan DNS up to 6.1.0 XML-Conduit DOCTYPE Entity Expansion Handler Remote Code Execution Vulnerability Denial of Service Vulnerability in cgriego active_attr up to 0.15.2 Cross Site Scripting (XSS) Vulnerability in getFullURL function of include.cdn.php (VDB-216208) Cross-Site Scripting (XSS) Vulnerability in WP-Ban (VDB-216209) NULL Pointer Dereference Vulnerability in VTK XMLTreeReader Information Disclosure Vulnerability in anjuta-bookmarks.c due to Incorrect Use of libxml2 API Information Disclosure Vulnerabilities in colord's cd-device-db.c and cd-profile-db.c Arbitrary Code Execution Vulnerability in Adobe Animate 21.0.9 and Earlier Out-of-Bounds Read Vulnerability in Acrobat Animate Versions 21.0.9 and Earlier Memory Corruption Vulnerability in Adobe Premiere Elements Memory Corruption Vulnerability in Adobe Premiere Elements Null Pointer Dereference Vulnerability in XMP Toolkit 2021.07 and Earlier Stack-Based Buffer Overflow in XMP Toolkit SDK version 2021.07 and Earlier Cross Site Scripting (XSS) Vulnerability in ctrlo lenio's Ticket Handler Stack-Based Buffer Overflow in XMP Toolkit SDK version 2021.07 and Earlier Stack-Based Buffer Overflow in XMP Toolkit SDK version 2021.07 and Earlier Stack-Based Buffer Overflow in XMP Toolkit SDK version 2021.07 and Earlier Double Free Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Code Injection Vulnerability in Web Application Cross-Site Scripting (XSS) Vulnerability in VISAM VBASE version 11.6.0.6 Critical Vulnerability: Global Variable Access Allows Disclosure of Peer Username and Password XML External Entity (XXE) Injection Vulnerability in VISAM VBASE version 11.6.0.6 Parameter Injection Vulnerability via Passphrase: Uncontrolled Input Exploitation System Backup Restore Vulnerability: Account Takeover and Unauthorized Settings Change Cross Site Scripting (XSS) Vulnerability in Notice Handler Component Unsanitized Extract Folder Vulnerability Allows Privilege Escalation Directory Traversal Vulnerability in Backup Folder Structure Handling Crafted Project File Vulnerability Unauthenticated Remote Login Attempts Vulnerability in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 Insufficient Session Expiration Vulnerability in TopEase® Platform Version <= 7.1.27 Reflected Cross-Site Scripting Vulnerability in Use-Your-Drive WordPress Plugin (<= 1.18.3) Reflected Cross-Site Scripting Vulnerability in Out-of-the-Box WordPress Plugin (<=1.20.3) Search Functionality Reflected Cross-Site Scripting Vulnerability in Share-one-Drive WordPress Plugin (<=1.15.3) Reflected Cross-Site Scripting Vulnerability in Lets-Box WordPress Plugin (<= 1.15.3) Cross-Site Scripting (XSS) Vulnerability in ctrlo lenio LDAP Code Execution Vulnerability in Logback 1.2.7 and Prior Versions Reflected Cross-Site Scripting (XSS) Vulnerability in AlCoda NetBiblio WebOPAC Search Functionality ArchivistaBox Webclient XSS Vulnerability Buffer Overflow Vulnerability in stm32_mw_usb_host Allows Arbitrary Code Execution SMM Memory Corruption Vulnerability in InsydeH2O Kernel Missing Call-Setup Input Validation in Pexip Infinity before 26.2: Temporary Remote Denial of Service Vulnerability Arbitrary Write Capability via Crafted Archive File in Rasa X (before 0.42.4) API Access Bypass Vulnerability in Jeedom through 4.1.19 Multiple Cross-Site Scripting (XSS) Vulnerabilities in CALDERA 2.8.1 Arbitrary Command Execution via Startup Requirements in CALDERA 2.8.1 Cross Site Scripting (XSS) Vulnerability in ctrlo lenio (VDB-216213) XXE Vulnerability in CALDERA Debrief Plugin Arbitrary Command Execution in CALDERA 2.8.1 via Human Plugin Privilege Escalation Vulnerability in CALDERA 2.8.1 Unquoted Service Path Vulnerability in NI Service Locator (nisvcloc.exe) on Windows Open Redirect Vulnerability in Cryptshare Confidential Messages Cross-Site Scripting (XSS) Vulnerability in myfactory.FMS before 7.1-912 via UID Parameter Cross-Site Scripting (XSS) Vulnerability in myfactory.FMS before 7.1-912 via Error Parameter XSS Vulnerability in Apereo CAS REST API Endpoints Privilege Escalation: Unauthorized Access to SSL Certificates Loading in Sonatype Nexus Repository Manager 3.x through 3.35.0 Cross Site Scripting (XSS) Vulnerability in Task Handler Component (VDB-216214) Vulnerability: Visual Reordering of Characters in Bidirectional Algorithm Improper Policy Enforcement in OWASP Java HTML Sanitizer (before 20211018.1) for SELECT, STYLE, and OPTION Elements Improper Policy Enforcement in bluemonday Sanitizer for Go and Python NULL Pointer Dereference Vulnerability in Softing OPC UA C++ SDK Cleartext Transmission of Sensitive Information Vulnerability in whohas Vulnerabilities in Sourcecodester Online Learning System 2.0: SQL Injection Authentication Bypass and Authenticated File Upload leading to Remote Command Execution Prototype Poisoning in Ramda's mapObjIndexed Function Insecure Cryptographic Algorithm in Max Mazurov Maddy before 0.5.2: A Potential Threat to Data Security Stored Cross Site Scripting (XSS) Vulnerability in Convos-Chat before 6.32 Heap Buffer Overflow in copy_compressed_bytes in decode_r2007.c in dwgread Heap Buffer Overflow in decode_r2007.c in dwgread Improper String Comparison in phpRedisAdmin (CVE-2021-216267) Cross Site Scripting (XSS) Vulnerability in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 Critical Open Redirect Vulnerability in oils-js (VDB-216268) Critical SQL Injection Vulnerability in pacman-canvas up to 1.0.5 (CVE-2021-29522) Use After Free Vulnerability in Halibut 1.2's cleanup_index Function Double Free Vulnerability in Halibut 1.2's cleanup_index Function Use After Free Vulnerability in info_width_internal in Halibut 1.2 Critical SQL Injection Vulnerability in Laravel-jqgrid (CVE-2021-216271) Local Buffer Overflow Vulnerability in Miniftpd Unauthenticated Access and Modification of WAN Settings on D-Link DIR-615 Devices Cross-Site Scripting (XSS) Vulnerability in Leanote 2.6.1 PrinterLogic Web Stack Pre-Auth Remote Code Execution Vulnerability SQL Injection Vulnerability in PrinterLogic Web Stack Versions 19.1.1.13 SP9 and Below Hardcoded APP_KEY in PrinterLogic Web Stack Allows Pre-Auth Remote Code Execution PrinterLogic Web Stack SSRF Vulnerability Pre-Auth Remote Code Execution in PrinterLogic Web Stack Versions 19.1.1.13 SP9 and Below Reflected Cross-Site Scripting Vulnerabilities in PrinterLogic Web Stack Versions 19.1.1.13 SP9 and Below Prototype Pollution Vulnerability in LinkedIn dustjs up to 2.x Insecure Direct Object Reference (IDOR) Vulnerability in PrinterLogic Web Stack Versions 19.1.1.13 SP9 and Below Insecure Direct Object Reference (IDOR) Vulnerability in PrinterLogic Web Stack Versions 19.1.1.13 SP9 and Below Insecure Direct Object Reference (IDOR) Vulnerability in PrinterLogic Web Stack Allows Unauthorized Access to Printer Console Credentials Arbitrary File Write Vulnerability in cmseasy V7.7.5_20211012 Arbitrary File Read Vulnerability in cmseasy V7.7.5_20211012 Remote Code Execution (RCE) Vulnerability in CMSimple_XH 1.7.4 Allows Upload of PHP Payload for Reverse Shell XML External Entity (XXE) vulnerability in WSO2 API Manager and WSO2 Identity Server Arbitrary Code Execution via Cross-Site Scripting (XSS) in Coder Code-Server Cross Site Scripting (XSS) Vulnerability in siwapp-ror (VDB-216467) XSS Vulnerability in Portainer Custom Templates Node Input Box Arbitrary Code Execution through Server Side Template Injection in Pentest-Collaboration-Framework v1.0.8 Unrestricted File Upload Vulnerability in SiteServer CMS < V5.1 SQL Injection Vulnerability in SiteServer CMS V6.15.51 Cross Site Scripting (XSS) vulnerability in SiteServer CMS V6.15.51 Buffer Overflow Vulnerability in Tenda Router's httpd Program Cross Site Scripting (XSS) Vulnerability in Webdetails cpf up to 9.5.0.0-80 Stored XSS Vulnerability in Sourcecodester Online Event Booking and Reservation System via Holiday Reason Parameter HTML Injection Vulnerability in Sourcecodester Online Event Booking and Reservation System Stored Cross Site Scripting (XSS) Vulnerability in Sourcecodester Engineers Online Portal via Quiz Title and Description Parameters SQL Injection Vulnerability in Sourcecodester Engineers Online Portal SQL Injection Vulnerability in Sourcecodester Engineers Online Portal SQL Injection Vulnerability in Sourcecodester Online Event Booking and Reservation System SQL Injection Vulnerability in Sourcecodester Engineers Online Portal File Upload Vulnerability in Sourcecodester Engineers Online Portal Allows Remote Code Execution Cross Site Scripting (XSS) Vulnerability in tad_discuss SQL Injection Vulnerability in Sourcecodester Engineers Online Portal Incorrect Access Control Vulnerability in Sourcecodester Engineers Online Portal Remote Code Execution Vulnerability in Kreado Kreasfero 1.5 Cross-Site Request Forgery Vulnerability in phpRedisAdmin up to 1.17.3 Accops HyWorks DVM Tools Prior to v3.3.1.105 Buffer Overflow Vulnerability Accops HyWorks DVM Tools Integer Overflow Vulnerability Accops HyWorks Windows Client Prior to v 3.2.8.200 Buffer Overflow Vulnerability Accops HyWorks DVM Tools Integer Overflow Vulnerability Accops HyWorks Windows Client Integer Overflow Vulnerability Accops HyWorks Windows Client Prior to v 3.2.8.200 Buffer Overflow Vulnerability Accops HyWorks Windows Client Integer Overflow Vulnerability Cross-Site Scripting (XSS) Vulnerability in SimpleRisk Critical Stack-Overflow Vulnerability in tinytoml v0.4: Potential Crash and DoS Risk Homoglyph-based Source Code Injection Vulnerability Stack Exhaustion Vulnerability in Akka HTTP Memory Corruption through Manipulation of Serialized Project Files Cleartext Cookie Transmission Vulnerability: Account Takeover Risk Cross Site Scripting (XSS) Vulnerability in Imprint CMS SearchForm Function (VDB-216474) Inkscape 0.91 Out-of-Bounds Read Vulnerability Cloud Account Takeover via Project File MiTM Attack Uninitialized Pointer Vulnerability in Inkscape 0.91 JavaScript Injection Vulnerability: Cookie Hijacking and Browser Manipulation Critical Out-of-Bounds Write Vulnerability in Inkscape 0.91 Allows Arbitrary Code Execution Stack-Based Buffer Overflow in PLC Editor Versions 1.3.8 and Prior: Arbitrary Code Execution Vulnerability WebAccess/MHI Designer Vulnerability: Information Disclosure and Arbitrary Code Execution Out-of-Bounds Write Vulnerability in PLC Editor Versions 1.3.8 and Prior Cross Site Scripting (XSS) Vulnerability in panicsteve w2wiki's Markdown Handler Insecure Permissions Vulnerability in Barracuda Network Access Client Insecure Permissions in Splashtop Streamer Temporary File Creation Insecure Permissions Vulnerability in Splashtop Remote Client (Personal Edition) Insecure Permissions Vulnerability in Splashtop Remote Client (Business Edition) Denial of Service Vulnerability in stb_image HDR Loader Buffer Overflow Vulnerability in stb_image.h 2.27 Excessive Nested JSON Object Denial of Service Vulnerability in ModSecurity Out-of-Bounds Read Vulnerability in Adobe Bridge 11.1.1 and Earlier Cross Site Scripting (XSS) Vulnerability in studygolang Out-of-Bounds Read Vulnerability in Adobe Bridge 11.1.1 and Earlier Use-After-Free Vulnerability in Acrobat Bridge Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge 11.1.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Bridge 11.1.1 and Earlier Memory Corruption Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Stack Overflow Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Stack Overflow Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Cross Site Scripting (XSS) Vulnerability in studygolang's Search Function (CVE-2021-216478) Memory Corruption Vulnerability in Adobe Bridge 11.1.1 (and earlier) Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Buffer Overflow Vulnerability Null Pointer Dereference Vulnerability in Adobe Bridge 11.1.1 and Earlier: Application Denial-of-Service via Malicious File Out-of-Bounds Read Vulnerability in Adobe Photoshop Versions 22.5.1 and Earlier Adobe Photoshop 22.5.1 Access of Memory Location After End of Buffer Vulnerability Memory Corruption Vulnerability in Adobe Prelude 10.1 and Earlier: Arbitrary Code Execution via Malicious WAV File Memory Corruption Vulnerability in Adobe Prelude 10.1 and Earlier: Arbitrary Code Execution via Malicious MXF File Heap-based Buffer Overflow Vulnerability in Linux Kernel FireDTV Media Card Driver Cross Site Scripting (XSS) Vulnerability in sileht bird-lg Command Injection Vulnerability in shell-quote Package for Node.js Local Privilege Escalation Vulnerability in Splunk Enterprise Versions Before 8.1.1 on Windows Unauthorized Access to Sensitive Information in Philips MRI 1.5T and MRI 3T Version 5.x.x Bypassing Visibility Controls in Beaver Builder through REST API Bypassing Conditional Logic Controls in Beaver Themer for Post Archives Cross-Site Request Forgery Vulnerability in katlings pyambic-pentameter Arbitrary JavaScript Injection in Rule Engine Title Arbitrary JavaScript Injection in ThingsBoard Rule Engine Description Field Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiWLM Version 8.6.1 and Below Arbitrary File and Directory Deletion Vulnerability in FortiWeb Management Interface Code Generation Vulnerability in FortiClientMacOS Allows Unauthorized Camera Hijacking Integer Overflow/Wraparound Vulnerability in FortiSwitch, FortiRecorder, FortiOS, FortiProxy, and FortiVoiceEnterprise Arbitrary Code Execution via Stack-Based Buffer Overflow in FortiWeb Proxy Daemon Buffer Overflow Vulnerability in FortiOS TFTP Client Library Improper Access Control Vulnerability in FortiWLC 8.6.1 and Below Fortinet Meru AP CLI Command Execution Vulnerability Unsupported SQL Injection Vulnerability in dns-stats hedgehog SQL Injection Vulnerability in Fortinet FortiWLM Version 8.6.1 and Below Session Fixation Vulnerability in FortiWeb Versions 6.4 and Earlier Limited Sandbox Bypass in WebKitGTK and WPE WebKit (CVE-2021-41133) Couchbase Server Information Disclosure Vulnerability Exploiting Short-Range Reorganizations: A Denial of Service and Profit Amplification Vulnerability in Ethereum's Proof-of-Stake (PoS) Consensus Protocol Network Delay Exploit: Indefinite Consensus Stalling in Proof-of-Stake Ethereum (PoS) Protocol Vulnerability: Denial of Service and Profit Manipulation in Proof-of-Stake Ethereum Consensus Protocol Directory Traversal Vulnerability in Neo4J Graph Database's Apoc Plugins Vulnerability in fredsmith utils: Predictable State Manipulation in Filename Handler (VDB-216749) OPNsense LDAP Attribute Return Cross-site Scripting (XSS) Vulnerability Arbitrary Locale File Loading Vulnerability in Babel Buffer Overflow Vulnerability in Broadcom Emulex HBA Manager/One Command Manager Arbitrary File Retrieval Vulnerability in Broadcom Emulex HBA Manager/One Command Manager Buffer Overflow Vulnerability in Broadcom Emulex HBA Manager/One Command Manager Arbitrary File Placement Vulnerability in Broadcom Emulex HBA Manager/One Command Manager XXE (XML External Entity) Vulnerability in CloverDX Server before 5.11.2 and 5.12.x before 5.12.1 Arbitrary Code Execution in Stimulsoft Reports 2013.1.1600.0 Heap Double Free Vulnerability in Opensc's sc_pkcs15_free_tokeninfo Heap Use After Free Vulnerability in Opensc's sc_file_valid Cronvel Tree-Kit Prototype Pollution Vulnerability Use After Return Vulnerability in Opensc Library's insert_pin Function Heap Buffer Overflow Vulnerability in Opensc's pkcs15-oberthur.c Stack Buffer Overflow Vulnerabilities in Opensc Library (Versions Prior to 0.22.0) Unauthenticated Remote Code Execution in D-Link DWR-932C E1 Firmware Remote Command Injection Vulnerability in D-Link DWR-932C E1 Firmware's debug_fcgi Buffer Overflow Vulnerability in TightVNC Viewer's tvnviewer.exe Allows Remote Code Execution Remote Code Execution Vulnerabilities in SteelCentral AppInternals Dynamic Sampling Agent (DSA) API Requests Directory Traversal Vulnerability in SteelCentral AppInternals Dynamic Sampling Agent's AgentConfigurationServlet Starcounter-Jack JSON-Patch Prototype Pollution Vulnerability (VDB-216778) Improper Access Control and User Impersonation in VeridiumAD Push Notifications Remote Port Scanning Vulnerability in AVEVA Edge (formerly InduSoft Web Studio) Unauthenticated Arbitrary Command Execution in AVEVA Edge (formerly InduSoft Web Studio) R2020 and Prior Path Traversal Vulnerability in AVEVA Edge (formerly InduSoft Web Studio) Allows Unauthorized Access to Windows Access Token Remote Denial of Service Vulnerability in styler_praat_scripts Local Privilege Escalation Vulnerability in Thales Sentinel Protection Installer DLL Hijacking Vulnerability in Thales Sentinel Protection Installer Critical OS Command Injection Vulnerability in Brave UX for-the-badge (VDB-216842) Privilege Escalation Vulnerability in Previous Versions of Product Path Traversal Vulnerability in SafeNet KeySecure Allows Unauthorized File Access Cross-Site Scripting (XSS) Vulnerability in FreePBX Voicemail (VDB-216871) Cross-Site Scripting (XSS) Vulnerability in FreeBPX Voicemail AquaView Use of Hardcoded Credentials Vulnerability Plex Media Server TOCTOU Race Condition Code Execution Vulnerability Title: GJSON < 1.9.3 Vulnerability: Regular Expression Denial of Service (ReDoS) Attack Authentication Bypass Vulnerability in Talend Data Catalog Remote Code Execution via Unrestricted Input in Grand Vice info Co. Webopac7 Book Search Field Unfiltered File Upload Vulnerability in Grand Vice info Co. Webopac7 Cross-Site Scripting (XSS) Vulnerability in OpenMRS HTML Form Entry UI Framework Integration Module up to 1.x Remote Code Execution via Log File Name Setting in SuiteCRM Cross-Site Scripting (XSS) Vulnerability in Insta HMS before 12.4.10 Arbitrary File Write and Execution Vulnerability in Zoho ManageEngine ADAudit Plus Lenovo Personal Cloud Storage Devices: Unauthenticated Information Disclosure Vulnerability Lenovo Personal Cloud Storage Devices Vulnerable to Unauthorized Access via Weak Default Password Cross-Site Scripting (XSS) Vulnerability in Nagios NCPA Lenovo Personal Cloud Storage Devices Vulnerable to Unauthorized Access via Weak Default Administrator Password Unauthenticated User Account Creation Vulnerability in Lenovo Personal Cloud Storage Devices Command Injection Vulnerability in Lenovo Personal Cloud Storage Devices Directory Traversal Vulnerability in SteelCentral AppInternals Dynamic Sampling Agent's AgentDiagnosticServlet Directory Traversal Vulnerability in SteelCentral AppInternals Dynamic Sampling Agent's PluginServlet Vulnerability: Insecure Storage of Pre-Configured Commands in SteelCentral AppInternals Dynamic Sampling Agent (DSA) Vulnerability: Cross-site Scripting (XSS) in /DsaDataTest Endpoint Directory Traversal Vulnerability in SteelCentral AppInternals Dynamic Sampling Agent's AgentDaServlet Memory Leak Vulnerability in Mini-XML v3.2 Leading to Denial of Service Information Exposure Vulnerability in cocagne pysrp up to 1.0.16 Stack Buffer Overflow in Mini-XML v3.2: mxmlLoadString API Vulnerability Buffer Overflow Vulnerability in JerryScript Allows for Construction of Fake Objects and Unlimited Size Fake ArrayBuffers Cross Site Scripting Vulnerability in Pixelimity 1.0 via Site Description Field Cross Site Scripting (XSS) Vulnerability in DanPros htmly 2.8.1 Cross Site Scripting (XSS) Vulnerability in Chikista Patient Management Software 2.0.2 Cross Site Scripting (XSS) Vulnerability in Chikista Patient Management Software 2.0.2 Symlink Following Vulnerability in ReFirm Labs binwalk up to 2.3.2 Out-of-Bounds Read Vulnerability in ACCEL-PPP 1.12.0's post_msg Function Command Injection Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Remote Command Injection Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Denial of Service Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215: RebootSystem Function Cross-Site Scripting (XSS) Vulnerability in OpenMRS openmrs-module-referenceapplication up to 2.11.x Remote Command Injection Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Remote Command Injection Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Information Disclosure Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215: Unauthorized Access to Apmib Configuration File Reveals Usernames and Passwords Authentication Bypass Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Remote Command Injection Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Unauthorized Access to Sensitive Information in TOTOLINK EX1200T V4.1.2cu.5215 Cross-Site Scripting (XSS) Vulnerability in OpenMRS User App Page Remote Command Injection Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Unauthorized Access to Sensitive Information in TOTOLINK EX1200T V4.1.2cu.5215 Default Username and Password Vulnerability in TOTOLINK EX1200T V4.1.2cu.5215 Unauthorized Access to Sensitive Information in TOTOLINK EX1200T V4.1.2cu.5215 FeMiner wms V1.0 Remote Command Execution Vulnerability in datarec.php Critical SQL Injection Vulnerability in DHBW Fallstudie Login Component Cross-Site Scripting (XSS) Vulnerability in OpenMRS Admin UI Module up to 1.5.x Format String Vulnerability in DrayTek Vigor Routers FiberHome ONU GPON AN5506-04-F RP2617 OS Command Injection Vulnerability Unauthenticated Access to SMB User Credentials via SyncThru Web Service on Samsung SCX-6x55X Printers Buffer Overflow Vulnerability in Kodi XBMC up to 19.0: Denial of Service via Improper Length in istream Cross-Site Scripting (XSS) Vulnerability in OpenMRS Admin UI Module up to 1.4.x DLL Hijack Vulnerability in ShowMyPC 3606 on Windows Cross-Site Scripting (XSS) Vulnerability in gnuboard youngcart5 up to 5.4.5.1 (Unsupported) Timing Discrepancy Vulnerability in OpenShift OSIN Cross Site Scripting (XSS) Vulnerability in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php Stored XSS vulnerability in IPPlan v4.92b's admin/usermanager.php allows remote attackers to inject arbitrary web script or HTML via the userid parameter. SQL Injection Vulnerability in ZZCMS 2021 via askbigclassid Parameter XSS Vulnerability in htmly.2.8.1 via Copyright Field in /admin/config Page Exposure of Session Tokens in HotelDruid Hotel Management Software v3.0.3 and Below Predictable Session Token Vulnerability in HotelDruid Hotel Management Software v3.0.3 XML External Entity (XXE) Reference Vulnerability in ONC code-validator-api up to 1.0.30 (VDB-217018) Zepl Notebooks Remote Code Execution (RCE) Vulnerability Algorithmia MSOL SaaS Remote Code Execution (RCE) Vulnerability Sandbox Escape Vulnerability in Zepl Notebooks (pre-2021-10-25) Allows Unauthorized Access to Internal Assets Zoho Remote Access Plus Server Windows Desktop Binary Vulnerability: Weak File Permissions Allow Unauthorized Access and Privilege Escalation Unauthorized Password Reset Vulnerability in Zoho Remote Access Plus Server Sensitive Information Disclosure Vulnerability in Zoho Remote Access Plus Server Cross Site Scripting (XSS) Vulnerability in w3c Unicorn Unrestricted File Upload Vulnerability in novel-plus Anaconda3 2021.05 Vulnerability: OS Command Injection via usercustomize.py Vulnerability in trampgeek jobe up to 1.6.4: Unknown Weakness in runs_post function XSS Vulnerability in cxuucms v3 via imgurl parameter in /feedback/post/ Buffer Overflow Vulnerability in NoMachine Server: Local Code Execution and Denial of Service Integer Overflow Vulnerability in NoMachine Server Allows Arbitrary Code Execution or Denial of Service Buffer Overflow Vulnerability in NoMachine Enterprise Desktop Integer Overflow Vulnerability in NoMachine Enterprise Desktop Integer Overflow Vulnerability in NoMachine Cloud Server Critical SQL Injection Vulnerability in Hesburgh Libraries of Notre Dame Sipity Buffer Overflow Vulnerability in NoMachine Cloud Server Buffer Overflow Vulnerability in NoMachine Enterprise Client Integer Overflow Vulnerability in NoMachine Enterprise Client Integer Overflow Vulnerability in Eltima USB Network Gate Buffer Overflow Vulnerability in Eltima USB Network Gate Inefficient Regular Expression Complexity in cronvel string-kit (CVE-2021-217180) Buffer Overflow Vulnerability in FlexiHub For Windows Integer Overflow Vulnerability in FlexiHub For Windows Buffer Overflow Vulnerability in Donglify IOCTL Handler Integer Overflow Vulnerability in Donglify IOCTL Handler Critical Vulnerability in ghostlander Halcyon: Improper Access Controls in CBlock::AddToBlockIndex Buffer Overflow Vulnerability in Amzetta zPortal Windows zClient (<= v3.2.8180.148) Allows Arbitrary Code Execution or Denial of Service Buffer Overflow Vulnerability in Amzetta zPortal DVM Tools (<= v3.3.148.148) Allows Arbitrary Code Execution or Denial of Service Integer Overflow Vulnerability in Amzetta zPortal Windows zClient Integer Overflow Vulnerability in Amzetta zPortal DVM Tools (<= v3.3.148.148) Allows Arbitrary Code Execution or Denial of Service Arbitrary File Read Vulnerability in Adminer versions 1.12.0 to 4.6.2 OpServices OpMon 9.11 XSS Vulnerability in Search Parameter Critical SQL Injection Vulnerability in slackero phpwcms up to 1.9.26 (VDB-217418) Safedog Apache v4.0.30255 Vulnerability: SQL Injection Bypass and Unauthorized Data Access Memory Corruption Vulnerability in Adobe Prelude 10.1 and Earlier Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Prelude 10.1 and Earlier Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Media Encoder Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe InCopy Allows for Application Denial-of-Service Application Denial of Service Vulnerability in Adobe Creative Cloud Desktop Installer Adobe Photoshop Out-of-Bounds Write Vulnerability Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Adobe Creative Cloud Setup.exe Service Cross-Site Scripting Vulnerability in slackero phpwcms up to 1.9.26 Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Premiere Rush 1.5.16 and Earlier: Arbitrary Code Execution via Malicious MXF File Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Code Execution Memory Corruption Vulnerability in Adobe Premiere Rush 1.5.16 and Earlier: Arbitrary Code Execution via Malicious M4A File Memory Corruption Vulnerability in Adobe Premiere Rush 1.5.16 and Earlier: Arbitrary Code Execution via Malicious M4A File Cross-Site Scripting (XSS) Vulnerability in shannah Xataface up to 2.x Uninitialized Pointer Vulnerability in Adobe Premiere Rush Allows Arbitrary Data Disclosure XenForo Advertising Function XSS Vulnerability Arbitrary Remote Code Execution in Kaseya Unitrends Backup Appliance Privilege Escalation via World Writable File in Kaseya Unitrends Backup Appliance Unauthenticated SQL Injection Vulnerabilities in Kaseya Unitrends Backup Appliance Weak Password Vulnerability in Kaseya Unitrends Backup Appliance Privilege Escalation via DLL Injection and Binary Planting in Kaseya Unitrends Backup Appliance Privilege Escalation via PostgreSQL Trigger Functions in Kaseya Unitrends Backup Appliance Anonymous Read/Write Access Vulnerability in Kaseya Unitrends Backup Appliance Critical Command Injection Vulnerability in eprintsug ulcc-core Privilege Escalation via Arbitrary File Creation in Kaseya Unitrends Backup Appliance Format String Vulnerability in Kaseya Unitrends Backup Appliance Remote Unauthenticated Buffer Overflow in Kaseya Unitrends Backup Appliance Insecure Sudo Rule Allows Apache User to Read Arbitrary Files in Kaseya Unitrends Backup Appliance Weak Default SNMP Community Configuration Vulnerability Excessive Resource Allocation Vulnerability in Apache Avro .NET SDK Session Token Leakage Vulnerability in TIBCO PartnerExpress Stored and Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO PartnerExpress Clickjacking Vulnerability in TIBCO PartnerExpress: Unauthenticated Remote Execution Unauthenticated User Credential Disclosure in TIBCO BusinessConnect Container Edition Inefficient Regular Expression Complexity in Woorank robots-txt-guard (VDB-217448) Local Access Vulnerability in TIBCO BusinessConnect Container Edition Allows Unauthorized Access to Administrative Credentials Spotfire Server Custom API Client Remote Code Execution Vulnerability Authentication Bypass Vulnerability in TIBCO FTL Realm Server Vulnerability: Unauthenticated Attacker Can Obtain Cluster Secret in TIBCO FTL Server Arbitrary API Token Generation Vulnerability in TIBCO eFTL Server Component Insecure Permission Inheritance in TIBCO eFTL Server Component PowerPC KVM Guest Crash Vulnerability Use-after-free vulnerability in selinux_ptrace_traceme allows local privilege escalation Open Redirect Vulnerability in Replicated Classic Versions Prior to 2.53.1: Spoofing via Specially Crafted URLs Inefficient Regular Expression Complexity Vulnerability in cronvel terminal-kit up to 2.1.7 Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiMail Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiWeb Fortinet FortiWeb Open Redirect Vulnerability Privilege Escalation Vulnerability in Fortinet FortiNAC Privilege Escalation via MSI Installer in Fortinet FortiClientWindows LDAP User Token Duplication Vulnerability in Fortinet FortiAuthenticator Bypassing Second Factor Authentication in Fortinet FortiAuthenticator 6.4.0 via RADIUS Login Portal Critical Prototype Pollution Vulnerability in Yomguithereal Baobab up to 2.6.0 (VDB-217627) FortiWLM Management Interface Path Traversal Vulnerabilities Fortinet FortiWeb LogReport API Controller Heap-Based Buffer Overflow Vulnerability Buffer Overflow Vulnerability in Fortinet Products OS Command Injection Vulnerability in Fortinet FortiWeb Cryptographic Signature Verification Vulnerability in Fortinet Products OS Command Injection Vulnerability in Fortinet FortiWLM Privilege Escalation Vulnerability in FortiADC Versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below, and 5.3.7 and below SQL Injection Vulnerability in Fortinet FortiWLM Critical SQL Injection Vulnerability in WebPA up to 3.1.1 (VDB-217637) Stored Cross-Site Scripting (XSS) Vulnerability in FortiOS Cross-Site Scripting (XSS) Vulnerability in FortiOS and FortiProxy Web Filter Override Form [CWE-79] Apache Traffic Server 9.1.0 stats-over-http Plugin Buffer Overflow Vulnerability Unsigned Integer Underflow Vulnerability in Apache PLC4X - PLC4C (C Language Implementation) SQL Injection Vulnerability in Dreamer CMS 4.0.0 via tableName Parameter Buffer Overflow in ARM astcenc 3.2.0 during Compression Function Cross Site Scripting (XSS) Vulnerability in 01-Scripts 01ACP XML External Entity (XXE) Vulnerability in WSDLParser Function of soa-model before 1.6.4 SQL Injection Vulnerability in Yeswiki Doryphore 20211012 via Email Parameter in Registration Form SQL Injection Vulnerability in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET Requests on patient.page Parameters Server-side Template Injection (SSTI) Vulnerability in bbs 5.3 TemplateManageAction.java File Upload Vulnerability in bbs v5.3 via QuestionManageAction.java getType Function Zip Slip Vulnerability in bbs 5.3's UpgradeNow Function Cross Site Scripting (XSS) Vulnerability in 01-Scripts 01-Artikelsystem Arbitrary Code Execution via File Upload in bbs 5.3 Arbitrary Code Execution via File Upload in bbs 5.3 MembershipCardManageAction.java Arbitrary Code Execution Vulnerability in bbs 5.3 via HelpManageAction.java Arbitrary Code Execution Vulnerability in bbs 5.3 via ForumManageAction.java Bailiwick Checking Vulnerability in Technitium DNS Server <= v7.0 Allows DNS Cache Poisoning Attack Header Injection Vulnerability in Compass Plus TranzWare Online FIMI Web Interface SQL Injection Vulnerability in PuneethReddyHC Online Shopping System via p Parameter in product.php XML External Entity (XXE) Reference Vulnerability in Talend Open Studio for MDM (VDB-217666) Access Control Vulnerability in PuneethReddyHC Online Shopping System: Unauthorized Access to add_products Command Injection Vulnerability in iTextPDF's GhostscriptHelper.java Vulnerability: RTR Clients Lose Access to RPKI VRP Data Set in FORT Validator Versions Prior to 1.5.2 Access Control Bypass Vulnerability in Nacos 2.0.3 Arbitrary Code Execution through File Upload Vulnerability in FastAdmin v1.2.1 Remote Command Injection Vulnerability in DrayTek Vigor Routers Cross-Site Scripting (XSS) Vulnerability in Th3-822 Rapidleech Bypassing 'Disable Right Click' in Desire2Learn/D2L Brightspace Quizzing Feature: Unrestricted Print and Copy Access Critical SQL Injection Vulnerability in NethServer phonenehome (VDB-218393) SQL Injection Vulnerability in Sourcecodester CRM 1.0 via username parameter in customer/login.php Authentication Bypass Vulnerability in FormaLMS <= 2.4.4 Account Takeover Vulnerability in Hostel Management System 2.1 via XSS and CSRF in my-profile.php Prototype Pollution in Async Library's mapValues() Method JWT Token Manipulation Vulnerability in zOSMF SQL Injection Vulnerability in Sourcecodester Simple Subscription Website 1.0 Login XSS Vulnerability in Sourcecodester Simple Subscription Website 1.0 via id Parameter in plan_application XML External Entity (XXE) Vulnerability in JOXSAXBeanInput's readObject Method LDAP Misconfiguration Vulnerability in Zammad 5.0.1 Allows Unauthorized Access Critical Template Injection Vulnerability in NYUCCL psiTurk up to 3.2.0 (VDB-219676) XSS Vulnerability in CMS Made Simple 2.2.15 via Add Category Action SQL Injection Vulnerability in Projectsworlds Online Book Store PHP v1.0 via bookisbn Parameter in cart.php CSRF Vulnerability in ProjectWorlds Online Book Store PHP 1.0 Allows Remote Book Deletion SQL Injection Vulnerability in Projectsworlds Online Shopping System PHP 1.0 via cart_remove.php's id Parameter CSRF Vulnerability in ProjectWorlds Online Shopping System PHP 1.0 Allows Unauthorized Product Removal Ruijie Networks Ruijie RG-EW Series Routers Remote Code Execution (RCE) Vulnerability Remote Browser UI Spoofing Vulnerability in Google Chrome Ruijie Networks Ruijie RG-EW Series Routers Remote Code Execution (RCE) Vulnerability Ruijie Networks Ruijie RG-EW Series Routers Remote Code Execution (RCE) Vulnerability Ruijie Networks Ruijie RG-EW Series Routers Remote Code Execution (RCE) Vulnerability Ruijie Networks Ruijie RG-EW Series Routers Remote Code Execution (RCE) Vulnerability Ruijie Networks Ruijie RG-EW Series Routers Remote Code Execution (RCE) Vulnerability ANGLE Use After Free Vulnerability in Google Chrome 96.0.4664.93 Insecure Cryptographic Signature Verification in /e/OS App Lounge Allows Installation of Malicious Applications Infinite Chain of RRDP Repositories in Routinator Prior to 0.10.2 Causes Endless Validation Run RRDP Repository Delay Vulnerability in NLnet Labs Routinator Out-of-Memory Crash Vulnerability in NLnet Labs Routinator Versions 0.9.0 - 0.10.1 Incorrect Authentication Validation in GOautodial API Arbitrary PHP File Execution Vulnerability in GOautodial API Incomplete Fix for One-Time-Password (OTP) Reuse Vulnerability in devise-two-factor Remote Code Execution via Object Corruption in Google Chrome (CVE-2021-37973) Avatar Metadata Information Disclosure Vulnerability in JetBrains Hub Stored XSS Vulnerability in JetBrains Hub before 2021.1.13690 Denial of Service Vulnerability in JetBrains Hub (before 2021.1.13415) via User Information Authentication Throttling Bypass in JetBrains Hub (before 2021.1.13690) Stored XSS Vulnerability in JetBrains YouTrack before 2021.3.21051 Host Header Injection Vulnerability in JetBrains YouTrack Stored XSS Vulnerability in JetBrains YouTrack before 2021.3.24402 Client-side Cache Vulnerability in JetBrains YouTrack Mobile (iOS) Incomplete Access Token Protection in JetBrains YouTrack Mobile for iOS (before 2021.2) Incomplete Access Token Protection in JetBrains YouTrack Mobile for Android (before 2021.2) Blink Use After Free Vulnerability in Google Chrome (CVE-2021-30563) Task Hijacking Vulnerability in JetBrains YouTrack Mobile (Android) Missing Security Screen in JetBrains YouTrack Mobile: A Potential Vulnerability iOS URL Scheme Hijacking Vulnerability in JetBrains YouTrack Mobile Remote Code Execution via Agent Push Functionality in JetBrains TeamCity (CVE-2021-XXXX) User Enumeration Vulnerability in JetBrains TeamCity (before 2021.1.2) Missing HTTP Security Headers in JetBrains TeamCity before 2021.1.2 Information Disclosure in JetBrains TeamCity Docker Registry Connection Dialog Unescaped HTML in Email Notifications: XSS Vulnerability in JetBrains TeamCity Stored XSS Vulnerability in JetBrains TeamCity before 2021.1.2 Insufficient Permission Checks in JetBrains TeamCity Create Patch Functionality Remote Code Execution via Use After Free in Google Chrome (CVE-2021-30563) Insufficient Permission Checks in JetBrains TeamCity Agent Push Functionality Project Settings Inheritance Vulnerability in JetBrains TeamCity Missing X-Frame-Options Header Vulnerability in JetBrains TeamCity Improper Nonce Verification in JetBrains Ktor OAuth2 Authentication Improper Control of Resource Lifetime in Fortinet FortiClientWindows: Denial of Service via Directory Access Permissions Unauthenticated Access to Confighandler Webserver Vulnerability in FortiClient for Linux Sensitive Information Disclosure in Fortinet FortiOS and FortiProxy Windows Common Log File System Driver Privilege Escalation Vulnerability 3D Viewer RCE Vulnerability 3D Viewer RCE Vulnerability Content Security Policy Bypass in Google Chrome prior to version 91.0.4472.77 Windows 10 Update Assistant Privilege Escalation Vulnerability Web Media Extensions RCE Vulnerability iSNS Server Memory Corruption Vulnerability Unveiling Sensitive Information: Microsoft LSA Server Vulnerability EFS Remote Code Execution Vulnerability in Windows DirectX Graphics Kernel File Denial of Service Vulnerability: Exploiting System Crashes Arbitrary Code Execution via Crafted Chrome Extension in Google Chrome DevTools (CVE-2021-30563) Edge for iOS URL Spoofing Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Microsoft Message Queuing Data Exposure Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Windows Common Log File System Driver Information Leakage Vulnerability Bot Framework SDK RCE Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Exposed Storage Spaces Controller Vulnerability SymCrypt Denial of Service Vulnerability: Exploiting Weaknesses in SymCrypt Library for Denial of Service Attacks Windows NTFS Privilege Escalation Vulnerability Local File Access Vulnerability in Google Chrome Extensions NTFS Privilege Escalation Vulnerability in Windows Windows NTFS Privilege Escalation Vulnerability Tracing the Danger: Windows Event Remote Code Execution Vulnerability Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Faxploit: Remote Code Execution Vulnerability in Windows Fax Service Exposed Storage Spaces Controller Vulnerability Microsoft Message Queuing Data Exposure Vulnerability Windows Setup Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Recovery Environment Agent Privilege Escalation Vulnerability Arbitrary File Reading Vulnerability in Google Chrome Update (CVE-2021-21227) NTFS Short Name Privilege Escalation Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server VP9 Video Extensions Information Leakage Vulnerability Windows Kernel Information Leakage Vulnerability Windows Digital TV Tuner Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows TCP/IP Driver Privilege Escalation Vulnerability Windows Digital Media Receiver Privilege Escalation Vulnerability Cross-Site Scripting Vulnerability in NHN TOAST UI Chart 4.1.4 Exploiting Trust: Microsoft Office Trust Center Spoofing Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel CSV Injection Vulnerability in MantisBT before 2.25.3 Remote Code Execution through Insecure File Uploads in ChurchInfo 1.3.0 Imperative Framework Privilege Escalation Vulnerability Directory Traversal Vulnerability in Mahara XSS Vulnerability in Mahara Versions 20.04.5, 20.10.3, 21.04.2, and 21.10.0 Code Execution via Shell Metacharacters in Mahara PDF Export Vulnerability Insufficient Validation of User-Supplied Sizes in TIPC Crypto Message Type Buffer Overflow and Double Free Vulnerability in VxWorks IKE Component Proxy Configuration Injection Vulnerability in Code42 App Integer Overflow in initialize_typed_array_from_array_buffer function in SerenityOS (VDB-222074) Cleartext SMTP Vulnerability in Datalust Seq.App.EmailPlus Riverbed AppResponse WebUI Log File Leakage Vulnerability Improper Exception Handling in Open Design Alliance ODA Viewer Allows Code Execution DGN File Reading Procedure Out-of-bounds Read Vulnerability in Open Design Alliance Drawings SDK Use After Free Vulnerability in Open Design Alliance Drawings SDK Use After Free Vulnerability in Open Design Alliance Drawings SDK Out-of-bounds Read Vulnerability in Open Design Alliance ODA Viewer (2022.8) Allows Arbitrary Code Execution U3D File Reading Procedure Out-of-Bounds Read Vulnerability Out-of-bounds Read Vulnerability in Open Design Alliance Drawings SDK U3D File Reading Procedure Out-of-Bounds Write Vulnerability Critical SQL Injection Vulnerability in 狮子鱼CMS (VDB-222223) Stack-based Buffer Overflow in Open Design Alliance Drawings SDK (CVE-2022-XXXX) Remote Code Injection in MyBB Admin CP's Settings Management Module Default Wi-Fi WPA2 Key Leakage through MAC Address Advertisement Command Injection Vulnerability in Victure WR1200 Devices Default SSH Password Vulnerability on Victure WR1200 Devices Command Injection Vulnerability in ThoughtWorks GoCD Business Continuity Add-On in ThoughtWorks GoCD Prior to 21.3.0 Allows Unauthenticated Attackers to Access All Server Secrets JavaScript Injection Vulnerability in ThoughtWorks GoCD Arbitrary File Upload Vulnerability in ThoughtWorks GoCD Critical Command Injection Vulnerability in json-logic-js 2.0.0 (VDB-222266) Arbitrary File Upload Vulnerability in ThoughtWorks GoCD Server Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager 3.x before 3.36.0 allows remote authenticated attackers to perform network enumeration. Reflected XSS Vulnerability in Zoho ManageEngine SupportCenter Plus Products Module Reflected XSS Vulnerability in Zoho ManageEngine SupportCenter Plus Accounts Module SSRF Vulnerability in Zoho ManageEngine SupportCenter Plus ActionExecutor Dubbo Hessian-lite Deserialization Remote Code Execution Vulnerability Insecure Password Matching and Brute-Force Vulnerability in 'Basic' HTTP Authentication Buffer Overflow Vulnerability in PJSUA API: Attacker-Controlled 'filename' Argument in pjsua_player_create Arbitrary File Upload Vulnerability in Envato Elements & Download and Template Kit – Import Plugins for WordPress Buffer Overflow Vulnerability in PJSUA API: Attacker-Controlled 'filename' Argument in pjsua_recorder_create Buffer Overflow in PJSUA API: Stack Overflow in pjsua_playlist_create Out-of-Bounds Read Vulnerability in PJSUA API Buffer Overflow in PJSUA API: Vulnerability in pjsua_call_dump Function Heap Buffer Overflow in Clickhouse's LZ4 Compression Codec Heap Buffer Overflow in Clickhouse's LZ4 Compression Codec Exponential ReDoS Vulnerability in jquery-validation npm Package's url2 Method Exponential ReDoS Vulnerability in semver-regex npm Package's test() Method Exponential ReDoS Vulnerability in markdown-link-extractor npm Package Exponential ReDoS Vulnerability in uri-template-lite npm Package Privilege Escalation Vulnerability in Plus Addons for Elementor Plugin Remote Code Execution via Keylime Agent Reset Vulnerability Heap-Based Buffer Overflow in UPX: Exploiting Inaccessible Address in get_le32() Heap-Based Buffer Overflow in upx: Inaccessible Address in PackLinuxElf64::invert_pt_dynamic Heap-Based Buffer Overflow in upx: Exploiting Inaccessible Address in PackLinuxElf32::invert_pt_dynamic Heap-based Buffer Overflow in UPX: Inaccessible Address in get_le32() Heap-based Buffer Overflow in UPX: Inaccessible Address in get_le32() Heap-Based Buffer Overflow in upx's get_le64() Function Heap-based Buffer Overflow in UPX: Inaccessible Address in get_le32() Command Injection Vulnerability in Zoho ManageEngine Network Configuration Manager Arbitrary File Read Vulnerability in Plus Addons for Elementor Plugin SMM Callout Vulnerability in Insyde InsydeH2O Cross-Site Scripting (XSS) Vulnerability in LibreNMS Widget Title Improper Permissions Set by Automox Agent 33 on Windows Temporary Directory Improper Permissions Setting in Automox Agent on Windows VCC Glitch Vulnerability: Extracting Security ID Key and Protected Firmware on Renesas RX65 and RX65N Devices SQL Injection Vulnerability in Mumara Classic License Update Vulnerability: Cross-Site Request Forgery in WP Statistics Plugin Arbitrary JavaScript Execution via Crafted URL in GNU Mailman CSRF Token Encryption Vulnerability in GNU Mailman Unauthenticated Configuration Access Vulnerability in Datalogic DXU Service Cross-Site Scripting (XSS) Vulnerability in BuddyBoss Platform 1.8.0 DXF/DWG File Parsing Out-of-Bounds Write Vulnerability Incorrect Access Control in SchedMD Slurm 21.08.* before 21.08.4 Command Injection Vulnerability in Ericsson Network Location Export Functionality Vulnerability: Unauthorized Modification of Site Options in Fancy Product Designer Plugin for WordPress Unauthenticated Access and Data Modification Vulnerability in Fancy Product Designer Plugin for WordPress LDAP Injection Vulnerability in Apache Traffic Control Traffic Ops Cross-Site Request Forgery Vulnerability in Crisp Live Chat WordPress Plugin Client-side input validation vulnerability in Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows unauthorized access Path Traversal Vulnerability in Sunnet eHRD Allows Unauthenticated Remote Attackers to Access Restricted Paths and Download System Files Broken Access Control Vulnerability in Sunnet eHRD: Privilege Escalation and Arbitrary Code Execution Critical SQL Injection Vulnerability in ITRS Group monitor-ninja up to 2021.11.1 (VDB-230084) Inadequate Input Validation in Sunnet eHRD E-mail Delivery Task Schedule SQL Injection vulnerability in MedData HBYS allows unauthorized access to sensitive data SQL Injection Vulnerability in MedData HBYS Vulnerability: Authorization Bypass in Sixteen XforWooCommerce Add-On Plugins for WordPress Authorization Bypass Vulnerability in 404 to 301 Plugin for WordPress Cleartext Storage of Sensitive Information in Unisys Cargo Mobile Application Array-index-out-of-bounds vulnerability in detach_capi_ctr function in Linux kernel Authorization Bypass Vulnerability in uListing Plugin for WordPress Out-of-Bounds Write Vulnerability in Open Design Alliance Drawings SDK (CVE-2022-XXXX) DXF File Parsing Out-of-Bounds Read Vulnerability Vulnerability: Information Disclosure in STSAFE-J and J-SAFE3 Platforms Vulnerability: Signature Verification Abuse in STSAFE-J and J-SAFE3 Platforms Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D LDAP Password Validation Vulnerability Vulnerability: Local Privilege Escalation via Crafted Rename and Rmdir Calls on tmpfs Filesystems Potential data integrity issue in iconv() due to crafted ISO-2022-JP-3 data Privilege Escalation in LiquidFiles before 3.6.3 Timing Leakage in MakePublicKey() in Crypto++ (aka Cryptopp) 8.6.0 and Earlier Improper Length Validation in Yubico YubiHSM YubiHSM2 Library 2021.08 SQL Injection Vulnerability in uListing Plugin for WordPress (Versions up to 1.6.6) Use-after-free vulnerability in BlueZ 5.61 gatt-database.c Arbitrary File Download Vulnerability in FusionPBX Log Viewer FusionPBX FAX File Name Vulnerability Unrestricted Character Input in fax_extension Field in FusionPBX Unrestricted fax_post_size vulnerability in FusionPBX SQL Injection Vulnerability in Duplicate Post WordPress Plugin (up to version 1.1.9) Persistent Cross-Site Scripting (XSS) Vulnerability in WPO365 | LOGIN WordPress Plugin (up to version 15.3) Authorization Bypass Vulnerability in uListing Plugin for WordPress CRLF Log Injection Vulnerability in Apache Airavata Django Portal Privilege Escalation Vulnerability in GNU Hurd Local Privilege Escalation Vulnerability in GNU Hurd Shared Pager Port Vulnerability in GNU Hurd Allows Unauthorized File Modification and Root Access Vulnerability: Man-in-the-Middle Attack in GNU Hurd Proc Server Bypass of Configured Allowed Image Paths in HashiCorp Nomad Opay Mobile Application 1.5.1.26 Information Disclosure Vulnerability SQL Injection Vulnerability in Login.php of Sourcecodester Online Payment Hub v1 by oretnom23 Remote Code Execution via File Upload in Studio-42 elFinder 2.0.4 to 2.1.59 Denial of Service Vulnerability in CORTX-S3 Server via mempool_destroy Method Unauthenticated Account Creation Vulnerability in WordPress Plugin (Versions up to 1.6.6) Access Control Vulnerability in BigAntSoft BigAnt Office Messenger 5.6 Allows PHP Trojan File Upload Cross Site Scripting (XSS) Vulnerability in Exrick XMall Admin Panel via product-add.jsp GET Parameter Stored XSS in MartDevelopers Inc iResturant v1.0 via Username Field Virtual Host Header Manipulation Vulnerability Stored XSS Vulnerability in Signup Form of iResturant 1.0: Remote Code Injection via NAME and ADDRESS Fields Remote Code Execution (RCE) Vulnerability in iResturant 1.0's Add Review Function Privilege Escalation Vulnerability in Frontend File Manager Plugin for WordPress Multiple Stored XSS Vulnerabilities in iOrder 1.0 Signup Form Remote Code Execution via HTML Injection in iOrder 1.0 Signup Form Multiple Administrator Account Creation Vulnerability in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) Weak Default URL Signing Key in ONLYOFFICE Allows Forged Signed Document Download URLs Default JWT Signing Key Allows Unauthorized Access to ONLYOFFICE Document Editor Cross-Site Scripting (XSS) Vulnerability in ONLYOFFICE Document Editor's Macros Feature Authentication Bypass Vulnerability in ONLYOFFICE Document Editor Improper Input Validation in ONLYOFFICE Allows User Name Spoofing Server-Side Request Forgery (SSRF) Vulnerability in ONLYOFFICE Document Editor Service Authorization Bypass Vulnerability in uListing Plugin for WordPress SQL Injection Vulnerability in PHPGURUKUL Employee Record Management System 1.2 via Email Parameter in forgetpassword.php Heap-based Buffer Overflow in JerryScript 2.4.0 and Prior Versions via Out-of-Bounds Read in parser_parse_for_statement_start Unquoted Service Path Vulnerability in AnyTXT Searcher 1.2.394 Unquoted Service Path Vulnerability in FreeLAN 2.2 Unquoted Service Path Vulnerability in Rumble Mail Server 0.51.3135 Unquoted Service Path Vulnerability in bVPN 2.5.1 Unquoted Service Path Vulnerability in Vembu BDR 4.2.0.1 Cross Site Scripting (XSS) Vulnerability in Rumble Mail Server 0.51.3135 via Domain and Path Parameters Unauthenticated Arbitrary Account Changes in uListing WordPress Plugin (up to version 1.6.6) Unquoted Service Path Vulnerability in System Explorer 7.0.0 Rumble Mail Server 0.51.3135 - Cross Site Scripting (XSS) Vulnerability in servername Parameter Rumble Mail Server 0.51.3135 XSS Vulnerability via Username Parameter Unquoted Service Path Vulnerability in Ext2Fsd v0.68 Remote Code Execution (RCE) Vulnerability in Subrion CMS 4.2.1 via Modified Background Field Remote Code Execution Vulnerability in Thymeleaf-Spring5:3.0.12 Component Command Execution Vulnerability in VINGA WR-N300U 77.102.1.4853's GoAhead Component Authenticated Arbitrary Options Update Vulnerability in Advanced Shipment Tracking for WooCommerce Plugin Denial of Service Vulnerability in Canon LBP223 Printers: Unauthenticated Remote Shutdown Exploit Access Control Vulnerability in D-Link DIR-823G REVA1 1.02B05 (Latest) via HNAP1 Function Parameters Hoosk 1.8.0 - Unchecked Config File Existence Vulnerability The-Secretary 2.5 Install.php Remote Code Execution Vulnerability Unauthenticated Settings Import/Export Vulnerability in Ultimate GDPR & CCPA Plugin for WordPress SQL Injection Vulnerability in Webtareas 2.4p3 and Earlier via $uq Parameter in editapprovalstage.php Unauthenticated Access Control Vulnerability in CLARO KAON CG3000 1.00.67 Router Configuration Unvalidated File Extension in Simple Client Management System 1.0 Allows Remote Code Execution Cross-Site Request Forgery Vulnerability in Process Steps Template Designer Plugin for WordPress Directory Traversal Vulnerability in AlquistManager Branch Directory Traversal Vulnerability in ServerManagement Master Branch Directory Traversal Vulnerability in OpenCV-REST-API Directory Traversal Vulnerability in AlquistManager Branch Directory Traversal Vulnerability in Clustering Master Branch (Commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70) ATutor 2.2.4 Access Control Vulnerability in password_reminder.php Unauthenticated HTML Injection Vulnerability in Frontend File Manager Plugin for WordPress Multiple Cross Site Scripting (XSS) Vulnerabilities in Ssourcecodester Simple Client Management System v1 SQL Injection Vulnerability in Sourcecodester Simple Client Management System 1.0 via Login.php Password Parameter SQL Injection Vulnerability in Sourcecodester Simple Client Management System 1.0 via id parameter in view-service.php Unauthenticated Post Meta Change Vulnerability in Frontend File Manager Plugin for WordPress SQL Injection Vulnerability in Sourcecodester Simple Client Management System 1.0 via Login.php Username Field API Key Extraction Vulnerability in FlightRadar24 Android App CSV Injection in Kimai: Exploiting Timesheet Creation with Malicious Payload FOSCAM Camera FI9805E Firmware V4.02.R12.00018510.10012.143900.00000 Backdoor Vulnerability Buffer Overflow Vulnerability in Teeworlds 0.7.5: Exploitable Map Parser Issue Lua Interpreter Stack Overflow in lua_resume Authorization Bypass Vulnerability in JobSearch WP Job Board Plugin Buffer Overflow Vulnerability in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c InsydeH2O StorageSecurityCommandDxe SMM Memory Corruption Vulnerability Vulnerability: Incorrect Handling of Special Characters in Domain Names in uClibc and uClibc-ng Heap Overflow Vulnerability in NSS Versions Prior to 3.73 or 3.68.1 ESR Thunderbird JavaScript Execution in Composition Area Vulnerability Heap Overflow Vulnerability in Thunderbird when Processing S/MIME Messages (CVE-2021-43527) Unauthenticated Settings Export Vulnerability in WooCommerce Dynamic Pricing and Discounts Plugin Firefox for Android QR Code URL Processing Universal XSS Vulnerability Same-origin violation in Web Extensions context menu leading to data leakage (CVE-2021-43532) Authentication Token Theft via 'Copy Image Link' Context Menu Action Internationalized Domain Name (IDN) Parsing Vulnerability in Firefox < 94 Memory Corruption Vulnerabilities in Firefox 93 and Firefox ESR 91.2 Use-after-free vulnerability in HTTP2 session object release Asynchronous Function Vulnerability: URL Exposure and Navigation Failure Type Conversion Vulnerability in Thunderbird, Firefox ESR, and Firefox Versions < 95 Notification Spoofing Vulnerability in Thunderbird and Firefox Use-after-free vulnerability in Thunderbird, Firefox ESR, and Firefox Arbitrary File Upload Vulnerability in PWA for WP & AMP for WordPress Plugin (Versions up to 1.7.32) WebExtensions Exploit: Persistent ServiceWorker Installation in Firefox < 95 Improper Escaping of URL Parameter in Protocol Handlers Application Identification through XMLHttpRequest Vulnerability CSP Sandbox Escape Vulnerability in Thunderbird and Firefox URL Spoofing and XSS Vulnerability in Firefox for Android (Versions < 95) Critical Vulnerability: Location API Loop Causes Application Hangs and Crashes Native Cursor Zoomed Cursor Spoofing Vulnerability Denial-of-Service and Information Exposure Vulnerability in TwinOaks Computing CoreDX DDS Input Validation Vulnerability in Patient Information Center iX (PIC iX) Versions C.02 and C.03 PI Web API Endpoint Redirection Vulnerability Authorization Bypass Vulnerability in Welcart e-Commerce Plugin for WordPress Vulnerability: Use of Broken or Risky Cryptographic Algorithm in PIC iX and Efficia CM Series Remote Code Injection Vulnerability in PI Vision Critical Vulnerability: Hard-coded Cryptographic Key Exposes Patient Information in PIC iX Versions B.02, C.02, and C.03 Insufficient Privileges in PI Vision for Child AF Attribute with Limits Property FATEK WinProladder Out-of-Bounds Write Vulnerability Path Traversal Vulnerability in mySCADA myDESIGNER Versions 8.20.0 and Prior Stack-Based Buffer Overflow in FATEK WinProladder Versions 3.30_24518 and Prior Bypassing Block List with Unverified $request_uri in Apache APISIX Reflected XSS Vulnerability in Moodle's Filetype Site Administrator Tool CSRF Vulnerability in Moodle's Delete Related Badge Functionality Unauthenticated Arbitrary File Download in Frontend File Manager Plugin for WordPress Insufficient Capability Checks in Moodle Allow Unauthorized Access to Calendar Action Events XSS Vulnerability in Google for Jobs Extension for TYPO3 Unrestricted Image Download and SSRF leading to Remote Code Execution in pixx.io TYPO3 Extension Unauthenticated Access Control Bypass in pixx.io TYPO3 Extension Unprotected File Download Vulnerability in jobfair Extension Panic Vulnerability in golang.org/x/crypto SSH Package Race Condition Vulnerability in Samba Allows Unauthorized Directory Creation Signature Forgery Vulnerability in Stark Bank Elixir ECDSA Library Signature Forgery Vulnerability in Stark Bank .NET ECDSA Library Authorization Bypass Vulnerability in uListing Plugin for WordPress Signature Forgery Vulnerability in Stark Bank Java ECDSA Library ECDSA Signature Forgery Vulnerability in Stark Bank Node.js ECDSA Library Signature Forgery Vulnerability in Stark Bank Python ECDSA Library Buffer Overflow Vulnerability in Realtek RTL8195AM Devices XSS Vulnerability in Atmail 6.5.0 WebAdmin Control Panel (Unsupported Version) Hard-coded Password Vulnerability in KNX ETS6 XML External Entity (XXE) Vulnerability in Jenkins pom2config Plugin 1.2 and Earlier Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier: XML External Entity (XXE) Vulnerability Arbitrary File Replacement Vulnerability in Jenkins Squash TM Publisher Plugin Remote Code Execution Vulnerability in HTMLDOC <= 1.9.13 via Crafted BMP File Stored Cross-Site Scripting Vulnerability in WP DSGVO Tools (GDPR) Plugin for WordPress Out-of-Bounds Read Vulnerability in Open Design Alliance PRC SDK Use-After-Free Remote Code Execution Vulnerability in Open Design Alliance Drawings SDK DOM-based Cross Site Scripting (XSS) Vulnerability in Nagios NCPA's 'Tail Event Logs' Functionality Hard-coded Cryptographic Key Vulnerability in Dell PowerPath Management Appliance Improper Input Validation Vulnerability in Dell EMC Data Protection Central version 19.5 Dell EMC Unity OS Command Injection Vulnerability Unauthenticated Arbitrary Post Deletion in Frontend File Manager Plugin for WordPress Dell EMC Enterprise Storage Analytics for vRealize Operations: Plain-text Password Storage Vulnerability Privilege Escalation in Controlled Admin Access Plugin for WordPress SQL Injection Vulnerability in Doctrine DBAL 3.x before 3.1.4 Blind Boolean SQL Injection Vulnerability in Spiceworks Help Desk Server Authorization Bypass Vulnerability in JobSearch WP Job Board Plugin Unauthenticated SIP Message Crash Vulnerability in Belledonne Belle-sip Belledonne Belle-sip before 5.0.20 From Header Display Name Crash Vulnerability Out-of-Bounds Heap Read Vulnerability in lldpd before 1.0.13 SMM Memory Corruption Vulnerability in InsydeH2O Inconsistent Dependency Installation Vulnerability in npm ci Command Unrestricted Upload of Executable PHP Content in Laravel Framework Integer Overflow and Buffer Overflow Vulnerability in GMP Library (CVE-2020-1810) Buffer Overflow Vulnerability in Trusted Firmware M 1.4.x through 1.4.1 Firmware Update Partition Authorization Bypass in Kiwi Social Share Plugin for WordPress (Version 2.1.0) Potential vulnerability in fruity crate for Rust: Inadequate validation of filename extensions and potential partial results in NSString conversion SQL Injection Vulnerability in Projectworlds Hospital Management System v1.0 via email parameter in hms-staff.php SQL Injection Vulnerability in Projectworlds Hospital Management System v1.0 via admin_home.php Reflected Cross-Site Scripting Vulnerability in WP Quick FrontEnd Editor Plugin SQL Injection Vulnerability in Projectworlds Hospital Management System v1.0's add_patient.php SQL Injection Vulnerability in Projectworlds Hospital Management System v1.0 via appointment_no parameter in payment.php Stored XSS Vulnerability in Sourcecodester Messaging Web Application 1.0 Codex 1.4.0 XSS Vulnerability in Notebook/Page Name Field Buffer Overflow Vulnerabilities in T10 V2_Firmware V4.1.8cu.5207_B20210320: HTTP Request Host Data Processing Buffer Overflow Vulnerability in Amazon WorkSpaces Agent Integer Overflow Vulnerability in Amazon WorkSpaces Agent Authorization Bypass Vulnerability in JobSearch WP Job Board Plugin Unauthenticated Stored Cross-Site Scripting Vulnerability in Frontend File Manager Plugin for WordPress SQL Injection Vulnerability in WebRun 3.6.0.42: Exploiting P_0 Parameter for Login Username Stored XSS Vulnerability in SCMS 1.0 via MAster.php Stored XSS Vulnerability in Halo 1.4.14 Avatar Upload Function Authorization Bypass Vulnerability in PWA for WP & AMP Plugin for WordPress Reflected Cross-Site Scripting (XSS) Vulnerability in totolink EX300_v2 V4.0.3c.140_B20210429 via /home.asp Component Uncontrolled Resource Consumption Vulnerability in Totolink EX300_v2 and A720R Routers Command Injection Vulnerability in Totolink EX300_v2 V4.0.3c.140_B20210429 via cloudupdate_check Component Command Injection Vulnerability in Totolink EX300_v2 V4.0.3c.140_B20210429 via process forceugpo Denial of Service Vulnerability in mbed TLS 3.0.0 and Earlier: Zero-Length Password Input in mbedtls_pkcs12_derivation Function Critical Nil Payload Vulnerability in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0 Go-Ethereum 1.10.9 Denial of Service Vulnerability Orderer Breakdown Vulnerability in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0 Stored Cross-Site Scripting Vulnerability in Flo Forms – Easy Drag & Drop Form Builder Plugin for WordPress Cross Site Scripting (XSS) Vulnerability in dzzoffice 2.02.1_SC_UTF8's explorerfile.php Path Manipulation Vulnerability in ThinkUp 2.0-beta.10 (Smarty.class.php) - Unsupported Product Cross Site Scripting (XSS) Vulnerability in Lychee-v3 3.2.16's php/Access/Guest.php Path Manipulation Vulnerability in Smarty.class.php in Matyhtf Framework v3.0.5 Cross Site Scripting (XSS) Vulnerability in Fluxbb v1.4.12 Cross Site Scripting (XSS) Vulnerability in Wechat-php-sdk v1.10.2 SQL Injection Vulnerability in ECShop v2.7.3 API.php Authenticated Settings Change Vulnerability in Frontend File Manager Plugin for WordPress Cross Site Scripting (XSS) vulnerability in SakuraPanel v1.0.1.1 Cross Site Scripting (XSS) Vulnerability in thinkphp-bjyblog's AdminBaseController.class.php Cross Site Scripting (XSS) Vulnerability in PictShare v1.5's api/info.php Path Manipulation Vulnerability in ShowImageController.php Cross Site Scripting (XSS) Vulnerability in nZEDb v0.4.20's api.php Cross Site Scripting (XSS) Vulnerability in chamilo-lms v1.11.14's /plugin/jcapture/applet.php Cross Site Scripting (XSS) Vulnerability in GoodsController.class.php of Manage Application Unauthenticated Content Injection in Frontend File Manager Plugin for WordPress Cross Site Scripting (XSS) vulnerability in YurunProxy v0.01's src/Client.php Path Manipulation Vulnerability in tripexpress v1.1's load_font.php Cross Site Scripting (XSS) Vulnerability in YouTube PHP Mirroring File Inclusion Vulnerability in Vesta Control Panel 0.9.8-24: web/add/user/index.php Cross Site Scripting (XSS) Vulnerability in IssabelPBX Version 2.11 Cross Site Scripting (XSS) Vulnerability in twmap v2.91_v4.33's list.php File Cross Site Scripting (XSS) vulnerability in Workerman-ThinkPHP-Redis Cross Site Scripting (XSS) Vulnerability in phpWhois Authorization Bypass Vulnerability in uListing Plugin for WordPress SQL Injection Vulnerability in ApiManager 1.1 Time and Boolean-based Blind SQL Injection vulnerability in CSZ CMS 1.2.9 ASUS RT-A88U 3.0.0.4.386_45898 - Stored Cross Site Scripting (XSS) Vulnerability in WiFI Logs Incorrect Access Control Vulnerability in zzcms <= 2019 via admin.php Maccms v10 Link_Name Parameter XSS Vulnerability Bypassing Classification Label Generation in Titus Classification Suite 18.8.1910.140 Using Excel's Safe Mode Vulnerability: Unauthorized Setting Changes in WP Quick FrontEnd Editor Plugin Command Injection Vulnerability in TOTOLINK EX200 V4.0.3c.7646_B20201211's downloadFlile.cgi Binary Stored XSS Vulnerability in Sourcecodester Employee Daily Task Management System 1.0: Remote Code Injection via Name Field Stored Cross-Site Scripting Vulnerability in WooCommerce Dynamic Pricing and Discounts Plugin Cross Site Scripting (XSS) Vulnerability in Leanote 2.7.0 Markdown Note Type Buffer Overflow Vulnerability in D-Link DIR-645 1.03 A1 Cross Site Scripting (XSS) Vulnerability in Subrion CMS 4.2.1 via Create Page Functionality Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below Stored Cross-Site Scripting (XSS) Vulnerability in Pix-Link MiNi Router 28K.MiniRouter.20190211 Stored Cross-Site Scripting (XSS) Vulnerability in Pix-Link MiNi Router 28K.MiniRouter.20190211 Cross-Site Request Forgery Vulnerability in Better Search Plugin for WordPress (Versions up to 2.5.2) Arbitrary File Read Vulnerability in kkFileview v4.0.0 SQL Injection Vulnerability in CmsWing 1.3.7 via behavior rule Parameter Remote Code Execution (RCE) Vulnerability in CmsWing CMS 1.3.7 via log rule Parameter CSRF Vulnerability in Xiaohuanxiong CMS 5.0.17 Allows Unauthorized Password Modification CSRF Vulnerability in Xiaohuanxiong CMS 5.0.17 Allows Unauthorized Administrator Account Addition Arbitrary Options Updates Vulnerability in WordPress Automatic Plugin Directory Traversal Vulnerability in CMSimple 5.4 Allows Remote Code Execution via config.php CMSimple 5.4 File Upload Feature XSS Vulnerability Denial of Service Vulnerability in Trilium Notes 0.48.6: Exploiting the setupPage Function Uninitialized Pointer Vulnerability in Adobe Premiere Rush Allows Remote Information Disclosure Memory Corruption Vulnerability in Adobe Premiere Rush Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Premiere Rush 1.5.16 and Earlier: Application Denial-of-Service Null Pointer Dereference Vulnerability in Adobe Premiere Rush 1.5.16 and Earlier: Application Denial-of-Service Authorization Bypass Vulnerability in Welcart e-Commerce Plugin for WordPress Null Pointer Dereference Vulnerability in Adobe Premiere Rush 1.5.16 and Earlier: Application Denial-of-Service Out-of-Bounds Read Vulnerability in Adobe Premiere Pro Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Use-After-Free Vulnerability in Adobe Lightroom Allows Privilege Escalation via Malicious TIF Files Adobe Prelude 22.1.1 (and earlier) Out-of-bounds Write Vulnerability Out-of-bounds Write Vulnerability in Adobe After Effects: Arbitrary Code Execution Out-of-bounds Write Vulnerability in Adobe Media Encoder Allows Arbitrary Code Execution Adobe Media Encoder Out-of-Bounds Read Vulnerability in 3GP File Parsing Adobe Media Encoder Out-of-Bounds Read Vulnerability Adobe Media Encoder Out-of-Bounds Read Vulnerability Arbitrary Price Manipulation Vulnerability in WooCommerce Multi Currency Plugin Out-of-Bounds Read Vulnerability in Adobe Media Encoder Allows Memory Disclosure Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Versions 6.5.7.0 and below, 6.4.8.3 and below, and 6.3.3.8 and below Dispatcher Bypass Vulnerability in AEM Cloud Service and 6.5.10.0 (and below) Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Version 6.5.10.0 and Below Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Version 6.5.10.0 and Below Unencrypted Transmission of Odyssey Server Data Allows Man-in-the-Middle Attack Unencrypted Transmission of False Responses in Odyssey Storage Sensitive Data Exposure in Doneren met Mollie WordPress Plugin: Unauthorized Access to Donor Information Improper Access Control Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac 2021 v11 Unnoticed File Modification Vulnerability in Trend Micro Security 2021 v17.0 (Consumer) Weak Cipher Vulnerability in Fujifilm DocuCentre-VI C4471 1.8 Devices Path Traversal Vulnerability in Aim Versions Prior to 3.1.0 XSS Vulnerability in Backstage Plugin-Auth-Backend Insecure Implementation of Google Login in Redash Version 10.0 and Prior Path Traversal Vulnerability in Barcode Plugin for GLPI Instances Authenticated Remote Code Execution in GLPI Addressing Plugin Stored Cross-Site Scripting Vulnerability in WP Quick FrontEnd Editor Plugin for WordPress Vulnerability: Server Side Request Forgery (SSRF) in Redash Improper Permissions Checking in Invenio-Drafts-Resources Allows Unauthorized Publishing of Draft Records Incomplete sanitization of search filter in Tuleap LDAP synchronization allows account suspension and takeover (CVE-2021-41276) Arbitrary File Write Vulnerability in @backstage/plugin-scaffolder-backend Integer Overflow in runc's Netlink Serialization System XSS Vulnerability in @joeattardi/emoji-button: Remote Code Execution via Crafted URL and i18n String Token Verification Logic Vulnerability in Nodebb Prototype Pollution Vulnerability in NodeBB Uploader Module Path Traversal Vulnerability in Nodebb v1.18.5 and Earlier Blind SQL Injection Vulnerability in PrestaShop Versions Prior to 1.7.8.2 Authorization Bypass Vulnerability in WooCommerce Multi Currency Plugin Use-after-free vulnerability in Lucet-runtime allows for memory corruption and data race Improper Validation of Confirmation Keys in Zulip Group Chat Application Vulnerability: Tag Visibility Bypass in Discourse Multiple Voting Exploit in Discourse Polls Feature Cache Poisoning Vulnerability in Discourse Allows Partial Denial-of-Service Armeria Path Traversal Vulnerability HTTP Request Smuggling Vulnerability in Netty Directory Traversal Vulnerability in Grafana Versions 8.0.0-beta1 through 8.3.0 Weak PRNG in RabbitMQ Cookie Generation Allows Remote Code Execution and Data Theft Authorization Bypass Vulnerability in Pinterest Automatic Plugin for WordPress Directory Traversal Vulnerability in Wiki.js Prior to Version 2.5.254 Denial of Service Vulnerability in Mercurius@8.10.0 to 8.11.1 Privilege Escalation and Arbitrary Code Execution in Etherpad Server Crash Vulnerability in Next.js Versions 11.1.0 - 12.0.4 Out-of-Bound Read Access in PJSIP RTCP BYE Message Handling Denial of Service Vulnerability in Solidus Ecommerce Platform SQL Injection Vulnerability in Tuleap CVS Repository Browsing and Searching HTTP Method Spoofing Vulnerability in Opencast Cross-Site Scripting (XSS) Vulnerability in Laravel Blade Templating Engine Arbitrary Code Execution via Git URL Injection in Bundler Authorization Bypass Vulnerability in uListing Plugin for WordPress Reflected XSS Vulnerability in Admidio prior to version 4.0.12 Arbitrary Code Execution via Unsafe YAML Loading in Sockeye Open Redirect Vulnerability in Auth0 Next.js SDK (Versions < 1.6.2) Directory Traversal Vulnerability in Grafana Allows Unauthorized Access to .md Files Heap-based Out of Bounds Write Vulnerability in Rizin 0.3.1 Arbitrary .csv File Directory Traversal Vulnerability in Grafana Privileged File Access Vulnerability in containerd Reflected XSS Vulnerability in Collabora Online lxml HTML Cleaner Allows Script Content Bypass (CVE-2021-28957) Item Duplication Vulnerability in Stargate-Bukkit Mod for Minecraft Arbitrary File Upload Vulnerability in Recently WordPress Plugin Insecure Sync Token Authorization in Seafile Local File Inclusion Vulnerability in Opencast SQL Injection Vulnerability in Jackalope Doctrine-DBAL Side-channel attack vulnerability in Sourcegraph prior to version 3.33.2 allows unauthorized actors to guess strings in private source code Denial of Service Vulnerability in Envoy's JWT Filter with Regex Match Buffer Overflow Denial of Service Vulnerability in Envoy Crash Vulnerability in Envoy Proxy when Configured for Upstream Tunneling Vulnerability: Nested <a> Tag in Discourse-Footnote Library Improper Privilege Management (IDOR) in PatrowlManager Allows Unauthenticated Download of All Finding Import Files Unrestricted File Upload Vulnerability in PatrOwlManager (Versions Prior to 1.7.7) Vulnerability: Page Content Injection in WP Quick FrontEnd Editor Plugin SQL Injection in OpenProject Budgets Module File Path Disclosure Vulnerability in Gradio Interfaces Improper Permissions in Spinnaker Allow Unauthorized Pipeline Creation and Execution Arbitrary Account Access Vulnerability in eLabFTW Versions Prior to 4.2.0 Authentication Bypass Vulnerability in eLabFTW Versions Prior to 4.2.0 Privilege Elevation Vulnerability in Sulu CMS Arbitrary Local File Read and Remote Code Execution in Sulu CMS Remote Code Execution (RCE) via Jinja2 Templating in vault-cli Regular Expression Denial-of-Service (ReDoS) Vulnerability in jsx-slack prior to v4.5.1 Vulnerability: Transaction Fee Theft in Cronos v0.6.5 and Earlier Versions Cross-Site Request Forgery Vulnerability in WordPress Photo Gallery – Image Gallery Plugin Path Traversal Vulnerability in Message Bus (CVE-XXXX-XXXX) XWiki SVG File Upload Remote Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in Wiki.js Versions 2.5.257 and Earlier Insufficient Protection from Regular Expression Denial of Service (ReDoS) in jsx-slack v4.5.1 MSEdgeRedirect Remote Code Execution Vulnerability Out-of-Bound Read Access Vulnerability in PJSIP RTCP XR Handling Cross-Site Request Forgery (CSRF) Vulnerability in `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 Unauthorized Access to Private Spaces in HumHub Uninitialized Memory Access Vulnerability in h2o HTTP/3 Server Denial of Service Vulnerability in cordova-plugin-fingerprint-aio Cross-Site Request Forgery Vulnerability in WP Private Content Plus Plugin Denial of Service Vulnerability in Discourse via /message-bus/_diagnostics Path SQL Injection Vulnerability in Anuko Time Tracker (Version 1.19.33.5606 and prior) Prototype Pollution Vulnerability in OroPlatform JavaScript Object Injection in Ajax.NET Professional (AjaxPro) Vulnerability in NLTK's PunktSentenceTokenizer, sent_tokenize, and word_tokenize Functions Allows Regular Expression Denial of Service (ReDoS) Attacks Stored Cross-Site Scripting Vulnerability in Wiki.js 2.5.263 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Wiki.js 2.5.263 and Earlier Remote Code Execution Vulnerability in Gerapy Prior to Version 0.9.8 Privilege Escalation Vulnerability in MinIO Kubernetes Native Application Denial of Service Vulnerability in XStream Library (CVE-2021-21342) Cross-Site Request Forgery Vulnerability in WP Security Question Plugin Flatpak Metadata File Null Terminator Vulnerability Remote Code Execution Vulnerability in Mermaid Diagramming Tool Limited Cross-Site Scripting (XSS) Vulnerability in jQuery Terminal Emulator Plugin (Versions prior to 2.31.1) SQL injection and insufficient permission control vulnerabilities in Nextcloud Android app's content providers Opal Estate WordPress Plugin Cross-Site Request Forgery Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability SharePoint Privilege Escalation Vulnerability ASP.NET Core and Visual Studio Privilege Escalation Vulnerability Opal Estate WordPress Plugin: Unauthenticated Featured Property Manipulation Vulnerability Windows Mobile Device Management Privilege Escalation Vulnerability Guarding the Gates: Microsoft Defender for IoT Remote Code Execution Vulnerability Exposed Windows Installer Privilege Escalation Vulnerability Exposed Secrets: Microsoft Defender for IoT Information Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Defender for IoT Cross-Site Request Forgery Vulnerability in WP Travel Plugin Spoofing Vulnerability in AppX Installer on Microsoft Windows Code Execution Vulnerability in Visual Studio Code Remote Access Microsoft BizTalk ESB Toolkit Spoofing Vulnerability Exposes System Weakness Elevating Privileges through Windows Encrypting File System (EFS) Vulnerability PowerShell Spoofing Vulnerability in Microsoft Software 4K Wireless Display Adapter Remote Code Execution Vulnerability in Microsoft Cross-Site Request Forgery Vulnerability in Contact Form 7 Style Plugin for WordPress Exploiting the Microsoft Office Remote Code Execution Vulnerability WSL Extension Remote Code Execution Vulnerability in Visual Studio Code Visual Studio Code URL Spoofing Vulnerability Cross-Site Request Forgery Vulnerability in Ultimate Gift Cards for WooCommerce Plugin Cross-Site Request Forgery Vulnerability in eCommerce Product Catalog Plugin for WordPress SQL Injection Vulnerability in Synology DiskStation Manager (DSM) Log Management Functionality SQL Injection Vulnerability in Synology DiskStation Manager (DSM) Log Management Functionality SQL Injection Vulnerability in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 OS Command Injection Vulnerability in Synology Mail Station Arbitrary Web Script Injection Vulnerability in Synology DiskStation Manager (DSM) Cross-Site Request Forgery Vulnerability in eCommerce Product Catalog Plugin for WordPress Path Traversal Vulnerability in Elcomplus SmartPTT Backup and Restore System Bypassing Authentication Mechanism through Primary Weakness JavaScript Injection Vulnerability in Elcomplus SmartPTT Heap Memory Exhaustion Vulnerability Arbitrary File Upload Vulnerability in Elcomplus SmartPTT Backup and Restore System Improper Authentication Vulnerability in SSO Configuration Allows Unauthorized Access Arbitrary Code Execution Vulnerability in WebHMI Portal Insufficient Request Verification in Elcomplus SmartPTT SCADA Server Web Application Unauthenticated File Retrieval Vulnerability in Elcomplus SmartPTT SCADA Server Authorization Bypass Vulnerability in Elcomplus SmartPTT Cross-Site Request Forgery Vulnerability in Locations Plugin for WordPress DLL Hijacking Vulnerability in Atlassian Confluence Server and Data Center Installer CSRF Vulnerability in Atlassian Jira Server and Data Center Reflected Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Service Management Server and Data Center Template Injection leading to Remote Code Execution (RCE) in Jira Server and Data Center Email Templates Stored Cross-Site Scripting (SXSS) Vulnerability in Atlassian Jira Server and Data Center Broken Access Control vulnerability in Atlassian Jira Server and Data Center allows unauthorized addition of administrator groups to filter subscriptions Remote Code Execution (RCE) Vulnerability in Atlassian Jira Server and Data Center Email Templates Improper Authorization Vulnerability in Atlassian Jira Service Management Server and Data Center Allows Unauthorized Access to Private Object Names Broken Access Control in Custom Fields feature of Atlassian Jira Service Management Server and Data Center (versions before 4.21.0) allows unauthorized access to private objects Cross-Site Request Forgery Vulnerability in Abandoned Cart Recovery for WooCommerce Plugin Broken Access Control Vulnerability in Atlassian Jira Service Management Server and Data Center Allows Unauthorized Access to Import Source Configuration Information Information Disclosure Vulnerability in Atlassian Jira Service Management Server and Data Center (CVE-2021-26084) CSRF Vulnerability in Atlassian Jira Server and Data Center Allows Unauthenticated Remote Attackers to Restore Default Configuration of Fields CSRF Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Toggling of Thread Contention and CPU Monitoring Settings Server-Side Request Forgery (SSRF) Vulnerability in DefaultRepositoryAdminService Information Disclosure Vulnerability in Fisheye and Crucible 4.8.9 Prototype Pollution Vulnerability in jQuery Deserialize Library Insecure Direct Object References (IDOR) Vulnerability in Atlassian Fisheye & Crucible Improper Restriction of Excess Authentication Attempts in Fisheye and Crucible Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Service Management Server and Data Center Cross-Site Request Forgery vulnerability in Rucy WordPress Plugin (up to version 0.4.4) XSS Vulnerability in Lorensbergs Connect2 3.13.7647.20190: Exploitation through Wizard Editor HTML Injection Vulnerability in Sonatype Nexus Repository Manager 3.36.0 Insecure Storage of Bucket Credentials in Couchbase Sync Gateway Multiple Blind SQL Injection Vulnerabilities in Quicklert for Digium 10.0.0 (1043) Cross-Site Request Forgery Vulnerability in Staff Directory Plugin for WordPress Arbitrary File Upload Vulnerability in Quicklert for Digium 10.0.0 (1043) Arbitrary SQL Command Execution Vulnerability in SysAid ITIL 20.4.74 b10 Unrestricted File Copy Vulnerability in SysAid ITIL 20.4.74 b10 Unrestricted File Upload Vulnerability in SysAid ITIL 20.4.74 b10 Unauthenticated Account Creation Vulnerability in SysAid ITIL 20.4.74 b10 Out-of-Bounds Write Vulnerability in Linux Kernel's hw_atl_utils_fw_rpc_wait Function Denial of Service Vulnerability in Linux Kernel's mwifiex_usb_recv Function Cross-Site Scripting (XSS) Vulnerability in SmarterTools SmarterMail 16.x through 100.x Embedded Database Credentials Vulnerability in Allegro Windows 3.3.4152.0 Concurrency Issue in Styra Open Policy Agent (OPA) Gatekeeper Allows for Incorrect Access Control Cross-Site Request Forgery Vulnerability in Amministrazione Trasparente WordPress Plugin (up to version 7.1) Concurrency Bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60, and 8.5.0 to 8.5.77 Arbitrary Command Injection in mySCADA myPRO Versions 8.20.0 and Prior Stack-Based Buffer Overflow in Delta Electronics CNCSoft Versions 1.01.30 and Prior Stack-Based Buffer Overflow Vulnerability in WECON LeviStudioU Versions 2019-09-21 and Prior Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior Unauthenticated Remote Access Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior Privilege Escalation via Insecure File and Folder Permissions in Setup Program Undocumented Administrative Account Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior File Naming Convention Vulnerability Insecure Password Storage in mySCADA myPRO Versions 8.20.0 and Prior Cross-Site Request Forgery Vulnerability in Edwiser Bridge WordPress Plugin (up to 2.0.6) XML External Entity (XXE) Vulnerability in [Product Name] Persistent Cross-Site Scripting (XSS) Vulnerability in Kentico Xperience CMS version 13.0 – 13.0.43 Incorrect Access Control in Laravel Ignition Component Privilege Escalation Vulnerabilities in FreeRTOS Versions 10.2.0 through 10.4.6 Incorrect Policy Enforcement in HashiCorp Vault and Vault Enterprise SAML Response Validation Vulnerability in Apache Guacamole 1.2.0 and 1.3.0 Cross-Site Request Forgery Vulnerability in Better Search WordPress Plugin (up to 2.5.2) Out of Bounds Write Vulnerability in PLMXML Adapter DLL Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-14974) Out-of-Bounds Write Vulnerability in JT Open, JT Utilities, and Solid Edge Uninitialized Memory Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization Heap Off-by-One Error in TIFF File Parsing in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Cross-Site Request Forgery Vulnerability in Style Kits Plugin for WordPress (up to 1.8.0) Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-15101) Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-15102) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-15103) Use-After-Free Vulnerability in JT Open, JT Utilities, and Solid Edge (ZDI-CAN-15057, ZDI-CAN-19081) Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-15109) Memory Corruption Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-15111) Memory Corruption Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization Local Privilege Escalation Vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 Cross-Site Request Forgery Vulnerability in Multiple Roles Plugin for WordPress Local Privilege Escalation Vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 Local Privilege Escalation Vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 Denial-of-Service Vulnerability in Trend Micro Apex One Symlink Abuse in Trend Micro Security 2021: Exploiting PC Health Checkup for DoS Attacks Arbitrary File Overwrite Vulnerability in Trend Micro Apex One and Worry-Free Business Security Cross-Site Scripting (XSS) Vulnerability in Roundcube Attachment Filename Extension Handling SQL Injection Vulnerability in Roundcube Webmail (Versions 1.3.17 and below, 1.4.x and below) XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to log4net configuration file control Remote Code Execution Vulnerability in Quest KACE Desktop Authority Cross-Site Request Forgery Vulnerability in Remove Schema WordPress Plugin (up to version 1.5) Cross-Site Scripting (XSS) Vulnerability in Quest KACE Desktop Authority before 11.2 Pre-Authentication Remote Code Execution in Quest KACE Desktop Authority Authentication Bypass Vulnerability in TP-Link Omada SDN Software Controller Bypassing Protection Mechanism for Invalid Unlock Attempts in Ionic Identity Vault Vulnerability: File Upload Vulnerability in Wolters Kluwer TeamMate AM 12.4 Update 1 CSRF Vulnerability in Team Password Manager during Import Password-Reset Poisoning Vulnerability in Team Password Manager Privilege Escalation Vulnerability in Quagga through 1.2.4 Cross-Site Request Forgery Vulnerability in Event Espresso 4 Decaf WordPress Plugin Improper Input Validation in Apache Traffic Server Request Line Parsing Arbitrary Code Execution and NTLM Credential Capture in UiPath Assistant 21.4.4 Arbitrary JavaScript Execution in UiPath Assistant 21.4.4 Persistent XSS Vulnerability in UiPath App Studio 21.4.4 File-Upload Functionality JPG File Parsing Vulnerability in Open Design Alliance Drawings SDK (CVE-2022-XXXX) DGN File Parsing Vulnerability in Open Design Alliance Drawings SDK (CVE-2022-XXXX) Out-of-Bounds Write Vulnerability in Open Design Alliance PRC SDK (CVE-2022-XXXX) Use-After-Free Vulnerability in Open Design Alliance Drawings SDK (2022.11) TIF File Out-of-Bounds Write Vulnerability in Open Design Alliance (ODA) Drawings Explorer Local Privilege Escalation via Trojan Horse Procmon64.exe in CyberArk Endpoint Privilege Manager (EPM) Cross-Site Request Forgery Vulnerability in ElasticPress Plugin for WordPress (up to version 3.5.3) SQL Injection Vulnerability in CA Network Flow Analysis (NFA) Web Application Remote Command Execution Vulnerability in QNAP NAS Running QuTScloud, QuTS hero, and QTS Improper Link Resolution Before File Access Vulnerability in QNAP Devices Critical Cross-Site Scripting (XSS) Vulnerability in QNAP Devices: Patched Versions Released Open Redirect Vulnerability in QNAP Devices: Redirecting Users to Malicious Websites Critical Authorization Bypass Vulnerability in QNAP Video Station Improper Authentication Vulnerability in QNAP Video Station Title: Critical Improper Authentication Vulnerability in QNAP Photo Station Allows System Compromise Root Privilege Escalation via Alerts Management Dialog Cross-Site Request Forgery Vulnerability in Custom Banners Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in CrushFTP 9 Unauthenticated Remote Code Execution in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus Unicorn Engine split_region Sandbox Escape Vulnerability Remote Code Execution Vulnerability in Wazuh-Slack Active Response Script Cross-Site Request Forgery Vulnerability in DW Question & Answer Plugin for WordPress (Versions up to 1.5.8) Command Injection Vulnerability in SerComm h500s Web Server Buffer Overflow Vulnerability in open5gs 2.1.4 AMF: Denial of Service via MSIN Length Cross-Site Scripting (XSS) and Remote Code Execution (RCE) Vulnerability in textpattern 4.8.7 Remote Code Execution (RCE) Vulnerability in Sourcecodester Attendance and Payroll System v1.0 via Photo Upload SQL Injection Vulnerability in Sourcecodester Attendance and Payroll System v1.0 Allows Authentication Bypass Cross-Site Request Forgery Vulnerability in WooCommerce Etsy Integration Plugin SQL Injection Vulnerability in Sourcecodester Online Reviewer System 1.0 via Password Parameter Cross-Site Scripting (XSS) Vulnerability in Courcecodester Multi Restaurant Table Reservation System 1.0 SQL Injection Vulnerability in Pharmacy Management 1.0: Username Parameter in Administer Login Form Remote Command Execution Vulnerability in zrlog 2.2.2: Bypassing Upload Limit to Gain WebShell Access Remote Command Execution Vulnerability in ZrLog 2.2.2 Plugin Download Function Critical SQL Injection Vulnerability in ProjectWorlds Hospital Management System 1.0 SQL Injection Vulnerability in EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 SQL Injection Vulnerability in EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 via Addmessage.php SQL Injection Vulnerability in EGavilan Media Expense-Management-System 1.0 via /expense_action.php Cross-Site Request Forgery Vulnerability in Qtranslate Slug WordPress Plugin (up to 1.1.18) Null Pointer Dereference Vulnerability in Open5GS Allows Remote Denial of Service Buffer Overflow Vulnerability in Open5GS 2.3.6 and Earlier: Remote Denial of Service via Crafted SBI Request Cross-Site Request Forgery Vulnerability in WP EasyPay – Square for WordPress Plugin Directory Traversal Vulnerability in S-Cart 6.7 via Download in sc-admin/backup Cross Site Scripting (XSS) Vulnerability in Sourcecodester Stock Management System in PHP/OOP 1.0 XSS Vulnerability in Anchor CMS <=0.12.7: Remote Code Execution via posts.php CSRF Vulnerability in TheDayLightStudio Fuel CMS 1.5.0 Stored XSS Vulnerability in SPIP 4.0.0 via Malicious SVG File Vulnerability: Cross-Site Request Forgery in WP Prayer Plugin Cross Site Scripting (XSS) Vulnerability in SPIP 4.0.0: Execution of Malicious Code via Author Information CSRF and XSS Vulnerabilities in SPIP 4.0.0 Remote Command Execution Vulnerability in SPIP 4.0.0 via Malicious Picture Upload Directory Traversal Vulnerability in Hiby Music Hiby OS R3 Pro 1.5 and 1.6 Arbitrary Command Execution in DLink DAP-1360 F1 Firmware v6.10 and below Cross-Site Request Forgery Vulnerability in Process Steps Template Designer Plugin for WordPress Command Injection Vulnerability in C-DATA ONU4FERW V2.1.13_X139's formImportOMCIShell Function SQL Injection Vulnerability in Pagekit Comment Listing Caucho Resin Directory Traversal Vulnerability Server-side request forgery (SSRF) vulnerability in Sentinel 1.8.2 Cross-Site Request Forgery Vulnerability in Abandoned Cart Lite for WooCommerce Plugin Arbitrary File Deletion Vulnerability in JSPWiki 2.11.0.M8 and Earlier Samba Vulnerability: Server Symlink File Existence Disclosure Out-of-Bounds Heap Read and Write Vulnerability in Samba vfs_fruit Module Heap Overflow Vulnerability in mbsync in isync 1.4.0 through 1.4.3 Heap-Based Buffer Over-Read Vulnerability in Croatia Control Asterix 2.8.1 XML External Entity (XXE) Injection in Apache NiFi TransformXML Processor XML External Entity (XXE) Vulnerability in Claris FileMaker Pro and Server: Local File Disclosure and Server-Side Request Forgery XSS Vulnerability in GL.iNet GL-AR150 2.x before 3.x Devices TrustZone Bypass Vulnerability in OP-TEE Trusted OS for NXP i.MX6UL SoC Devices Cross-Site Request Forgery Vulnerability in Sunshine Photo Cart WordPress Plugin (Versions up to 2.8.28) Insecure Dependency: Reliance on SHA-1 for Content Spoofing Prevention in tusdotnet Session Hijacking Vulnerability in Reprise RLM 14.2 Unauthenticated Password Change Vulnerability in Reprise RLM 14.2 Arbitrary Code Execution Vulnerability in Reprise RLM 14.2 Buffer Overflow Vulnerability in Reprise RLM 14.2 User Enumeration Vulnerability in Reprise RLM 14.2 Stack-Based Buffer Overflow Vulnerability in ASUS RT-AX56U Wi-Fi Router Improper User Privilege Control in 4MOSAn GCB Doctor's File Upload Function Cross-Site Request Forgery Vulnerability in wp-mpdf Plugin (Versions up to 3.5.1) Improper Authentication in Carinal Tien Hospital Health Report System's Login Page Insufficient Validation in MOTP System Allows SQL Injection Attack with Unauthorized Database Access Path Traversal Vulnerability in Chain Sea AI Chatbot System's File Download Function Improper Filtering of Special Characters in Chain Sea AI Chatbot Backend URL Parameters Allows for Remote XSS Attack Insufficient Filtering in Chain Sea AI Chatbot System's File Upload Function Allows Remote Code Execution Buffer Overflow Vulnerability in POWER METER SICAM Q100 Web Application Improper Access Control in FortiToken Mobile (Android) External Push Notification 5.1.0 and Below Symbolic Link Following (CWE-59) Vulnerability in FortiClient for Linux Arbitrary File Download Vulnerability in FortiOS execute restore src-vis Command Improper Initialization Vulnerability in Fortinet FortiClient Allows Privilege Escalation Cross-Site Request Forgery Vulnerability in Forminator WordPress Plugin (up to 1.13.4) Stack-based Buffer Overflow Vulnerability in FortiOS and FortiProxy Fortinet FortiOS OS Command Injection Vulnerability Unauthorized Access to Sensitive Information Vulnerability in FortiClientEMS Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Version 6.5.10.0 and Below Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Version 6.5.10.0 and Below Reflected Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Version 6.5.10.0 and Below Memory Corruption Vulnerability in Adobe Dimension: Arbitrary Code Execution via Malicious GIF Cross-Site Request Forgery Vulnerability in Custom CSS, JS & PHP Plugin for WordPress (up to 2.0.7) Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.3 and Earlier Arbitrary Code Execution Vulnerability in Adobe Dimension 3.4.3 and Earlier Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Dimension Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Code Execution Use-After-Free Vulnerability in Adobe After Effects Allows Memory Disclosure Cross-Site Request Forgery (CSRF) Vulnerability in WP-Backgrounds Lite Plugin Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe After Effects Allows Memory Disclosure Basic Cross-Site Scripting (XSS) Vulnerability in UBIT Student Information Management System Basic Cross-Site Scripting (XSS) Vulnerability in UBIT Student Information Management System Vulnerability in Acronis Cyber Protect 15 (Windows) allows DLL hijacking and local privilege escalation Title: DLL Hijacking Vulnerability in Acronis Products Could Result in Denial of Service Cross-Site Request Forgery Vulnerability in Sell Media Plugin for WordPress Vulnerability: Cross-Site Scripting (XSS) in Acronis Cyber Protect 15 (Windows, Linux) before build 28035 on Devices Page Notification Pop-up Cross-Site Scripting (XSS) Vulnerability in Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Stored Cross-Site Scripting (XSS) Vulnerability in Acronis Cyber Protect 15 (Windows, Linux) before Build 28035 Stored Cross-Site Scripting (XSS) Vulnerability in Acronis Cyber Protect 15 (Windows, Linux) before Build 28035 Local Privilege Escalation Vulnerability in Acronis Products DLL Hijacking Vulnerability in Acronis Cyber Protect Home Office and Acronis True Image 2021 DLL Hijacking Vulnerability in Acronis Media Builder Service: Local Privilege Escalation Hard-coded Credentials Vulnerability in Acclaim USAHERDS through 7.4.0.1 Cross-Site Scripting (XSS) Vulnerability in OX App Suite Chat HTML 5 Element XSS Vulnerability in OX App Suite through 7.10.5 Cross-Site Request Forgery vulnerability in Advanced Popups WordPress plugin (up to version 1.1.1) XSS Vulnerability in OX App Suite through 7.10.5 via NIFF Data Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.5 Trailing Control Character XSS Vulnerability in OX App Suite XSS Vulnerability in OX App Suite 7.10.5 via uuencoding in multipart/alternative message Insecure Permissions in Northern.tech CFEngine Enterprise 3.15.4: Unauthorized Local User Impact Vulnerability Insecure Permissions in CFEngine Enterprise Allow Unauthorized Access to Log Files Stored Cross-site Scripting (XSS) Vulnerability in Ericsson CodeChecker Reports Viewer SQL Injection Vulnerability in Gin-Vue-Admin before 2.4.6 Cross-Site Request Forgery (CSRF) Vulnerability in POST SMTP Mailer Plugin for WordPress Denial of Service Vulnerability in SIMATIC eaSie Core Package (All versions < V22.00) Unauthenticated Remote Message Injection Vulnerability in SIMATIC eaSie Core Package Vulnerability: Remote Code Execution via Supply-Chain Attack in WordPress Apache HTTP Server 2.4.7-2.4.51: Proxy Configuration Vulnerability D-Bus Access-Control Bypass Vulnerability in Keepalived Privilege Escalation Vulnerability in Razer Synapse before 3.7.0228.022817 CSRF Vulnerability in GNU Mailman Allows Unauthorized Administrative Actions Arbitrary Code Execution via Log4j2 JNDI Features Cross-Site Request Forgery Vulnerability in RAYS Grid Plugin for WordPress Weak File Permissions in PortSwigger Burp Suite Enterprise Edition on Windows Code Injection Vulnerability in Internal Text Extraction Reports Insufficient Validation of Path Information in SAF-T Framework Transaction SAFTN_G Allows Full Server Directory Access SAP GRC Access Control Privilege Escalation Vulnerability Sensitive Information Exposure in SAP Business One Version 10.0 Extended Log Arbitrary Code Execution Vulnerability in SAP NetWeaver AS ABAP Remote Code Execution (RCE) Vulnerability in AyaCMS 3.1.2 via /aya/module/admin/ust_tab_e.inc.php Cross-Site Request Forgery Vulnerability in Slider Hero Plugin for WordPress SQL Injection Vulnerability in Sourcecodester Logistic Hub Parcel's Management System 1.0 SQL Injection Vulnerability in Courcecodester COVID 19 Testing Management System (CTMS) 1.0 Stack Overflow Vulnerability in Totolink Devices: A3100R, A830R, and A720R Command Injection Vulnerability in Totolink Devices Blind Time-Based SQL Injection Vulnerability in Online Motorcycle Rental System 1.0 Cross-Site Request Forgery Vulnerability in Defender Security Plugin for WordPress Authenticated Remote Code Execution via Malicious Configuration Backup File in MotionEye Unauthenticated Remote Access Vulnerability in WAVLINK AC1200's 'wx.html' Page Cross-Site Request Forgery Vulnerability in Absolute Reviews WordPress Plugin (up to 1.0.8) Unauthenticated Access to 'live_mfg.html' Page in WAVLINK AC1200 Router Unauthenticated Access to Firmware Version Information in Netgear WAC104-V1.0.4.13 Unauthenticated Access Vulnerability in Netgear WAC104-V1.0.4.13 'MNU_top.htm' Page HTML Escaping Vulnerability in Gurock TestRail before 7.2.4 XSS Vulnerability in GUnet Open eClass (openeclass) before 3.12.2 via modules/auth/formuser.php Out of Bounds Read Vulnerability in Wavpack 5.4.0 Processing *.WAV Files Cross-Site Request Forgery Vulnerability in Vuukle Comments, Reactions, Share Bar, Revenue Plugin for WordPress Missing SSL Certificate Validation in e2guardian v5.4.x <= v5.4.3r Cross Site Scripting (XSS) Vulnerability in Librenms 21.11.0's alert-log.inc.php Path Manipulation Vulnerability in Librenms 21.11.0's showconfig.inc.php Cross Site Scripting (XSS) Vulnerability in Librenms 21.11.0 Vulnerability in what3words Autosuggest Plugin on WordPress: Information Disclosure SQL Injection Vulnerability in Attendance Management System 1.0 Buffer Overflow Vulnerability in ShieldStore's Enclave.cpp Component Allows Information Leak Reflected Cross-Site Scripting (XSS) Vulnerability in Navigate CMS v2.9.4 Information Disclosure Vulnerability in Ortus Solutions ColdBox Elixir 3.1.6 Multiple SQL Injection Vulnerabilities in BaiCloud-cms v2.5.7 via tongji and baidu_map Parameters in /user/ztconfig.php Cross-Site Scripting Vulnerability in msyk FMDataAPI up to 22 (VDB-244494) Stored XSS Vulnerability in Firmware Analysis and Comparison Tool v3.2 CSRF Vulnerability in Firmware Analysis and Comparison Tool v3.2 Directory Listing/Browsing Vulnerability in Bus Pass Management System v1.0 Stored Cross-site Scripting Vulnerability in Bus Pass Management System v1.0 Remote Denial of Service Vulnerability in PCMan FTP Server 2.0.7 CSRF Vulnerability in Mini-Inventory-and-Sales-Management-System Allows Unauthorized Inventory Updates Denial of Service Vulnerability in Karjasoft Sami HTTP Server 2.0 (VDB-250836) Buffer Overflow Vulnerability in ARM astcenc 3.2.0: encode_ise() Function Heap Buffer Overflow in ok-file-formats Project Heap Buffer Overflow in ok-file-formats' ok_png_transform_scanline() function Heap Buffer Overflow in ok-file-formats Project: ok_png_transform_scanline() Function Remote Code Execution Vulnerability in Social Warfare WordPress Plugin (up to version 3.5.2) Heap Buffer Overflow in ok-file-formats: ok_jpg_generate_huffman_table() Buffer Overflow Vulnerability in ok-file-formats Library Heap-Buffer-Overflow Vulnerability in ok-file-formats Project SQL Injection Vulnerability in Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 SQL Injection Vulnerability in TuziCMS v2.0.6 GuestbookController.class.php SQL Injection vulnerability in TuziCMS v2.0.6 via id parameter in AdvertController.class.php SQL Injection Vulnerability in TuziCMS v2.0.6 via id parameter in DownloadController.class.php Untrusted Search Path Vulnerability in Yarn Allows for Execution of Malicious Commands SQL Injection Vulnerability in ThinkPHP5 5.0.x <=5.1.22 via parseOrder function in Builder.php Arbitrary File Read Vulnerability in NavigateCMS 2.9 via navigate_download.php Stack-based Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.18_multi Device Denial of Service Vulnerabilities in Reolink RLC-410W v3.0.0.136_20121102 JSON Command Parser Denial of Service Vulnerabilities in Reolink RLC-410W v3.0.0.136_20121102 JSON Command Parser Denial of Service Vulnerabilities in Reolink RLC-410W v3.0.0.136_20121102 JSON Command Parser Denial of Service Vulnerabilities in Reolink RLC-410W v3.0.0.136_20121102 JSON Command Parser Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Unauthenticated Arbitrary File Upload Vulnerability in 3DPrint Lite WordPress Plugin Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerabilities in Reolink RLC-410W v3.0.0.136_20121102 JSON Command Parser Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102: JSON Command Parser Reboot Exploit Inefficient Regular Expression Complexity Vulnerability in dbartholomae lambda-middleware frameguard up to 1.0.4 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerabilities in Reolink RLC-410W v3.0.0.136_20121102 JSON Command Parser Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102: Remote Reboot via Malformed HTTP Request Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerabilities in Reolink RLC-410W v3.0.0.136_20121102 JSON Command Parser Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102: Remote Reboot via Malformed HTTP Request Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102: Remote Reboot via Malformed HTTP Request Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102: JSON Command Parser Reboot Exploit Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102: JSON Command Parser Reboot Exploit Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102: Remote Reboot via Malformed HTTP Request Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Trailing Newline Bypass in Django URL Access Control Confused Deputy Vulnerability in Occlum: Unauthorized Information Access via Side-Channel Analysis BMP File Parsing Vulnerability in Open Design Alliance Drawings SDK BMP File Out-of-Bounds Read Vulnerability in ODA Drawings Explorer Unauthenticated Remote Access Vulnerability in AnyDesk Tunneling Feature Arbitrary File Upload Vulnerability in AnyDesk Unauthenticated SQL Injection Vulnerability in Rosario Student Information System (rosariosis) before 8.1.1 Pinkie 2.15 TFTP Read Request Denial of Service Vulnerability Denial of Service Vulnerability in Serva 4.4.0 via TFTP Read Request (CVE-2013-0145) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14829) Out of Bounds Read Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14841) Stack-based Buffer Overflow in JT Utilities and JTTK Library Allows Code Execution (ZDI-CAN-14845) Use After Free Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14900) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library Stack-based Buffer Overflow in JT Utilities and JTTK Library Allows Code Execution (ZDI-CAN-14903) Out of Bounds Read Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14905) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14906) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14907) Out of Bounds Read Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14908) Memory Corruption Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14912) Out-of-Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14913) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14995) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-15039) Out of Bounds Read Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-15052) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-15054) Out of Bounds Write Vulnerability in JT Utilities and JTTK Library Use-After-Free Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14911) Out of Bounds Read Vulnerability in JT Utilities and JTTK Library Out of Bounds Write Vulnerability in JT Utilities and JTTK Library (ZDI-CAN-14830) Out of Bounds Read Vulnerability in JT Utilities and JTTK Library Password Leak Vulnerability in Apache Superset 1.3.2 and Below Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior Privilege Escalation Vulnerability in Intel(R) Quartus(R) Prime Pro Edition Remote Code Execution Vulnerability in Lens 5.2.6 and Earlier Improper Access Control Allows Deactivated Users to Access Odoo System Arbitrary Web Script Injection in Odoo Enterprise Accounting App Horner Automation Cscape EnvisionRV v4.50.3.1 and Prior HMI Project File Parsing Vulnerability Local Privilege Escalation Vulnerability in DeltaV Distributed Control System Controllers and Workstations Common Service Credentials Vulnerability in Vigilant Software Suite (Mastermed Dashboard) 2.0.1.3 Arbitrary Business Record Subscription Vulnerability in Odoo Community and Enterprise 13.0 and Earlier Local Privilege Escalation Vulnerability in Bitmask Riseup VPN 0.21.6 Arbitrary Session Termination Vulnerability in Lanner Inc IAC-AST2500A Firmware 1.10.0 Default Permissions Vulnerability in Intel(R) Connect M Android Application Stored Cross-Site Scripting Vulnerability in DIAEnergie Version 1.7.5 and Prior Local File Disclosure Vulnerability in Odoo Community and Enterprise 15.0 and Earlier GE Gas Power ToolBoxST Version v04.07.05C XML External Entity (XXE) Vulnerability Cross-Site Scripting Vulnerability in Polarion ALM and WebClient for SVN Buffer Over-read Vulnerability in NXP Kinetis K82 Devices via USB In-System Programming (ISP) Mode Remote Listening Vulnerability in Wokka Lokka Q50 Devices Null Pointer Dereference Vulnerability in YottaDB Null Pointer Dereference Vulnerability in YottaDB Denial of Service Vulnerability in YottaDB through r1.32 and V7.0-000 NULL Pointer Dereference Vulnerability in YottaDB NULL Pointer Dereference Vulnerability in YottaDB Function Pointer Manipulation Vulnerability in YottaDB NULL Pointer Dereference Vulnerability in YottaDB Memory Corruption Vulnerability in YottaDB through r1.32 and V7.0-000 Integer Underflow in op_fnj3 of YottaDB: Segmentation Fault and Application Crash YottaDB Memory Corruption Vulnerability YottaDB Memory Overflow Vulnerability NULL Pointer Dereference Vulnerability in YottaDB and FIS GT.M Buffer Overflow Vulnerability in YottaDB and FIS GT.M NULL Pointer Dereference Vulnerability in YottaDB and FIS GT.M NULL Pointer Dereference Vulnerability in YottaDB and FIS GT.M Buffer Overflow Vulnerability in FIS GT.M through V7.0-000 Use After Free Vulnerability in FIS GT.M through V7.0-000 NULL Pointer Dereference Vulnerability in FIS GT.M through V7.0-000 Buffer Overflow Vulnerability in FIS GT.M through V7.0-000 Denial of Service Vulnerability in FIS GT.M through V7.0-000 NULL Pointer Dereference Vulnerability in FIS GT.M through V7.0-000 Buffer Overflow Vulnerability in FIS GT.M through V7.0-000 Memory Segmentation Fault Vulnerability in FIS GT.M through V7.0-000 Memory Segmentation Fault Vulnerability in FIS GT.M through V7.0-000 NULL Pointer Dereference Vulnerability in FIS GT.M through V7.0-000 Null Pointer Dereference Vulnerability in FIS GT.M through V7.0-000 Null Pointer Dereference Vulnerability in FIS GT.M NULL Pointer Dereference Vulnerability in FIS GT.M through V7.0-000 Integer Underflow Vulnerability in FIS GT.M through V7.0-000 Buffer Overflow Vulnerability in FIS GT.M through V7.0-000 World-writable Permissions Vulnerability in tmate-ssh-server 2.3.0 Insecure Creation of Temporary Directories in tmate-ssh-server 2.3.0: Compromising Session Handling Integrity Authentication Mishandling in OpUtils of Zoho ManageEngine OpManager 12.5 before 125490 Zoho ManageEngine Desktop Central Authentication Bypass and Remote Code Execution Vulnerability Unencrypted Pairing Code Vulnerability in eGeeTouch 3rd Generation Travel Padlock Application Authenticated Directory Traversal Vulnerability in Citrix XenMobile Server through 10.12 RP9 Authenticated Command Injection Vulnerability in Citrix XenMobile Server through 10.12 RP9 Arbitrary Code Execution Vulnerability in Apache Cassandra Unauthenticated Remote Subscription Vulnerability in SiPass and Siveillance Identity Insufficient Access Control in SiPass and Siveillance Identity Allows Unauthorized Activity Feed Manipulation Insufficient Access Control in SiPass and Siveillance Identity Applications Authentication Bypass Vulnerability in Zoho ManageEngine PAM360 Authentication Bypass Vulnerability in Zoho ManageEngine ServiceDesk Plus UniFi Switch Firmware Denial of Service (DoS) Vulnerability Open Redirect Vulnerability in Action Pack: Exploiting X-Forwarded-Host Header for Malicious Redirection Unauthenticated Code Injection Vulnerability in Ivanti EPM Cloud Services Appliance (CSA) Log4J Injection Vulnerability in UniFi Network Version 6.5.53 and Earlier (CVE-2021-44228) Arbitrary Subject Alternative Name (SAN) Type Bypass Vulnerability in Node.js SAN Injection Vulnerability in Node.js Vulnerability: Ambiguous Presentation of Certificate Subjects in Node.js Remote Code Execution Vulnerability in ownCloud Desktop Client Buffer Overflow Vulnerability in olm_session_describe Function Memory Leak Vulnerability in Privoxy's get_url_spec_param() Function Memory Leak Vulnerability in Privoxy's process_encrypted_request_headers() Function Privoxy Error Handling Vulnerability Leads to Memory Leak XSS Vulnerability Fixed in Privoxy's cgi_error_no_template() Function Multiple Cross-Site Scripting Vulnerabilities in DIAEnergie Version 1.7.5 and Prior Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Privilege Escalation Vulnerability in Odoo Community 15.0 and Odoo Enterprise 15.0 Improper Input Validation in Apache Solr's DataImportHandler Allows SMB Network Call Lack of Server Identity Checks in Apache Sling Commons Messaging Mail 1.0 Incorrect Access Control Vulnerability in CoreNLP 4.3.2 via NERServlet.java Classifier User Enumeration Vulnerability in Thinfinity VirtualUI XML External Entity (XXE) Vulnerability in National Library of the Netherlands Digger XML External Entity (XXE) Vulnerability in National Library of the Netherlands multiNER/ner.py Configuration File Download and Modification Vulnerability in SYNC2101 and Affected SYNC Devices Cross Site Scripting (XSS) Vulnerability in RosarioSIS before 7.6.1 via xss_clean Function Cross Site Scripting (XSS) Vulnerability in RosarioSIS before 4.3 via SanitizeMarkDown Function Unauthenticated SQL Injection Vulnerability in RosarioSIS before 7.6.1 Heap-Overflow Vulnerabilities in openSUSE/libsolv: Remote Denial of Service SQL Injection Vulnerability in Kreado Kreasfero 1.5 via id Parameter Privilege Escalation Vulnerability in Sourcecodester Money Transfer Management System 1.0 Arbitrary Script Injection Vulnerability in emlog version <= pro-1.0.7 Cross Site Scripting (XSS) Vulnerability in jeecg-boot 3.0 with Mouseover Event Unauthorized Arbitrary File Download Vulnerability in dst-admin v1.3.0 Memory Exhaustion Vulnerability in libming 0.4.8's cws2fws Function Denial-of-Service Vulnerability in libming 0.4.8 via Crafted SWF File Unauthenticated File Upload & Remote Code Execution Vulnerability in Simple College Website 1.0 Vulnerability: Arbitrary Code Execution via Incorrect Access Control in Wondershare Dr. Fone Remote Code Execution Vulnerability in Wondershare Dr. Fone (2021-12-06) Cross Site Scripting (XSS) Vulnerability in Attendance Management System 1.0 SQL Injection Vulnerability in Online Enrollment Management System 1.0 Allows Retrieval of Sensitive User Information SQL Injection Vulnerability in Simple Online Mens Salon Management System (MSMS) 1.0 XSS Vulnerability in FUEL-CMS 1.5.1: SVG File on Assets Page Multiple Cross Site Scripting (XSS) Vulnerabilities in bloofoxCMS 0.5.2.1 - 0.5.1 via file and type parameters in index.php edit action Multiple SQL Injection Vulnerabilities in bloofoxCMS 0.5.2.1 - 0.5.1 via Admin Settings Mode SQL Injection Vulnerability in Ramo Plugin for GLPI 9.4.6 via idu Parameter in plugins/ramo/ramoapirest.php/getOutdated Server-side Template Injection (SSTI) vulnerability in Nystudio107 Seomatic 3.4.12 via host header in UrlHelper.php Command Injection Vulnerability in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 via /cloud_config/router_post/check_reset_pwd_verify_code Interface Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/router_post/login Feature Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 - Arbitrary Code Execution via Crafted Post Request Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8 Buffer Overflow Vulnerability in TP-LINK WR-886N 20190826 2.3.8: Remote Code Execution via Crafted Post Request Type Confusion Vulnerability in Lua v5.4.3 and Above: Local Denial of Service via funcnamefromcode Function Heap-Buffer Overflow Vulnerability in GNOME gdk-pixbuf 2.42.6 when Decoding LZW Compressed Stream in GIF Files Cross Site Scripting (XSS) Vulnerability in Django CMS 3.7.3 Plugin Type Validation Remote Command Execution Vulnerability in Zoho ManageEngine M365 Manager Plus Remote Code Execution Vulnerability in Zoho ManageEngine CloudSecurityPlus (CVE-2021-40175) Remote Code Execution Vulnerability in Zoho ManageEngine O365 Manager Plus SQL Injection Authentication Bypass Vulnerability in Online Magazine Management System 1.0 SQL Injection Authentication Bypass Vulnerability in Online Pre-owned/Used Car Showroom Management System 1.0 Jinja Interpreter Command Execution Vulnerability in StackStorm Unintended SSRF Vulnerability in GoCD Server Version 21.3.0 Xerte Project Xerte through 3.8.4 - Site Scripting (XSS) Vulnerability in print.php Xerte Project Xerte 3.8.4 Remote Code Execution (RCE) Vulnerability via elfinder in connector.php Xerte 3.9 Authenticated Remote Code Execution via File Upload Vulnerability Directory Traversal Vulnerability in Xerte Project Xerte through 3.10.3 Cross Site Scripting (XSS) Vulnerability in Nacos 2.0.3 via auth/users Parameters Croogo 3.0.2 Remote Code Execution (RCE) Vulnerability via Admin File Manager Attachments Information Exposure in Opmantek Open-AudIT 4.2.0: Unauthorized File Read Unauthenticated Remote Code Execution Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP Unauthenticated Access and Modification Vulnerability in Zoho ManageEngine Access Manager Plus .NET Remoting TCP Services Deserialization Vulnerability in Veritas Enterprise Vault .NET Remoting TCP Services Deserialization Vulnerability in Veritas Enterprise Vault .NET Remoting TCP Services Deserialization Vulnerability in Veritas Enterprise Vault .NET Remoting TCP Services Deserialization Vulnerability in Veritas Enterprise Vault .NET Remoting TCP Services Deserialization Vulnerability in Veritas Enterprise Vault Veritas Enterprise Vault Remote Code Execution Vulnerability Address Bar Spoofing Vulnerability in DuckDuckGo Browser 7.64.4 on iOS Command Injection Vulnerability in naholyr/github-todos 3.1.0 OS Command Injection in Git-it: Branches Aren't Just For Birds Challenge Regular Expression Denial of Service (ReDoS) Vulnerability in calibre's html_preprocess_rules Information Disclosure: BuddyBoss Platform allows remote attackers to obtain user email addresses Denial of Service Vulnerability in Port 102/TCP Processing Denial of Service Vulnerability in Port 102/TCP Processing Denial of Service Vulnerability in Port 102/TCP Processing Out-of-Bounds Read Vulnerability in Adobe Prelude 22.1.1 and Earlier Adobe Audition Out-of-Bounds Read Vulnerability in MOV File Parsing Out-of-Bounds Read Vulnerability in Adobe Audition Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Audition Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Information Disclosure Vulnerability in Acrobat Reader DC ActiveX Control Stack Buffer Overflow Vulnerability in Acrobat Reader DC (CVE-2021-28550) Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Heap Overflow Vulnerability in Acrobat Reader DC and Earlier Versions Heap Overflow Vulnerability in Acrobat Reader DC and Earlier Versions Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Acrobat Reader DC Acrobat Reader DC Multiple Versions Access of Memory Location After End of Buffer Vulnerability Use-After-Free Vulnerability in Acrobat Reader DC: Application Denial of Service Insecure Warning Message Display in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Uncontrolled Memory Consumption in net/http Header Canonicalization Cache File Descriptor Exhaustion Vulnerability Denial of Service and Infinite Loop Vulnerability in wolfSSL Client Component Docker Desktop 4.3.0 Access Control Vulnerability Vulnerability: Password Exposure in Ivanti Pulse Secure Pulse Connect Secure (PCS) Directory Traversal Vulnerability in KNIME Server before 4.13.4 Cross-Site Scripting (XSS) Vulnerability in KNIME Server WebPortal Login Page Privilege Escalation via snap-confine Binary Location Validation in snapd 2.54.2 Privilege Escalation via Race Condition in snapd 2.54.2 Double Free Vulnerability in Mbed TLS before 3.0.1 Race Condition in TEE Subsystem Leads to Use-After-Free Vulnerability in Linux Kernel Critical Remote Code Execution Vulnerability in Lexmark Devices (CVE-2021-XXXX) Critical Command Injection Vulnerability in Lexmark Devices (CVE-2021-XXXX) Unauthenticated Access to Out of Service Erase Feature in Lexmark Devices Lexmark Devices PJL Directory Traversal Vulnerability: Internal Configuration File Overwrite Critical Buffer Overflow Vulnerability Discovered in Lexmark Devices' Postscript Interpreter Acrobat Reader DC ActiveX Control Information Disclosure Vulnerability Null Pointer Dereference Vulnerability in Acrobat Reader DC Null Pointer Dereference Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Information Disclosure Vulnerability in NEC UNIVERGE IP Phones and Management Tools F-Secure Linux Security DoS Vulnerability: Remote Crash of Anti-Virus Engine Remote Code Execution Vulnerability in F-Secure SAFE Browser Allows Universal Cross-Site Scripting Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection Arbitrary Code Execution Vulnerability in F-Secure Support Tool Allows Command Execution F-Secure SAFE Browser Vulnerability: Remote USSD Code Execution Authentication Bypass and Sensitive Information Exposure in Zoho ManageEngine Desktop Central NULL Pointer Dereference Vulnerability in Heimdal SPNEGO Acceptor TLS Origin Validation Bypass Vulnerability in Apache Traffic Server WP-DownloadManager Plugin <= 1.68.6 Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability Out-of-Bounds Read Vulnerability in Delta Electronics CNCSoft (Version 1.01.30) and Prior Improper Input Validation in TLS Certificate Generation Function Leads to DoS in Lanner Inc IAC-AST2500A Firmware v1.10.0 Arbitrary Web Script Injection Vulnerability in Odoo Community and Enterprise 15.0 and Earlier Arbitrary Security Access Rights Manipulation in Lanner Inc IAC-AST2500A Firmware v1.10.0 CSRF Vulnerability in Email Tracker WordPress Plugin Allows Deletion of E-mail Entries Unauthenticated SQL Injection Vulnerability in [GWA] AutoResponder WordPress Plugin (Versions <= 2.3) Buffer Overflow Vulnerability in Apache HTTP Server 2.4.51 and Earlier Reflected XSS Vulnerability in Apache Druid 0.22.1 and Earlier Unauthenticated Access to Logging Interface in Single Connect Unauthenticated Access to Device Configuration and Database Credentials Unauthenticated Access to Device Information in Single Connect Unauthenticated Remote User Permission Modification in Single Connect Remote Authenticated OS Command Injection on TP-Link Archer C20i Router Arm Mali GPU Kernel Driver Vulnerability: Privilege Escalation and Memory Corruption XSS Vulnerability in AFI WebACMS 2.1.0 via ID Parameter in index.html Remote Code Execution (RCE) Vulnerability in Apache Log4j2 Versions 2.0-beta7 through 2.17.0 Insecure Permissions in CLI 1.0.0 for Amazon AWS OpenSearch Configuration File SQL Injection Vulnerability in Active Intelligent Visualization 5 Unprivileged User Access Control Bypass in Delta RM 1.2 Unprivileged User Access to Admin Risk Creation Information in Delta RM 1.2 Unauthorized Access to Risks of Other Companies Arbitrary Password Reset Vulnerability in Delta RM 1.2 Privileged Account Vulnerability in Delta RM 1.2 Stack-based Buffer Overflow in handle_request function in toxcore Inconsistent Authentication Response in Cibele Thinfinity VirtualUI before 3.0 Buffer Overflow Attack in Xilinx Zynq-7000 SoC ROM via Modified SD Boot Image Arbitrary Code Execution Vulnerability in Biostar RACING GT Evo 2.1.1905.1700 REST API Cache Poisoning Vulnerability Blind Stored XSS Vulnerability in MediaWiki Upload Image Feature AbuseFilter Bypass via Special:ChangeContentModel in MediaWiki Arbitrary Page Content Replacement Vulnerability in MediaWiki Privilege Escalation Vulnerability in MediaWiki TGA File Out-of-Bounds Read Vulnerability in Open Design Alliance Drawings SDK Out-of-Bounds Read Vulnerability in Open Design Alliance Drawings SDK (CVE-2022-XXXX) Unmasked Sensitive Information Exposure in Netskope Client Logs Buffer Overflow Vulnerability in TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n SQL Injection Vulnerability in Online-Movie-Ticket-Booking-System 1.0 SQL Injection Vulnerability in ming-soft MCMS v5.1 /ms/cms/content/list.do Insecure Design in Dalmark Systems Systeam 2.22.8: SQL Injection via Bi Report Endpoint User Enumeration Vulnerability in Dalmark Systems Systeam 2.22.8 build 1724 User Enumeration Vulnerability in Dalmark Systems Systeam 2.22.8 build 1724 Vulnerability: Incorrect Access Control in Dalmark Systems Systeam 2.22.8 build 1724 OpenID Connect Provider none Algorithm Bypass Vulnerability NULL Pointer Dereference in gc_data_segment in fs/f2fs/gc.c Command Injection Vulnerability in D-Link Devices DIR-878 and DIR-882 Command Injection Vulnerability in D-Link DIR-882 Router Command Injection Vulnerability in D-Link DIR-878 Firmware 1.30B08_Hotfix_02 Vulnerability: Ticket Notification Leakage in Zammad 5.0.2 ThinkPHP 3.x.x Remote Code Execution (RCE) Vulnerability via value[_filename] in index.php Critical XSS Vulnerability in DMP Roadmap before 3.0.4 Multiple Privilege Escalation Vulnerabilities in MSI Center Drivers Privilege Escalation Vulnerabilities in MSI App Player Multiple Privilege Escalation (LPE/EoP) Vulnerabilities in MSI Dragon Center <= 2.0.116.0 Multiple Privilege Escalation (LPE/EoP) Vulnerabilities in MSI Center Pro <= 2.0.16.0 Remote Lock Disabling Vulnerability in Fortessa FTBTLD Smart Lock Prototype Pollution in Minimist <=1.2.5 via setKey() function in index.js Prototype Pollution in Sails.js <=1.4.0 via controller/load-action-modules.js, loadActionModules() Unrestricted File Upload and Stored XSS Vulnerability in XE before 1.11.6 Unrestricted File Upload Vulnerability Leading to Stored XSS and Potential Shell Upload Blind SQL Injection Vulnerability in Taocms 3.0.2's Edit Category Function Cross Site Scripting (XSS) Vulnerability in Opmantek Open-AudIT Community 4.2.0 Divide by Zero Vulnerability in gnuplot 5.4's boundary3d Function Null Pointer Dereference Vulnerability in gf_node_get_field Function in gpac 1.1.0 Null Pointer Dereference Vulnerability in gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV Invalid Memory Address Dereference Vulnerability in gpac 1.1.0's dump_od_to_saf.isra Function Null Pointer Dereference Vulnerability in gpac 1.1.0: Segmentation Fault and Application Crash in gf_isom_parse_movie_boxes_internal Null Pointer Dereference Vulnerability in gpac 1.1.0's BD_CheckSFTimeOffset Function Null Pointer Dereference Vulnerability in gf_dump_vrml_dyn_field.isra function in gpac 1.1.0 Infinite Loop Denial of Service Vulnerability in gpac 1.1.0 Null Pointer Dereference Vulnerability in gf_svg_get_attribute_name Function in gpac 1.1.0 Null Pointer Dereference Vulnerability in gf_node_get_tag Function in gpac 1.1.0-DEV Null Pointer Dereference Vulnerability in gf_sg_vrml_mf_append Function of gpac 1.1.0 Arbitrary User Impersonation Vulnerability in glFusion CMS v1.7.9 Arbitrary User Registration Vulnerability in glFusion CMS v1.7.9 Cross Site Request Forgery (CSRF) vulnerability in glFusion CMS 1.7.9 allows unauthorized blacklist addition Access Control Vulnerability in glFusion CMS 1.7.9 via /public_html/users.php Privilege Escalation via Sudo Misconfiguration in QVIS NVR DVR (pre-2021-12-13) Heap-based Buffer Overflow Vulnerabilities in ffjpeg (01.01.2021) Leading to Denial of Service ffjpeg Global Buffer Overflow Vulnerability Null Pointer Reference Vulnerability in SVGPP SVG++ Library 1.3.0 Memory Leakage Vulnerability in PerimeterGenerator Class of Slic3r libslic3r 1.3.0 and Master Commit b1a5500 GCode::extrude() Out-of-Bounds Read Vulnerability in Slic3r libslic3r 1.3.0 and Master Commit b1a5500 Sandbox Escape via Use After Free in Lua Interpreter 5.4.0~5.4.3 Directory Traversal Vulnerability in PHPGURUKUL Employee Record Management System 1.2 PHPGURUKUL Employee Record Management System 1.2 - SQL Injection Bypass Authentication Vulnerability LimeSurvey 5.2.4 Remote Code Execution (RCE) via Plugin Upload and Install Use after Free Vulnerability in IOBit Advanced SystemCare 15 Pro via Sequential IOCTL Requests Cross-Site Scripting (XSS) Vulnerability in Taocms v3.0.2 Management Column Component Cross-Site Scripting (XSS) Vulnerability in MiniCMS v1.11 via /mc-admin/page-edit.php Authentication Bypass and Remote Code Execution Vulnerability in Multiple Tenda Devices NULL Pointer Dereference Vulnerability in radare2 version 5.5.2 via bin_symbols.c Buffer Overflow Vulnerability in radareorg radare2 5.5.2: Mach-O Parser in /libr/core/anal_objc.c Directory Traversal Vulnerability in iCMS <=8.0.0 Allows Arbitrary File Reading SSTI Remote Code Execution Vulnerability in iCMS <= 8.0.0 Remote Code Execution and Privilege Escalation in QuickBox Pro v2.5.8 and below Arbitrary File Download Vulnerability in taocms 3.0.1 File Management Stack Overflow Vulnerability in Jerryscript v3.0.0 and Below via ecma_find_named_property in ecma-helpers.c Assertion Failure in Jerryscript 3.0.0: ecma_object_is_typedarray (obj_p) Assertion Failure in Jerryscript 3.0.0: ecma_is_value_boolean(base_value) Assertion Failure in Jerryscript 3.0.0: jmem_heap_allocated_size is not equal to 0 Remote Code Execution (RCE) Vulnerability in Laundry Booking Management System 1.0 and Previous Versions Heap Buffer Overflow in Artifex MuJS v1.1.3 Caused by Conflicting JumpList in Nested try/finally Statements Plesk 18.0.37 Cross Site Request Forgery (CSRF) Vulnerability Insecure Permissions Vulnerability in Plesk CMS 18.0.37 Allows Privilege Escalation Path Traversal Vulnerability in Tiny File Manager Allows Remote Code Execution Upload SQL Injection Vulnerability in TaoCMS 3.0.2: Parameter id:action=cms&ctrl=update&id=26 Arbitrary File Deletion Vulnerability in taocms 3.0.2 CSRF Vulnerability in Catfish <=6.1.* Allows Menu URL Address Manipulation Cross Site Scripting (XSS) Vulnerability in Catfish CMS <=6.3.0 via Google Search URL Parameter Injection XML External Entity (XXE) Vulnerability in ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 Cleartext Storage of Sensitive Information in a Cookie Vulnerability in ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 Cross Site Scripting (XSS) Vulnerability in ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 Arbitrary File Download Vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via FileServlet Function Apache ShenYu 2.4.0 and 2.4.1 Remote Code Execution via Groovy Code Injection and SpEL Injection Critical Vulnerability in MEPSAN's USC+ Login Function Allows Unauthorized Privileged Account Access Undocumented Debug Port with Hard-coded Default Credentials Vulnerability Privileged User Logfile and Diagnostic Data Exposure Vulnerability Insecure Certificate Validation in Velneo vClient 28.1.3 Allows for MITM Attacks Username and Hashed Password Spoofing Vulnerability in Velneo vClient 28.1.3 Information Disclosure Vulnerability in MediaWiki Undocumented UDP Service Buffer Overflow Vulnerability in Uniview IP Cameras Arbitrary File Upload Vulnerability in Spatie media-library-pro Library Authenticated SQL Injection in SuiteCRM Project Module Tooltips Action Denial of Service Vulnerability in HashiCorp Vault Integrated Storage Backend Directory Traversal Vulnerability in HD-Network Real-time Monitoring System 2.0 Incomplete Fix for CVE-2021-44228 in Apache Log4j 2.15.0 Allows Information Leak and Remote/Local Code Execution Use-After-Free Vulnerability in Adobe Bridge Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe InCopy Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InCopy Version 16.4 and Earlier Out-of-Bounds Write Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC Versions 21.007.20099, 20.004.30017, and 17.011.30204 Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Memory Disclosure Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Arbitrary Web Script Injection via Crafted Uploaded File Names in Odoo Community and Enterprise 15.0 and Earlier Vulnerability: User Privilege Escalation and OAuth Token Deletion in JFrog Artifactory Plaintext Storage of Sensitive Information in Netgear Nighthawk R6700 Version 1.0.4.120 Heap-based Buffer Overflow in stab_xcoff_builtin_type in GNU Binutils Early EAP-Success Message Vulnerability in strongSwan Insecure HTTP Protocol Usage in Cobbler Cobbler Templar.py Cheetah Code Import Vulnerability Sensitive Information Exposure in Cobbler Cross-Site Scripting (XSS) Vulnerability in GNOME Web (Epiphany) before 40.4 and 41.x before 41.1 via about: page Cross-Site Scripting (XSS) Vulnerability in GNOME Web (Epiphany) before 40.4 and 41.x before 41.1 Cross-Site Scripting (XSS) Vulnerability in GNOME Web (Epiphany) before 40.4 and 41.x before 41.1 Cross-Site Scripting (XSS) Vulnerability in GNOME Web (Epiphany) before 40.4 and 41.x before 41.1 via Error Page Incorrect Access Control in Stormshield Endpoint Security 2.x before 2.1.2 Remote Code Execution Vulnerability in Stormshield Endpoint Security Incorrect Access Control in Stormshield Endpoint Security 2.1.0 to 2.1.1 IFRAME Injection Vulnerability in Thinfinity VirtualUI before 3.0 XSS Vulnerability in Imprivata Privileged Access Management 2.3.202112051108 Refcount Leak in pep_sock_accept Vulnerability XXE (External XML Entity) Injection Vulnerability in KNIME Analytics Platform before 4.5.0 via Crafted Workflow File (.knwf) Unattended Installation Password Exposure in KNIME Server HTTP Signature Bypass/Evasion Vulnerability in Suricata addon.stdin service in addon-ssh: Attack Surface with Social Engineering Requirement Cleartext Communication Vulnerability in ksmbd Server Information Disclosure Vulnerability in HTCondor SchedD and Collector Daemons Authorization Bypass in HTCondor Daemon with SciToken Authentication S3 Cloud Storage File Access Vulnerability in HTCondor Network Data Interference Vulnerability in HTCondor Uncontrolled Recursion Vulnerability in Apache Log4j2 Circumventable Access Control Vulnerability in SICAM TOOLBOX II (All Versions) Improper Access Control Allows Creation of Demonstration Data and User Accounts in Odoo Community and Enterprise Denial-of-Service Vulnerability in Django UserAttributeSimilarityValidator Django Template Language Variable Resolution Logic Vulnerability Null Pointer Dereference in OPC Autogenerated ANSI C Stack Stubs Privilege Escalation Vulnerability in COINS Construction Cloud 11.12 Denial of Service Vulnerability in COINS Construction Cloud 11.12 Reflected XSS Vulnerability in COINS Construction Cloud 11.12 Reflected Cross-Site Scripting (XSS) Vulnerability in COINS Construction Cloud 11.12 Improper Validation of User-Controlled HTTP Headers in COINS Construction Cloud 11.12 Allows for Arbitrary Website Redirection Persistent Cross-Site Scripting (XSS) Vulnerability in COINS Construction Cloud 11.12 XSS Vulnerability in COINS Construction Cloud 11.12 Allows Execution of Malicious JavaScript Code XSS Vulnerability in Trigger DAG with config Screen in Apache Airflow 2.2.3 and Below Unauthorized Creation of DAG Runs by Users with Limited Permissions Local Privilege Escalation Vulnerability in Trend Micro Apex One and Worry-Free Business Security Authentication Bypass Vulnerability in Apache APISIX Dashboard Multiple SQL Injection Vulnerabilities in Simple Forum-Discussion System 1.0 Allow Retrieval of Database Information SQL Injection Vulnerability in Simple Cold Storage Management System 1.0's view_storage.php SQL Injection Vulnerability in Email Parameter of Video Sharing Website 1.0 Allows Remote Code Execution Null Pointer Dereference Vulnerability in nasm 2.16rc0 via asm/preproc.c Infinite Loop Vulnerability in nasm 2.16rc0: gpaste_tokens Function Stack Overflow Vulnerability in gpac 1.1.0 via gf_bifs_dec_proto_list Function Invalid Pointer Reference Vulnerability in gpac 1.1.0 via gf_svg_node_del Function Null Pointer Dereference Vulnerability in gpac 1.1.0: lsr_read_id.part Function Segmentation Fault and Application Crash Invalid Pointer Vulnerability in GNU Patch 2.7: Denial of Service via another_hunk function Invalid Free Vulnerability in gpac 1.1.0: Segmentation Fault and Application Crash via gf_sg_command_del Invalid Free Vulnerability in gpac 1.1.0: Segmentation Fault and Application Crash via gf_svg_delete_attribute_value Function Null Pointer Dereference Vulnerability in gpac 1.1.0 via lsr_read_anim_values_ex Function Invalid Memory Address Dereference Vulnerability in gpac 1.1.0 via svg_node_start Function CSRF Vulnerability in Backdrop CMS 1.20 Allows Remote Code Execution via Malicious Add-On Upload Cross-Site Scripting (XSS) Vulnerability in QuickBox Pro v2.4.8 at adminuseredit.php?usertoedit=XSS ZZCMS 2021 Directory Traversal Vulnerability via Skin Parameter in Multiple Files Double Free Vulnerability in GPAC 1.0.1's filedump.c Allows Denial of Service via Crafted MP4Box Command GPAC 1.0.1 Vulnerability: Denial of Service via Omission of Security Information Denial of Service Vulnerability in Binaryen 103: Assertion Abort in wasm::handle_unreachable Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in GPAC 1.0.1 via Crafted MP4Box Command Denial of Service Vulnerability in Binaryen 103: Invalid Memory Address Dereference in wasm::WasmBinaryBuilder::visitLet Infinite Loop Vulnerability in Gpac 1.0.1's gf_get_bit_size Information Disclosure Vulnerability in Sangoma Technologies Corporation Switchvox Version 102409 Gitea OpenID URL SSRF Vulnerability CSRF Vulnerability in Gitea API Routes (Versions before 1.5.2) Remote Code Execution Vulnerability in Gitea before 1.11.2 Open Redirect Vulnerability in Gitea before 1.4.3 Gitea XSS Vulnerability in External Wiki/Issue Tracker URL Field Persistent Session Vulnerability in Gitea through 1.15.7 Authentication Bypass Vulnerability in Gitea Allows Multiple Submissions of Correct TOTP Code SQL Injection Vulnerability in Sourcecodester Online Thesis Archiving System 1.0 Insecure Permission in Avast Antivirus Sandbox Component Allows for Scan Manipulation and File Deletion Sandbox Escape Vulnerability in Avast Antivirus Allows Privilege Escalation Privilege Escalation Vulnerability in Avast Antivirus Self-Defense Driver Privilege Escalation Vulnerabilities in Avast Antivirus: Arbitrary File Manipulation and Security Reset Hollowing Exploit: Privilege Escalation in Avast Antivirus NULL Pointer Dereference in Libsixel's stb_image.h Component Allows for Denial of Service via Crafted PICT File Remote Code Execution Vulnerability in CDataMoji of LibreCAD 2.2.0-rc3 and Older Remote Code Execution Vulnerability in CDataList of LibreCAD 2.2.0-rc3 and Older LibreCAD 2.2.0 HATCH Handling NULL Pointer Dereference Vulnerability Buffer Overflow Vulnerability in En3rgy WebcamServer v.0.5.2: Remote Denial of Service Exploit Memory Leak Vulnerability in SQLite3 3.35.1 and 3.37.0 via Malicious SQL Queries Incorrect Access Control Vulnerability in zzcms 8.2 Allows Authentication Bypass Arbitrary File Deletion Vulnerability in SourceCodester Attendance Management System v1.0 Piwigo 12.x XSS Vulnerability in pwg_activity Function Code Execution Vulnerability in Statamic Version through 3.2.26 via SettingsController.php Incorrect Access Control Vulnerability in Glewlwyd 2.0.0 XSS Injection Vulnerability in AppCMS 2.0.101's inc_head.php Template Unpatched Remote Command Execution (RCE) Vulnerability in D-link DIR-810L, DIR-820L, DIR-826L, DIR-830L, and DIR-836L Routers Null Pointer Dereference vulnerability in ffjpeg d5cfd49 (2021-12-06) in bmp_load() Reachable Assertion Vulnerability in tcpreplay 4.3.4's add_tree_ipv6() Reachable Assertion Vulnerability in tcpreplay 4.3.4 JWT Token Injection Vulnerability in StarWind SAN and NAS Build 1578 and StarWind Command Center Build 6864 Buffer Overflow Vulnerability in Tenda Router AX12 V22.03.01.21_CN Buffer Overflow Vulnerability in Tenda Router AX12 V22.03.01.21_CN Arbitrary Data Deserialization Vulnerability in Spipu HTML2PDF Command Injection Vulnerability in Tenda AC10U AC1200 Smart Dual-band Wireless Router Pointer Leak Vulnerability in Linux Kernel's check_alu_op() Function SQL Injection Vulnerability in SalonERP 3.0.1 Allows Unauthorized Access and Password Decryption Open Redirect Vulnerability in SeedDMS 6.0.15: Remote Redirect to Malicious Sites in out.Login.php Arbitrary File Upload Vulnerability in Sourcecodetester Printable Staff ID Card Creator System 1.0 DataRobot Remote Code Execution (RCE) Vulnerability via Docker Environment or Java Driver Submission Reflected XSS Vulnerability in RosarioSIS 8.2.1 via search_term Parameter in Courses.php Heap-based Buffer Overflow in AIDE before 0.17.4 Allows Local Privilege Escalation Directory Traversal Vulnerability in Starcharge Products: Nova 360 Cabinet and Titan 180 Premium Improper Input Validation in Starcharge Products Arbitrary File Write Vulnerability in Emerson Dixell XWEB-500 Products Information Disclosure via Directory Listing in Emerson Dixell XWEB-500 Reflected Cross-Site Scripting Vulnerability in Reprise License Manager 14.2 Buffer Overflow Vulnerability in Pev 0.81 via pe_exports Function SAFARI Montage Versions 8.3 and 8.5 Reflected Cross Site Scripting (XSS) Vulnerability Unauthenticated Arbitrary File Deletion Vulnerability in Emerson XWEB 300D EVO 3.0.7--3ee403 Incorrect Access Control Vulnerability in TLR-2005KSH Allows Arbitrary File Upload Buffer Overflow Vulnerability in VirusTotal YARA Git Commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 SQL Injection Vulnerability in Sourcecodester Simple Cold Storage Management System Elevation of Privilege Vulnerability in Trend Micro Apex One and Worry-Free Business Security Origin Validation Error Vulnerability in Trend Micro Apex One Allows Privilege Escalation Arbitrary File Overwrite Vulnerability in Trend Micro Worry-Free Business Security (On-Prem) Recursive PROMPT_SUBST Expansion Vulnerability in zsh (CVE-2021-21409) Infinite Loop Vulnerability in Unisys ClearPath MCP TCP/IP Networking Services Directory Listing Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Clear Text Transmission of Database Passwords in Hitachi Vantara Pentaho Business Analytics Server Pentaho Business Analytics Server Path Traversal Vulnerability Sensitive Information Logging Vulnerability in Docker Desktop 4.3.0 and 4.3.1 Vulnerability: Policy Bypass and Oracle-Based Decryption in Mbed TLS Vulnerability: Policy Bypass and Oracle-based Decryption in Mbed TLS before 3.1.0 Directory Traversal Vulnerability in Django Storage.save() Function Information Disclosure of Power Telemetry via HWmon in Ampere Altra Processors Command Injection Vulnerability in Apache Kylin 4.0.0 Cross-origin Resource Sharing (CORS) vulnerability in Apache Kylin Hardcoded Key and IV in PasswordPlaceholderConfigurer in Apache Kylin Command Injection Vulnerability in lib/cmd.js in node-windows Package Unquoted Registry Entry Vulnerability in SICAM PQ Analyzer (All versions < V3.18) Arbitrary Code Execution Vulnerability in FreePBX Rest Phone Apps (CVE-2021-XXXX) Denial of Service Vulnerability in Open5GS 2.4.0: Crash of SGW-U/UPF via Crafted UE Packet Shell Expansion Vulnerability in GEGL's load_cache Function Arbitrary Code Execution Vulnerability in KVMtool via Out-of-Bounds Write BMP File Parsing Vulnerability in syngo fastView (All Versions) Allows Code Execution Arbitrary File Upload Vulnerability in CWP (Control Web Panel) before 0.9.8.1107 Arbitrary API Key Registration Vulnerability in CWP (Control Web Panel) Remote Unauthenticated Bypass of Imperva Web Application Firewall (WAF) via Content-Encoding: gzip Out-of-Bounds Memory Access in f2fs_setxattr in Linux Kernel Regular Expression Injection in lib/DatabaseLayer.py in cve-search before 4.1.0 Vulnerability: IP Address Bypasses Block to Edit EntitySchema Items in MediaWiki XSS Vulnerability in MediaWiki through 1.37 via External Identifier Property Cross-Site Scripting (XSS) Vulnerability in MediaWiki through 1.37 via Wikibase Item Descriptions Cross-Site Scripting (XSS) Vulnerability in MediaWiki Special:ImportFile URI Unauthenticated Information Disclosure Vulnerability in Yordam Library Information Document Automation (before version 19.02) Unauthenticated Reflected XSS Vulnerability in Yordam Library Information Document Automation (Version < 19.02) Data Collection Vulnerability in Bordam Information Technologies Library Automation System Data Collection Vulnerability in Bordam Information Technologies Library Automation System Stored XSS Vulnerability in Yordam Information Technologies Library Automation System Memory Leak in __rds_conn_create() Function in Linux Kernel Incorrect Memory Allocation in WebKitGTK's ImageBufferCairoImageSurfaceBackend::create Leading to Segmentation Violation and Application Crash Use-after-free vulnerability in WebKitGTK before 2.32.4 in WebCore::ContainerNode::firstChild Use-after-free vulnerability in WebKitGTK before 2.32.4 in WebCore::Frame::page Weak Cryptographic PRNG in NetBSD IPv6 Fragment ID Generation Algorithm IPv6 Implementation in Linux Kernel: Information Leak Vulnerability Information Leakage Vulnerability in Linux Kernel's IPv4 Implementation Insecure IPv4 ID Generation Algorithm in NetBSD through 9.2 NetBSD TCP ISN Generation Algorithm Information Leak Vulnerability Weak Cryptographic PRNG in NetBSD IPv6 Flow Label Generation Algorithm Lack of SSL Certificate Validation in 3CX Client Applications Cleartext Password Storage Vulnerability in 3CX System (2022-03-17) Privilege Escalation via DLL Search-Order Hijacking in Sage 300 ERP NETGEAR Devices Vulnerable to Disclosure of Administrative Credentials Arbitrary File Read Vulnerability in NETGEAR RBK352, RBR350, and RBS350 Devices Authentication Bypass Vulnerability in NETGEAR D7000 Devices Authentication Bypass Vulnerability in NETGEAR D7000 Devices Authentication Bypass Vulnerability in NETGEAR D7000 Devices Authentication Bypass Vulnerability in NETGEAR R6700v2 Devices Authentication Bypass Vulnerability in NETGEAR Devices Authentication Bypass Vulnerability in NETGEAR R7000P and R8000 Devices Authentication Bypass Vulnerability in Certain NETGEAR Devices Title: Authentication Bypass Vulnerability in NETGEAR Devices Title: Authentication Bypass Vulnerability in NETGEAR Devices Authentication Bypass Vulnerability in NETGEAR Devices Title: Authentication Bypass Vulnerability in NETGEAR Devices Title: Authentication Bypass Vulnerability in NETGEAR Devices Title: Authentication Bypass Vulnerability in Certain NETGEAR Devices Authentication Bypass Vulnerability in NETGEAR Devices Title: Authentication Bypass Vulnerability in NETGEAR Devices Authentication Bypass Vulnerability in NETGEAR XR1000 Devices Authentication Bypass Vulnerability in Multiple NETGEAR Devices Weak Cryptography Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR XR1000 Devices Command Injection Vulnerability in NETGEAR XR1000 Devices Denial of Service Vulnerability in Certain NETGEAR Devices NETGEAR Devices Denial of Service Vulnerability Denial of Service Vulnerability in NETGEAR XR1000 Devices Denial of Service Vulnerability in NETGEAR XR1000 Devices Denial of Service Vulnerability in NETGEAR XR1000 Devices Hardcoded Password Vulnerability in NETGEAR RBK352, RBR350, and RBS350 Devices Hardcoded Password Vulnerability in NETGEAR RBK352, RBR350, and RBS350 Devices Hardcoded Password Vulnerability in NETGEAR XR1000 Devices Buffer Overflow Vulnerability in NETGEAR R7000 Devices Buffer Overflow Vulnerability in NETGEAR R8000 Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR D6220 Devices Command Injection Vulnerability in NETGEAR R8000 Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Authenticated Command Injection Vulnerability in Certain NETGEAR Devices Authenticated Command Injection Vulnerability in Certain NETGEAR Devices Authenticated Command Injection Vulnerability in Certain NETGEAR Devices Authenticated Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR R7000, R6900P, and R7000P Routers Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR R7900P, R7960P, and R8000P Routers Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Authenticated Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Authenticated Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Vulnerability: Sensitive Information Disclosure in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Integer Overflow Vulnerability in D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Title: Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in Certain NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Title: Unauthenticated Command Injection Vulnerability in NETGEAR Devices Title: Unauthenticated Command Injection Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Stack-Based Buffer Overflow in NETGEAR D7000 Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Reflected XSS Vulnerability in Multiple NETGEAR Devices Incorrect Configuration of Security Settings in Multiple NETGEAR Devices Incorrect Configuration of Security Settings in Multiple NETGEAR Devices Incorrect Configuration of Security Settings in Certain NETGEAR Devices Vulnerability: Incorrect Security Settings in NETGEAR Devices Incorrect Configuration of Security Settings in Certain NETGEAR Devices Incorrect Security Settings Configuration Vulnerability in Certain NETGEAR Devices Vulnerability: Sensitive Information Disclosure in NETGEAR R7000 Devices Disclosure of Sensitive Information Vulnerability in Certain NETGEAR Devices Sensitive Information Disclosure Vulnerability in Certain NETGEAR Devices NETGEAR Devices Vulnerable to Sensitive Information Disclosure Sensitive Information Disclosure Vulnerability in Certain NETGEAR Devices Sensitive Information Disclosure Vulnerability in NETGEAR RBK50, RBR50, and RBS50 Devices Sensitive Information Disclosure Vulnerability in NETGEAR RBK352, RBR350, and RBS350 Devices Sensitive Information Disclosure Vulnerability in NETGEAR RBK352, RBR350, and RBS350 Devices Disclosure of Sensitive Information Vulnerability in NETGEAR XR1000 Devices Server-Side Injection Vulnerability in NETGEAR R6400 Devices Server-side Injection Vulnerability in Certain NETGEAR Devices Server-side Injection Vulnerability in Certain NETGEAR Devices Server-side Injection Vulnerability in Certain NETGEAR Devices Server-side Injection Vulnerability in Certain NETGEAR Devices Server-side Injection Vulnerability in Certain NETGEAR Devices Server-side Injection Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR R7000 Devices Stored XSS Vulnerability in NETGEAR R7000 Devices Stored XSS Vulnerability in NETGEAR R7000 Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in NETGEAR Routers Stored XSS Vulnerability in NETGEAR GS108Tv2 and GS110TPv2 Devices Insecure Code Vulnerability in NETGEAR RAX200 Devices Privilege Escalation Vulnerability in NETGEAR Devices Memory Corruption Vulnerability in vec-const Crate Memory Corruption Vulnerability in derive-com-impl Crate Uninitialized Memory Read Vulnerability in bronzedb-protocol Crate Uninitialized Memory Read Vulnerability in binjs_io crate Uninitialized Memory Read Vulnerability in flumedb crate Uninitialized Memory Read Vulnerability in Columnar Crate Uninitialized Memory Read Vulnerability in csv-sniffer Crate Memory Corruption and Panic Vulnerability in raw-cpuid Crate Uninitialized Memory Read Vulnerability in ash crate Uninitialized Memory Read Vulnerability in gfx-auxil crate Uninitialized Memory Read Vulnerability in messagepack-rs Crate Uninitialized Memory Read Vulnerability in messagepack-rs Crate Uninitialized Memory Read Vulnerability in messagepack-rs Crate Uninitialized Memory Read Vulnerability in messagepack-rs Crate Uninitialized Memory Read Vulnerability in rdiff Crate Vulnerability: Incorrect Reliance on Trait Memory Layout in mopa Crate Incorrect Hashes in sha2 Crate with AVX2-Accelerated Backend Incorrect Result in FixVec Partial Read Vulnerability Vulnerability: Inconsistent Transaction Selection in get_block_template RPC Call Memory Allocation Vulnerability in Nervos CKB Blockchain Allows for 51% Attack Denial of Service Vulnerability in ckb Crate: Dead Call as DepGroup Use-after-free vulnerability in tremor-script crate before 0.11.6 Use-after-free vulnerability in tremor-script crate before 0.11.6 Uninitialized Memory Read Vulnerability in tectonic_xdv crate Data Race and Memory Corruption in AtomicBucket<T> due to Unconditional Implementation of Send and Sync Traits Multiple Mutable References Vulnerability in nanorand Crate Memory Leakage in zeroize_derive Crate for Rust Out-of-Bounds Write Vulnerability in nix crate Insufficiently Constrained Transmute Operations in abomonation Crate: Information Leak and ASLR Bypass Vulnerability Unaligned Read Vulnerability in Chacha20 Encryption and Decryption Data Race and Memory Corruption in Tokio Crate Panic Vulnerability in simple_asn1 Crate: Remote Attacker Can Trigger Panic with UTCTime Data Directory Traversal Vulnerability in rust-embed Crate Use-after-free vulnerability in rusqlite crate 0.25.x and 0.26.x Use-after-free vulnerability in rusqlite crate 0.25.x and 0.26.x Use-after-free vulnerability in rusqlite crate 0.25.x and 0.26.x Use-after-free vulnerability in rusqlite crate 0.25.x and 0.26.x Use-after-free vulnerability in rusqlite crate 0.25.x and 0.26.x Use-after-free vulnerability in rusqlite crate 0.25.x and 0.26.x Use-after-free vulnerability in rusqlite crate 0.25.x and 0.26.x Use-after-free vulnerability in lru crate iterators before 0.7.1 Reflected Cross-Site Scripting (XSS) in JFrog Artifactory Users REST API Endpoint Privilege Escalation Vulnerability in WP Google Map WordPress Plugin (<= 1.8.0) Broken Access Control in JFrog Artifactory: Unauthorized Repository Layout Configuration by Project Admins Hardcoded Credential Vulnerability in Netgear Nighthawk R6700 Version 1.0.4.120 Command Injection Vulnerability in TOTOLINK X5000R v9.1.0u.6118_B20201102 Stack Overflow Vulnerability in TOTOLINK X5000R v9.1.0u.6118_B20201102: Exploiting setUrlFilterRules Function for DoS Attacks HTTP Authentication Vulnerability in TOTOLINK X5000R v9.1.0u.6118_B20201102 Stack Overflow Vulnerability in TOTOLINK X5000R v9.1.0u.6118_B20201102: Exploiting setL2tpServerCfg Function Stack Overflow Vulnerability in TOTOLINK A720R v4.1.5cu.470_B20200911: DoS via Host Parameter in Form_Login Function Command Injection Vulnerability in TOTOLINK X5000R v9.1.0u.6118_B20201102 Stack Overflow Vulnerability in TOTOLINK A720R v4.1.5cu.470_B20200911: Form_Login Function Denial of Service (DoS) via flag Parameter Stack Overflow Vulnerability in TOTOLINK A720R v4.1.5cu.470_B20200911: Denial of Service via setWiFiWpsStart Function Stack Overflow Vulnerability in TOTOLINK X5000R v9.1.0u.6118_B20201102: Exploiting DoS via relay6to4 Parameters Command Injection Vulnerability in TOTOLINK A720R v4.1.5cu.470_B20200911 Stored XSS Vulnerability in Bludit 3.13.1 via TAGS Section in Login Panel Stored XSS Vulnerability in Bludit 3.13.1 via About Plugin in Login Panel Directory Traversal Vulnerability in WeBankPartners wecube-platform 3.2.1 Buffer Overflow Vulnerability in Asus RT-AC68U and RT-AC5300 Routers' blocking_request.cgi Buffer Overflow Vulnerability in ASUS AC68U <=3.0.0.4.385.20852's blocking.cgi Leading to DoS Invalid Memory Address Dereference in GPAC v1.1.0: Exploitable DoS Vulnerability via gf_list_last() Invalid Memory Address Dereference Vulnerability in ROPium v3.1's find() Function Invalid Memory Address Dereference in GPAC v1.1.0: Denial of Service (DoS) Vulnerability Invalid Call in gf_node_changed() Function in GPAC v1.1.0 Leads to Denial of Service (DoS) Vulnerability Invalid Memory Address Dereference in GPAC v1.1.0 via shift_chunk_offsets.isra() Invalid Memory Address Dereference in GPAC 1.1.0: A Denial of Service Vulnerability NULL Pointer Dereference in AcseConnection_parseMessage in libiec61850 v1.5.0 NULL Pointer Dereference in CS104_IPAddress_setFromString Directory Traversal Vulnerability in Bookeen Notea Firmware BK_R_1.0.5_20210608 Privilege Escalation Vulnerability in maccms v10 User Login Stored Cross Site Scripting (XSS) Vulnerability in maccms v10 through Video Uploads Time-Based SQL Injection Vulnerabilities in Metersphere v1.15.4 via orders Parameter Arbitrary File Read Vulnerability in Metersphere v1.15.4 Arbitrary File Upload Vulnerability in Metersphere v1.15.4 Allows Unauthenticated Remote Code Execution SQL Injection Vulnerability in Slims8 Akasia 8.3.1 - Remote Authenticated Librarian User Cross-Site Scripting (XSS) Vulnerability in Slims9 Bulian 9.4.2 /admin/modules/system/custom_field.php SQL Injection Vulnerability in Slims9 Bulian 9.4.2 - User Data Exposure in lib/comment.inc.php SQL Injection Vulnerability in Slims9 Bulian 9.4.2: User Data Exposure in /admin/modules/system/backup.php SQL Injection Vulnerability in MartDevelopers iResturant 1.0 SQL Injection Vulnerability in MartDevelopers iResturant 1.0 Template Injection Vulnerability in JPress v4.2.0 Admin Panel Command Execution Vulnerability in jpress v4.2.0 via io.jpress.web.admin._AddonController::doUploadAndInstall Unrestricted Account Registration and Arbitrary File Upload Vulnerability in jPress v4.2.0 Arbitrary Command Execution Vulnerability in GlobalProtect-Openconnect GlobalProtect-Openconnect Vulnerability: Arbitrary VPN Connection and Traffic Redirection SQL Injection Vulnerability in osTicket 1.15.x Search Functionality Cross Site Scripting (XSS) Vulnerability in NUUO Network Video Recorder NVRsolo 3.9.1 Cross Site Scripting (XSS) Vulnerability in SLICAN WebCTI 1.01 2015 SQL Injection Vulnerability in Nettmp NNT 5.1 Allows Unauthorized Access Cross Site Scripting (XSS) Vulnerability in Quectel UC20 UMTS/HSPA+ UC20 6.3.14 CRLF Injection Vulnerability in SAFARI Montage 8.7.32 Leading to HTTP Response Splitting Unquoted Service Path Privilege Escalation in Wordline HIDCCEMonitorSVC Blind SQL Injection Vulnerability in Xbtit 3.1: Remote Code Execution and Data Extraction Stored XSS Vulnerability in Xbtit 3.1 Allows Execution of Malicious JavaScript Code HDF5 1.13.1-1 Segmentation Fault Denial of Service Vulnerability Heap-based Buffer Overflow Vulnerability in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c Null Pointer Dereference Vulnerability in GPAC 1.0.1: Denial of Service via __strlen_avx2 in MP4Box Stack-based Buffer Overflow Vulnerability in HDF5 1.13.1-1 at hdf5/src/H5Eint.c: Denial of Service (context-dependent) Stack-based Buffer Overflow Vulnerability in HDF5 1.13.1-1: Denial of Service via H5D__create_chunk_file_map_hyper function Arbitrary Code Execution Vulnerability in OpenDocMan 1.4.4 via MIME-Bypass File Upload Vulnerability in Online Admission System 1.0 Arbitrary Command Execution Vulnerability in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) Remote Command Execution Vulnerability in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) - Administrator Hash Disclosure Vulnerability Remote Command Execution Vulnerability in Terramaster F4-210, F2-210 TOS 4.2.X Session Cookie Self-Signing and Guest User Abuse Vulnerability in Terramaster F4-210, F2-210 TOS 4.2.X Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) - Administrator Hash Disclosure Vulnerability Reflected Cross Site Scripting (XSS) vulnerability in glFusion CMS v1.7.9 Command Injection Vulnerability in ODA File Converter in FreeCAD 0.19 FreeCAD 0.19 Path Sanity Check Script OS Command Injection Vulnerability AMF Parser Crash Vulnerability in Slic3r libslic3r 1.3.0 Missing Input Validations in 3MF Parser Component of Slic3r Libslic3r 1.3.0: Application Crash Vulnerability Denial of Service (DoS) Vulnerability in Nicotine+ 3.0.3 and Later: Null Character File Path Crash Server-Side Request Forgery (SSRF) Vulnerability in FUXA 1.1.3 Allows Unauthorized Access and Command Execution Unrestricted Patient Addition Vulnerability in Projectworlds Hospital Management System v1.0 Remote Buffer Overflow Vulnerability in Accu-Time Systems MAXIMUS 1.0 Telnet Service Integer Overflow Vulnerability in DTSStreamReader::findFrame() of tsMuxer git-2678966 Assertion Failure in BitStreamReader::skipBits at /bitStream.h:132 of tsMuxer git-c6a0277 Heap-Based Buffer Overflow in tsMuxer git-2678966: Function HevcUnit::updateBits in hevc.cpp Segmentation Fault Vulnerability in tsMuxer git-c6a0277 File Upload Vulnerability in Sourcecodester Student Attendance Management System 1.0 Stored XSS Vulnerability in Sourcecodester Student Attendance Management System 1.0 via Course Field in index.php Use-after-free vulnerability in Linux kernel's quota_tree.c Unauthenticated Command Injection in GARO Wallbox GLB/GTB/GTC Firmware Update Hardcoded Credentials Vulnerability in GARO Wallbox GLB/GTB/GTC Incorrect Access Control on GARO Wallbox GLB/GTB/GTC Web Manager Pages Information Disclosure Vulnerability in Brave Desktop 1.17 through 1.33 before 1.33.106 Insecure Password Handling in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 Global Anti-CSRF Tokens in PONTON X/P Messenger Allow Privilege Escalation Remote Code Execution via Path Traversal in PONTON X/P Messenger XSS Vulnerability in PONTON X/P Messenger Navigation Tree Reflected XSS Vulnerability in PONTON X/P Messenger Inactive Identifier Authentication Vulnerability in BasicAuthProvider Privilege Escalation Vulnerability in Softwarebuero Zauner ARC 4.2.0.4 Vulnerability: Passwords Stored in Recoverable Format in Softwarebuero Zauner ARC 4.2.0.4 Improper Case Sensitivity Handling in Softwarebuero Zauner ARC 4.2.0.4 Allows for Easier Password Guessing Cleartext Transmission of Sensitive Information in Softwarebuero Zauner ARC 4.2.0.4 Cross-Site Scripting (XSS) Vulnerability in Netgen Tags Bundle Privilege Escalation Vulnerability in Nokia FastMile 3TG00118ABAD52 Devices Remote Code Execution Vulnerability in SuiteCRM Local File Inclusion Vulnerability in SuiteCRM PHAR Deserialization Remote Code Execution in SuiteCRM Improper API Authentication in Vivoh Webinar Manager before 3.6.3.0 Inconsistent Error Messaging in ServiceNow Orlando Password-Reset Form Persistent Cross-Site Scripting (XSS) Vulnerability in SuiteCRM Web Interface Cross-Site Scripting (XSS) Vulnerability in OpenWrt 21.02.1 Port Forwards Add Name Screen Cross-Site Scripting (XSS) Vulnerability in OpenWrt 21.02.1 Traffic Rules Name Screen Cross-Site Scripting (XSS) Vulnerability in OpenWrt 21.02.1 NAT Rules Name Screen Stack-based Buffer Overflow in gif2apng 1.9 Stack-based Buffer Overflow in gif2apng 1.9 Heap-based Buffer Overflow in gif2apng 1.9's DecodeLZW Function Heap-based Buffer Overflow in gif2apng 1.9: Arbitrary Data Write Vulnerability Heap-Based Buffer Overflow in gif2apng 1.9: Write Access Outside Buffer Boundaries Unauthenticated Command Execution via Named Pipe in Controlup Real-Time Agent Hardcoded Key Vulnerability in ControlUp Real-Time Agent (cuAgent.exe) Allows OS Command Execution via WCF Channel Unauthenticated Session Manipulation in LuxCal Web Calendar Cookie Manipulation Vulnerability in LuxCal Web Calendar Improper Input Validation Vulnerability in Shockwall System's Programming Function Improper Authentication Vulnerability in Shockwall System's Server-Request Receiver Function Insufficient Input Validation Leading to Heap-Based Buffer Overflow Vulnerability in NHI's Health Insurance Web Service XSS Vulnerability in Studio 42 elFinder through 2.1.31 via SVG Document Login Process Vulnerability in Lanner Inc IAC-AST2500A Firmware v1.10.0 Stack-based Buffer Overflow in MDB Tools 0.9.2 Stack-based Buffer Overflow in MDB Tools 0.9.2 Out-of-Bounds Write Vulnerability in libjxl (CVE-2021-38117) Out-of-Bounds Write Vulnerability in Wasm3 0.5.0's CompileBlock Out-of-Bounds Write Vulnerability in Qt SVG Out-of-Bounds Write Vulnerability in HarfBuzz 2.9.0 Heap-Based Buffer Overflow in wolfMQTT 1.9: MqttDecode_Publish Vulnerability Heap-Based Buffer Overflow in wolfMQTT 1.9's MqttDecode_Publish Function Heap-Based Buffer Overflow in wolfMQTT 1.9: MqttClient_DecodePacket Vulnerability Heap-based Buffer Overflow in Grok 9.5.0's openhtj2k::T1OpenHTJ2K::decompress Heap-Based Buffer Overflow in wolfMQTT 1.9: MqttDecode_Disconnect Vulnerability Heap-Based Buffer Overflow in wolfMQTT 1.9's MqttClient_DecodePacket Heap-Based Buffer Overflow in wolfMQTT 1.9: MqttClient_DecodePacket Vulnerability Heap-Based Buffer Overflow in wolfMQTT 1.9: MqttClient_DecodePacket Vulnerability Heap-based Buffer Overflow in libbpf 0.6.0 and 0.6.1's __bpf_object__open Heap-based Buffer Overflow in libbpf 0.6.0 and 0.6.1's __bpf_object__open Heap-based Buffer Overflow in OpenEXR 3.1.x before 3.1.4 Heap-Based Buffer Overflow in GDAL 3.3.0 through 3.4.0: PCIDSK::CPCIDSKFile::ReadFromFile Vulnerability Use-After-Free Vulnerability in Ghostscript GhostPDL 9.50 through 9.53.3 Out-of-Bounds Write Vulnerability in Wasm3 0.5.0 Out-of-Bounds Write Vulnerability in Wasm3 0.5.0 Runtime_Release Heap-Based Buffer Overflow in Open Asset Import Library (assimp) 5.1.0 and 5.1.1 Heap-Based Buffer Overflow in Ghostscript GhostPDL 9.50-9.54.0: Exploiting sampled_data_finish Out-of-Bounds Write Vulnerability in LibreDWG 0.12.4.4313 through 0.12.4.4367 Heap-based Buffer Overflow in Dnsmasq 2.86's check_bad_address Function Heap-based Buffer Overflow in Dnsmasq 2.86's dhcp_reply Function Heap-based Buffer Overflow in Dnsmasq 2.86 extract_name Function Heap-based Buffer Overflow in Dnsmasq 2.86's extract_name Function (CVE-2021-45951) Heap-based Buffer Overflow in Dnsmasq 2.86's resize_packet Function Heap-based Buffer Overflow in Dnsmasq 2.86's print_mac Function Heap-based Buffer Overflow in Dnsmasq 2.86's answer_request Function Stack-based Buffer Overflow in UltraJSON (aka ujson) through 5.1.0 Expat XML Parsing Library: Realloc Misbehavior in storeAtts Function Arbitrary Code Execution in Pascom Cloud Phone System REST API Path Traversal Vulnerability in Pascom Cloud Phone System SSRF Vulnerability in Pascom Cloud Phone System InsydeH2O AhciBusDxe SMM Buffer Pointer Validation Vulnerability InsydeH2O SMM Buffer Pointer Validation Vulnerability Insufficient Validation of Allocated Buffer Pointer in SdHostDriver SMM Branch Stack-based Buffer Overflow in giftrans 1.12.2: Arbitrary Data Overwrite Vulnerability DLL Hijacking Vulnerability in Acer Care Center 4.x Remote Development Backend IDEs Bind to 0.0.0.0 IP Address Vulnerability Arbitrary Code Execution Vulnerability in Foxit PDF Reader and PDF Editor on macOS Arbitrary Code Execution Vulnerability in Foxit PDF Reader and PDF Editor on macOS Arbitrary Code Execution Vulnerability in Foxit PDF Reader and PDF Editor on macOS XML External Entity (XXE) Vulnerability in NetScout nGeniusONE 6.3.2 Arbitrary File Upload Vulnerability in NetScout nGeniusONE 6.3.2 Java RMI Code Execution Vulnerability in NetScout nGeniusONE 6.3.2 Heap-Based Buffer Over-Read Vulnerability in Lua 5.4.3 Finalizer Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in D-Link DIR-882 Router Cross Site Scripting (XSS) Vulnerability in Sourcecodester Car Rental Management System 1.0 via vehicalorcview Parameter Unauthenticated Configuration Access in Totolink A3100R V5.9c.4577 OS Command Injection Vulnerability in Totolink A3100R V5.9c.4577 Hard-coded Telnet Password Vulnerability in Totolink A3100R V5.9c.4577 Firmware Unauthenticated Access and Unauthorized Configuration in Totolink A3100R V5.9c.4577 Predictable SESSION_ID in Totolink A3100R V5.9c.4577 Web Configuration Vulnerability Unrestricted File Upload Vulnerability in Sourcecodester Free School Management Software 1.0 Allows Remote Code Execution Untrusted Pointer Dereference Vulnerability in GNU Recutils v1.8.90 Untrusted Pointer Dereference Vulnerability in mrb_vm_exec() of mruby v3.0.0 Use-After-Free Vulnerability in GNU Recutils v1.8.90's rec_record_destroy() Function Use-After-Free Vulnerability in GNU Recutils v1.8.90's rec_mset_elem_destroy() Function Untrusted Pointer Dereference in mrb_vm_exec Function Leads to Segmentation Fault and Application Crash SQL Injection Vulnerability in Projectworlds Online Shopping Website Cross-Site Scripting (XSS) Vulnerability in OneBlog <= 2.2.8: Exploiting the 'Add' Function in the Operation Tab List Cross Site Scripting (XSS) Vulnerability in mysiteforme's Blog Tag Function CSRF Vulnerability in Background Blog Management Allows Unauthorized Blog Tag Addition CSRF Vulnerability in mblog <= 3.5.0: Malicious Link Leads to Article Deletion Cross Site Scripting (XSS) Vulnerability in JavaQuarkBBS <= v2 File Upload Bypasses Verification in ForestBlog ForestBlog XSS Vulnerability via Nickname Input Box Arbitrary Code Execution via File Upload Vulnerability in MCMS v5.2.4 Arbitrary File Deletion Vulnerability in MCMS v5.2.4 via /template/unzip.do Component Pointer Dereference Vulnerability in GPAC 1.0.1: Context-Dependent Denial of Service Pointer Dereference Vulnerability in GPAC 1.0.1: Denial of Service via shift_chunk_offsets.part Pointer Dereference Vulnerability in GPAC 1.0.1: Denial of Service via finplace_shift_moov_meta_offsets Function Segmentation Fault Vulnerability in GPAC 1.0.1: Denial of Service via co64_box_new Pointer Dereference Vulnerability in GPAC 1.0.1: Denial of Service via _fseeko Function Pointer Dereference Vulnerability in GPAC 1.0.1: Denial of Service via gf_list_count Function Pointer Dereference Vulnerability in GPAC 1.0.1 via ShiftMetaOffset.isra GPAC 1.0.1 Vulnerability: Denial of Service via Abort Failure Pointer Dereference Vulnerability in gf_isom_box_size function in GPAC 1.0.1 Pointer Dereference Vulnerability in GPAC 1.0.1 via gf_hinter_finalize Function Denial of Service Vulnerability in Binaryen 104: Assertion Abort in wasm::WasmBinaryBuilder::readFunctions Pointer Dereference Vulnerability in GPAC 1.0.1: Denial of Service via gf_fileio_check Function Binaryen 103: Stack Overflow Vulnerability in printf_common Function Pointer Dereference Vulnerability in GPAC 1.0.1: Denial of Service via Media_IsSelfContained Function Denial of Service Vulnerability in Binaryen 104: Assertion Abort in wasm::Tuple::validate Binaryen 103: Denial of Service Vulnerability Leading to SIGKILL Termination Denial of Service Vulnerability in Binaryen 104: Assertion Abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*) Denial of Service Vulnerability in Binaryen 104: Assertion Abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*) SQL Injection Vulnerability in Sourcecodester RSMS 1.0 via code Parameter Arbitrary File Deletion Vulnerability in MCMS v5.2.5 via oldFileName Component Server Side Template Injection (SSTI) vulnerability in MCMS v5.2.5 Template Management module Buffer Overflow Vulnerability in IrfanView 4.59 via Malicious .TIFF Image Arbitrary JavaScript Injection in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 Cookie Theft Vulnerability in Vehicle Service Management System 1.0 Allows Full Account Takeover Stored XSS Vulnerability in Vehicle Service Management System 1.0: My Account Section Stored XSS Vulnerability in Vehicle Service Management System 1.0: Mechanic List Section Stored XSS Vulnerability in Vehicle Service Management System 1.0: Service Requests Section in Login Panel Stored XSS Vulnerability in Vehicle Service Management System 1.0: Category List Section in Login Panel Stored XSS Vulnerability in Vehicle Service Management System 1.0: Service List Section in Login Panel Stored XSS Vulnerability in Sourcecodester Vehicle Service Management System 1.0: User List Section in Login Panel Stored XSS Vulnerability in Sourcecodester Vehicle Service Management System 1.0 via Settings Section in Login Panel Privilege Escalation Vulnerability in Sourcecodester Vehicle Service Management System 1.0 Allows Unauthorized Access to Admin Resources File Upload Vulnerability in Sourcecodester Vehicle Service Management System 1.0 Unrestricted File Upload Vulnerability in Sourcecodester Vehicle Service Management System 1.0 Unrestricted File Upload Vulnerability in Sourcecodester Vehicle Service Management System 1.0 CSRF Vulnerability in Vehicle Service Management System 1.0 Memory Leak Vulnerability in Moxa TN-5900 v3.1, MGate 5109 v2.2, and MGate 5101-PBM-MN v2.1 Series Devices Cross Site Scripting (XSS) Vulnerability in uscat's Statistical Code Input Box Cross Site Scripting (XSS) Vulnerability in 'Close Registration Information' Input Box in uscat (2021-12-28) Insecure Permissions Vulnerability in OneBlog <= 2.2.8: Unauthorized Deletion of High-Level Administrators Insecure Permissions in xzs-mysql >= t3.4.0: Exploiting Examination Paper Submission Vulnerability Storage XSS Vulnerability in jfinal_cms >= 5.1.0 Background System Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS Remote Code Execution Vulnerability Critical SQL Injection Vulnerability in JeecgBoot 3.0 Allows Root Privilege Database Manipulation Insecure Permissions Vulnerability in eliteCMS v1.0 via manage_uploads.php Remote Code Execution Vulnerability in DolphinPHP v1.5.0's /application/common.php#action_log Command Injection Vulnerability in Git for Windows Integer Overflow Vulnerability in Solana rBPF's relocate Function Directory Traversal Vulnerability in webp_server_go 0.4.0 Allows Arbitrary File Information Disclosure Server Side Request Forgery (SSRF) Vulnerability in Ligeo Archives Ligeo Basics as of 02_01-2022 Cross-Site Scripting (XSS) Vulnerability in D-Link DSL-2730E CT-20131125 Devices Reflected Cross Site Scripting (XSS) Vulnerability in ASUS RT-AC52U_B1 3.0.0.4.380.10931 Time-Based SQL Injection Vulnerabilities in Online Shopping Portal v3.1 Remote Code Execution Vulnerability in MartDevelopers KEA-Hotel-ERP: Exploiting File Upload Vulnerability RCE Vulnerability in jpress v4.2.0 via ProductNotifyKit#doSendEmail RCE Vulnerability in jpress 4.2.0 via io.jpress.web.admin._TemplateController#doUploadFile Remote Code Execution Vulnerability in JPress 4.2.0 via io.jpress.web.admin._TemplateController#doInstall Remote Code Execution Vulnerability in JPress 4.2.0 via Email Template Injection Remote Code Execution Vulnerability in JPress 4.2.0 via ArticleNotifyKit#doSendEmail Buffer Overflow Vulnerability in TP-Link TL-WR840N (EU) v6.20 Firmware Invalid Free Operations in uriparser's uriFreeUriMembers and uriMakeOwner Functions Invalid Free Operations in uriparser's uriNormalizeSyntax Integer Overflow Vulnerability in doProlog in Expat (libexpat) before 2.4.3 Cross-Site Scripting (XSS) Vulnerability in Roundcube Email Client Vulnerability in Honda Civic 2012 Keyfob System: Replay Attack Exploiting Non-Expiring Rolling Code and Counter Resynchronization XSS Vulnerability in MediaWiki's WikibaseMediaInfo Caption Fields CSRF Vulnerability in MediaWiki MassEditRegex Confidential Information Disclosure in MediaWiki SecurePoll Extension Denial of Service Vulnerability in MediaWiki Language Name Search Cross-Site Scripting (XSS) Vulnerability in MediaWiki Special:CheckUserLog Out-of-Bounds Write Vulnerability in Simcenter Femap Type Confusion Vulnerability in Simcenter Femap NEU File Parsing Memory Corruption Vulnerability in Simcenter Femap NEU File Parsing Stack-Based Buffer Overflow in Simcenter Femap NEU File Parsing (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304) Stack-Based Buffer Overflow in Simcenter Femap NEU File Parsing (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593) Out-of-Bounds Write Vulnerability in Simcenter Femap Memory Corruption Vulnerability in Simcenter Femap Allows Code Execution (ZDI-CAN-14757) Stack-Based Buffer Overflow in Simcenter Femap NEU File Parsing (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602) Out-of-Bounds Write Vulnerability in Simcenter Femap Out-of-Bounds Write Vulnerability in Simcenter Femap NEU File Parsing (ZDI-CAN-15286) Out-of-Bounds Write Vulnerability in Simcenter Femap NEU File Parsing (ZDI-CAN-15302) Out-of-Bounds Write Vulnerability in Simcenter Femap (ZDI-CAN-15048) XSS Vulnerability in Kentico Xperience 13.0.44 Media Libraries Subsystem Remote Code Execution in Zoho ManageEngine Desktop Central Reports Module Improperly Defined Executable Path Vulnerability in Zoho ManageEngine Desktop Central Information Disclosure Vulnerability in Zoho ManageEngine Desktop Central before 10.0.662 Authentication Module Access Control Vulnerability in wizplat PD065 v1.19 Out-of-Bounds Write Vulnerability in Spin v6.5.1's lex() Function Use-After-Free Vulnerability in Modex v2.11 via tcache Component Use-After-Free Vulnerability in lexer_compare_identifier_to_string in JerryScript NULL Pointer Dereference Vulnerability in Modex v2.11's set_create_id() Function Heap-based Buffer Overflow in bfd_getl32 function in Binutils objdump 3.37 Denial of Service Vulnerability in upx before 4.0.0 via Crafted File in readx Function Uncontrolled Recursion Vulnerability in GCC v12.0's libiberty/rust-demangle.c Component SQL Injection Vulnerability in Sourceodester Courier Management System 1.0 via email parameter in /cms/ajax.php app SQL Injection Vulnerability in Sourcecodester Simple Music Cloud Community System 1.0 via email parameter in /music/ajax.php SQL Injection Vulnerability in Sourcecodester Online Resort Management System 1.0 Arbitrary File Read Vulnerability in Taocms v3.0.2 via Path Parameter Arbitrary File Read and SQL Injection Vulnerabilities in Taocms v3.0.2 Buffer Overflow Vulnerability in libMeshb v7.61's GmfOpenMesh() Function Allows for Denial of Service (DoS) via Crafted MESH File Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1: Exploiting wget_test.asp Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 via httpd_debug.asp Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 - usb_paswd.asp Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1: Exploiting Upgrade_Filter Function Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 - urlrd_opt.asp Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 - version_upgrade.asp Command Injection Vulnerability in D-Link DI-7200GV2.E1 v21.04.09E1 NULL Pointer Dereference Vulnerability in GPAC v1.1.0: Denial of Service (DoS) via gf_node_unregister() NULL Pointer Dereference Vulnerability in GPAC v1.1.0: Denial of Service (DoS) via gf_sg_vrml_field_pointer_del() Untrusted Pointer Dereference Vulnerability in GPAC v1.1.0 Stack Overflow Vulnerability in GPAC v1.1.0: Denial of Service via gf_node_get_name() Invalid Free Vulnerability in GPAC v1.1.0's MP4Box: Potential Denial of Service (DoS) Exploit NULL Pointer Dereference Vulnerability in GPAC v1.1.0: DoS via gf_dump_vrml_sffield() Heap-Use-After-Free Vulnerability in HDF5 v1.13.1-1 via H5AC_unpin_entry Component Untrusted Pointer Dereference Vulnerability in HDF5 v1.13.1-1 Divide By Zero Vulnerability in HDF5 v1.13.1-1: H5T__complete_copy() Function Denial of Service (DoS) Critical Vulnerability: Hard-coded Cryptographic Key in ASUS CMAX6000 v1.02.00 Authorization Bypass Vulnerability in ScratchOAuth2 Allows App Owners to Falsely Verify Apps User Authentication Bypass Vulnerability in ScratchOAuth2 Reflected Cross-Site Scripting (XSS) Vulnerability in ScratchOAuth2 CSRF Vulnerability in Scratch Wiki's RequirementsBypassPage.php Allows Account Request Requirement Modification Cross-Site Scripting (XSS) Vulnerability in Anchor CMS v0.12.7 Create Post Function Arbitrary File Deletion Vulnerability in eyouCMS V1.5.5-UTF8-SP3_1 Stack Buffer Overflow in Tenda AC Series Router AC11_V02.03.01.104_CN PPPoE Module Stack Buffer Overflow in Tenda AC Series Router AC11_V02.03.01.104_CN's wifiTime Module Stack Buffer Overflow in Tenda AC Series Router AC11_V02.03.01.104_CN's onlineList Module Stack Buffer Overflow in Tenda AC Series Router AC11_V02.03.01.104_CN's wanBasicCfg Module Insufficient Permission Validation in JFrog Artifactory Allows Listing of All Repository Names Title: Session Fixation and Insufficient Session Expiration Vulnerabilities in Lanner Inc IAC-AST2500A Firmware v1.10.0 NULL pointer dereference and general protection fault in nf_tables_newset Unauthenticated Web Server Access Vulnerability in CP-8000 and CP-8020 Master Modules SQL Injection Vulnerability in Projectworlds Online Examination System 1.0 via eid parameter in account.php SQL Injection Vulnerability in Sourcecodester Online Railway Reservation System 1.0 via sid Parameter SQL Injection Vulnerability in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 Denial of Service Vulnerability in djvulibre 3.5.28 via Divide by Zero in IW44Image.cpp NULL Pointer Dereference Vulnerability in GPAC v1.1.0: Denial of Service (DoS) via gf_sg_destroy_routes() Denial of Service Vulnerability in djvulibre 3.5.28 Segmentation Fault Vulnerability in GPAC v1.0.1's Binary MP4Box: Denial of Service (DoS) Exploit D-Link Router DIR-846 RCE Vulnerability in SetNetworkTomographySettings.php D-Link Router DIR-846 Remote Command Execution (RCE) Vulnerability D-Link Router DIR-846 Remote Code Execution (RCE) Vulnerability Reentrancy Vulnerability in OpenZeppelin <=v4.4.0 Initializer Functions Stack Buffer Overflow in Tenda AC Series Router AC11_V02.03.01.104_CN's wifiBasicCfg Module SEGV Vulnerability in Duktape v2.99.99 via duk_push_tval in duktape/duk_api_stack.c SEGV Vulnerability in Espruino 2v11.251 via jsiGetDeviceFromClass Stack Buffer Overflow in Espruino 2v11.251 via jsvNewFromString in src/jsvar.c Stack Buffer Overflow in Espruino 2v10.246 via vcbprintf in src/jsutils.c Heap-Buffer-Overflow Vulnerability in Moddable SDK v11.5.0 via __asan_memcpy Component SEGV Vulnerability in Moddable SDK v11.5.0's fx_Array_prototype_sort Heap-Buffer-Overflow Vulnerability in Moddable SDK v11.5.0 via __libc_start_main Component SEGV Vulnerability in Moddable SDK v11.5.0 via _fini Component SEGV Vulnerability in Moddable SDK v11.5.0: fx_ArrayBuffer_prototype_concat in xsDataView.c SEGV Vulnerability in Moddable SDK v11.5.0: fxProxyGetPrototype in xsProxy.c Heap-Buffer-Overflow Vulnerability in Moddable SDK v11.5.0 Invalid Memory Access Vulnerability in Moddable SDK v11.5.0 via __asan_memmove Component Stack Buffer Overflow in Moddable SDK v11.5.0: Vulnerability in __interceptor_strcat Component NULL Pointer Dereference Vulnerability in Moddable SDK v11.5.0: fx_Function_prototype_hasInstance Component Assertion Failure in JerryScript 3.0.0: PARSER_CLASS_LITERAL_CTOR_PRESENT Assertion Failure in JerryScript 3.0.0: parser_list_get (page_p != NULL) Assertion Failure in JerryScript 3.0.0: ecma_is_lexical_environment (object_p) Assertion Failure in JerryScript 3.0.0: lit_is_valid_cesu8_string Assertion Failure in JerryScript 3.0.0: Invalid Statement End in Scanner Assertion Failure in JerryScript 3.0.0: ecma_is_lexical_environment() or ecma_op_object_is_fast_array() Assertion Failure in JerryScript 3.0.0: context_p->token.type == LEXER_LITERAL Assertion Failure in JerryScript 3.0.0: flags & PARSER_PATTERN_HAS_REST_ELEMENT Assertion Failure in JerryScript 3.0.0: cesu8_cursor_p == cesu8_end_p Assertion Failure in JerryScript 3.0.0: Date Prototype Dispatch Set Assertion Failure in JerryScript 3.0.0: ecma_object_check_class_name_is_object() Assertion Failure in JerryScript 3.0.0: ECMA_STRING_IS_REF_EQUALS_TO_ONE Assertion Failure in JerryScript 3.0.0: Invalid Object Type Assertion Failure in JerryScript 3.0.0: ecma_is_value_object(value) Assertion Failure in JerryScript 3.0.0: Incorrect Local Time Zone Adjustment in Date Prototype Information Disclosure Vulnerability in D-Link DIR-X1860 Web Interface Information Disclosure Vulnerability in Thinfinity VirtualUI Stored Cross-Site Scripting (XSS) Vulnerability in OCS Inventory 2.9.1 Denial of Service Vulnerability in FISCO-BCOS Release-3.0.0-rc2: Potential for Double-Spending Attacks Authenticated Remote Code Execution (RCE) via PHP Shell Upload in Composr-CMS 10.0.39 and Earlier Arbitrary Code Execution Vulnerability in Magnolia CMS v6.2.11 and below Server-Side Template Injection (SSTI) Vulnerability in Magnolia v6.2.3 and Below Formula Injection Vulnerability in Magnolia v6.2.3 and Below: Arbitrary Code Execution via Exported CSV/XLS Files Arbitrary Code Execution Vulnerability in Snake YAML Parser of Magnolia CMS v6.2.3 and Below XML External Entity (XXE) Vulnerability in Magnolia v6.2.3 and Below Export Function Login Page Vulnerability in Magnolia CMS v6.2.3 and below: Exploiting Open Redirect and CSRF for Credential Brute Force and Exfiltration Remote Code Execution Vulnerability in RiteCMS Admin Panel Unquoted Path Service Vulnerability in TRIGONE Remote System Monitor 3.61 Incorrect Access Control Vulnerability in antd-admin 5.5.0: Unauthorized Access and Sensitive Information Leakage XSS Vulnerability in Scoold 1.47.2 Markdown Editor Front-End SQL Injection Vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser Unauthenticated Remote Configuration Download Vulnerability in DLink DIR850 ET850-1.08TRb03 DLink DIR850 ET850-1.08TRb03 Incorrect Access Control Vulnerability through URL Redirection D-Link DAP-1620 Local File Inclusion Vulnerability Allows Unauthorized Access to Internal Files Unauthenticated Cross-Site Scripting (XSS) Vulnerability in Netgear WAC120 AC Access Point MCMS <=5.2.5 SQL Injection Vulnerability: Remote Information Disclosure Pre-Auth Remote Code Execution (RCE) Vulnerability in MCMS <=5.2.5 MCMS <=5.2.5 SQL Injection Vulnerability: Remote Information Disclosure Remote Code Execution via File Upload Vulnerability in mingSoft MCMS Cross Site Scripting (XSS) Vulnerability in ZyXEL ZyWALL 2 Plus Internet Security Appliance Integer Overflow Vulnerability in IIPImage High Resolution Streaming Image Server Access Control Bypass Vulnerability in Lexar_F35 v1.0.34 Allows Unauthorized Access and DoS Stack Buffer Overflow Vulnerability in Tenda-AX3 Router V16.03.12.10_CN Stack Buffer Overflow Vulnerability in Tenda-AX3 Router V16.03.12.10_CN Cross-Site Request Forgery (CSRF) Vulnerability in Filebrowser < 2.18.0 Allows Creation of Backdoor User and Remote Code Execution (RCE) Stack Buffer Overflow in Tenda AX12 v22.03.01.21: Denial of Service via strcpy Parameter Vulnerability: Insecure Direct Object Reference and Insecure Cookie Handling in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Path Traversal Vulnerability in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Unauthorized File Creation Vulnerability in Telesquare TLR-2855KS6 via PUT Method Allows CGI Script Creation Telesquare TLR-2855KS6 DELETE Method Vulnerability: Unauthorized File Deletion Unauthenticated Directory Traversal Vulnerability in Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 Unauthenticated Directory Traversal Vulnerability in Franklin Fueling Systems FFS T5 Series 1.8.7.7299 Telesquare SDT-CW3B1 1.1.0 OS Command Injection Vulnerability Telesquare TLR-2005KSH 1.0.0 Unauthenticated File Download Vulnerability Arbitrary File Deletion Vulnerability in Telesquare TLR-2005KSH 1.0.0 Reflected XSS and CSRF Vulnerability in phpIPAM 1.4.4 Subnets Functionality SQL Injection Vulnerability in Sourcecodester Simple Chatbot Application 1.0 via Master.php's message parameter Sourcecodester Simple Chatbot Application 1.0 Remote Code Execution (RCE) Vulnerability via bot_avatar Parameter Arbitrary PHP Code Execution Vulnerability in Fenom 2.12.1 and Earlier Username Enumeration Vulnerability in EMQ X Dashboard V3.0.0 SQL Injection Vulnerability in ZZCMS 2021 ad_manage.php Cross-Site Scripting (XSS) Vulnerability in ZZCMS 2021 ad_manage.php Vulnerability: Password Exposure and API Documentation Exploitation in Strapi Arbitrary Command Execution Vulnerability in D-Link DIR-825 G1's webupg Binary Authentication Bypass Vulnerability in D-Link DIR-825 G1's webupg Binary SQL Injection Vulnerability in H.H.G Multistore v5.1.0 and below via /admin/admin.php?module=admin_group_edit&agID SQL Injection Vulnerability in H.H.G Multistore v5.1.0 and below via /admin/categories.php?box_group_id SQL Injection Vulnerability in H.H.G Multistore v5.1.0 and below via /admin/admin.php?module=admin_access_group_edit&aagID Cross-Site Scripting (XSS) Vulnerability in H.H.G Multistore v5.1.0 and Below SQL Injection Vulnerability in H.H.G Multistore v5.1.0 and below via /admin/customers.php?page=1&cID SQL Injection Vulnerability in Sourcecodester Online Project Time Management System 1.0 via pid Parameter in load_file Function Command Injection Vulnerability in D-Link DIR-823-Pro v1.0.2 Command Injection Vulnerability in D-Link DIR-823-Pro v1.0.2 Command Injection Vulnerability in D-Link DIR-823-Pro v1.0.2: Exploiting SetWLanApcliSettings Function Command Injection Vulnerability in D-Link DIR-823-Pro v1.0.2 Command Injection Vulnerability in D-Link DIR-823-Pro v1.0.2: Exploiting SetWLanACLSettings Function Command Injection Vulnerability in D-Link DIR-823-Pro v1.0.2: Exploiting ChgSambaUserSettings Function SQL Injection Vulnerability in Victor CMS v1.0 via admin/posts.php?source=add_post Multiple SQL Injection Vulnerabilities in Victor CMS v1.0's admin/users.php?source=add_user Component Out-of-Bounds Array Access Vulnerability in njs through 0.7.0 Segmentation Violation Vulnerability in njs through 0.7.1 Type Confusion Vulnerability in njs_promise_perform_then() in NGINX Heap Buffer Overflow in Jsish v3.5.0 via jsiEvalCodeSub in src/jsiEval.c Heap Buffer Overflow in Jsish v3.5.0 via jsi_ArraySliceCmd in src/jsiArray.c Heap Buffer Overflow in Jsish v3.5.0 via RegExp_constructor in src/jsiRegexp.c Heap Buffer Overflow in Jsish v3.5.0 via jsiClearStack in src/jsiEval.c Heap Buffer Overflow in Jsish v3.5.0 via jsiValueObjDelete in src/jsiEval.c Memory Leak Vulnerability in Jsish v3.5.0 via linenoise.c Heap Buffer Overflow in Jsish v3.5.0 via NumberConstructor Heap Buffer Overflow in Jsish v3.5.0 via BooleanConstructor at src/jsiBool.c Heap-Use-After-Free Vulnerability in Jsish v3.5.0 via Jsi_IncrRefCount in src/jsiValue.c SEGV Vulnerability in Jsish v3.5.0: Exploiting Jsi_ValueIsNumber for Denial of Service (DoS) SEGV vulnerability in Jsish v3.5.0 via jsi_ArraySpliceCmd at src/jsiArray.c leading to Denial of Service (DoS) SEGV Vulnerability in Jsish v3.5.0: Denial of Service (DoS) via /lib/x86_64-linux-gnu/libc.so.6+0x18e506 SEGV Vulnerability in Jsish v3.5.0: Denial of Service via jsi_ArrayConcatCmd Heap-Use-After-Free Vulnerability in Jsish v3.5.0: Potential Denial of Service (DoS) SEGV Vulnerability in Jsish v3.5.0: NumberConstructor DoS SEGV Vulnerability in Jsish v3.5.0 via Jsi_CommandPkgOpts at src/jsiCmds.c SEGV vulnerability in Jsish v3.5.0 via Jsi_FunctionInvoke at src/jsiFunc.c leading to Denial of Service (DoS) Heap-Use-After-Free Vulnerability in Jsish v3.5.0 via jsi_ValueLookupBase in src/jsiValue.c Heap-Use-After-Free Vulnerability in Jsish v3.5.0: DeleteTreeValue DoS Heap-Use-After-Free Vulnerability in Jsish v3.5.0: Potential Denial of Service (DoS) Exploit Heap-Use-After-Free Vulnerability in Jsish v3.5.0 via jsi_UserObjDelete in src/jsiUserObj.c Heap-Use-After-Free Vulnerability in Jsish v3.5.0: Exploitable DoS via jsi_wswebsocketObjFree Heap-Use-After-Free Vulnerability in Jsish v3.5.0 via jsi_ValueCopyMove in src/jsiValue.c Heap-Use-After-Free Vulnerability in Jsish v3.5.0 via jsi_ArgTypeCheck in src/jsiFunc.c Heap-Use-After-Free Vulnerability in Jsish v3.5.0: SortSubCmd in src/jsiArray.c Heap-Use-After-Free Vulnerability in Jsish v3.5.0 via libasan.so.4+0x5166d Heap-Use-After-Free Vulnerability in Jsish v3.5.0 via libasan.so.4+0x79732 Assertion Failure in Jsish v3.5.0: 'vp != resPtr' at jsiEval.c Stack Overflow Vulnerability in Jsish v3.5.0 via libasan.so.4+0x5b1e5 Assertion Failure in Jsish v3.5.0: v->d.lval != v Stack Overflow Vulnerability in Jsish v3.5.0 via Jsi_LogMsg at src/jsiUtils.c Assertion Failure in Cesanta MJS v2.20.0: `i < parts_cnt' at src/mjs_bcode.c Stack Overflow Vulnerability in Cesanta MJS v2.20.0 via snquote at mjs/src/mjs_json.c Assertion Failure in Cesanta MJS v2.20.0: s < mjs->owned_strings.buf + mjs->owned_strings.len Assertion Failure in Cesanta MJS v2.20.0: m->len >= sizeof(v) Cesanta MJS v2.20.0 SEGV Vulnerability in mjs_apply at src/mjs_exec.c Global Buffer Overflow in Cesanta MJS v2.20.0 via mjs_mk_string at mjs/src/mjs_string.c Assertion Failure in Cesanta MJS v2.20.0: ppos is NULL or not a number Assertion Failure in Cesanta MJS v2.20.0: mjs_stack_size(&mjs->scopes) >= scopes_len SEGV Vulnerability in Cesanta MJS v2.20.0: Exploiting mjs_stack_size in mjs_core.c for Denial of Service (DoS) Assertion Failure in Cesanta MJS v2.20.0: mjs_stack_size(&mjs->scopes) > 0 Heap Buffer Overflow Vulnerability in Cesanta MJS v2.20.0 via mjs_disown at src/mjs_core.c Heap Buffer Overflow in Cesanta MJS v2.20.0 via mjs_array_length at src/mjs_array.c Heap Buffer Overflow in Cesanta MJS v2.20.0 via mjs_jprintf at src/mjs_util.c Global Buffer Overflow in Cesanta MJS v2.20.0 via c_vsnprintf at mjs/src/common/str_util.c Heap Buffer Overflow Vulnerability in Cesanta MJS v2.20.0 via libasan.so.4+0xaff53 Heap Buffer Overflow Vulnerability in Cesanta MJS v2.20.0 via to_json_or_debug at mjs/src/mjs_json.c Heap Buffer Overflow Vulnerability in Cesanta MJS v2.20.0 via snquote at mjs/src/mjs_json.c Heap-Use-After-Free Vulnerability in Cesanta MJS v2.20.0 via mjs_apply at src/mjs_exec.c Global Buffer Overflow Vulnerability in Cesanta MJS v2.20.0 via snquote at src/mjs_json.c Heap Buffer Overflow in Cesanta MJS v2.20.0 via mjs_get_cstring at src/mjs_string.c Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via /usr/local/bin/mjs+0x5361e Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via /usr/local/bin/mjs+0x8814e Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via mjs_execute at src/mjs_exec.c Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via /usr/local/bin/mjs+0x8d28e Cesanta MJS v2.20.0 SEGV Vulnerability in exec_expr at src/mjs_exec.c Cesanta MJS v2.20.0 SEGV Vulnerability in getprop_builtin_foreign Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via /usr/local/bin/mjs+0xe533e Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via /usr/local/bin/mjs+0x9a30e Cesanta MJS v2.20.0 SEGV Vulnerability in gc_compact_strings Cesanta MJS v2.20.0 SEGV Vulnerability Leading to Denial of Service (DoS) SEGV Vulnerability in Cesanta MJS v2.20.0: Denial of Service (DoS) via mjs_get_mjs at src/mjs_builtin.c Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via /usr/local/bin/mjs+0x2c6ae SEGV Vulnerability in Cesanta MJS v2.20.0: Exploiting mjs_print in src/mjs_builtin.c for Denial of Service (DoS) Cesanta MJS v2.20.0 SEGV Vulnerability Leading to Denial of Service (DoS) Cesanta MJS v2.20.0 SEGV Vulnerability Leading to Denial of Service (DoS) Cesanta MJS v2.20.0 SEGV Vulnerability Leading to Denial of Service (DoS) Cesanta MJS v2.20.0 SEGV Vulnerability in mjs_next at src/mjs_object.c Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via /usr/local/bin/mjs+0x2c17e Cesanta MJS v2.20.0 SEGV Vulnerability in add_lineno_map_item at src/mjs_bcode.c SEGV Vulnerability in Cesanta MJS v2.20.0: Denial of Service (DoS) via parse_cval_type at src/mjs_ffi.c Cesanta MJS v2.20.0 SEGV Vulnerability: Denial of Service (DoS) via free_json_frame at src/mjs_json.c Cesanta MJS v2.20.0 SEGV Vulnerability in mjs_set_internal at src/mjs_object.c Cesanta MJS v2.20.0 SEGV Vulnerability in mjs_json_stringify SEGV Vulnerability in Cesanta MJS v2.20.0: Denial of Service (DoS) via mjs_bcode_insert_offset at src/mjs_bcode.c Cross-Site Scripting (XSS) Vulnerability in Vicidial 2.14-783a via Input Tabs Cross-Site Scripting (XSS) Vulnerabilities in Issabel PBX Add User Module Weak Algorithm Vulnerability in Moxa TN-5900 Firmware Command Injection Vulnerability in Moxa TN-5900 Devices: A Path to Device Damage Arbitrary User Account Transfer Vulnerability in CVE Services API 1.1.1 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via JT File Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution via JT File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley View 10.16.0.80 via JT File Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution via DGN File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution via JT File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via J2K Image Parsing Arbitrary Code Execution via JT File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Crafted 3DS Files (ZDI-CAN-15380) Arbitrary Code Execution via 3DS File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via JT File Parsing Arbitrary Code Execution via 3DS File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious DWG Files (ZDI-CAN-15387) Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious DWG Files (ZDI-CAN-15388) Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious 3DS Files (ZDI-CAN-15389) Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via OBJ File Parsing (ZDI-CAN-15390) Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution via JT File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via PDF Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious 3DS Files (ZDI-CAN-15396) Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via PNG Image Parsing (ZDI-CAN-15398) Arbitrary Code Execution via BMP Image Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious BMP Images Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious 3DS Files Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious DWG Files (ZDI-CAN-15402) Arbitrary Code Execution via PDF Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via JP2 Image Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via PDF Parsing (ZDI-CAN-15406) Arbitrary Code Execution via DXF File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability Bentley MicroStation CONNECT 10.16.0.80 BMP Image Parsing Remote Code Execution Vulnerability Bentley MicroStation CONNECT 10.16.0.80 BMP Image Parsing Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via TIF Image Parsing (ZDI-CAN-15411) Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via PNG Image Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via PDF Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via FBX File Parsing Arbitrary Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious 3DS Files (ZDI-CAN-15453) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious DWG Files (ZDI-CAN-15454) Arbitrary Code Execution Vulnerability in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via J2K Image Parsing (ZDI-CAN-15456) Arbitrary Code Execution via DXF File Parsing in Bentley View 10.15.0.75 Bentley View 10.15.0.75 BMP Image Parsing Remote Code Execution Vulnerability Bentley View 10.15.0.75 BMP Image Parsing Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious FBX Files (ZDI-CAN-15460) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via TIF Image Parsing (ZDI-CAN-15461) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via JP2 Image Parsing (ZDI-CAN-15462) Arbitrary Code Execution via PDF Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution via DGN File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing Arbitrary Code Execution via DGN File Parsing in Bentley View 10.15.0.75 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 via Malicious BMP Image Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution via BMP Image Parsing in Bentley MicroStation CONNECT 10.16.0.80 Arbitrary Code Execution via DGN File Parsing in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.0.80 Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via Malicious BMP Images (ZDI-CAN-15539) Remote Code Execution Vulnerability in Bentley View 10.15.0.75 via DGN File Parsing Arbitrary Code Execution via JT File Parsing in Bentley View 10.15.0.75 Buffer Overflow Vulnerability in Bentley View 10.15.0.75 Allows Remote Code Execution Application Crash Vulnerability in MariaDB's get_sort_by_table Function Application Crash Due to Incorrect Handling of with_window_func in MariaDB (CVE-2021-27928) MariaDB SELECT_LEX::nest_level Local Variable Vulnerability XML External Entity (XXE) Vulnerability in Signiant Manager+Agents before 15.1 Application Crash Vulnerability in MariaDB through 10.5.9 via Unused Common Table Expression (CTE) MariaDB 10.5.9 UPDATE Statement Application Crash Vulnerability MariaDB 10.5.13 Vulnerability: Application Crash via SELECT Statements in ha_maria::extra Application Crash Vulnerability in MariaDB through 10.5.9: sub_select_postjoin_aggr NULL Value Issue SQL Injection Vulnerability in MariaDB through 10.5.9: Application Crash due to Incorrect used_tables Expectations Application Crash Vulnerability in MariaDB 10.6.1 and Earlier Integer Overflow Vulnerability in MariaDB (CVE-2021-27928) Application Crash Vulnerability in MariaDB through 10.5.9 via SELECT DISTINCT Statements Use-after-free vulnerability in MariaDB through 10.5.9 with BIGINT data type Array Overflow Vulnerability in atftp before 0.7.5 Allows Disclosure of Server-Side /etc/group Data XSS Vulnerability in Pandora FMS Version 756 and Below: Code Execution via Transactional Maps Name Field XSS Vulnerability in Pandora FMS Version 756 and Below: Event Filter Name Field Code Execution Critical XSS Vulnerability in Pandora FMS v756 and Below: Remote Code Execution via Service Name Field Critical XSS Vulnerability in Pandora FMS v756 and Below: Remote Code Execution via Service Elements XSS Vulnerability in Pandora FMS Version 756 and Below: Remote Code Execution via Module Form Name Field XSS Vulnerability in Pandora FMS v756 and Below: Exploiting the Module Massive Operation Name Field Sensitive Data Exposure through Project Administrator REST API in JFrog Artifactory versions prior to 7.31.10 and 6.23.38 Stack-Based Buffer Overflow in Simcenter Femap (All versions < V2022.1.1) Allows Code Execution (ZDI-CAN-15061) Double Free Vulnerability in libsixel 1.8.6 WebSocket Transport Vulnerability in PreMiD 2.2.0: Interference with Discord Now Playing Status Information Disclosure Vulnerability in Tor Browser 9.0.7 on Windows 10 Arbitrary Code Execution in IsolatedRazorEngine (Unsupported Versions) Unauthenticated OS Command Injection in GenieACS UI Interface API Insecure Temporary File Vulnerability in Grub-once of Grub2 in SUSE Linux Enterprise Server 15 SP4 and openSUSE Factory Remote Clickjacking Vulnerability in swagger-ui-dist Package Cross-Site Scripting (XSS) Vulnerability in phpLiteAdmin 1.9.8.2 via newRows Parameter Design Defect in Device Authentication Service Module: A Threat to Data Confidentiality Critical Vulnerability: Design Flaws in Basic Framework and Setting Module Compromise System Integrity Unauthorized Insertion and Tampering of Settings.Secure Data in Multi-Window Module Algorithm-Confusion Vulnerability in Firebase PHP-JWT Library SEV Guest Data Inference Vulnerability ASP Vulnerability: Insufficient Bounds Checking Leading to Denial of Service ASP Vulnerability: Out of Bounds Read in SMI Mailbox Checksum Calculation ASP Sensor Fusion Hub Header Length Validation Vulnerability Insufficient Input Validation in ASP Bootloader: Potential Loss of Confidentiality and Integrity SysHub Resource Exhaustion Vulnerability Insufficient Input Validation in ASP Bootloader Allows for Denial of Service and Integrity Loss Memory Buffer Overflow Vulnerability in ASP Secure OS SPI Flash Address Validation Vulnerability in AMD Secure Processor Bootloader Vulnerability: Unauthorized Memory Disclosure in AMD TEE Bootloader Vulnerability: Out-of-Bounds Memory Access and Potential Code Execution SMU Input Validation Vulnerability Buffer Overflow Vulnerability in SMU DRAM Address Validation Vulnerability in SMU ASP Vulnerability: Insufficient Input Validation Leading to Denial of Service ASP Bootloader Vulnerability: Secret Key Exposure through Improper Data Clearing Physical Access Vulnerability in ASP Allows Unauthorized Memory Write Access SEV Firmware Vulnerability: Out-of-Bounds Memory Reads in ASP Boot Loader Arbitrary DMA Copy Vulnerability in ASP Bootloader Address Validation Vulnerability in AMD Secure Processor (ASP) Firmware System Call Memory Corruption Vulnerability in ABL with Potential Code Execution DRAM Address Validation Vulnerability in SMU Memory Overwrite Vulnerability in ABL with Physical Access SMT Scheduler Contention Side Channel Vulnerability on AMD Zen Microarchitectures Insufficient Input Validation in SVC_ECC_PRIMITIVE System Call Vulnerability Reflected Cross-Site Scripting in Easy Google Maps WordPress Plugin Reflected Cross-Site Scripting in Coming Soon by Supsystic WordPress Plugin Reflected Cross-Site Scripting in Supsystic Pricing Table WordPress Plugin Improper Buffer Management in Squid Proxy Server Leads to Denial of Service Permission Control Vulnerability in Property Module Allows Unauthorized Access to Unique Device Identifier Audio Module Parameter Verification Vulnerability Improper Permission Control in AMS Module: Potential Crash of Non-System Application Processes iConnect Module Vulnerability: Third-Party Pop-Up Window Coverage Secure OS Module Configuration Defects: A Threat to Availability Heap-Based Buffer Overflow in ntfsck of NTFS-3G through 2021.8.22 SMM Binary Parsing Vulnerability BIOS2PSP Command TOCTOU Vulnerability ASP Vulnerability: Out of Bounds Read in SMI Mailbox Checksum Calculation BIOS Compromise Exploits TOCTOU Vulnerability, Leading to Denial of Service Vulnerability in HwSEServiceAPP: Disclosure of Card Production Life Cycle (CPLC) Information Multi-Device Interaction Vulnerability in Device Manager: Threat to Data Integrity Residual File Retention Vulnerability in ChinaDRM Module: A Threat to Availability Critical Out-of-Bounds Memory Read/Write Vulnerability in Video Framework Memory Corruption Vulnerability in Adobe Premiere Pro Allows Arbitrary Code Execution via Malicious M4A File Memory Corruption Vulnerability in Adobe Media Encoder 15.4 and Earlier: Arbitrary Code Execution via Malicious M4A File Memory Corruption Vulnerability in Adobe Media Encoder 15.4 and Earlier: Arbitrary Code Execution via Malicious M4A File Arbitrary File Deletion Vulnerability in XOS-Shop 1.0.9 Heap-based Buffer Overflow in libjpeg-turbo's PPM Reader Denial of Service Vulnerability in python-ldap before 3.4.0 XSS Vulnerability in School File Management System 1.0 via Lastname Parameter HTTP Desync Vulnerability in Symantec Advanced Secure Gateway (ASG) and ProxySG XSS Vulnerability in Oxygen XML WebHelp Search Field Denial of Service Vulnerability in libtirpc before 1.3.3rc1 Heap-based Buffer Overflow in GNOME GdkPixbuf Path Traversal Vulnerability in GoAnywhere MFT Allows Unauthorized File Access Permission Bypass Vulnerability in Huawei Cross Device Task Management WS7200-10 11.0.2.13 Traffic Hijacking Vulnerability WLAN Module Interfaces Information Disclosure Vulnerability Sangoma Asterisk T.38 Re-Invite Crash Vulnerability HW_KEYMASTER Module Vulnerability: Missing Bounds Check on Length Out-of-Bounds Access Vulnerability in HW_KEYMASTER Module Parameter Set Verification Privacy Breach: User Activity Tracking Vulnerability in Apple Music 3.5.0 for Android XSS Vulnerability in HPE Integrated Lights-Out 5 Off-by-one Array Size Check Vulnerability in GNU Libtasn1 Command Injection Vulnerability in myVesta Control Panel and Vesta Control Panel Secure Memory Attribute Verification Vulnerability in DRM Module Leads to Abnormal Video Playback Logic Bypass Vulnerability in Memory Management Module: A Threat to Data Confidentiality Denial of Service Vulnerability in Alpine Email Client Memory Disclosure Vulnerability in mod_radius in ProFTPD Path Traversal Vulnerability in Multi-Screen Collaboration Module Memory Release Vulnerability in HW_KEYMASTER Module Memory Release Vulnerability in HW_KEYMASTER Module XSS Vulnerability in Phoenix.HTML's HEEx Class Attributes Cross-Site Scripting (XSS) Vulnerability in Nim RST Module Time Manipulation Vulnerability in WireGuard Cross-Site Scripting (XSS) Vulnerability in eZ Platform Ibexa Kernel Account Existence Disclosure Vulnerability Denial of Service Vulnerability in Jackson-databind JSON Deserialization Use-after-free vulnerability in Treasure Data Fluent Bit 1.7.1 Heap Overflow Vulnerability in Treasure Data Fluent Bit 1.7.1 Authentication Bypass Vulnerability in x509_verify.c Memory Overwriting Vulnerability in Video Framework: Impact on Availability Memory Overwriting Vulnerability in Video Framework: Impact on Availability Memory Overwriting Vulnerability in Video Framework: Impact on Availability Memory Overwriting Vulnerability in Video Framework: Impact on Availability Memory Overwriting Vulnerability in Video Framework: Impact on Availability Memory Overwriting Vulnerability in Video Framework: A Threat to Availability HW_KEYMASTER Module Vulnerability: Out-of-Bounds Read via Length Check Bypass Stored Cross-Site Scripting (XSS) Vulnerability in hledger before 1.23 XSS Vulnerability in 10Web Photo Gallery Plugin for WordPress GPU Module Inadequate Read and Write Permission Verification Vulnerability GPU Module Inadequate Read and Write Permission Verification Vulnerability Maintenance Mode Encryption Bypass Vulnerability Unstrict Data Verification and Parameter Check Vulnerability: A Threat to Integrity Title: Kernel Privilege Escalation via UAF Vulnerability in uinput Module Design Process Defects in Multi-Device Task Center: App Lock Bypass and Device Reset Vulnerability Buffer Overflow Vulnerability in PX4-Autopilot: Denial of Service via Handler Function Handling Msgid 332 Path Traversal Vulnerability in Wagtail CRX CodeRed Extensions Incomplete Protection Against Protocol-Relative URL Redirection Vulnerability in Django Grappelli Remote Code Execution Vulnerability in SyncTrayzor 1.1.29 via CEF Remote Debugging Insecure Cookie Handling in Sympa before 6.2.62 Stack-based Buffer Overflow in 6lbr-webserver HTTPD.c Path Validation Vulnerability in Meinberg LANTIME-Firmware User Account Deletion Vulnerability in Meinberg LANTIME-Firmware CVE-2021-46904 CVE-2021-46905 CVE-2021-46906 CVE-2021-46907 CVE-2021-46908 CVE-2021-46909 CVE-2021-46910 CVE-2021-46911 CVE-2021-46912 CVE-2021-46913 CVE-2021-46914 CVE-2021-46915 CVE-2021-46916 CVE-2021-46917 CVE-2021-46918 CVE-2021-46919 CVE-2021-46920 CVE-2021-46921 CVE-2021-46922 CVE-2021-46923 CVE-2021-46924 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46928 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46932 CVE-2021-46933 CVE-2021-46934 CVE-2021-46935 CVE-2021-46936 CVE-2021-46937 CVE-2021-46938 CVE-2021-46939 CVE-2021-46940 CVE-2021-46941 CVE-2021-46942 CVE-2021-46943 CVE-2021-46944 CVE-2021-46945 CVE-2021-46946 CVE-2021-46947 CVE-2021-46948 CVE-2021-46949 CVE-2021-46950 CVE-2021-46951 CVE-2021-46952 CVE-2021-46953 CVE-2021-46954 CVE-2021-46955 CVE-2021-46956 CVE-2021-46957 CVE-2021-46958 CVE-2021-46959 CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46964 CVE-2021-46965 CVE-2021-46966 CVE-2021-46967 CVE-2021-46968 CVE-2021-46969 CVE-2021-46970 CVE-2021-46971 CVE-2021-46972 CVE-2021-46973 CVE-2021-46974 CVE-2021-46975 CVE-2021-46976 CVE-2021-46977 CVE-2021-46978 CVE-2021-46979 CVE-2021-46980 CVE-2021-46981 CVE-2021-46982 CVE-2021-46983 CVE-2021-46984 CVE-2021-46985 CVE-2021-46986 CVE-2021-46987 CVE-2021-46988 CVE-2021-46989 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46993 CVE-2021-46994 CVE-2021-46995 CVE-2021-46996 CVE-2021-46997 CVE-2021-46998 CVE-2021-46999 CVE-2021-47000 CVE-2021-47001 CVE-2021-47002 CVE-2021-47003 CVE-2021-47004 CVE-2021-47005 CVE-2021-47006 CVE-2021-47007 CVE-2021-47008 CVE-2021-47009 CVE-2021-47010 CVE-2021-47011 CVE-2021-47012 CVE-2021-47013 CVE-2021-47014 CVE-2021-47015 CVE-2021-47016 CVE-2021-47017 CVE-2021-47018 CVE-2021-47019 CVE-2021-47020 CVE-2021-47021 CVE-2021-47022 CVE-2021-47023 CVE-2021-47024 CVE-2021-47025 CVE-2021-47026 CVE-2021-47027 CVE-2021-47028 CVE-2021-47029 CVE-2021-47030 CVE-2021-47031 CVE-2021-47032 CVE-2021-47033 CVE-2021-47034 CVE-2021-47035 CVE-2021-47036 CVE-2021-47037 CVE-2021-47038 CVE-2021-47039 CVE-2021-47040 CVE-2021-47041 CVE-2021-47042 CVE-2021-47043 CVE-2021-47044 CVE-2021-47045 CVE-2021-47046 CVE-2021-47047 CVE-2021-47048 CVE-2021-47049 CVE-2021-47050 CVE-2021-47051 CVE-2021-47052 CVE-2021-47053 CVE-2021-47054 CVE-2021-47055 CVE-2021-47056 CVE-2021-47057 CVE-2021-47058 CVE-2021-47059 CVE-2021-47060 CVE-2021-47061 CVE-2021-47062 CVE-2021-47063 CVE-2021-47064 CVE-2021-47065 CVE-2021-47066 CVE-2021-47067 CVE-2021-47068 CVE-2021-47069 CVE-2021-47070 CVE-2021-47071 CVE-2021-47072 CVE-2021-47073 CVE-2021-47074 CVE-2021-47075 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2021-47079 CVE-2021-47080 CVE-2021-47081 CVE-2021-47082 CVE-2021-47083 CVE-2021-47084 CVE-2021-47085 CVE-2021-47086 CVE-2021-47087 CVE-2021-47088 CVE-2021-47089 CVE-2021-47090 CVE-2021-47091 CVE-2021-47092 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47103 CVE-2021-47104 CVE-2021-47105 CVE-2021-47106 CVE-2021-47107 CVE-2021-47108 CVE-2021-47109 CVE-2021-47110 CVE-2021-47111 CVE-2021-47112 CVE-2021-47113 CVE-2021-47114 CVE-2021-47115 CVE-2021-47116 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47121 CVE-2021-47122 CVE-2021-47123 CVE-2021-47124 CVE-2021-47125 CVE-2021-47126 CVE-2021-47127 CVE-2021-47128 CVE-2021-47129 CVE-2021-47130 CVE-2021-47131 CVE-2021-47132 CVE-2021-47133 CVE-2021-47134 CVE-2021-47135 CVE-2021-47136 CVE-2021-47137 CVE-2021-47138 CVE-2021-47139 CVE-2021-47140 CVE-2021-47141 CVE-2021-47142 CVE-2021-47143 CVE-2021-47144 CVE-2021-47145 CVE-2021-47146 CVE-2021-47147 CVE-2021-47148 CVE-2021-47149 CVE-2021-47150 CVE-2021-47151 CVE-2021-47152 CVE-2021-47153 CVE-2021-47154 CVE-2021-47155 CVE-2021-47156 CVE-2021-47157 CVE-2021-47158 CVE-2021-47159 CVE-2021-47160 CVE-2021-47161 CVE-2021-47162 CVE-2021-47163 CVE-2021-47164 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171 CVE-2021-47172 CVE-2021-47173 CVE-2021-47174 CVE-2021-47175 CVE-2021-47176 CVE-2021-47177 CVE-2021-47178 CVE-2021-47179 CVE-2021-47180