Vulnerability Index: Year 2022

Branch Predictor Selector Leakage Vulnerability in Intel Processors Branch Predictor Information Disclosure Vulnerability in Intel Processors Intel(R) Boot Guard and Intel(R) TXT Vulnerability: Privilege Escalation via Physical Access JTAG Interface Vulnerability in Intel(R) Processors with SGX: Potential Information Disclosure via Physical Probing Sensitive Information Leakage via Log Files in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools Vulnerability: Inaccurate URL Category Enforcement in PAN-OS Software Improper Link Resolution Vulnerability in Palo Alto Networks Cortex XDR Agent File Information Exposure Vulnerability in Palo Alto Networks Cortex XDR Agent Untrusted Search Path Vulnerability in Palo Alto Networks Cortex XDR Agent Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent Connect Before Logon Vulnerability in Palo Alto Networks GlobalProtect App Improper Link Resolution Vulnerability in Palo Alto Networks GlobalProtect App on Windows Information Exposure Vulnerability in Palo Alto Networks GlobalProtect App on Windows and MacOS Insufficiently Protected Credentials Vulnerability in Palo Alto Networks GlobalProtect App on Linux Stored Cross-Site Scripting (XSS) Vulnerability in Palo Alto Network Cortex XSOAR Web Interface Title: Information Exposure Vulnerability in Palo Alto Networks GlobalProtect App on Windows Weak Cryptographic Algorithm Vulnerability in Palo Alto Networks PAN-OS Software DNS Proxy Denial-of-Service Vulnerability in Palo Alto Networks PAN-OS Software Title: Root Privilege Escalation Vulnerability in Palo Alto Networks PAN-OS Software Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent Software on Windows Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent Software on Windows Improper Authorization Vulnerability in Palo Alto Network Cortex XSOAR Software PAN-OS URL Filtering Policy Misconfiguration Vulnerability Improper Link Resolution Vulnerability in Palo Alto Networks Cortex XDR Agent on Windows Devices Palo Alto Networks PAN-OS 8.1 Web Interface Authentication Bypass Vulnerability Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XSOAR Engine Software Incomplete fix for CVE-2021-3100: Apache Log4j hotpatch package fails to fully address vulnerability Insufficient Resource Limitation and Device Restriction in Hotdog (CVE-2021-3101) Path Traversal Vulnerability in LiteSpeed Web Server and OpenLiteSpeed Command Injection Vulnerability in LiteSpeed Web Server and OpenLiteSpeed Web Server Privilege Escalation via Untrusted Search Path in LiteSpeed Web Server Sensitive Information Leakage Vulnerability in showdoc Heap-based Buffer Overflow Vulnerability in mruby Sensitive Information Disclosure Vulnerability in livehelperchat XNIO Vulnerability: Log Contention and Disk Fill-up Exploit SSRF Vulnerability in dompdf/dompdf prior to 2.0.0 Uppy Vulnerability: Server-Side Request Forgery (SSRF) Keystone Vulnerability: Cross-Site Scripting (XSS) CSRF Vulnerability in GitHub Repository yourls/yourls prior to 1.8.3 GitLab Vulnerability: Commit Spoofing via Replacement References GitLab Password Expiry Bypass Vulnerability Allows Unauthorized Access to Sensitive Information via RSS Feeds Remote Code Execution Vulnerability in Google Chrome's Storage (CVE-2022-12345) DevTools Inadequate Sandbox Escape Vulnerability in Google Chrome (CVE-2021-37975) Screen Capture Use After Free Vulnerability in Google Chrome on Chrome OS Remote Code Execution via Use After Free in Google Chrome Sign-in Heap Buffer Overflow in Media Streams API in Google Chrome Heap Buffer Overflow in Google Chrome Bookmarks Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 97.0.4692.71) Remote Code Execution Vulnerability in SwiftShader in Google Chrome Heap Buffer Overflow in ANGLE in Google Chrome: Remote Code Execution Vulnerability PDF Accessibility Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome Autofill Use After Free Vulnerability in Google Chrome File Manager API on Chrome OS Cross-Origin Data Leakage in Google Chrome Navigation Autofill Vulnerability in Google Chrome: Remote Information Disclosure Omnibox Spoofing Vulnerability in Google Chrome Autofill Remote Origin Spoofing Vulnerability in Google Chrome Inaccurate URL Display Vulnerability in Google Chrome Cross-Origin Data Leakage in Google Chrome Prior to 97.0.4692.71 Blink Serial API Out of Bounds Memory Read Vulnerability Uninitialized Use Vulnerability in Google Chrome File API (CVE-2021-30563) Omnibox Spoofing Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Omnibox Content Hiding Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Cross-site Scripting (XSS) vulnerability in hoppscotch/hoppscotch before 2.1.1 URL Redirection Vulnerability in Forge Insecure SSL Certificate Validation in GitLab External CI Services GitLab Slack Integration URL Validation Vulnerability Insecure Member Import Verification in GitLab Out-of-bounds Read Vulnerability in Vim Uncontrolled Search Path Element Vulnerability in McAfee TechCheck Prior to 4.0.0.2 Remote Code Execution Vulnerability in Tenable.sc Versions 5.14.0 - 5.19.1 Hard-coded API Key Vulnerability in Jimoty App for Android Peertube Vulnerability: Server-Side Request Forgery (SSRF) Exploit Peertube Vulnerability: Improper Access Control CSRF Vulnerability in AnyComment WordPress Plugin before 0.2.18 Vulnerability: Out-of-Bounds Write in VirGL Renderer Blind SSRF Vulnerability in GitLab's Project Import Feature Heap Buffer Overflow in image_set_mask function of HTMLDOC before 1.9.15 Arbitrary Class Creation Vulnerability in MMP, PTP C-series, and PTMP C-series and A5x Devices GitHub Repository radareorg/radare2 Prior to 5.6.0: Use After Free Vulnerability Unauthenticated Access Control Vulnerability in Visual Form Builder WordPress Plugin CSRF Vulnerability in Visual Form Builder WordPress Plugin CSV Injection Vulnerability in Visual Form Builder WordPress Plugin Unauthenticated Access Vulnerability in LDAP Connector with StartTLS Configuration ShellJS Vulnerability: Improper Privilege Management Stored Cross-site Scripting (XSS) Vulnerability in Fork CMS prior to version 5.11.1 Reflected Cross-Site Scripting in Cookie Information WordPress Plugin Reflected XSS Vulnerability in All-in-one Floating Contact Form WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in WooCommerce Stored Exporter WordPress Plugin Reflected Cross-Site Scripting in WP Accessibility Helper WordPress Plugin GitLab Vulnerability: Denial of Service via Incorrect Handling of Package Deletion Requests Unauthorized Access to Fields in GitLab GraphQL API SQL Injection Vulnerability in Fork CMS Prior to Version 5.11.1 Cross-Site Request Forgery Vulnerability in GitLab Allows Unauthorized GitHub Project Import Vulnerability: follow-redirects Allows Unauthorized Access to Private Personal Information Vim Vulnerability: Use After Free Exploit Cross-Site Scripting Vulnerability in Phoronix-Test-Suite Heap-based Buffer Overflow Vulnerability in Vim OrchardCore Vulnerability: Cross-Site Scripting (XSS) Reflected Cross-Site Scripting in ARI Fancy Lightbox WordPress Plugin ClearText Authentication Vulnerability in TP-Link TL-WR841N V11 Wireless Router Arbitrary Data Download Vulnerability in Smart Forms WordPress Plugin Arbitrary Email Sending Vulnerability in Coming Soon and Maintenance Mode WordPress Plugin Unvalidated Redirect Vulnerability in KingComposer WordPress Plugin Privilege Escalation via Malicious openssl.cnf File in McAfee Agent Vulnerability: Autocomplete Attribute Not Disabled in GitLab Linux Kernel SMB2 IOCTL Query Info Denial of Service Vulnerability Unauthenticated SQL Injection in Photo Gallery by 10Web WordPress Plugin Peertube Vulnerability: Improper Access Control Vulnerability in Linux Kernel's KVM SEV API Allows Host Kernel Crash via Confidential Guest VM Instance GraphQL IP Restriction Bypass Vulnerability in GitLab CE/EE Out-of-bounds Read Vulnerability in radare2 Quantity Validation Bypass Vulnerability in Dolibarr Dolibarr Memory Initialization Vulnerability in VirGL Renderer Reflected Cross-Site Scripting in PowerPack Lite for Beaver Builder WordPress Plugin Missing Authorization vulnerability in snipe snipe/snipe-it Snipe-IT Vulnerability: Missing Authorization CSRF Vulnerability in Quiz And Survey Master Plugin Reflected Cross-Site Scripting Vulnerability in Quiz And Survey Master Versions Prior to 7.3.7 Stored Cross-Site Scripting Vulnerability in Quiz And Survey Master Versions Prior to 7.3.7 Unencrypted Password Storage Vulnerability in 'MIRUPASS' PW10 and PW20 Firmware Credential Exposure Vulnerability in 'TEPRA' PRO SR5900P and SR-R7900P Heap-based Buffer Overflow Vulnerability in Linux Kernel's Filesystem Context Functionality Cross-Site Scripting Vulnerability in Image Photo Gallery Final Tiles Grid WordPress Plugin Arbitrary Layout Change Vulnerability in CMP WordPress Plugin Reflected Cross-Site Scripting in WP RSS Aggregator WordPress Plugin SQL Injection Vulnerability in AICP WordPress Plugin (Version 1.2.6 and below) CSRF Vulnerability in Ad Invalid Click Protector (AICP) WordPress Plugin Allows Arbitrary Ban Removal Privilege Escalation Vulnerability in Lenovo PCManager Reflected Cross-Site Scripting in Complianz WordPress Plugin Remote Code Execution in Netatalk via ad_addcomment Function Phoronix-Test-Suite: Cross-Site Request Forgery (CSRF) Vulnerability Phoronix-Test-Suite: Cross-Site Request Forgery (CSRF) Vulnerability CoreNLP Vulnerability: Improper Restriction of XML External Entity Reference CSRF Vulnerability in Coming Soon and Maintenance Mode WordPress Plugin Reflected Cross-Site Scripting in Themify Portfolio Post WordPress Plugin Reflected Cross-Site Scripting in Permalink Manager Lite and Pro WordPress Plugins GitHub Repository Crater-Invoice/Crater Prior to 6.0.2: Improper Access Control Vulnerability Heap Overflow Vulnerability in BlueZ: Denial of Service via Crafted Files Stored Cross-Site Scripting Vulnerability in YOP Poll WordPress Plugin Reflected Cross-Site Scripting in NewStatPress WordPress Plugin (Versions before 1.3.6) Race Condition Vulnerability in vdsm: Log File Obfuscation Failure Reflected Cross-Site Scripting in MapPress Maps for WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Mitsol Social Post Feed WordPress Plugin Stored Cross-Site Scripting Vulnerability in Random Banner WordPress Plugin Cross-Site Scripting Vulnerability in Shield Security WordPress Plugin Reflected Cross-Site Scripting in SpiderCalendar WordPress Plugin Heap-based Buffer Overflow Vulnerability in Vim Unauthenticated Data Autoload Vulnerability in Custom Popup Builder WordPress Plugin Cross-Site Request Forgery Vulnerability in XootiX WordPress Plugins Use-After-Free Vulnerability in QEMU's LSI53C895A SCSI Host Bus Adapter Emulation XML Parsing Vulnerability in Prosody Library: Recursive Entity Expansion and XML External Entity Injection Unauthenticated Access Vulnerability in WP HTML Mail WordPress Plugin XML External Entity (XXE) Vulnerability in GitHub Repository skylot/jadx (prior to 1.3.2) Unauthenticated Cross-Site Scripting (XSS) Vulnerability in WordPress GDPR Plugin XML External Entity (XXE) Vulnerability in SCADAPack Workbench (6.6.8a and prior) Denial of Service Vulnerability in Modicon M340 Ethernet Communication Modules Path Traversal Vulnerability in EcoStruxure Power Commission (Versions prior to V2.22) Dolibarr SQL Injection Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in Keycloak via Group Name Critical CSRF Vulnerability Found in LiveHelperChat Software SQL Injection Vulnerability in Popup Builder WordPress Plugin Unauthenticated Users Can Delete Arbitrary Options in miniOrange's Google Authenticator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Better WordPress Google XML Sitemaps Plugin Critical CSRF Vulnerability Found in LiveHelperChat Software Stored Cross-Site Scripting Vulnerability in User Registration, Login & Landing Pages WordPress Plugin Stored Cross-Site Scripting Vulnerability in ProfileGrid WordPress Plugin Reflected Cross-Site Scripting in WOOCS WordPress Plugin Node-fetch Vulnerability: Unauthorized Exposure of Sensitive Information Unauthenticated Sensitive Data Disclosure in WP Import Export WordPress Plugin Privilege Escalation Vulnerability in Rapid7 Insight Agent Versions 3.1.2.38 and Earlier Phoronix-Test-Suite: Cross-Site Request Forgery (CSRF) Vulnerability CoreNLP Vulnerability: Improper Restriction of XML External Entity Reference NULL Pointer Dereference Vulnerability in mruby Unrestricted File Upload Vulnerability in GitHub Repository Crater-Invoice/Crater Prior to 6.0 Stored Cross-site Scripting (XSS) Vulnerability in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2 Arbitrary File Read Vulnerability in GitLab CE/EE (Versions 14.5 and above) CSRF Vulnerability in livehelperchat/livehelperchat prior to 2.0 Zip Slip Vulnerability in iQ Block Country WordPress Plugin Vulnerability: Unauthorized Modification of VMO Data through Copy-on-Write Snapshots Cross-Site Scripting (XSS) Vulnerability in Contact Form Submissions WordPress Plugin Blind SSRF Vulnerability in GitLab 12: Exploiting Unblocked Shared Address Space Requests Reflected Cross-Site Scripting in Redirection for Contact Form 7 WordPress Plugin Stored Cross-site Scripting (XSS) vulnerability in GitHub repository pimcore/pimcore prior to version 10.2.10 Reflected Cross-Site Scripting in GiveWP WordPress Plugin (before 2.17.3) via Unescaped JSON Parameter Cross-site Scripting (XSS) Vulnerability in livehelperchat SQL Injection Vulnerability in WordPress Zero Spam Plugin SQL Injection Vulnerability in Database Backup for WordPress Plugin Pimcore Cross-Site Scripting Vulnerability Pimcore Cross-Site Scripting Vulnerability Pimcore SQL Injection Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.2.7 Heap-based Buffer Overflow in Vim prior to version 8.2 Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.2.7 Unrestricted File Upload Vulnerability in Packagist pimcore/pimcore prior to 10.2.7 Linux Kernel eBPF Verifier Memory Leak Vulnerability XML External Entity (XXE) Vulnerability in Hazelcast 5.1-BETA-1 GitHub Repository User-Controlled Key Authorization Bypass in Packagist remdex/livehelperchat (prior to 3.92v) SQL Injection Vulnerability in AdRotate WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Packagist getgrav/grav prior to 1.7.28 CSRF Vulnerability in Packagist YetiForce CRM prior to 6.3.0 Kubernetes Impersonation Header Override Vulnerability Reflected Cross-Site Scripting in LearnPress WordPress Plugin XML External Entity (XXE) Vulnerability in detekt/detekt GitHub Repository Unrestricted Access Control in Pypi calibreweb prior to 0.6.16 Stored Cross-site Scripting (XSS) Vulnerability in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2 Improper Permission Assignment in Packagist microweber/microweber prior to 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Race Condition Vulnerability in AnyComment WordPress Plugin Race Condition Vulnerability in McAfee Total Protection for Windows Allows Privilege Elevation and Arbitrary File Deletion Sensitive Information Exposure in Packagist microweber/microweber prior to 1.2.11 Cross-site Scripting Vulnerability in Packagist microweber/microweber prior to 1.2.11 Open Redirect Vulnerability in GitLab Integration with Jira Heap-based Buffer Over-read Vulnerability in ImageMagick's GetPixelAlpha() Function Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.2.9 Linux Kernel Vulnerability: Local Denial of Service via Null Pointer Dereference in bond_ipsec_add_sa() Unrestricted Access to Email Addresses in myCred WordPress Plugin Reflected Cross-Site Scripting in Ad Inserter WordPress Plugin Remote Code Execution Vulnerability in Google Chrome's Safe Browsing (CVE-2022-12345) Remote Code Execution via Use After Free in Google Chrome Site Isolation Remote Code Execution via Insecure Storage Implementation in Google Chrome Fenced Frames Navigation Bypass Vulnerability in Google Chrome Remote Code Execution via Use After Free in Web Packaging in Google Chrome Remote Code Execution via Push Messaging in Google Chrome Remote Code Execution via Use After Free in Omnibox in Google Chrome Remote Code Execution via Use After Free in Google Chrome Printing Vulnerability Title: Use After Free Heap Corruption in Vulkan in Google Chrome Heap Corruption Vulnerability in Google Chrome Scheduling (CVE-2022-12345) Use After Free Vulnerability in Google Chrome on Android (CVE-2022-12345) Heap Buffer Overflow in DevTools in Google Chrome: Exploiting Heap Corruption via Malicious Extension Use After Free Vulnerability in Google Chrome Omnibox Remote Code Execution via Use After Free in Google Chrome Bookmarks Remote Code Execution via Service Worker API Bypass in Google Chrome Heap Buffer Overflow in PDFium in Google Chrome: Remote Code Execution via Crafted HTML Page Use After Free Vulnerability in Optimization Guide in Google Chrome Use After Free Vulnerability in Google Chrome on Chrome OS Remote Code Execution Vulnerability in Google Chrome Autofill (CVE-2022-12345) Heap Buffer Overflow in Task Manager in Google Chrome Heap Buffer Overflow in Task Manager in Google Chrome CSRF Vulnerability in Float Menu WordPress Plugin Allows Unauthorized Menu Deletion Reflected Cross-Site Scripting in Nimble Page Builder WordPress Plugin Insecure Temporary File Vulnerability in horovod/horovod (prior to 0.24.0) Unauthenticated File Upload Vulnerability in Multiple WordPress Themes Improper Input Validation Vulnerability in go-attestation Allows Spoofing of TCG Log Events Heap-based Buffer Overflow in vim/vim prior to 8.2: A Critical Vulnerability Critical Out-of-Bounds Read Vulnerability in vim/vim prior to 8.2 Local File Inclusion and Remote Code Execution Vulnerability in Essential Addons for Elementor WordPress Plugin Reflected Cross-Site Scripting in WP Voting Contest WordPress Plugin Buffer Overflow Vulnerability in Linux Kernel's SCTP Network Protocol Template Injection Vulnerability in Packagist mustache/mustache prior to 2.14.1 DHCPv6 Packet Parsing Code Vulnerability: Remote Code Execution and Docker Shutdown Critical Vulnerability: NULL Pointer Dereference in Homebrew mruby 3.2 and earlier Reflected Cross-Site Scripting in Master Addons for Elementor WordPress Plugin CSRF Vulnerability in Simple Membership WordPress Plugin Allows Unauthorized Deletion of Members Linux Kernel GPU i915 Driver Vulnerability: Local Privilege Escalation and System Crash Webadmin Information Disclosure Vulnerability in Sophos Firewall v18.5 MR2 and Older SQL Injection Vulnerability in Moodle's H5P Activity Web Service Calendar Event Access and Modification Vulnerability in Moodle Insufficient Capability Checks in Moodle Allow Unauthorized Access to Grade Reports CSRF Risk in Moodle's Delete Badge Alignment Functionality Samba AD DC SPN Bypass Vulnerability File System API Insecure Implementation in Google Chrome on Windows (CVE-2022-12345) Log Injection Vulnerability in Conda loguru prior to 0.5.3 Critical SSRF Vulnerability in Pypi calibreweb prior to 0.6.16 Stored Cross-site Scripting (XSS) vulnerability in GitHub repository vanessa219/vditor prior to version 3.8.12 Web Authentication Bypass Vulnerability in Zyxel Network Security Devices Local Privilege Escalation Vulnerability in Dev Server Disclosure of Private Project Paths via System Notes in GitLab Unauthenticated User Enumeration in Customize WordPress Emails and Alerts Plugin Arbitrary Parameter Value Vulnerability in XML Sitemap Generator for Google WordPress Plugin Reflected Cross-Site Scripting in LoginPress WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.2 Unauthenticated Blind SQL Injection in NotificationX WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository vanessa219/vditor prior to 3.8.13 Memory Access Vulnerability in vim/vim Prior to 8.2 Reflected Cross-site Scripting (XSS) Vulnerability in Pypi calibreweb prior to 0.6.16 Local Privilege Escalation Vulnerability in Lenovo HardwareScanPlugin and Lenovo Diagnostics Privilege Escalation Vulnerability in Lenovo System Update Sensitive Information Exposure in NPM simple-get prior to 4.0.1 Unquoted Search Path or Element Privilege Escalation Vulnerability in Bitdefender Products Privilege Escalation via Group Ownership Vulnerability in QEMU virtio-fs Heap-based Buffer Overflow in Vim prior to version 8.2 Stored Cross-Site Scripting Vulnerability in WP Ultimate CSV Importer WordPress Plugin Heap-based Buffer Overflow in Vim prior to version 8.2 SQL Injection Vulnerability in Packagist Showdoc/Showdoc (prior to version 2.10.3) Unauthenticated Import and Export Vulnerability in myCred WordPress Plugin Stored Cross-Site Scripting Vulnerability in Modern Events Calendar Lite WordPress Plugin Authenticated OS Command Injection Vulnerability in [Product Name] SQL Injection Vulnerability in Capsule8 Console (Versions 4.6.0 - 4.9.1) Allows Unauthorized Administrative Access Heap-Based Buffer Overflow Vulnerability in libmodbus modbus_reply() Function Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v GitLab User Privacy Vulnerability: Unauthorized User Search by Private Email Stored Cross-site Scripting (XSS) Vulnerability in Packagist bytefury/crater prior to 6.0.2 Improper Access Control Vulnerability in GitLab CE/EE: Unauthorized Retrieval of Service Desk Email Address Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Cross-Site Scripting (XSS) Vulnerability in User Meta WordPress Plugin Arbitrary Image File Renaming Vulnerability in LearnPress WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Reflected Cross-Site Scripting Vulnerability in Fotobook WordPress Plugin (up to version 3.2.3) Reflected Cross-Site Scripting Vulnerability in Embed Swagger WordPress Plugin Uninitialized Memory Information Leak in Linux Kernel's TIPC Protocol Subsystem SQL Injection Vulnerability in WP Review Slider WordPress Plugin Unrestricted Access to Email Addresses in Video Conferencing with Zoom WordPress Plugin Unauthenticated Stored Cross-Site Scripting in Crazy Bone WordPress Plugin Post-Auth SQL Injection Vulnerability in Mail Manager of Sophos UTM (<= 9.710) Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Cross-Site Scripting Vulnerability in Interactive Medical Drawing of Human Body WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP Time Slots Booking Form WordPress Plugin Improper Access Control in Gitlab CE/EE Versions 12.7 to 14.7.1: Unauthorized Retrieval of Issue Details from Vulnerability Dashboard Unsanitized Input Vulnerability in urllib.parse Module of Python Heap-based Buffer Overflow in Vim Prior to 8.2 Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v BIND TCP CLOSE_WAIT Status Vulnerability Reflected Cross-Site Scripting in WPC Smart Wishlist for WooCommerce WordPress Plugin Unauthenticated Arbitrary Affiliate Link Creation Vulnerability in ThirstyAffiliates WordPress Plugin Reflected Cross-Site Scripting in Advanced Product Labels for WooCommerce WordPress Plugin Linux Kernel SMC Protocol Stack Out-of-Bounds Read Vulnerability: Remote DoS NPM w-zip Path Traversal Vulnerability Reflected Cross-Site Scripting in Super Forms WordPress Plugin Vulnerability: Unauthenticated Arbitrary File Manipulation in Library File Manager WordPress Plugin Arbitrary Option Setting Vulnerability in Material Design for Contact Form 7 WordPress Plugin Improper Access Control in janeczku/calibre-web Repository Improper Authorization in calibre-web GitHub Repository (CVE-XXXX-XXXX) Heap-based Buffer Overflow in Vim prior to version 8.2 Stack-based Buffer Overflow in Vim prior to 8.2 Unrestricted File Upload Vulnerability in Packagist showdoc/showdoc prior to 2.10.2 SQL Injection Vulnerability in WP Visitor Statistics Plugin SQL Injection Vulnerability in Asgaros Forum WordPress Plugin SQL Injection Vulnerability in TI WooCommerce Wishlist Plugin Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Insufficient Input Validation in Packagist dolibarr/dolibarr prior to 16.0 Remote Command Execution in GitHub Repository Upload (Gogs/Gogs prior to 0.12.6) Heap-based Buffer Overflow in vim/vim prior to 8.2 Cross-Site Scripting (XSS) Vulnerability in Event List WordPress Plugin NULL Pointer Dereference Vulnerability in radareorg/radare2 (prior to 5.6.0) SQL Injection Vulnerability in RegistrationMagic WordPress Plugin Unauthenticated Payment Status Manipulation and Cross-Site Scripting in Five Star Restaurant Reservations WordPress Plugin Reflected Cross-Site Scripting in White Label CMS WordPress Plugin Unauthenticated Cross-Site Scripting (XSS) Vulnerability in 3D FlipBook WordPress Plugin Unauthenticated Access to Subscribed User Email Addresses in Popup by Supsystic WordPress Plugin DNS Rebinding Vulnerability in GitLab CE/EE Allows SSRF Attacks via Irker IRC Gateway Integration Reflected Cross-Site Scripting in Product Feed PRO for WooCommerce WordPress Plugin Arbitrary HTTP POST Request Vulnerability in Jupyter Notebooks in GitLab CE/EE (CVE-2022-12345) Reflected Cross-Site Scripting in Content Egg WordPress Plugin Unauthenticated Stored Cross-Site Scripting Vulnerability in WP Cerber Security Plugin Unauthorized Access to Sensitive Information in GitHub Repository httpie/httpie (prior to 3.1.0) Reflected Cross-Site Scripting in Google PageSpeed WordPress Plugin (before 4.0.4) Prototype Pollution in Mastodon prior to 3.5.0 Linux Kernel BPF Subsystem NULL Pointer Dereference Vulnerability SQL Injection Vulnerability in Page View Count WordPress Plugin Stack Overflow Vulnerability in Linux Kernel's TIPC Protocol Allows Remote System Crash or Privilege Escalation GitHub Repository Path Traversal Vulnerability in gruntjs/grunt (prior to 1.5.2) DOM-based Cross-site Scripting (XSS) vulnerability in NPM karma prior to version 6.3.14 Blind SQL Injection and CSRF Vulnerabilities in Email Subscribers & Newsletters WordPress Plugin Arbitrary PHP File Upload and Remote Code Execution in Catch Themes Demo Import WordPress Plugin Unauthenticated User Registration Vulnerability in MasterStudy LMS WordPress Plugin User Avatar Overwrite Vulnerability in UsersWP WordPress Plugin Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Unauthenticated Attackers Can Reset Settings and Generate New Backup Encryption Key in XCloner Plugin CSRF Vulnerability in WordPress Real Cookie Banner Plugin Allows Unauthorized Settings Reset Cross-Site Scripting Vulnerability in Simple Banner WordPress Plugin Reflected Cross-Site Scripting in Post Grid WordPress Plugin Cross-Site Scripting Vulnerability in CP Blocks WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Flexi WordPress Plugin Unauthenticated Cross-Site Scripting (XSS) in Menu Image, Icons made easy WordPress Plugin Authorization Header Leakage in Dart SDK's HTTPClient Remote Code Execution via Use After Free in Safe Browsing in Google Chrome Remote Code Execution via Use After Free in Google Chrome Reader Mode Heap Buffer Overflow in ANGLE in Google Chrome: Remote Code Execution Vulnerability Omnibox Spoofing Vulnerability in Google Chrome on Android Remote Code Execution via Use After Free in Google Chrome Web Search Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 98.0.4758.80) Use After Free Vulnerability in Thumbnail Tab Strip in Google Chrome Remote Code Execution via Use After Free in Google Chrome Screen Capture Window Dialogue Use After Free Vulnerability in Google Chrome (CVE-2022-12345) COOP Policy Bypass Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Scroll in Google Chrome (prior to 98.0.4758.80) Use After Free Vulnerability in Google Chrome Accessibility (CVE-2022-12345) Use After Free Vulnerability in Google Chrome Accessibility (CVE-2022-12345) Remote Code Execution Vulnerability in Google Chrome Extensions (CVE-2022-12345) Sandbox Escape Vulnerability in Google Chrome Extensions Platform Pointer Lock Bypass Vulnerability in Google Chrome on Windows Remote Code Execution Vulnerability in Google Chrome Payments (CVE-2022-12345) Use After Free Vulnerability in Cast in Google Chrome (Versions prior to 98.0.4758.80) Allows Remote Heap Corruption Remote Code Execution via Out of Bounds Memory Access in V8 in Google Chrome Reflected Cross-Site Scripting in Favicon by RealFaviconGenerator WordPress Plugin Unrestricted File Upload Vulnerability in Packagist jsdecena/laracom prior to v2.0.9 Dynamic Field Injection Vulnerability in OTRS 7.0.x Disclosure of Recipient List in Notification Emails in OTRS AG OTRSCustomContactFields 8.0.x JavaScript Injection Vulnerability in OTRS AG OTRS 7.0.x and 8.0.x Critical Denial of Service Vulnerability in radareorg/radare2 (prior to 5.6.4) GitLab Package Registry Denial of Service Vulnerability SQL Injection Vulnerability in Event Manager and Tickets Selling for WooCommerce WordPress Plugin SQL Injection and Reflected Cross-Site Scripting Vulnerability in Popup Builder WordPress Plugin Linux Kernel Vulnerability: Host Memory Exhaustion via Unrestricted POSIX File Locks Critical Vulnerability: NULL Pointer Dereference in Homebrew mruby 3.2 and earlier GitHub Repository Vulnerability: Unauthorized Access to Private Personal Information in alextselegidis/easyappointments (prior to 1.4.3) Insecure Folder Permissions in Acronis VSS Doctor (Windows) before Build 53: Local Privilege Escalation Vulnerability URL Validation Bypass in Mirantis Container Cloud Lens Extension v3.1.1 Vulnerability in nbdcopy's Multi-Threaded Copying with Asynchronous NBD Calls Privilege Escalation via Improper File Permissions in Fidelis Network and Deception Components Use-After-Free Vulnerability in rtsx_usb_ms_drv_remove in Linux Kernel Markdown Timeout Vulnerability in GitLab CE/EE GitLab CE/EE Math Feature DOS Vulnerability Privilege Escalation and Namespace Bypass Vulnerability in Linux Kernel's cgroup_release_agent_write Function Arbitrary File Disclosure and Path Traversal Vulnerability in String Locator WordPress Plugin Kernel Information Leak Vulnerability in Linux SCSI IOCTL Function Unauthenticated SQL Injection Vulnerability in KOHA Library Automation System Out-of-Bounds Memory Access Vulnerability in Openscad DXF Import Out-of-Bounds Read Vulnerability in Openscad Parsing of Annotations Arbitrary File Upload Vulnerability in Sermon Browser WordPress Plugin Unrestricted eBPF Usage Vulnerability in Linux Kernel's BPF Subsystem Reflected Cross-site Scripting (XSS) Vulnerability in Packagist ptrofimov/beanstalk_console prior to 1.7.12 Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v Reflected Cross-Site Scripting in WordPress Multisite Content Copier/Updater Plugin Sensitive Information Disclosure in Packagist microweber/microweber prior to 1.2.11 CSRF Vulnerability in Packagist Microweber/Microweber prior to 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 SQL Injection Vulnerability in Pandora API SSRF Vulnerability in GitHub Repository chocobozzz/peertube Stored Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.3.1 Reflected Cross-site Scripting (XSS) Vulnerability in Packagist pimcore/pimcore prior to 10.3.1 Memory Corruption Vulnerabilities in Firefox 96 User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.6 SQL Injection Vulnerability in WP Statistics WordPress Plugin Critical Business Logic Errors in Crater Invoice Repository (prior to 6.0.5) CSRF Vulnerability in GitHub Repository Crater-Invoice/Crater Prior to 6.0.4 Unauthorized Memory Write Access Vulnerability in KVM for s390 in Linux Kernel Arbitrary Code Execution Vulnerability in Mozilla VPN Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.2 Buffer Overflow in radare2 GitHub repository prior to version 5.6.2 Title: Critical Use After Free Vulnerability in NPM radare2.js (<= 5.6.2) Buffer Overflow Vulnerability in radareorg/radare2 prior to 5.6.2 Memory Overread Vulnerability in NPM radare2.js prior to 5.6.2 GitHub Repository radareorg/radare2 Prior to 5.6.2: Use After Free Vulnerability Critical Business Logic Vulnerability in publify/publify Prior to 9.2.7 Critical Out-of-bounds Read Vulnerability in Homebrew mruby prior to 3.2 Stored Cross-site Scripting (XSS) Vulnerability in Chatwoot GitHub Repository (prior to 2.2.0) Stored Cross-site Scripting (XSS) Vulnerability in Chatwoot GitHub Repository (prior to 2.2.0) Server-Side Request Forgery (SSRF) Vulnerability in GitHub Repository transloadit/uppy prior to 3.3.1 Unzip Heap Out-of-Bound Write Vulnerability Unzip Heap Out-of-Bound Write Vulnerability Reflected Cross-Site Scripting in Migration, Backup, Staging WordPress Plugin before 0.9.70 CRI-O Vulnerability: Incorrect Sysctls Validation Allows Unauthorized Host Manipulation Reflected Cross-Site Scripting (XSS) Vulnerability in Ditty WordPress Plugin Stack Out-of-Bounds Read Vulnerability in htmldoc 1.9.15 Unsanitized Settings in E2Pdf WordPress Plugin: Cross-Site Scripting Vulnerability Sensitive Information Exposure in NPM follow-redirects prior to 1.14.8 Arbitrary File Upload and Remote Code Execution in MapPress Maps for WordPress Plugin Unprotected Custom XStream Converters in Jenkins LTS Versions Prior to 2.319.2 and Jenkins Versions Prior to 2.333 (CVE-2021-43859) Stored Cross-site Scripting (XSS) Vulnerability in Packagist ptrofimov/beanstalk_console prior to 1.7.14 Jira Seraph Authentication Bypass Vulnerability Arbitrary Site Installation Vulnerability in flo-launch WordPress Plugin DOM-based Cross-site Scripting (XSS) vulnerability in GitHub repository chatwoot/chatwoot prior to version 2.7.0 Redis Lua Sandbox Escape Vulnerability Integer Underflow in Blender DDS Loader: Out-of-Bounds Read Vulnerability Image Processing Vulnerability in Blender: Integer Overflow and Write-What-Where Exploit Out-of-Bounds Heap Access Vulnerability in Blender 3.x and 2.93.8 Image Loader Authentication Bypass Vulnerability in OpenVPN Privilege Escalation in GitLab REST API: Unauthorized User Addition to Groups Unauthenticated Command Execution via Custom Report Logo Upload in Nozomi Networks Guardian and CMC Unauthenticated Command Execution Vulnerability in Nozomi Networks Guardian and CMC Incomplete Fix for netty-codec-http Vulnerability in OpenShift Logging Container Unencrypted Firmware Retrieval Vulnerability Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 8.2) Zyxel AP Configurator (ZAC) 1.1.4 Local Privilege Escalation Vulnerability Critical OS Command Injection Vulnerability in Packagist microweber/microweber (<=1.2.11) Stored Cross-site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 GitHub Repository radareorg/radare2 Prior to 5.6.2: Use After Free Vulnerability Open Redirect Vulnerability in Packagist microweber/microweber prior to 1.2.11 Denial of Service Vulnerability in libtiff's TIFFFetchStripThing() Function Denial of Service Vulnerability in libtiff's TIFFReadDirectory() Function Privilege Escalation via Readline Library in util-linux User Account Enumeration Vulnerability in Qlik Sense Enterprise on Windows Cross-site Scripting Vulnerability in Packagist pimcore/pimcore prior to 10.3.1 Out-of-Bounds Write Vulnerability in Thunderbird < 91.6.1 Egress Network Policy Bypass Vulnerability in ovn-kubernetes Insecure Dependency Handling in Packagist snipe/snipe-it prior to v5.3.9 Heap-based Buffer Overflow in Homebrew mruby 3.2 and earlier Reflected Cross-site Scripting (XSS) Vulnerability in Phoronix Test Suite GitHub Repository Heap-based Buffer Overflow in Vim prior to version 8.2 Insecure Deserialization Vulnerability in JFrog Artifactory GitHub Repository Access Control Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.2.0 Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.1.0 GitHub Repository Scrapy/Scrapy Prior to 2.6.1: Unauthorized Access to Sensitive Information Critical Code Injection Vulnerability in publify/publify (prior to 9.2.8) Critical Security Vulnerability: Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9 Authorization Bypass in Packagist librenms/librenms prior to 22.2.0 Denial of Service Vulnerability in Wireshark CMS Protocol Dissector (Versions 3.6.0-3.6.1 and 3.4.0-3.4.11) CSN.1 Protocol Dissector Unaligned Access Vulnerability in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 Denial of Service Vulnerability in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 via Packet Injection or Crafted Capture File in PVFS Protocol Dissector Denial of Service Vulnerability in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11: Large Loop Exploitation in Protocol Dissectors Denial of Service Vulnerability in Wireshark RTMPT Protocol Dissector Improper Authorization in Packagist librenms/librenms: Version Prior to 22.2.0 Unauthenticated Access to Packagist librenms/librenms (prior to 22.2.0) Stored Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.1.0 Unsanitized Settings in BulletProof Security WordPress Plugin Allow Cross-Site Scripting Attacks Unvalidated URL Parameter in FormCraft WordPress Plugin Leads to SSRF Vulnerability SQL Injection Vulnerability in MapSVG WordPress Plugin Unauthenticated Remote File Deletion Vulnerability in Login with Phone Number WordPress Plugin Unauthenticated and Author+ Users Can Access Sensitive Information in Professional Social Sharing Buttons Plugin Stored Cross-Site Scripting Vulnerability in Drag and Drop Multiple File Upload WordPress Plugin Insufficient Input Validation in Packagist microweber/microweber prior to 1.2.11 Open Redirect Vulnerability in Packagist microweber/microweber prior to 1.2.11 Cross-Site Scripting Vulnerability in Login with Phone Number WordPress Plugin Reflected Cross-Site Scripting in Mapping Multiple URLs Redirect Same Page WordPress Plugin Reflected Cross-Site Scripting in Conference Scheduler WordPress Plugin Reflected Cross-Site Scripting in Countdown, Coming Soon, Maintenance WordPress Plugin before 2.2.9 Cross-site Scripting (XSS) Vulnerability in TastyIgniter GitHub Repository Remote Code Execution Vulnerability in Google Chrome File Manager Heap Buffer Overflow in Tab Groups in Google Chrome Use After Free Vulnerability in Google Chrome Webstore API ANGLE Use After Free Vulnerability in Google Chrome GPU Use After Free Vulnerability in Google Chrome Mojo Integer Overflow Vulnerability in Google Chrome Animation Use After Free Vulnerability in Google Chrome (CVE-2022-12345) Heap Corruption Vulnerability in Gamepad API in Google Chrome (prior to 98.0.4758.102) Critical Security Vulnerability: Missing Authorization in Packagist snipe/snipe-it (prior to 5.3.11) Stored Cross-site Scripting (XSS) Vulnerability in Packagist remdex/livehelperchat prior to 3.93v User-Controlled Key Authorization Bypass in NPM urijs prior to 1.19.8 Out-of-range Pointer Offset Vulnerability in Homebrew mruby 3.2 and Earlier Use-after-free vulnerability in eset_rtp kernel module can lead to denial-of-service in ESET Linux products CSRF Vulnerability in Amelia WordPress Plugin Allows Arbitrary Customer Deletion Linux Kernel UDF File System Null Pointer Dereference Vulnerability Denial of Service Vulnerability in swift-nio-http2 Reflected Cross-Site Scripting in Database Peek WordPress Plugin Reflected Cross-Site Scripting in Delete Old Orders WordPress Plugin Reflected Cross-Site Scripting in dTabs WordPress Plugin Sensitive Information Disclosure in Packagist snipe/snipe-it prior to 5.3.11 Critical Out-of-bounds Read Vulnerability in Homebrew mruby prior to 3.2 User-Controlled Key Authorization Bypass in parse-path prior to 5.0.0 Reflected Cross-Site Scripting in Admin Menu Editor WordPress Plugin Reflected Cross-Site Scripting in Advanced Admin Search WordPress Plugin Reflected Cross-Site Scripting in Amelia WordPress Plugin (<=1.0.47) Reflected Cross-Site Scripting in Mega Menu WordPress Plugin Stack-based Buffer Overflow in Vim prior to 8.2 Critical Out-of-bounds Read Vulnerability in Homebrew mruby prior to 3.2 Heap-based Buffer Overflow in Homebrew mruby 3.2 and earlier Critical Vulnerability: NULL Pointer Dereference in Homebrew mruby 3.2 and earlier Privilege Escalation in UpdraftPlus WordPress Plugin Allows Unauthorized Backup Download Unauthenticated Image Upload and CSRF Vulnerability in ThirstyAffiliates WordPress Plugin BIND 9.18.0 Denial of Service Vulnerability Critical Denial of Service Vulnerability in Lenovo Thin Installer Open Redirect Vulnerability in Pollbot (pollbot.services.mozilla.com) Versions < 1.4.6 CSRF Vulnerability in Packagist Microweber/Microweber (<=1.2.11) User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.7 Reflected Cross-Site Scripting in Pricing Table Builder WordPress Plugin Reflected Cross-Site Scripting in Popup Like Box WordPress Plugin Stored Cross-Site Scripting Vulnerability in JivoChat Live Chat WordPress Plugin Reflected Cross-Site Scripting in Bank Mellat WordPress Plugin Open Redirect Vulnerability in GitHub Repository PostHog/PostHog Prior to 1.34.1 via authorize_and_redirect/?redirect= Endpoint Use-After-Free Vulnerability in Linux Kernel MCTP Subsystem Allows Privilege Escalation Reflected Cross-Site Scripting in Bulk Creator WordPress Plugin Reflected Cross-Site Scripting in Team Circle Image Slider With Lightbox WordPress Plugin Unescaped Group Names in AdRotate WordPress Plugin: Cross-Site Scripting Vulnerability Arbitrary Code Execution Vulnerability in TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) Routers SQL Injection Vulnerability in WP Statistics WordPress Plugin Insecure Access Permissions in Confd Log Files Allow Offline Brute-Force Attacks on Password Hashes in Sophos UTM (Before Version 9.710) Cross-Site Scripting (XSS) Vulnerability in Profile Builder WordPress Plugin Unauthorized Access to Sensitive Data in GitHub Repository fgribreau/node-request-retry prior to 7.0.0 Arbitrary File Read Vulnerability in uDraw WordPress Plugin Unauthenticated SQL Injection in 5 Stars Rating Funnel WordPress Plugin Unauthenticated SQL Injection in CommonsBooking WordPress Plugin Unfiltered HTML Capability Bypass in Sync QCloud COS WordPress Plugin Sensitive Information Disclosure in Packagist microweber/microweber prior to 1.2.11 Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) Vulnerabilities in Ad Injection WordPress Plugin Cross-Site Scripting Vulnerability in AdRotate WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in PrintFriendly WordPress Plugin Hard-coded Cryptographic Key Vulnerability in Go github.com/gravitl/netmaker GitHub Repository Path Traversal Vulnerability in pimcore/pimcore (prior to 10.3.2) CRLF Injection Vulnerability in Microweber CMS (Packagist microweber/microweber) prior to 1.2.11 BIND 9.18.0 Vulnerability: Process Exit Triggered Title: Authentication Bypass and Privilege Escalation Vulnerability in JFrog Artifactory (CVE-XXXX-XXXX) Vulnerability: Denial of Service in dpdk due to Exhaustion of File Descriptors Openstack Manila Ceph File System Share Vulnerability Vulnerability in vscode-xml: Blind SSRF or DoS via Large File in Schema Download Insecure Redirect Vulnerability in LemMinX Prior to 0.19.0 Cache Poisoning Vulnerability in LemMinX (Versions Prior to 0.19.0) Allows Directory Traversal Cross-Site Scripting (XSS) Vulnerability in Kunze Law WordPress Plugin 2.1 Unmanaged Rule Vulnerability: Comment Collision Exploit Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.4 Length Parameter Inconsistency Vulnerability in Bitdefender Update Server and GravityZone Reflected Cross-Site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 Arbitrary File Disclosure and Potential Remote Code Execution in Narnoo Distributor WordPress Plugin Stored Cross-Site Scripting in Plezi WordPress Plugin (Versions before 1.0.3) CSRF Vulnerability in Simple Membership WordPress Plugin Allows Arbitrary Transaction Deletion Cross-Site Scripting (XSS) Vulnerability in Essential Addons for Elementor Lite WordPress Plugin Cross-Site Scripting Vulnerability in WP Home Page Menu WordPress Plugin Out-of-range Pointer Offset Vulnerability in vim/vim (CVE-2021-3770) User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.8 Arbitrary PHP File Upload Vulnerability in Amelia WordPress Plugin Critical Business Logic Vulnerability in Packagist microweber/microweber (<= 1.2.11) Multiple Use of One-Time Coupon Vulnerability in Packagist Microweber/Microweber Prior to 1.2.11 Reflected Cross-Site Scripting (XSS) Vulnerability in Packagist microweber/microweber prior to 1.2.11 User-Controlled Key Authorization Bypass in NPM url-parse prior to 1.5.9 Open Redirect Vulnerability in Rudloff/alltube prior to 3.0.1 Unauthenticated SQL Injection in Master Elements WordPress Plugin through 8.0 Unauthenticated SQL Injection in Advanced Booking Calendar WordPress Plugin Critical Denial of Service Vulnerability in radareorg/radare2 (prior to 5.6.4) Critical NULL Pointer Dereference Vulnerability in vim/vim (prior to 8.2.4428) Open Redirect Vulnerability in GitHub Repository archivy/archivy (prior to 1.7.0) Unauthenticated Account Takeover via XSS in Microweber 1.3.1's 'select-file' Parameter Double-Free Vulnerability in shapelib 1.5.0 and Older Releases Cross-Site Scripting Vulnerability in Simple Tracking WordPress Plugin Unfiltered HTML Capability Bypass in SEO 301 Meta WordPress Plugin Unfiltered HTML Capability Bypass in Petfinder Listings WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in GD Mylist WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Cross-Site Scripting Vulnerability in Easy Digital Downloads WordPress Plugin CSRF Vulnerability in Easy Digital Downloads WordPress Plugin Allows Arbitrary Note Insertion Email Address Disclosure Vulnerability in Mattermost 6.3.0 and Earlier Sensitive Data Disclosure Vulnerability in Booking Package WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Header Footer Code Manager Plugin for WordPress Denial of Service Vulnerability in HAProxy via Crafted HTTP Responses NULL Pointer Dereference Vulnerability in radareorg/radare2 (prior to 5.6.4) Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.4 Critical Heap-based Buffer Overflow in vim/vim: Patch Prior to 8.2.4436 Required Title: Arbitrary Behavior Change Vulnerability in APC Smart-UPS and SmartConnect Family Out-of-bounds Read Vulnerability in mruby/mruby (prior to 3.2) Improper Parsing in python-oslo-utils Allows Password Leakage in Debug Logs Reflected Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3 Insecure Appointment Management in Amelia WordPress Plugin Sensitive Information Leakage in Debugging Code in Microweber GitHub Repository Unauthorized Access to Sensitive Information in GitHub Repository ionicabizau/parse-url prior to 7.0.0 Reflected Cross-site Scripting (XSS) Vulnerability in Microweber CMS Insecure Storage of Sensitive Information in Microweber GitHub Repository Information Exposure Vulnerability in KeePass: Logging Plain Text Passwords in System Log Unauthenticated Access to GitHub Repository chocobozzz/peertube prior to 4.1.0 GitHub Repository Access Control Vulnerability in chocobozzz/peertube prior to version 4.1.0 Cross-Site Scripting Vulnerability in Easy Smooth Scroll Links WordPress Plugin Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 8.2.4440) LDAP Authentication Bypass Vulnerability in Cacti IDOR Vulnerability in Dolibarr GitHub Repository IDOR Vulnerability Exposes Backend Infrastructure of Mobile Device Monitoring Services Cross-Site Scripting Vulnerability in Zyxel Network Devices Information Disclosure Vulnerability in GitLab CE/EE Allows Unauthorized Access to Runner Registration Tokens Insecure Temporary File Vulnerability in mlflow/mlflow (prior to 1.23.1) Cross-Site Scripting Vulnerability in Text Hover WordPress Plugin GitLab Password Leakage Vulnerability Unauthenticated SQL Injection in BookingPress WordPress Plugin Unauthorized Closure of Asana Tasks via GitLab CE/EE Integration Environment Variable Theft via Email Address in GitLab CE/EE Memory Leak in ICMP6 Implementation in Linux Kernel 5.13+: Remote DoS via ICMP6 Packets Stored Cross-site Scripting (XSS) Vulnerability in Grav CMS GitHub Repository (getgrav/grav) Prior to Version 1.7.31 Arbitrary Email Sending Vulnerability in Like Button Rating WordPress Plugin Critical Business Logic Errors in Dolibarr GitHub Repository Prior to Version 16.0 Unauthenticated SQL Injection in Infographic Maker WordPress Plugin Arbitrary Code Execution Vulnerability in post-loader Package Unrestricted Payload Injection in SinGooCMS.Utility Socket Client Cross-Site Scripting Vulnerability in Photoswipe Masonry Gallery WordPress Plugin Misleading Snippet Content Vulnerability in GitLab CE/EE Cross-site Scripting (XSS) Vulnerability in GitHub Repository hestiacp/hestiacp prior to 1.5.9 Reflected Cross-site Scripting (XSS) Vulnerability in Hestia Control Panel (HestiaCP) Critical SQL Injection Vulnerability in SuiteCRM (salesagility/suitecrm) prior to 7.12.5 Unauthenticated Access to GitHub Repository in SuiteCRM prior to 7.12.5 Unauthenticated Access to GitHub Repository in SuiteCRM prior to 7.12.5 SQL Injection Vulnerability in Rapid7 Nexpose Versions 6.6.93 and Earlier Reflected Cross-Site Scripting Vulnerability in Rapid7 Nexpose Versions 6.6.129 and Earlier Kubeclient Vulnerability: Man-in-the-Middle Attacks via Misconfigured kubeconfig Files Unauthenticated SQL Injection in Simple Link Directory WordPress Plugin GitHub Repository Authorization Vulnerability in Microweber Prior to 1.3 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository microweber/microweber prior to 1.3 Arbitrary Command Injection in Strapi GitHub Repository (prior to 4.1.0) Stored Cross-Site Scripting (XSS) Vulnerability in Loco Translate WordPress Plugin SSRF Vulnerability in janeczku/calibre-web prior to 0.6.17 SSRF Vulnerability in janeczku/calibre-web prior to 0.6.17 Critical SSRF Vulnerability in GitHub Repository rudloff/alltube prior to 3.0.2 SQL Injection in Users Ultra WordPress Plugin CSRF Vulnerability and Information Disclosure in Translate WordPress with GTranslate WordPress Plugin Unauthenticated SQL Injections in SiteSuperCharger WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in LibreNMS GitHub Repository SQL Injection Vulnerability in Documentor WordPress Plugin Arbitrary Comment Deletion Vulnerability in WooCommerce WordPress Plugin DOM-based Cross-site Scripting (XSS) Vulnerability in hakimel/reveal.js prior to 4.3.0 Insecure Password Recovery Mechanism in GitHub Repository Microweber/Microweber Prior to 1.3 Denial of Service Vulnerability in OpenSSL's BN_mod_sqrt() Function Path Traversal Vulnerability in User Meta WordPress Plugin CSRF Nonce Verification Bypass and Cross-Site Scripting Vulnerability in SearchIQ WordPress Plugin SQL Injection Vulnerability in Nirweb Support WordPress Plugin Unauthenticated SQL Injection in Donations WordPress Plugin (Versions 1.8 and below) Unauthenticated SQL Injections in Multiple Shipping Address Woocommerce WordPress Plugin Unauthenticated SQL Injection in Experiments Free WordPress Plugin (before 9.0.1) via wpex_titles AJAX Action Unauthenticated SQL Injection in Daily Prayer Time WordPress Plugin Unsanitized Parameter SQL Injection in KiviCare WordPress Plugin Unsanitized Parameters in Limit Login Attempts WordPress Plugin Allow SQL Injections SQL Injection Vulnerability in WP Fundraising Donation and Crowdfunding Platform WordPress Plugin Heap Buffer Overflow in ANGLE in Google Chrome: Remote Code Execution Vulnerability Use After Free Vulnerability in Cast UI in Google Chrome Remote Code Execution Vulnerability in Google Chrome Omnibox Heap Corruption Vulnerability in ANGLE in Google Chrome Use After Free Vulnerability in Google Chrome Prior to 99.0.4844.51 via Malicious Extension Use After Free Vulnerability in Google Chrome WebShare Type Confusion Vulnerability in Blink Layout Engine Remote Code Execution Vulnerability in Google Chrome Media (CVE-2022-12345) Out of Bounds Memory Write Vulnerability in Mojo in Google Chrome Use After Free Vulnerability in MediaStream in Google Chrome Local Privilege Escalation via Crafted Offline Installer File in Google Chrome on Windows Heap Buffer Overflow in Cast UI in Google Chrome HTML Parser Vulnerability in Google Chrome Allows XSS Bypass (Medium Severity) Omnibox Content Hiding Vulnerability in Google Chrome for Android Remote Code Execution via Omnibox Tampering in Google Chrome Omnibox Content Hiding Vulnerability in Google Chrome for Android Use After Free Vulnerability in Google Chrome Browser Switcher Cross-Origin Data Leak in Canvas via Screen Sharing in Google Chrome Autofill Bypass Vulnerability in Google Chrome (prior to 99.0.4844.51) Use After Free Vulnerability in Chrome OS Shell in Google Chrome on Chrome OS WebXR Heap Corruption Vulnerability in Google Chrome CRI-O Container Escape and Arbitrary Code Execution Vulnerability NFS over RDMA Information Leak Vulnerability Information Disclosure Vulnerability in PhpMyAdmin 5.1.1 and Earlier SQL Injection Vulnerability in Ubigeo de Perú para Woocommerce WordPress Plugin Improper Access Control Vulnerability in McAfee WebAdvisor Chrome and Edge Browser Extensions SQL Injection vulnerability in BadgeOS WordPress Plugin through 3.7.0 Unauthenticated XSS Injection in WooCommerce Affiliate Plugin WordPress Plugin Code Injection Vulnerability in Dolibarr Prior to 15.0.1 Stored Cross-site Scripting (XSS) Vulnerability in Orchard Core CMS GitHub Repository OrchardCMS/OrchardCore Prior to 1.3.0 Improper Authorization Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in Orchard Core CMS Timing Side-Channel Attack Vulnerability in Zyxel GS1200 Series Switches Remote Code Execution Vulnerability in GitHub Repository Webmin/Webmin (prior to 1.990) Insecure Appointment Management in Amelia WordPress Plugin SQL Injection Vulnerability in WP Video Gallery WordPress Plugin Unsanitized Parameters in Bestbooks WordPress Plugin: SQL Injection Vulnerability Unsecure Key Generation in Download Manager WordPress Plugin GitHub Repository Webmin/Webmin Prior to 1.990: Improper Authorization Vulnerability CSRF and XSS Vulnerabilities in FormBuilder WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.3.3 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.3.3 Unauthenticated Remote Backup Disclosure in Church Admin WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Amelia WordPress Plugin (Versions up to 1.0.46) ClearText Storage of Sensitive Information in AVEVA System Platform 2020 SQL Injection Vulnerability in SEMA API WordPress Plugin Amelia WordPress Plugin Unauthorized SMS Service Access Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in Hestia Control Panel (HestiaCP) XML External Entity (XXE) Vulnerability in liquibase/liquibase (prior to 4.8.0) Arbitrary JavaScript Injection in Easy Social Icons WordPress Plugin OS Command Injection in npm-lockfile v2.0.3 and v2.0.4 Blind SQL Injection Vulnerability in McAfee ePO Prior to 5.10 Update 13 Memory Corruption Vulnerabilities in Firefox 97: Potential Arbitrary Code Execution Critical Code Injection Vulnerability in pytorchlightning/pytorch-lightning (prior to 1.6.0) SQL Injection Vulnerability in SpeakOut! Email Petitions WordPress Plugin Privilege Escalation Vulnerability in Linux Kernel's Pipe Buffer Initialization OS Command Injection in part-db/part-db prior to 0.5.11 Title: Use After Free Vulnerability in r_reg_get_name_idx in radare2 prior to 5.6.6 Linux Kernel Vulnerability: Information Leak via ext4_extent_header to Userspace Exposure of Activation Key via Command Line in convert2rhel Vulnerability: Password Exposure in convert2rhel Memory Leak Vulnerability in JBoss-client with UserTransaction Linux Kernel DMA_FROM_DEVICE Memory Leak Vulnerability Path Equivalence Vulnerability in GitHub Repository microweber-dev/whmcs_plugin prior to 0.0.4 Divide By Zero Vulnerability in libcaca's img2txt Leads to Denial of Service Reflected Cross-Site Scripting (XSS) Vulnerability in McAfee ePO Prior to 5.10 Update 13 Cross-Site Scripting (XSS) Vulnerability in McAfee ePO Allows Session Hijacking Arbitrary SQL Server Pointing Vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) GitHub Repository Cobbler/Cobbler Prior to 3.3.2: Improper Authorization Vulnerability XML Extended Entity (XXE) Vulnerability in McAfee ePO Prior to 5.10 Update 13 Password Change Vulnerability in McAfee ePolicy Orchestrator (ePO) API Arbitrary Code Execution via Custom Icon Pack Upload in WP SVG Icons WordPress Plugin Reflected Cross-Site Scripting (XSS) vulnerability in UpdraftPlus WordPress Backup Plugin before 1.22.9 Denial-of-Service Vulnerability in libtiff 4.3.0 via Crafted TIFF File Concurrency Issue in EJBComponent's RunAs Principal Handling SQL Injection Vulnerability in Pricing Table WordPress Plugin Open Redirect Vulnerability in GitHub Repository medialize/uri.js (<= 1.19.10) Open Redirect Vulnerability in GitHub Repository nitely/spirit prior to 0.12.3 Critical SSRF Vulnerability in gogs/gogs Prior to 0.12.5 Unauthenticated Access Control Vulnerability in Gogs Repository Cross-Site Scripting Vulnerability in Gmedia Photo Gallery WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WP Social Buttons WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Google Authenticator WordPress Plugin Cross-Site Scripting Vulnerability in Social Comments by WpDevArt WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in bookstackapp/bookstack prior to v22.02.3 Brokenwire: Disrupting Electric Vehicle Charging with Wireless Attacks Reflected Cross-Site Scripting in Caldera Forms WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository star7th/showdoc prior to 2.10.2 GitHub Repository Exposes Sensitive Information: chocobozzz/peertube (prior to 4.1.1) Kernel Log Exposure Vulnerability in Fuchsia OS Windows Unquoted/Trusted Service Paths Security Issue in SLM: Patch Required for Versions 9.x.x Prior to 9.20.1 Unsanitized Form Fields in Profile Builder WordPress Plugin Allow Cross-Site Scripting Attacks Arbitrary PHP Function Execution Vulnerability in Member Hero WordPress Plugin SQL Injection Vulnerability in Easy Social Icons WordPress Plugin Arbitrary File Upload Vulnerability in Ninja Forms - File Uploads Extension WordPress Plugin (Versions up to 3.3.0) Reflected Cross-Site Scripting Vulnerability in Ninja Forms - File Uploads Extension WordPress Plugin NULL Pointer Dereference Vulnerability in mruby/mruby (prior to version 3.2) Heap Buffer Overflow in libtiff Library Version 4.3.0 Reflected Cross-Site Scripting in Export All URLs WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Static Code Injection in Microweber CMS prior to version 1.3 Template Injection Vulnerability in GitHub repository microweber/microweber prior to 1.3 Concurrency Vulnerability in libvirt nwfilter Driver Stored Cross-Site Scripting Vulnerability in IgniteUp WordPress Plugin Reflected Cross-Site Scripting in Header Footer Code Manager WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in NetDataSoft DivvyDrive Reflected Cross-Site Scripting in Ad Inserter WordPress Plugin (Versions before 2.7.12) Arbitrary Code Execution Vulnerability in ABB Flow Computer and Remote Controller Products SAML Login Feature Call Stack Overflow Vulnerability in Mattermost Server (Versions up to 6.3.2) Stack Overflow Vulnerability in Mattermost Server Document Extractor Allows Server Crash via Malicious Apple Pages Document Missing Authorization in GitHub Repository go-gitea/gitea Prior to 1.16.4: Unauthorized Access Vulnerability Unrestricted File Upload Vulnerability in Microweber GitHub Repository (prior to version 1.1.12) Leads to Stored XSS Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 Denial of Service Vulnerability in libtiff's TIFFFetchNormalTag() Function Denial-of-Service Vulnerability in libtiff 4.3.0 via Divide By Zero Error in tiffcrop Downgrade Attack Vulnerability in Zyxel Firewall Firmware: Bypassing Two-Factor Authentication for IPsec VPN Server Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.4.0 Unrestricted File Upload Vulnerability in Microweber Prior to 1.2.11 Integer Overflow or Wraparound in Microweber prior to 1.3 CSRF Vulnerability in Export All URLs WordPress Plugin Allows Unauthorized Export of Posts and Pages Title: Logitech Sync for Windows TOCTOU Race Condition Vulnerability Allows Privilege Escalation CSRF Vulnerability in Logitech Options OAuth 2.0 Authentication Denial of Service Vulnerability in 389 Directory Server Unauthenticated User Data Leakage in Salon Booking System WordPress Plugins Unauthenticated Access Vulnerability in Salon Booking System WordPress Plugins Remote Code Execution via Backup/Restore Feature in GitHub Repository Microweber/Microweber (<=1.2.12) Critical System Functionality Vulnerability: Lack of Authentication Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Out-of-bounds Read Vulnerability in libtiff 4.3.0's tiffcp Allows Denial-of-Service Stored XSS vulnerability in GitHub repository microweber/microweber prior to version 1.2.12 due to file upload filter bypass Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.2.12 Cross-Site Scripting (XSS) Vulnerability in Dynamic Text Module of Microweber Prior to 1.2.11 Stored XSS vulnerability in GitHub repository microweber/microweber prior to version 1.2.12 due to file upload filter bypass Unauthenticated Access to GitHub Repository in Saleor Prior to 3.1.2 Denial of Service Vulnerability in dnsmasq Critical Host Header Injection Vulnerability in GitHub Repository livehelperchat/livehelperchat Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository autolab/autolab prior to 2.8.0 Stored XSS Vulnerability in showdoc through File Upload in GitHub Repository star7th/showdoc prior to 2.10.4 Stored XSS via File Upload in GitHub Repository Star7th/Showdoc Prior to v2.10.4 SSRF Vulnerability in janeczku/calibre-web prior to 0.6.18 Stored XSS in GitHub repository star7th/showdoc prior to v2.10.4 due to Unrestricted File Upload Stored XSS in GitHub repository star7th/showdoc prior to v2.10.4 due to Unrestricted File Upload Stored XSS Vulnerability in GitHub Repository star7th/showdoc prior to version 2.10.4 Heap-based Buffer Overflow in vim prior to 8.2.4563 Remote Code Execution (RCE) via Template Injection in GitHub Repository sqlpad/sqlpad prior to 6.10.1 Stored XSS and File Upload Vulnerability in star7th/showdoc (GitHub Repository) Stored XSS via CSHtml file upload in GitHub repository star7th/showdoc prior to v2.10.4 Remote Exploitation of ABB ARG600 Wireless Gateway Series via Serial Port Access SQL Injection Vulnerability in Order Listener for WooCommerce WordPress Plugin SQL Injection in Block Bad Bots WordPress Plugin (Version 6.930) Unrestricted File Upload Vulnerability in GitHub Repository star7th/showdoc prior to 2.10.4 Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4 Unauthenticated Remote Code Execution in Sitemap by click5 WordPress Plugin Reflected Cross-Site Scripting in Anti-Malware Security and Brute-Force Firewall WordPress Plugin Stored XSS Vulnerabilities in Microweber Prior to Version 1.2.11 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/data-hub prior to 1.2.4 Stored XSS via File Upload in GitHub Repository Star7th/Showdoc (prior to v.2.10.4) Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4 Unfiltered HTML Capability Bypass in Mark Posts WordPress Plugin (CVE-2021-XXXX) CSRF Exploit Allows Unauthorized File Upload in pgAdmin Stored XSS via .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4 Denial of Service (DoS) Vulnerability in Microweber Application (GitHub Repository microweber/microweber prior to 1.2.12) Stored XSS vulnerability in GitHub repository star7th/showdoc prior to version 2.10.4 via .webma file upload Unrestricted XML Files Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.12 Stored XSS vulnerability in GitHub repository star7th/showdoc prior to version 2.10.4 via .webmv file upload Stored XSS vulnerability in GitHub repository star7th/showdoc prior to version 2.10.4 via .ofd file upload Stored XSS via File Upload in star7th/showdoc Stored XSS via File Upload in star7th/showdoc Denial of Service (DoS) Vulnerability in Microweber Application Cross-Site Scripting (XSS) Vulnerability in Optimole WordPress Plugin Stored Cross-site Scripting (XSS) Vulnerability in Grav CMS GitHub Repository (getgrav/grav) prior to version 1.7.31 Use After Free Vulnerability in Blink Layout in Google Chrome on Android Critical Use After Free Vulnerability in Google Chrome Extensions Remote Code Execution Vulnerability in Google Chrome's Safe Browsing (CVE-2022-XXXX) Use After Free Vulnerability in Splitscreen in Google Chrome on Chrome OS ANGLE Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in GPU in Google Chrome: Remote Code Execution Vulnerability Use After Free Vulnerability in Google Chrome Browser UI on Chrome OS ANGLE Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Safe Browsing in Google Chrome on Android Heap Corruption Vulnerability in Google Chrome New Tab Page (Versions prior to 99.0.4844.74) Quarkus RestEasy Reactive Vulnerability: Privilege Escalation via State Leakage Memory Corruption Vulnerability in telnet_input_char Function SQL Injection Vulnerability in Badges Code: Restricted Access to Configuration Criteria Misconfiguration of Badge Criteria Allows Unauthorized Profile Field Access Vulnerability: Insufficient Capability Checks Allow Unauthorized User Deletion Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository Hestiacp/Hestiacp Prior to 1.5.11 Time-based File Existence Disclosure Vulnerability in PackageKit Cleartext Transmission Vulnerability in Delta Electronics DIAEnergie (Version 1.7.5 and prior) NS WooCommerce Watermark WordPress Plugin Allows Malicious Image Loading and Domain Hiding SSRF Vulnerability in janeczku/calibre-web prior to 0.6.18 Insufficient Session Expiration in Admidio GitHub Repository Authentication Bypass Vulnerability in SiteGround Security Plugin for WordPress Authentication Bypass Vulnerability in SiteGround Security Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Hummingbird WordPress Plugin before 3.3.2 Linux Kernel Watch_Queue Event Notification Subsystem Out-of-Bounds Memory Write Vulnerability Exploitable Vulnerability in 389 Directory Server Allows Expired Passwords to Bypass Authentication Arbitrary Command Execution Vulnerability in Fidelis Network and Deception Components Integer Overflow Vulnerability in Linux Kernel's virtio Device Driver Arbitrary OS Command Injection Vulnerability in mySCADA myPRO Versions 8.25.0 and Prior GitHub Repository Path Traversal Vulnerability in tinyfilemanager prior to 2.4.7 Unsanitized WordPress Target Version Settings in WP Downgrade Plugin Allow Cross-Site Attacks HTML Injection in Mattermost Email Invitations Privilege Escalation Vulnerability in Mattermost API Unintended Display of Accounted Time in Ticket Detail View Cross-Site Scripting (XSS) Vulnerability in WP Statistics WordPress Plugin SQL Injection Vulnerability in Advanced Booking Calendar WordPress Plugin Reflected Cross-Site Scripting in Advanced Booking Calendar WordPress Plugin Arbitrary File Upload Vulnerability in One Click Demo Import WordPress Plugin Reflected Cross-Site Scripting in Smush WordPress Plugin 3.9.9 Stored Cross-Site Scripting Vulnerability in Login using WordPress Users Plugin Use-After-Free Vulnerability in Linux Kernel's FUSE Filesystem Allows Privilege Escalation TCP Source Port Generation Algorithm Vulnerability Blind SQL Injection Vulnerability in Personal Dictionary WordPress Plugin SQL Injection Vulnerability in WP Contacts Manager WordPress Plugin Out-of-Bounds Write Vulnerability in Linux Kernel's nf_tables_api.c Use-after-free vulnerability in nf_tables_core.c allows local attackers to cause a kernel information leak XML External Entity (XXE) Vulnerability in Dynamic Link Library (DLL) Allows Data Leakage Open Redirection Vulnerability in Automated Logic's WebCtrl Server Version 6.1 'Help' Index Pages Arbitrary Function Call Vulnerability in wooproducttable WordPress Plugin GitHub Repository Vulnerability: Insecure Storage of Sensitive Information in chatwoot/chatwoot (prior to 2.6.0) Stored Cross-site Scripting (XSS) Vulnerability in Chatwoot GitHub Repository (prior to 2.5.0) SQL Injection Vulnerability in Podcast Importer SecondLine WordPress Plugin Improper Access Control Vulnerability in Argo CD v1.0.0 and above Sensitive User Information Exposed in Kyocera Multifunction Printer Address Book Export Vulnerability Stored Cross-Site Scripting Vulnerability in Page Restriction WordPress Plugin Cross-Site Scripting Vulnerability in WordPress Security Firewall Plugin Unsanitized Settings in Limit Login Attempts WordPress Plugin: Cross-Site Scripting Vulnerability Command Injection Vulnerability in Okta Advanced Server Access Client for Linux and macOS Use After Free Vulnerability in op_is_set_bp in radareorg/radare2 prior to 5.6.6 GitHub Repository Crater-Invoice/Crater Prior to 6.0.6: Insecure Deserialization of Unvalidated Module File Vulnerability Unrestricted File Upload Vulnerability in GitHub Repository Crater-Invoice/Crater Prior to 6.0.6 Unrestricted File Upload Vulnerability in ShowDoc v2.10.3 Segmentation Fault Vulnerability in MP4Box -lsr (gpac/gpac) prior to 2.1.0-DEV Account Creation Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.12 Blind SSRF Vulnerability in EXMAGE WordPress Plugin HP Jumpstart Software Vulnerability: Privilege Escalation Risk Vulnerability: Weak Passwords Enable Unauthorized Access and Privilege Escalation Remote Code Execution Vulnerability in Sophos Firewall v18.5 MR3 and Older Zephyr Bluetooth Mesh Core Stack Out-of-Bound Write Vulnerability during Provisioning Zephyr Bluetooth Mesh Core Stack Out-of-Bound Write Vulnerability during Provisioning Local Privilege Escalation Vulnerability in Linux Kernel's io_uring Implementation Insecure Storage of Profile Images in GitHub Repository: A Sensitive Data Exposure Vulnerability Stored XSS via .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0 Cross-Site Scripting Vulnerability in Visual Form Builder WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Themify Post Type Builder Search Addon WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's Sound Subsystem Allows Privilege Escalation Pacemaker Configuration Tool (pcs) Allows Login for Expired Accounts and Passwords Use-after-free vulnerability in QEMU implementation of VMWare's paravirtual RDMA device Cross-Site Scripting Vulnerability in WPQA Builder Plugin Heap Buffer Overflow in iterate_chained_fixups in radareorg/radare2 prior to 5.6.6 Insecure Agent Registrar Data Validation in Keylime Unauthenticated Data Leakage in RSVP and Event Management Plugin WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's tc_new_tfilter Allows Privilege Escalation Out-of-bounds Read Vulnerability in libtiff 4.3.0 Unauthenticated SQL Injection in Pricing Deals for WooCommerce WordPress Plugin Open Redirect Vulnerability in GitHub Repository go-gitea/gitea prior to 1.16.5 Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server Heap Buffer Overflow in parseDragons in radareorg/radare2 prior to 5.6.8 Cross-Site Scripting Vulnerability in th23 Social WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Thank Me Later WordPress Plugin SQL Injection Vulnerability in ForkCMS Prior to 5.11.1: Bulk Comment Spam Marking Authentication Bypass Vulnerability in Abacus ERP Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server Unauthenticated Access to Lab Reports via URL Manipulation Stack-Based Buffer Overflow in Modbus Slave Registration Field Denial-of-Service Vulnerability in Softing Secure Integration Server V1.22 Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server User-after-free vulnerability in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2 Critical Privilege Escalation Vulnerability in Automatic Question Paper Generator 1.0 HTML Injection Vulnerability in TEM FLEX-1085 1.6.0 WiFi Settings Dashboard Persistent Cross Site Scripting Vulnerability in College Website Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Automatic Question Paper Generator System 1.0 Information Disclosure Vulnerability in TEM FLEX-1080 and FLEX-1085 1.6.0 Critical SQL Injection Vulnerability in SourceCodester College Website Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester One Church Management System Critical SQL Injection Vulnerability in SourceCodester One Church Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Microfinance Management System 1.0 Critical SQL Injection Vulnerability in SourceCodester Microfinance Management System 1.0 Login Page Critical SQL Injection Vulnerability in Microfinance Management System Critical Authentication Bypass Vulnerability in SourceCodester One Church Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in CLTPHP up to 6.0 Cross-Site Scripting (XSS) Vulnerability in DolphinPHP User Management Page Persistent Cross-Site Scripting Vulnerability in htmly 5.3 Edit Profile Module Stored Cross-Site Scripting Vulnerability in Page Security & Membership WordPress Plugin Stored Cross-Site Scripting Vulnerability in Bulk Edit and Create User Profiles WordPress Plugin Stored Cross-Site Scripting Vulnerability in Good & Bad Comments WordPress Plugin Bypassing Sanitisation in Safe SVG WordPress Plugin Allows for XSS and XML Attacks Unauthenticated User Enumeration in myCred WordPress Plugin Arbitrary JavaScript Injection in WP Meta SEO WordPress Plugin Stored Cross-Site Scripting Vulnerability in amr users WordPress Plugin Stored Cross-Site Scripting Vulnerability in Mihdan WordPress Plugin Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Use-after-free vulnerability in NSSToken objects in Thunderbird and Firefox Privilege Escalation Vulnerability in Delta Electronics DIAEnergie (Versions prior to 1.8.02.004) Tag Overload Vulnerability in GitLab CE/EE: Performance Impact via Excessive Tag Addition Exponential Backtracking DOS Vulnerability in GitLab CE/EE Critical Remote Authentication Bypass Vulnerability in SourceCodester Royale Event Management System 1.0 (VDB-195785) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Royale Event Management System 1.0 Arbitrary File Upload Vulnerability in Advanced Uploader WordPress Plugin Stored Cross-Site Scripting Vulnerability in Popup Maker WordPress Plugin Unauthorized Access to Pipeline Analytics in GitLab CE/EE Versions 13.11 to 14.9.2 Use After Free Vulnerability in mrb_vm_exec in mruby/mruby (prior to 3.2) ThinkPad Models Vulnerable to Code Execution Exploit via SmmOEMInt15 SMI Handler Local Privilege Escalation Vulnerability in LenovoFlashDeviceInterface on Thinkpad X1 Fold Gen 1 Default permissions vulnerability in Lenovo Leyun cloud music application allows denial of service. Buffer Overflow Vulnerability in Lenovo Smart Standby Driver Incorrect User Display in Project Import Vulnerability Stored Cross-Site Scripting Vulnerability in Autolinks WordPress Plugin Stored Cross-Site Scripting Vulnerability in Florist One WordPress Plugin Heap-Use-After-Free Vulnerability in ImageMagick's RelinquishDCMInfo() Function Heap-buffer-overflow vulnerability in ImageMagick's PushShortPixel() function Integer Overflow or Wraparound Vulnerability in io_uring of Linux Kernel Allows Local Privilege Escalation to Root Vulnerability in fapolicyd: Pattern Detection Failure in Runtime Linker Arbitrary Code Execution via Deserialization in Connected Components Workbench Arbitrary File Download Vulnerability in Simple File List WordPress Plugin Sensitive Information Exposure in GitLab CI/CD Configuration Include Directive Failure Unlimited Resource Consumption Vulnerability in GitLab Pages Denial of Service Vulnerability in openjpeg2 2.4.0 SQL Injection Vulnerability in Leaflet Maps Marker WordPress Plugin Improper Authorization Vulnerability in GitLab CE/EE Allows Unauthorized Access to Job Trace Logs Use After Free Vulnerability in Portals in Google Chrome Use After Free Vulnerability in Google Chrome QR Code Generator Cross-Origin Data Leakage in Web Share API in Google Chrome on Windows Omnibox Spoofing Vulnerability in Google Chrome on Android Arbitrary Intent Injection in WebOTP on Google Chrome for Android Use After Free Vulnerability in Cast UI in Google Chrome Local Bypass of Navigation Restrictions via Physical Access in Google Chrome Virtual Keyboard WebRTC Perf Use After Free Vulnerability in Google Chrome Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 100.0.4896.60) Heap Corruption Vulnerability in Google Chrome Shopping Cart Use After Free Vulnerability in Google Chrome Tab Strip Information Leakage Vulnerability in Google Chrome Extensions Obscuring Omnibox Contents Vulnerability in Google Chrome Cross-Origin Data Leakage in Background Fetch API in Google Chrome Heap Corruption Exploit via User Gesture in Google Chrome File Manager Heap Buffer Overflow in Google Chrome WebUI via DevTools Interaction Heap Buffer Overflow in Google Chrome WebUI via DevTools Interaction Use After Free Vulnerability in Google Chrome WebUI Allows Remote Code Execution Use After Free Vulnerability in Google Chrome Extensions Cross-Origin Data Leakage in Resource Timing in Google Chrome Unauthorized Access Token Theft in GitLab Pages Reflected Cross-Site Scripting in Menubar WordPress Plugin Cross-Site Scripting Vulnerability in LayerSlider WordPress Plugin Title: Use After Free Vulnerability in utf_ptr2char Function in Vim Prior to 8.2.4646 Session Hijacking Vulnerability in Snipe-IT GitHub Repository Prior to 5.3.10 Unfiltered HTML Capability Bypass in Books & Papers WordPress Plugin Sensitive Data Leakage through Exception Logging in GitLab CE/EE KVM Vulnerability: Privilege Escalation and Kernel Corruption via Page Table Entry Manipulation Undetectable Code Injection Vulnerability in Rockwell Automation Studio 5000 Logix Designer Heap Buffer Overflow in get_one_sourceline in Vim/Vim (CVE-2021-3770) Code Modification Vulnerability in Studio 5000 Logix Designer Hardcoded Password Vulnerability in GitLab CE/EE Versions 14.7-14.9.2 Stored Cross-site Scripting (XSS) Vulnerability in mineweb/minewebcms Repository Reflected XSS Vulnerabilities in Wyzi Theme's Business Search Feature IP Spoofing Vulnerability in Blackhole for Bad Bots WordPress Plugin Vulnerability: Directory Listing Exposes Personal Data in JobMonster Theme Unauthenticated Reflected XSS Vulnerabilities in CareerUp WordPress Theme Cross-Site Scripting Vulnerability in JobSearch WP JobSearch WordPress Plugin Careerfy XSS Vulnerability: Exploiting Cross-Site Scripting in the Platform Unsanitized GET Requests in JobMonster WordPress Theme: XSS Vulnerability Reflected Cross-Site Scripting in Vertical Scroll Recent Post WordPress Plugin Null Pointer Dereference Vulnerability in gpac/gpac prior to 2.1.0-DEV Stored XSS Vulnerability in Grav GitHub Repository (prior to 1.7.33) Gitlab CE/EE DoS Vulnerability: High CPU Usage via Crafted Input XSS Vulnerability in GitLab CE/EE Versions 14.4 - 14.9.2 Multiple Endpoints in GitHub Repository livehelperchat/livehelperchat Prior to 3.96 Vulnerable to IDOR Due to Loose Comparison Unauthenticated User Can Download Patient Reports in openemr Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4: A Potential Security Breach Stored Cross-Site Scripting Vulnerability in GitHub Repository openemr/openemr prior to 6.0.0.4 Reflected Cross Site Scripting Vulnerability in GitHub Repository openemr/openemr prior to 6.0.0.4 Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2: A Potential Security Breach SQL Injection Vulnerability in Visual Slide Box Builder WordPress Plugin Assertion Failure in BIND Daemon due to HTTP Reference in listen-on Statements Use-After-Free Vulnerability in Linux Kernel's fs/ext4/namei.c:dx_insert_block() RDoc File Denial of Service Vulnerability in GitLab CE/EE Be POPIA Compliant WordPress Plugin Exposes Sensitive User Information to Unauthenticated Users Reflected Cross-Site Scripting Vulnerability in WordPress WP YouTube Live Plugin (up to version 1.7.21) via POST Data in ~/inc/admin.php Blind SSRF Vulnerability in GitLab CE/EE Repository Mirroring Feature Unauthorized User Access to Private Project Approval Rules in GitLab CE/EE Stored XSS vulnerability in GitLab CE/EE versions 8.3 to 14.9.2 via multi-word milestone references. SSRF Vulnerability in livehelperchat/livehelperchat prior to 3.96 Reflected Cross-Site Scripting in Turn off all comments WordPress Plugin GitLab CE/EE Privilege Escalation via Merge Requests CSV Injection Vulnerability in Mobile Events Manager WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's drivers/net/hamradio Allows for Denial of Service Use-after-free vulnerability in Thunderbird and Firefox ESR versions < 91.8 Revocation Reason Bypass Vulnerability in Thunderbird < 91.8 Use-After-Free Vulnerability in Linux Kernel's 6pack Driver Allows for Kernel Crash Linux Kernel Vulnerability: Amateur Radio Simulation Exploits Null-Ptr-Deref and Use-After-Free NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby prior to 3.2 CSV Injection Vulnerability in WP-CRM WordPress Plugin Arbitrary Blog Option Modification Vulnerability in Content Mask WordPress Plugin Linux Kernel Amateur Radio AX.25 Protocol Use-After-Free Vulnerability Linux Kernel AX.25 Protocol: Local User Crash Vulnerability GitHub Repository radareorg/radare2 Out-of-Bounds Read Vulnerability Stored Cross-Site Scripting Vulnerability in Ultimate Member WordPress Plugin Arbitrary Redirect Vulnerability in Ultimate Member WordPress Plugin (Versions up to 2.3.1) Denial of Service Vulnerability in LibTIFF 4.3.0's TIFF File Handler Critical Stack-Based Overflow Vulnerability in tildearrow Furnace dev73 FUR to VGM Converter Use-After-Free Vulnerability in str_escape in mruby/mruby GitHub Repository SSRF Filter Bypass Vulnerability in livehelperchat/livehelperchat (prior to 3.67v) Libinput Format String Vulnerability Reflected Cross-Site Scripting in Advanced Image Sitemap WordPress Plugin Reflected Cross-Site Scripting in Custom TinyMCE Shortcode Button WordPress Plugin Reflected Cross-Site Scripting in Domain Replace WordPress Plugin SQL Injection Vulnerability in RecyclebinController.php in Pimcore Prior to 10.3.5: Data Theft Potential Reflected Cross-Site Scripting in FoxyShop WordPress Plugin (before 4.8.2) Reflected Cross-Site Scripting in Gwyn's Imagemap Selector WordPress Plugin Infinite Loop Vulnerability in gpac/gpac Prior to 2.1.0-DEV GitHub Repository Authorization Vulnerability in phpipam/phpipam prior to 1.4.6 GitHub Repository phpipam/phpipam Prior to 1.4.6: Improper Authorization Vulnerability Privilege Escalation in phpipam/phpipam prior to 1.4.6 Privilege Escalation Vulnerability in Podman Allows Unauthorized Access to Host Filesystem Opensea WordPress Plugin 1.0.3 Cross-Site Scripting Vulnerability Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.2.034 via Malicious IFC Files Arbitrary Code Execution via Redirection Vulnerability in Samsung Galaxy S21 (ZDI-CAN-15918) Stored XSS via Embedded SVG in PlantUML GitHub Repository Type Confusion Vulnerability in V8 in Google Chrome prior to 100.0.4896.75 URL Confusion Vulnerability in GitHub repository medialize/uri.js prior to 1.19.11 Cross-Site Scripting (XSS) Vulnerability in livehelperchat/livehelperchat prior to 3.97 Brute-Force Vulnerability in livehelperchat/livehelperchat Repository (prior to 3.96) Insecure Password Policy in GitHub Repository weseek/growi prior to v5.0.0 Heap Buffer Overflow in radareorg/radare2 prior to 5.6.8 Heap Overflow Vulnerability in libr/bin/format/ne/ne.c in radareorg/radare2 (prior to version 5.6.8) Unvalidated Proxy URL in HubSpot WordPress Plugin Allows SSRF Attacks Heap Buffer Overflow in mach0.c in radare2 (GitHub repository radareorg/radare2) prior to version 5.8.6 Reflected Cross-Site Scripting Vulnerability in Ask me WordPress Theme before 6.8.2 Invalid Protocol Extraction Vulnerability in GitHub Repository Medialize/uri.js (prior to 1.19.11) Allows XSS Heap Buffer Overflow in radareorg/radare2: Inducing Denial of Service Token Exchange Privilege Escalation Vulnerability in Keycloak Race Condition in rose_connect() Function of Linux Kernel Critical Unauthenticated Account Creation Vulnerability in SAP Information System 1.0 NULL Pointer Dereference Vulnerability in pesign's cms_set_pw_data() Function Reflected Cross-Site Scripting in LifterLMS PayPal WordPress Plugin Unauthenticated Profile Information Modification in Ask me WordPress Theme Weak Encryption Algorithm in gnuboard/gnuboard5 (<= 5.5.5) Allows Sensitive Information Exposure Heap-based Buffer Overflow in libde265 1.0.8 and earlier versions URL Redirection Vulnerability in Skyhigh SWG Stored Cross-Site Scripting Vulnerability in Import and Export Users and Customers WordPress Plugin Local Privilege Escalation Vulnerability in MA for Windows Prior to 5.7.6 through Manipulation of Symbolic Links Insecure Storage of Sensitive Information in MA for Linux, macOS, and Windows (prior to 5.7.6) Blind SQL Injection Vulnerability in ePolicy Orchestrator (ePO) Extension of MA Prior to 5.7.6 Undertow HTTP/2 Flow Control Vulnerability Privilege Escalation Vulnerability in Matrikon OPC Server Remote Command Injection Vulnerability in Protest Binary KVM Dirty Ring Support NULL Pointer Dereference Vulnerability Ignition Web Configuration Arbitrary Code Execution Vulnerability Unsanitized CAPTCHA Settings in BulletProof Security WordPress Plugin Allow for Cross-Site Scripting Attacks Cross-Site Scripting (XSS) Vulnerability in Post Grid, Slider & Carousel Ultimate WordPress Plugin Reflected Cross-Site Scripting in BMI BMR Calculator WordPress Plugin Reflected Cross-Site Scripting in Donate Extra WordPress Plugin Reflected Cross-Site Scripting in Fast Flow WordPress Plugin Heap Buffer Overflow Vulnerability in GraphicsMagick's MIFF Parsing Arbitrary File Write Vulnerability in GNU gzip's zgrep Utility Arbitrary File Upload Vulnerability in Import WP WordPress Plugin (CVE-2021-XXXX) Arbitrary HTML Injection in Keycloak's execute-actions-email Endpoint Unsanitized Settings in BannerMan WordPress Plugin Allows Cross-Site Scripting Attacks Out-of-bounds Read Vulnerability in mrb_get_args in mruby/mruby (GitHub Repository) Unauthenticated SQL Injection Vulnerability in Inavitas Solar Log Product WildFly Trace Payload Information Disclosure Vulnerability EBICS-Java/EBICS-Java-Client Encryption Vulnerability Race Condition Vulnerability in Linux Kernel's drm_lease_held Function SQL Injection Vulnerability in Photo Gallery WordPress Plugin Reflected Cross-Site Scripting (XSS) in Photo Gallery by 10Web WordPress Plugin NULL Pointer Dereference in r_bin_ne_get_entrypoints function Heap-use-after-free vulnerability in radareorg/radare2 prior to 5.6.8 leading to denial of service Critical SSRF Vulnerability in gogs/gogs Prior to 0.12.8 Heap Buffer Overflow in mrb_vm_exec in mruby/mruby Critical Privilege Escalation Vulnerability in School Club Application System 1.0 Reflected Cross-Site Scripting Vulnerability in School Club Application System 1.0 Incomplete Fix of CVE-2022-1211 in tildearrow Furnace: Remote Denial of Service Vulnerability Stored XSS in Name, Group Name & Title in GitHub repository polonel/trudesk prior to v1.2.0 Cross-Site Scripting (XSS) Vulnerability in hhurz/tableexport.jquery.plugin prior to 1.25.0: Cookie Leakage and Data Transmission to Third-Party Servers Command Injection Vulnerability in c_rehash Script Bypassing Embedded Neutralization of Script-Related HTML Tag Vulnerability Unsanitized Settings in IMDB Info Box WordPress Plugin Allows for Cross-Site Scripting Attacks Prototype Pollution in fullpage.js prior to 4.0.2 Out-of-bounds Read Vulnerability in `r_bin_ne_get_relocs` Function in Radare2 (CVE-2021-12345) Out-of-bounds Read Vulnerability in r_bin_ne_get_entrypoints Function in Radare2 Cross-Site Scripting Vulnerability in Tabs WordPress Plugin Unsanitized Default Slideshow Settings in Slideshow WordPress Plugin Allow for Cross-Site Scripting Attacks Unauthenticated Service Function Vulnerability in Multiple Versions of TRUMPF TruTops Products Cross-Site Scripting (XSS) Vulnerability in WP Contact Slider WordPress Plugin Unauthenticated Denial of Service Vulnerability in MZ Automation LibIEC61850 Cross-Site Scripting Vulnerability in Slide Anything WordPress Plugin e2fsprogs 1.46.5 Out-of-Bounds Read/Write Vulnerability Heap Corruption Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on Android BFCache Use After Free Vulnerability in Google Chrome Sandbox Escape Vulnerability in Google Chrome Developer Tools Heap Corruption Vulnerability in Google Chrome's Regular Expressions Remote Code Execution Vulnerability in Google Chrome on ChromeOS Sandbox Escape Vulnerability in Google Chrome Prior to 100.0.4896.88 Heap Corruption Vulnerability in Tab Groups in Google Chrome Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Local Privilege Escalation Vulnerability in GitHub repository zerotier/zerotierone prior to 1.8.8 Weak Communication Channel in Hills ComNav Version 3002-19: Predictable Packet Sizes Expose System State Improper Handling of AJP 400 Response in Undertow Cross-Site Scripting Vulnerability in Sliderby10Web WordPress Plugin Cross-Site Scripting Vulnerability in miniOrange's Google Authenticator WordPress Plugin Cross-Site Scripting Vulnerability in Coming Soon - Under Construction WordPress Plugin Unauthenticated Privilege Escalation in Discy WordPress Theme Cross-Site Scripting Vulnerability in Event Timeline WordPress Plugin Clmg Vulnerability: Buffer Overflow Exploit via Pandore or BMP File Cross-Site Scripting Vulnerability in Form - Contact Form WordPress Plugin Cross-Site Scripting Vulnerability in Image Gallery WordPress Plugin Buffer Overflow in uudecoder in Mutt: Read Past End of Input Line Vulnerability Unauthenticated Remote Code Execution Vulnerability in Elementor Website Builder Plugin for WordPress (Versions 3.6.0 to 3.6.2) Stored XSS vulnerability in fullPage.js GitHub repository prior to version 4.0.4 XML External Entity (XXE) Vulnerability in DMARS (Versions prior to v2.1.10.24) API Permission Bypass Vulnerability in Mattermost 6.4.1 and Earlier Denial of Service Vulnerability in Mattermost Playbooks Plugin v1.24.0 and Earlier Cross-Site Scripting Vulnerability in WP YouTube Live WordPress Plugin Cross-Site Scripting Vulnerability in Slideshow CK WordPress Plugin Cross-Site Scripting Vulnerability in Carousel CK WordPress Plugin Memory Allocation Vulnerability in Mattermost Image Proxy Component Unfiltered HTML Capability Bypass in Easily Generate Rest API Url WordPress Plugin SQL Injection Vulnerability in ElementController.php in Pimcore Prior to 10.3.5: Data Theft Potential Stored Cross-site Scripting (XSS) Vulnerability in YetiForce CRM prior to version 6.4.0 Arbitrary Null Write Vulnerability in bwm-ng v0.6.2 Unmasked Password Vulnerability in Devolutions Remote Desktop Manager Vulnerability: Inconsistent Verification of OCSP Response Signing Certificate Stored XSS vulnerability in GitHub repository causefx/organizr prior to version 2.1.1810 allows remote attackers to execute malicious scripts and potentially compromise user sessions and expose sensitive data. Stored XSS via .svg File Upload in GitHub Repository Multiple Stored XSS Vulnerabilities in GitHub Repository CauseFX/Organizr prior to 2.1.1810 Stored XSS in Username & Email input fields leading to account takeover and privilege escalation in GitHub repository causefx/organizr prior to 2.1.1810 World-readable state file in logrotate allows unprivileged users to stop rotation Arbitrary Profile Picture Deletion Vulnerability in WPQA Builder Plugin Memory Corruption Vulnerability in GhostPCL 9.55.0 Stored XSS vulnerability in Tooltip in GitHub repository pimcore/pimcore prior to 10.4 Insecure Direct Object Reference Vulnerability in Gitlab: Unauthorized Access to Issue Titles Kernel Memory Leak Vulnerability in Linux Kernel's pfkey_register Function Heap Buffer Overflow Vulnerability in Libtiffs' tiffinfo.c Stack Buffer Overflow Vulnerability in Libtiffs' tiffcp.c Local Privilege Escalation Vulnerability in cnMaestro Unauthenticated Remote Code Execution in On-Premise cnMaestro Server SQL Injection Vulnerability in On-Premise Allows Data Exfiltration Arbitrary File-Write Vulnerability in On-Premise cnMaestro Remote Code Execution Vulnerability in On-Premise cnMaestro Hosting Server On-Premise cnMaestro Vulnerability: Pre-Auth SQL Data Exfiltration Arbitrary Command Execution Vulnerability in On-Premise cnMaestro Type Confusion Vulnerability in V8 Turbofan in Google Chrome: Remote Heap Corruption Exploit GitHub Repository Vulnerability: Unauthorized Access to Private Personal Information in lquixada/cross-fetch (prior to 3.1.5) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) CWE-306: Unauthorized Password Change via Websocket Communications in Cognex 3D-A1000 Dimensioning System Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Directory Traversal Vulnerability in Softing Secure Integration Server V1.22's Restore Configuration Feature Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) GitHub Repository PlantUML URL Restriction Bypass Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in Item Name Parameter in GitHub Repository Snipe/Snipe-IT (prior to v5.4.3) - User Cookie Theft Critical Heap Buffer Overflow Vulnerability in Vim Prior to 8.2.4763 NULL Pointer Dereference Vulnerability in radareorg/radare2 (prior to version 5.6.8) Heap-based Buffer Overflow in radareorg/radare2 prior to 5.6.8: Exploiting Data Leakage and Program Crashes Insecure Plugin Version Installation in Mattermost 6.4.x and Earlier Improper Invalidation of Pending Email Invitations in Mattermost 6.4.x and Earlier Arbitrary HTTP Request Vulnerability in Fusion Builder WordPress Plugin Unfiltered HTML Vulnerability in No Future Posts WordPress Plugin Undisclosed Request Bypasses iControl REST Authentication in F5 BIG-IP Versions CSRF Vulnerability in F5 BIG-IP Configuration Utility Allows Limited Command Execution Arbitrary File Read and Remote Code Execution Vulnerability in Admin Word Count Column WordPress Plugin Local File Inclusion vulnerability in Cab fare calculator WordPress plugin before 1.0.4 Local File Inclusion Vulnerability in Videos Sync PDF WordPress Plugin (1.7.4) Unsanitized AJAX Update Allows XSS Exploitation in WP Subtitle Plugin Cross-Site Scripting Vulnerability in Photo Gallery by 10Web WordPress Plugin Unsanitised Settings in Easy FAQ with Expanding Text WordPress Plugin Allows Cross-Site Scripting Attacks Stored Cross-Site Scripting Vulnerability in Donorbox WordPress Plugin GitHub Repository Privilege Escalation Vulnerability: Full System Takeover in alextselegidis/easyappointments (prior to 1.5.0) Unauthenticated Blind SSRF Vulnerability in External Media without Import WordPress Plugin Arbitrary Code Execution Vulnerability in Device42 CMDB Discovery Component Hard-coded Cryptographic Key Vulnerability in Exago Web Reports Allows Session ID Leakage and Privilege Escalation Improper Access Control vulnerability in Device42 CMDB versions prior to 18.01.00 allows unauthorized access to sensitive server files ASDA-Soft Version 5.4.1.0 and Prior Input Sanitization Vulnerability ASDA-Soft Version 5.4.1.0 and Prior: Input Sanitization Vulnerability Out-of-Bounds Read Vulnerability in Delta Electronics CNCSoft (All versions prior to 1.01.32) Stack-Based Buffer Overflow in CNCSoft Versions Prior to 1.01.32 Vulnerability: Unauthorized Access to Protected CI/CD Variables in GitLab CE/EE Vulnerability: Cross-Site Scripting (XSS) via CSRF in VikBooking Hotel Booking Engine & PMS WordPress Plugin Cross-Site Scripting Vulnerability in VikBooking Hotel Booking Engine & PMS WordPress Plugin Arbitrary PHP File Upload Vulnerability in VikBooking Hotel Booking Engine & PMS WordPress Plugin OS Command Injection in db_optimize component of Device42 Asset Management Appliance (CVE-2020-12345) Unrestricted File Upload Vulnerability in YetiForceCRM (prior to 6.4.0) Allows Account Takeover Vulnerability: WP_Mail WordPress Plugin Exposes Sensitive Information through Predictable Filenames Unmasked Integration Properties Disclosure in GitLab CE/EE Insufficient Input Sanitization in 3scale API Management 2 Allows for Script Injection and Potential Data Breach Deserialization Vulnerability in Drools Core Allows Code Execution HTML Injection in GitLab CE/EE Pipeline Error Messages Unauthorized Access to Project Members-only Wikis via Malicious CI Jobs in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in Social Stickers WordPress Plugin Concurrent Refcount Decrease Vulnerability in ioctl$DRM_IOCTL_MODE_DESTROY_DUMB Out-of-range Pointer Offset Vulnerability in vim/vim (prior to 8.2.4774) CSRF Vulnerability in Discy WordPress Theme Allows Arbitrary Settings Modification CSRF Vulnerability in Discy WordPress Theme Allows Site Settings Reset Cache Poisoning Vulnerability in GitLab CE/EE Allows Arbitrary Code Execution in Protected Branches CSRF Vulnerability in Ask me WordPress Theme before 6.8.2 Insecure Direct Object Reference (IDOR) Vulnerability in WPQA Builder Plugin Authentication Bypass Vulnerability in GitLab Out-of-bounds Read Vulnerability in mrb_obj_is_kind_of in mruby/mruby (GitHub Repository) GitLab Authentication Throttling Bypass Vulnerability SQL Injection Vulnerability in GridHelperService.php in Pimcore Prior to 10.3.6: Data Theft Potential DOM-based Cross-site Scripting (XSS) Vulnerability in OctoPrint Prior to 1.8.0 Uncontrolled Resource Consumption Vulnerability in GitLab Cross-site Scripting (XSS) Vulnerability in OctoPrint Repository Persistent XSS Vulnerability in GitLab Vulnerability: Weak MAC Key Generation in OpenSSL 3.0 RC4-MD5 Ciphersuite Cross-Site Scripting (XSS) Vulnerability in WPCargo Track & Trace WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WPCargo Track & Trace WordPress Plugin Heap-based Buffer Overflow in radareorg/radare2 prior to 5.7.0 HTML Entity Sanitization Bypass in Keycloak Impersonation Feature Reflected XSS Vulnerability in Microweber CMS (GitHub Repository microweber/microweber) Prior to Version 1.2.15 Command Injection Vulnerability in git-interface@2.1.1: Remote Code Execution via User Input Buffer Overflow Vulnerability in MP4Box's diST_box_read() Function Vulnerability: Sensitive Information Disclosure in Metform WordPress Plugin Heap-Use-After-Free Vulnerability in radareorg/radare2 (prior to 5.7.0) Inducing Denial of Service Stored Cross Site Scripting (XSS) Vulnerability in GitHub Repository Snipe-IT (snipe/snipe-it) Prior to Version 5.4.3 Out-of-bounds Read Vulnerability in r_bin_java_constant_value_attr_new Function Out-of-bounds Read Vulnerability in r_bin_java_bootstrap_methods_attr_new Function Unauthenticated SQL Injection Vulnerability in RSVPMaker Plugin for WordPress Reflected Cross-Site Scripting in Call Now Button WordPress Plugin before 1.1.2 Unsanitized Settings in Poll Maker WordPress Plugin Allows for Store Cross-Site Scripting Attack Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts (prior to 2022.04) at EditUser and EditProducto Pages Stored XSS Vulnerability in GitHub Repository openemr/openemr prior to 6.1.0.1 Allows Session Hijacking Unauthenticated User Can Access Patient Disclosures in GitHub Repository Unauthorized Execution of Scheduled Pipelines in GitLab GitHub Repository OpenEMR Prior to 6.1.0.1 Allows Non-Privileged Users to Enable or Disable Registration Race condition vulnerability in Linux kernel's TeleTYpe subsystem allows local users to crash the system or read unauthorized random data from memory Vulnerability: PHP Object Injection in Booking Calendar Plugin for WordPress Stored XSS Vulnerability in Gogs GitHub Repository Prior to 0.12.7 Reflected Cross-Site Scripting in WPC Smart Wishlist for WooCommerce WordPress Plugin Improper Authorization in Red Hat Single Sign-On Allows Unauthorized User Actions Windows OS Language Bar Vulnerability Authenticated iControl REST User Processing Delay Vulnerability Stored Cross-Site Scripting Vulnerability in FiboSearch WordPress Plugin Reflected Cross-Site Scripting Vulnerability in Ultimate WooCommerce CSV Importer WordPress Plugin Remote Code Execution Vulnerability in SnakeYaml's Constructor() Class SQL Injection Vulnerability in Better Find and Replace WordPress Plugin Memory Leak and Denial of Service Vulnerability in OPENSSL_LH_flush() Function Reflected Cross-Site Scripting in WP Event Manager WordPress Plugin Integer Overflow Vulnerability in FFmpeg's g729_parse() Function Arbitrary File Deletion Vulnerability in All-in-One WP Migration Plugin Vulnerability Title: Use After Free Heap Corruption in Vulkan in Google Chrome Heap Corruption Vulnerability in SwiftShader in Google Chrome Use After Free Vulnerability in ANGLE in Google Chrome (prior to 101.0.4951.41) Allows Remote Heap Corruption Use After Free Vulnerability in Google Chrome on Mac (prior to version 101.0.4951.41) Allows Remote Code Execution via Crafted HTML Page Heap Corruption Vulnerability in WebGL Implementation in Google Chrome WebGPU Heap Buffer Overflow in Google Chrome Heap Buffer Overflow in Google Chrome Web UI Settings Heap Corruption Vulnerability in Google Chrome File System API Type Confusion Vulnerability in V8: Information Disclosure in Google Chrome Remote Code Execution via Use After Free in Ozone in Google Chrome Cross-Origin Data Leakage via Malicious Chrome Extension Heap Corruption Vulnerability in Google Chrome UI Shelf on Chrome OS Use After Free Vulnerability in Google Chrome Browser Switcher Remote Code Execution via Use After Free in Google Chrome Bookmarks Arbitrary Script Injection Vulnerability in Google Chrome's Blink Editing Use After Free Vulnerability in Google Chrome Dev Tools Bypassing Trusted Types Policy via Insufficient Data Validation in Google Chrome APK Downloads Dialog Spoofing Vulnerability in Google Chrome on Android Heap Corruption Vulnerability in Google Chrome File Manager Cross-Origin Website Spoofing Vulnerability in Google Chrome Cross-Origin Data Leakage in HTML Parser in Google Chrome Same Origin Policy Bypass in Google Chrome WebAuthentication Bypassing Content Security Policy via Insufficient Data Validation in Google Chrome Dev Tools Cross-Origin Data Leakage via Inappropriate iFrame Implementation in Google Chrome Insufficient Permission Verification in Git Version Control API Allows Unauthorized Project Modifications Cross-Site Scripting (XSS) Vulnerability in GetSimple CMS Content Module Cross-Site Scripting (XSS) Vulnerability in GitHub Repository microweber/microweber prior to 1.2.15 Unauthenticated SQL Injection Vulnerability in RSVPMaker Plugin for WordPress Cross-Site Scripting Vulnerability in WP Born Babies WordPress Plugin NULL Pointer Dereference Vulnerability in chafa: Denial of Service via Crafted Input File Linux Kernel io_uring Module Out-of-Bounds Read Vulnerability Sed Injection Vulnerability in Hestia Control Panel (HestiaCP) Prior to 1.5.12 Uncontrolled Resource Consumption Vulnerability in GitLab Unauthenticated Access to GitHub Repository in Snipe-IT Prior to 5.4.4 Cross-Site Scripting Vulnerability in ScrollReveal.js Effects WordPress Plugin Code Execution Vulnerability in Lenovo PCManager Stored XSS Vulnerability in FacturaScripts Plugin Upload Functionality Memory Leak in Mat_VarReadNextInfo5() in mat5.c in matio 1.5.21 and Earlier: Potential DoS Vulnerability Linux Kernel X.25 NULL Pointer Dereference Vulnerability Remote Code Execution and Privilege Escalation Vulnerability in LRM Directory Traversal Vulnerability in LRM Allows Unauthorized File Upload Unrestricted File Upload Vulnerability in LRM Allows for Remote Code Execution Incorrect Encryption and Signature Status Display Vulnerability in Thunderbird Lack of Authentication and Authorization in LRM Paves Way for Data Manipulation and Interception CWE-117: False Password Change Logs Vulnerability in Cognex 3D-A1000 Dimensioning System Write-What-Where Vulnerability in Fuji Electric D300win Prior to Version 3.7.1.17 Unencrypted Data Transmission in LRM Version 2.4 and Lower: Vulnerability to MITM Attacks CWE-602: Bypassing Web Access Controls in Cognex 3D-A1000 Dimensioning System Cross-Site Scripting (XSS) Vulnerability in Emlog Pro up to 1.2.2 Reflected Cross-Site Scripting in WP 2FA WordPress Plugin Reflected Cross-Site Scripting in VikBooking Hotel Booking Engine & PMS WordPress Plugin Prototype Pollution in Firefox ESR, Firefox, Firefox for Android, and Thunderbird XSS Vulnerability in livehelperchat/livehelperchat prior to 3.99v Critical SQL Injection Vulnerability in ARAX-UI Synonym Lookup Functionality Reflected Cross-Site Scripting in Themify WordPress Plugin (<=1.3.8) Buffer Over-read Vulnerability in libmobi GitHub Repository (bfabiszewski/libmobi) Prior to 0.11 Buffer Over-read Vulnerability in libmobi prior to 0.11 Cross-Site Scripting (XSS) Vulnerability in Automad Dashboard Race condition vulnerability in file.copy operations in GruntJS allows arbitrary file write Arbitrary File Upload Vulnerability in Theme Demo Import WordPress Plugin CSV Injection and Data Leakage Vulnerability in Exports and Reports WordPress Plugin Arbitrary File Upload Vulnerability in PostmagThemes Demo Import WordPress Plugin Cross-Site Scripting Vulnerability in Video Slider WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in HPB Dashboard WordPress Plugin GitHub Repository erudika/scoold Prior to 1.49.4 - Memory Corruption Vulnerability CSV Injection in luyadev/yii-helpers prior to 1.2.1 Confidential Note Disclosure Vulnerability in Gitlab CE/EE Reflected Cross-Site Scripting in WooCommerce - Product Importer WordPress Plugin Reflected Cross-Site Scripting in Check & Log Email WordPress Plugin Privilege Escalation in Mattermost Playbooks Plugin 1.25 and Earlier Stored Cross-Site Scripting Vulnerability in WP Athletics WordPress Plugin Insecure File Storage Vulnerability in SP Project & Document Manager WordPress Plugin Privilege Escalation Vulnerability in PostgreSQL Improper Access Control in GitHub Repository Allows Leakage of Password-Protected Article Content Path Traversal Vulnerability in GitHub Repository clinical-genomics/scout prior to 4.52 DOM XSS Vulnerability in Microweber v1.2.15 Allows Arbitrary JS Code Injection and Website Defacement SQL Injection Vulnerability in StaffList WordPress Plugin Stored Cross-Site Scripting Vulnerability in ULeak Security & Monitoring WordPress Plugin Stored Cross-Site Scripting Vulnerability in Curtain WordPress Plugin Stored Cross-Site Scripting Vulnerability in Clipr WordPress Plugin Open Parameter Local File Inclusion Vulnerability in Amministrazione Aperta WordPress Plugin URL Parameter Sanitization Vulnerability in Lura and KrakenD Unsanitized SVG File Upload Vulnerability in Enable SVG WordPress Plugin Unauthenticated Enumeration of Coupon Codes and Values in WPGraphQL WooCommerce Plugin Cross-Site Scripting Vulnerability in Form Maker WordPress Plugin Arbitrary File Upload Vulnerability in WP All Import Plugin (Versions up to 3.6.7) Cross-Site Scripting (XSS) Vulnerability in Quotes Llama WordPress Plugin Reflected Cross-Site Scripting Vulnerability in WP-JS Plugin for WordPress Unfiltered HTML Cross-Site Scripting Vulnerability in Team Members WordPress Plugin Cross-Site Scripting Vulnerability in WordPress Plugin before 1.4.9.4 Unauthenticated Users Can Reset Settings in Files Download Delay WordPress Plugin Cross-site Scripting (XSS) Vulnerability in GitHub Repository neorazorx/facturascripts Unauthenticated Arbitrary File Deletion in HTML2WP WordPress Plugin CSRF Vulnerability in HTML2WP WordPress Plugin Allows Unauthorized Settings Modification Unauthenticated File Upload Vulnerability in HTML2WP WordPress Plugin Arbitrary Code Execution and XSS Vulnerabilities in jgraph/drawio Repository CSRF Vulnerability in WP Maintenance Mode & Coming Soon Plugin CSRF Vulnerability in Database Backup for WordPress Plugin CSRF Vulnerability in My wpdb WordPress Plugin Allows Arbitrary SQL Query Execution IP Spoofing Vulnerability in check_is_login_page() Function Bypassing Site Offline or Maintenance Mode Plugin in WordPress Vulnerability: IP Bypass in WP-Polls WordPress Plugin Stored Cross-Site Scripting Vulnerability in External Links in New Window / New Tab WordPress Plugin External Links in New Window / New Tab WordPress Plugin Vulnerability Reflected XSS Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.16: Executing JavaScript on Victim's Browser Unprotected Backup Generation and Download Vulnerability in Project Source Code Download WordPress Plugin PCRE2 Library Out-of-Bounds Read Vulnerability in compile_xclass_matchingpath() Function PCRE2 Library Out-of-Bounds Read Vulnerability in get_recurse_data_length() Function Vulnerability: Unauthenticated Settings Modification in Change wp-admin login WordPress Plugin Bludit 3.13.1 New Content Module Cross-Site Scripting Vulnerability CSRF Vulnerability in WordPress Ping Optimizer Plugin Server-Side Request Forgery (SSRF) Vulnerability in scout in GitHub Repository clinical-genomics/scout prior to v4.42 CSRF Vulnerability in Site Offline or Coming Soon WordPress Plugin CSRF Vulnerability in HC Custom WP-Admin URL WordPress Plugin Secret Login URL Leakage Vulnerability in HC Custom WP-Admin URL WordPress Plugin ABB REX640 PCL Vulnerability: Unauthorized Access to User Database and System Control Reflected Cross-Site Scripting Vulnerability in WPQA Builder WordPress Plugin Unauthenticated Access to Private Questions in WPQA Builder WordPress Plugin CSRF Vulnerability in Admin Management Xtended WordPress Plugin YOP Poll WordPress Plugin IP Bypass Vulnerability User Access Manager WordPress Plugin Prioritizes HTTP Headers Over REMOTE_ADDR, Allowing Access to Restricted Content Unresolved Security Vulnerability in HP ThinPro 7.2 SP8: Upgrade to SP9 Ineffective, SP10 Released for Remediation CSRF Vulnerability in Mail Subscribe List WordPress Plugin Reflected Cross-Site Scripting in MailerLite WordPress Plugin CSRF Vulnerability in Email Users WordPress Plugin Allows Unauthorized Notification Settings Modification Unmanaged Object Read Vulnerability in M-Files Server CSRF Vulnerability in ABB Pulsar Plus System Controller NE843_S and ABB Infinity DC Power Plant CSRF Vulnerability in OnePress Social Locker WordPress Plugin Arbitrary PHP Code Execution Vulnerability in School Management WordPress Plugin CSRF Vulnerability in Seamless Donations WordPress Plugin CSRF Vulnerability in Bulk Page Creator WordPress Plugin CSRF Vulnerability in Webriti SMTP Mail WordPress Plugin Bypassing IP-based Limitations in Restricted Site Access WordPress Plugin Vulnerability: IP Spoofing in WP-EMail WordPress Plugin Predictable Random Values Vulnerability in Samba's GnuTLS gnutls_rnd() Function Critical Use After Free Vulnerability in GitHub Repository vim/vim (CVE-2021-xxxx) CSRF and XSS Vulnerabilities in WP-Invoice WordPress Plugin CSRF and XSS Vulnerabilities in Coru LFMember WordPress Plugin Heap-based Buffer Overflow in cmdline_erase_chars function in Vim prior to 8.2.4899 NULL Pointer Dereference in vim_regexec_string function leads to Denial of Service in GitHub repository vim/vim Heap Buffer Overflow in vim_strncpy find_word in vim/vim prior to 8.2.4919: A Critical Vulnerability with Remote Execution Potential Out-of-Bounds Read Vulnerability in LibTIFF's LZWDecode Function Out-of-Bounds Read Vulnerability in LibTIFF's LZWDecode Function CSRF Vulnerability in Latest Tweets Widget WordPress Plugin CSRF Vulnerability in New User Approve WordPress Plugin CSRF and Stored XSS Vulnerabilities in Sharebar WordPress Plugin CSRF Vulnerability in My Private Site WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple SEO Plugin for WordPress Buffer Over-read in find_next_quote function in vim/vim prior to 8.2.4925: Potential for Software Crash, Memory Modification, and Remote Execution CSRF Vulnerability in WP-EMail WordPress Plugin Allows Unauthorized Log Deletion Account Takeover via Email Confirmation Bypass in Microweber Repository Improper Certificate Validation in Openshift Allows for Confidentiality Loss Use After Free Vulnerability in Sharesheet in Google Chrome on Chrome OS Use After Free Vulnerability in Google Chrome Browser UI Use After Free Vulnerability in Google Chrome Permission Prompts Heap Corruption Vulnerability in Google Chrome Performance APIs Cross-Origin Data Leakage Vulnerability in Google Chrome Heap Buffer Overflow in V8 Internationalization in Google Chrome: Remote Code Execution via Crafted HTML Page Use After Free Vulnerability in ANGLE in Google Chrome (prior to 101.0.4951.64) Allows Remote Heap Corruption Use After Free Vulnerability in Google Chrome's Sharing Feature Use After Free Vulnerability in Web UI Diagnostics in Google Chrome on Chrome OS Denial of Service Vulnerability in Swift-Corelibs-Foundation JSONDecoder Stored Cross-Site Scripting Vulnerability in Birthdays Widget WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Call&Book Mobile Bar WordPress Plugin Cross-Site Scripting Vulnerability in Amazon Link WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Real Estate Pack WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in FormCraft WordPress Plugin Relative Path Traversal Vulnerability in Pandora FMS v7.0NG.760 and Below Null Pointer Dereference Vulnerability in radareorg/radare2 Improper Handling of Sensitive Information in GitHub Repository eventsource/eventsource (prior to v2.0.2) Memory Leak Vulnerability in ACRN Device Model Emulation of Virtual NICs in Linux Kernel Concurrency Use-After-Free Vulnerability in Linux Kernel Allows Arbitrary Code Execution CSRF Vulnerability in Social Share Buttons by Supsystic WordPress Plugin Arbitrary Administrative Privilege Escalation in Jupiter Theme and JupiterX Core Plugin Insecure Session Cookie Creation in Horizon on Red Hat OpenStack Arbitrary Plugin Deactivation and API Key Update Vulnerability in JupiterX Theme (<=2.0.6) Path Traversal and Local File Inclusion Vulnerability in Jupiter and JupiterX Themes (<= 6.10.1 / <= 2.0.6) Arbitrary Plugin Deletion Vulnerability in Jupiter Theme (<= 6.10.1) Arbitrary Function Call Vulnerability in JupiterX Core Plugin (<= 2.0.6) Remote Code Execution Vulnerability in Untrusted Data Deserialization Arbitrary File Access Vulnerability Passing Red Hat Subscription Manager User Password via CLI in convert2rhel Playbook Vulnerability Insecure Javascript Access Token Generation in Stop Spam Comments WordPress Plugin Directory Traversal Vulnerability in Dpkg::Source::Archive Vulnerability: Insecure Boot Validation in Red Hat Enterprise Linux for IBM Power Architecture Weak Default Password for Web Application's Root User Vulnerability: Bypassing Client-side JavaScript Controls to Reboot PLC Default Root User Credentials Vulnerability Buffer Overflow Vulnerability in Device Management Web Portal Firewall Function Bypassing User Invitation Code Validity to Create Extra User Accounts NULL Pointer Dereference Vulnerability in rxrpc_preparse_s in Linux Kernel CSRF Vulnerability in Google PageSpeed WordPress Plugin (<=4.0.7) Allows Unauthorized Actions Reflected Cross-Site Scripting Vulnerability in WooCommerce Green Wallet Gateway WordPress Plugin NULL Pointer Dereference in vim_regexec_string function leads to Denial of Service in GitHub repository vim/vim OpenShift Container Platform: Malicious Payload Exploits Route Configuration Vulnerability Improper Update of Sock Reference in TCP Pacing: Remote Memory/Netns Leak Vulnerability Use-After-Free Vulnerability in Linux Kernel's Atheros Wireless Adapter Driver Account Takeover Vulnerability in GitLab EE with Group SAML SSO and SCIM Feature GitHub Repository Authentication Bypass Vulnerability in requarks/wiki (prior to 2.5.281) Critical Reflected XSS Vulnerability in neorazorx/facturascripts GitHub Repository (prior to 2022.07) SQL Injection Vulnerability in amtyThumb WordPress Plugin SQL Injection Vulnerability in Cube Slider WordPress Plugin SQL Injection Vulnerability in Five Minute Webshop WordPress Plugin SQL Injection Vulnerability in Five Minute Webshop WordPress Plugin SQL Injection Vulnerability in Logo Slider WordPress Plugin SQL Injection Vulnerability in Note Press WordPress Plugin SQL Injection Vulnerability in Note Press WordPress Plugin SQL Injection Vulnerability in Note Press WordPress Plugin SQL Injection Vulnerability in Realty Workstation WordPress Plugin SQL Injection Vulnerability in CP Image Store with Slideshow WordPress Plugin CSRF Vulnerability in Useful Banner Manager WordPress Plugin CSRF Vulnerability in WP Simple Adsense Insertion WordPress Plugin Unquoted Path Vulnerability in Okta Active Directory Agent Denial of Service Vulnerability in GitHub Repository CauseFX/Organizr Prior to 2.1.2000 Uncontrolled Resource Consumption Vulnerability in GitHub Repository causefx/organizr prior to 2.1.2000 XML External Entity (XXE) Vulnerability in Forcepoint Data Loss Prevention (DLP) and Related Products Hard-coded Encryption Key Vulnerability in SonicWall SMA1000 Series Firmware Open Redirection Vulnerability in SonicWall SMA1000 Series Firmware 12.4.0 and Earlier Remote Command Execution Vulnerability in SonicWall SSL-VPN SMA100 Series Management Interface XML External Entity (XXE) Vulnerability in Backup/Restore Functionality HTTP Request Smuggling via Acceptance of Invalid Transfer-Encoding Headers Data Confidentiality Vulnerability in Ignition Configs Accessible from Unprivileged Containers in VMware VMs Reflected Cross-Site Scripting Vulnerability in Google Tag Manager for WordPress Plugin CRI-O Memory and Disk Exhaustion Vulnerability CSRF Vulnerability in Throws SPAM Away WordPress Plugin Allows Unauthorized Comment Deletion Cross-Site Scripting Vulnerability in Appointment Hour Booking WordPress Plugin SSRF Vulnerability in jgraph/drawio prior to 18.0.5 CSRF Vulnerability in LiveSync for WordPress Plugin Allows Unauthorized Settings Modification Server-Side Request Forgery (SSRF) Vulnerability in GitHub Repository jgraph/drawio (prior to 18.0.4) Allows Unauthorized Access to Sensitive Information Out-of-bounds Read Vulnerability in radareorg/radare2 (prior to 5.7.0) GitHub Repository Account Takeover in neorazorx/facturascripts (prior to 2022.07) Bypassing Password/PIN Lock in Keep My Notes v1.80.147 Stored Cross-Site Scripting Vulnerability in Custom Share Buttons with Floating Sidebar WordPress Plugin Denial of Service (DoS) Vulnerability in trudesk Application Critical Reflected XSS Vulnerability in GitHub Repository polonel/trudesk (Prior to 1.2.2) Buffer Over-read in grab_file_name function in vim/vim prior to 8.2.4956: Crashing, Memory Modification, and Remote Execution Vulnerability Path Traversal Vulnerability in WellKnownServlet in jgraph/drawio GitHub Repository (CVE-2021-12345) SSRF Vulnerability in GitHub Repository jgraph/drawio: Exploiting IPv6 Link-Local Address for Proxy Access SSRF Vulnerability in jgraph/drawio prior to 18.0.6 Reflected Cross-Site Scripting in Simple Membership WordPress Plugin NULL Pointer Dereference Vulnerability in Vim Prior to 8.2.4959 HTML Injection and Data Exfiltration Vulnerability in Bootstrap Table Export Plug-in Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6: A Potential Security Breach Denial of Service Vulnerability in polonel/trudesk: Exploiting Long Passwords Race Condition in Linux Kernel's perf_event_open() Allows Privilege Escalation Stored Cross-site Scripting (XSS) Vulnerability in jgraph/drawio GitHub Repository (prior to 18.0.4) SQL Injection Vulnerability in Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 CSRF Vulnerability in Rename wp-login.php WordPress Plugin Heap-based Buffer Overflow in Vim prior to 8.2.4968 Use-after-free vulnerability in nfcmrvl_nci_unregister_dev() in Linux Kernel Buffer Overflow Vulnerability in vim/vim (prior to 8.2.4969) Out-of-Bounds Write Vulnerability in Pyramid Solutions' EtherNet/IP Kits Out-of-Bounds Read Vulnerability in Fuji Electric D300win Prior to Version 3.7.1.17 Vulnerability: Lack of Application Signature Validation in Dominion Voting Systems ImageCast X Vulnerability: Self-Attestation Mechanism Exploitation in Dominion Voting Systems ImageCast X Terminal Emulator Application Vulnerability in Dominion Voting Systems ImageCast X Android Safe Mode Reboot Vulnerability in Dominion Voting Systems ImageCast X Arbitrary Code Execution Vulnerability in Dominion Voting System ImageCast X Elevated Privilege Escalation Vulnerability in Dominion Voting Systems ImageCast X Vulnerability: Authentication Forgery in Dominion Voting Systems ImageCast X Allows Unauthorized Administrative Access Vulnerability in Dominion Voting Systems ImageCast X Authentication Mechanism Exposes Cryptographic Secrets and Election Information Forgery Vulnerability in Dominion Voting Systems ImageCast X Authentication Mechanism NULL Pointer Dereference Vulnerability in Softing OPC UA C++ Server SDK and Related Products Cross-Site Request Forgery Vulnerability in WPMK Ajax Finder WordPress Plugin Stored Cross-Site Scripting Vulnerability in Sticky Popup Plugin for WordPress Unrestricted File Upload Vulnerability in GitHub Repository polonel/trudesk prior to 1.2.2 Critical Remote Code Execution Vulnerability in WoWonder Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2: Vulnerability in Ticket Management System Cross-Site Scripting Vulnerability in SVG Support WordPress Plugin Reflected XSS vulnerability in Newsletter WordPress Plugin before 7.4.5 CSRF and Stored XSS Vulnerabilities in Pagebar WordPress Plugin CSRF Vulnerability in Genki Pre-Publish Reminder WordPress Plugin CSRF and Stored XSS Vulnerabilities in RB Internal Links WordPress Plugin CSRF Vulnerability in Core Control WordPress Plugin CSRF Vulnerability in Peter's Collaboration E-mails WordPress Plugin Bypassing IP Block Feature in iQ Block Country WordPress Plugin Vulnerability: CSRF and Stored XSS in Static Page eXtended WordPress Plugin CSRF Vulnerability in WP-chgFontSize WordPress Plugin Allows Stored XSS CSRF Vulnerability in Hot Linked Image Cacher WordPress Plugin Improper Credential Storage in Anchore Enterprise anchorectl Version 0.1.4 SSRF Vulnerability in jgraph/drawio prior to 18.0.7 Unauthenticated SQL Injection Vulnerability in RSVPMaker Plugin for WordPress Buffer Over-read Vulnerability in GitHub Repository vim/vim (CVE-2021-3770) Privilege Escalation in GitHub Repository polonel/trudesk prior to 1.2.2 Uncontrolled Recursion Vulnerability in vim/vim Repository (CVE-2021-3049) Unescaped API Key Vulnerability in Google Places Reviews WordPress Plugin Reflected Cross-Site Scripting in WP Athletics WordPress Plugin Unauthorized Access to Sensitive Information in GitHub Repository jgraph/drawio (prior to 18.0.7) Insecure Password Policy in GitHub Repository polonel/trudesk prior to 1.2.2 Stored Cross-Site Scripting Vulnerability in Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress Plugin Unauthenticated File Upload and Arbitrary File Deletion Vulnerability in Filr WordPress Plugin Buffer-Overflow Vulnerability in Hitachi Energy MicroSCADA X SYS600 CSRF Vulnerability in Auto Delete Posts WordPress Plugin CSRF and Stored XSS Vulnerability in LaTeX for WordPress Plugin CSRF and Stored XSS Vulnerability in postTabs WordPress Plugin Cross-site Scripting (XSS) Vulnerability in GitHub Repository erudika/para prior to v1.45.11 Unauthorized Member Addition Vulnerability in GitLab CE/EE SSRF Vulnerability in jgraph/drawio prior to 18.0.8 Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2.4977 Use-After-Free Vulnerability in Linux Kernel's io_uring Subsystem Allows Privilege Escalation CSRF Vulnerability in Sideblog WordPress Plugin Allows for Stored Cross-Site Scripting CSRF Vulnerability in Change Uploaded File Permissions WordPress Plugin NULL Pointer Dereference Vulnerability in INVPCID Instruction with CR0.PG=0 CSRF Vulnerability in New User Email Set Up WordPress Plugin CSRF Vulnerability in One Click Plugin Updater WordPress Plugin CSRF Vulnerability in Quick Subscribe WordPress Plugin Leading to Stored XSS CSRF Vulnerability in Private Files WordPress Plugin Allows Unauthorized Public Access Insecure Storage of PLC Passwords in CODESYS OPC DA Server Configuration File Use After Free Vulnerability in gpac/gpac prior to v2.1.0-DEV Critical Use After Free Vulnerability in vim/vim Prior to 8.2.4979 Denial-of-Service Vulnerability in Rockwell Automation Logix Controllers Path Traversal Vulnerability in KubeVirt Allows Unauthorized File Access Vulnerability: Incorrect Signature Trust in Google Play services SDK SQL Injection Vulnerability in Export any WordPress data to XML/CSV Plugin Vulnerability: Exposed Captcha Solution in Very Simple Contact Form WordPress Plugin Prototype Pollution in Array Object: Remote Code Execution in Privileged Context UI Layer or Frame Restriction Vulnerability in GitHub Repository polonel/trudesk (prior to version 1.2.2) Unverified SHA256 Vulnerability in PCoIP Zero Clients when Connecting to Amazon Workspaces Reflected Cross-site Scripting (XSS) Vulnerability in rtxteam/rtx Repository SQL Injection Vulnerabilities in Sophos Firewall Webadmin: Privilege Escalation from Admin to Super-Admin Unnecessary Privilege Execution in GitHub Repository polonel/trudesk prior to 1.2.3 Uninitialized Pointer Access Vulnerability in radareorg/radare2 (prior to 5.7.0) GitHub Repository Authorization Bypass Vulnerability in Publify/Publify (prior to 9.2.9) Unrestricted File Upload Vulnerability in GitHub Repository Publify/Publify prior to 9.2.9 Integer Overflow or Wraparound in publify/publify prior to 9.2.10 OS Command Injection in rengine 1.2.0 and earlier versions Stored Cross-Site Scripting Vulnerability in WP Admin Style WordPress Plugin Unauthorized Access to Sensitive Information in GitHub Repository jgraph/drawio (prior to 18.1.2) Authenticated Cross Site Scripting in Zoo Management System 1.0 Authenticated Cross-Site Scripting Vulnerability in Badminton Center Management System CSRF Vulnerability in Multi-page Toolkit WordPress Plugin Allows for Stored Cross-Site Scripting Authenticated Cross Site Scripting in Student Information System 1.0 Reflected Cross-Site Scripting Vulnerability in Keep Backup Daily WordPress Plugin (Versions up to 2.0.2) Subgroup Member Access to Parent Group Members List Vulnerability Reflected Cross-Site Scripting Vulnerability in Zephyr Project Manager Plugin for WordPress Privilege Escalation Vulnerability in McAfee Consumer Product Removal Tool Uncontrolled Search Path Vulnerability in McAfee Consumer Product Removal Tool Allows for Sideloading Attack Reflected Cross-site Scripting (XSS) Vulnerability in collectiveaccess/providence prior to 1.8 CSRF Vulnerability in Cross-Linker WordPress Plugin CSRF Vulnerability in PDF24 Article To PDF WordPress Plugin CSRF Vulnerability in PDF24 Articles To PDF WordPress Plugin CSRF Vulnerability in Inline Google Maps WordPress Plugin Allows for Stored XSS CSRF Vulnerability in Amazon Einzeltitellinks WordPress Plugin Allows Stored XSS CSRF Vulnerability in WPlite WordPress Plugin Allows Unauthorized Settings Modification CSRF Vulnerability in CaPa Protect WordPress Plugin Privilege Escalation Vulnerability in AMQ Broker Operator 7.9.4 Email Spoofing Vulnerability in Thunderbird: Arbitrary Sender Address with Invisible Braille Spaces Remote Code Execution Vulnerability in Home Clean Services Management System 1.0 Critical SQL Injection Vulnerability in Home Clean Services Management System 1.0 Critical SQL Injection Vulnerability in Home Clean Services Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Home Clean Services Management System 1.0 Out-of-Bounds Write Vulnerability in tcp_flags Function CSRF Vulnerability in OpenBook Book Data WordPress Plugin Leads to Stored Cross-Site Scripting CSRF Vulnerability in MailPress WordPress Plugin Allows Unauthorized Settings Changes and Log File Purging CSRF Vulnerability in WP Sentry WordPress Plugin Allows for Stored Cross-Site Scripting CSRF Vulnerability in WP Post Styling WordPress Plugin CSRF Vulnerability in Tiny Contact Form WordPress Plugin CSRF Vulnerability in Rotating Posts WordPress Plugin Critical Business Logic Vulnerability in erudika/para GitHub Repository (prior to 1.45.11) Session Fixation Vulnerability in FileGator GitHub Repository (prior to version 7.8.0) GitHub Repository Path Traversal Vulnerability in FileGator Prior to 7.8.0 Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 NULL Pointer Dereference Vulnerability in Linux Kernel's KVM Module Leads to Denial of Service Indexed DB Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in ANGLE in Google Chrome Remote Code Execution Vulnerability in Google Chrome Messaging Use After Free Vulnerability in User Education in Google Chrome File System API Policy Enforcement Bypass in Google Chrome Out of Bounds Read Vulnerability in Google Chrome DevTools Use After Free Vulnerability in Google Chrome's Performance Manager Use After Free Vulnerability in Google Chrome UI Foundations Use After Free Vulnerability in Google Chrome on Chrome OS Profile Bypass Vulnerability in Google Chrome Extensions Use After Free Vulnerability in Tab Groups in Google Chrome Use After Free Vulnerability in WebApp Installs in Google Chrome Use After Free Vulnerability in Bookmarks in Google Chrome Use After Free Vulnerability in Google Chrome Tablet Mode Bypassing Same Origin Policy via Crafted Clipboard Content in Google Chrome Bypassing Navigation Restrictions via Malicious Extension in Google Chrome Type Confusion Vulnerability in V8: Remote Heap Corruption in Google Chrome Heap Corruption Vulnerability in Google Chrome App Service File System Policy Bypass Vulnerability in Google Chrome Bypassing Downloads Policy via Malicious Extension Installation in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Bypassing Downloads Protection Policy in Safe Browsing on Google Chrome for Mac Cross-Origin Data Leakage in Google Chrome PDF Viewer Heap Buffer Overflow in DevTools in Google Chrome: Exploiting Heap Corruption via Malicious Extension Insecure Direct Object Reference Vulnerability in Octopus Server Allows Unauthorized Project Export Downloads Use-After-Free Vulnerability in Linux Kernel's Pipes Functionality SQL Injection Vulnerability in camptocamp/terraboard prior to 2.2.0 CSRF Vulnerability in Cimy Header Image Rotator WordPress Plugin Heap-based Buffer Overflow in Vim prior to version 8.2 SQL Injection Vulnerability in Firefox for iOS < 101 Stack-Based Buffer Overflow in Alpha7 PC Loader: Arbitrary Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in Newsletter WordPress Plugin Buffer Overflow Vulnerability in Lenovo Notebook ReadyBootDxe Driver Buffer Overflow Vulnerability in Lenovo Notebook SystemLoadDefaultDxe Driver Buffer Overflow Vulnerability in Lenovo Notebook SystemBootManagerDxe Driver Sensitive Information Exposure in GitHub Repository polonel/trudesk prior to 1.2.3 Stored Cross-Site Scripting Vulnerability in Popup Builder WordPress Plugin CSRF Vulnerability in underConstruction WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in underConstruction WordPress Plugin Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Out-of-bounds Read Vulnerability in radareorg/radare2 (prior to 5.7.0) Cross-Site Request Forgery vulnerability in Copify WordPress Plugin (up to version 1.3.0) allows unauthorized modification of plugin settings Sensitive Variable Unmasking Vulnerability in Octopus Deploy Vulnerability: Unauthorized Access to Notifier Secrets in Red Hat Advanced Cluster Security for Kubernetes ARMember WordPress Plugin Account Takeover Vulnerability Reflected Cross-Site Scripting in Pricing Tables WordPress Plugin SQL Injection Vulnerability in Events Made Easy WordPress Plugin Reflected Cross-Site Scripting in Copyright Proof WordPress Plugin Buffer Over-read Vulnerability in libmobi GitHub Repository (Version 0.11 and earlier) Buffer Over-read Vulnerability in libmobi GitHub Repository (Version 0.11 and earlier) Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository causefx/organizr prior to 2.1.2200 Reflected Cross-Site Scripting in Phlox WordPress Plugin (Versions before 2.9.8) Unauthenticated Access to Operating System Information in M-Files Server Cross-Site Request Forgery Vulnerability in Button Widget Smartsoft Plugin for WordPress CSRF Vulnerability in Add Post URL WordPress Plugin Allows for Stored Cross-Site Scripting CSRF Vulnerability in Clean-Contact WordPress Plugin Allows for Stored XSS Unescaped Settings Vulnerability in WP Zillow Review Slider WordPress Plugin Reflected Cross-Site Scripting in Active Products Tables for WooCommerce Plugin Cross-Site Request Forgery Vulnerability in ToolBar to Share WordPress Plugin (up to version 2.0) Heap Corruption Vulnerability in Google Chrome Codecs Heap Overwrite Vulnerability in matroskademux Element: Potential for Arbitrary Code Execution Heap Overwrite Vulnerability in gst_avi_demux_invert Function Allows Arbitrary Code Execution Potential Heap Overwrite in MKV Demuxing with Zlib Decompression Potential Heap Overwrite Vulnerability in MKV Demuxing with Bzip Decompression Potential Heap Overwrite in MKV Demuxing with LZO Decompression Heap Overflow Vulnerability in Matroska Parsing GitHub Repository polonel/trudesk Prior to 1.2.3: Integer Overflow or Wraparound Vulnerability Buffer Over-read in Vim prior to version 8.2 Stored Cross-site Scripting (XSS) Vulnerability in go-gitea/gitea prior to 1.16.9 Exponential ReDoS Vulnerability in devcert npm Package's certificateFor Method Exponential ReDoS Vulnerability in eth-account PyPI Package's encode_structured_data Method Lack of Synchronization in GitHub Repository polonel/trudesk prior to 1.2.3 Reflected Cross-Site Scripting Vulnerability in Rezgo Online Booking WordPress Plugin Reflected Cross-Site Scripting in CDI WordPress Plugin Use After Free Vulnerability in mruby/mruby prior to version 3.2 GitLab EE Authorization Bypass Vulnerability GitLab EE Authorization Bypass Vulnerability Reflected Cross-Site Scripting in Awin Data Feed WordPress Plugin Stored Cross-Site Scripting Vulnerability in Awin Data Feed WordPress Plugin Unrestricted File Upload Vulnerability in Allow SVG Files WordPress Plugin Stored Cross-Site Scripting Vulnerability in Jira Integration in GitLab EE Parsing Vulnerability in ProtocolBuffers (versions <= 3.21.5 for protobuf-cpp and <= 4.21.5 for protobuf-python) Leading to Out of Memory Failures Heap-based Buffer Overflow in Vim prior to version 8.2 execute arbitrary code. Improper Authorization in Interactive Web Terminal Allows Unauthorized Access to Running Jobs in GitLab CE/EE Stored Cross-Site Scripting Vulnerability in Coming Soon & Maintenance Mode by Colorlib WordPress Plugin Reflected Cross-Site Scripting in Gallery WordPress Plugin before 2.0.0 Improper Operator Usage in polonel/trudesk GitHub Repository (prior to 1.2.3) XSS Vulnerability in GitLab's Quick Actions Critical Access Control Bypass Vulnerability in 389-ds-base Unauthenticated SQL Injection in Youzify WordPress Plugin Reflected Cross-Site Scripting in kitestudio WordPress Plugin Arbitrary File Upload and Remote Code Execution in Free Booking Plugin for WordPress Arbitrary File Deletion Vulnerability in Product Configurator for WooCommerce WordPress Plugin GitLab CE/EE Regular Expression Denial of Service Vulnerability Physical Access Vulnerability: Bypassing Password/PIN Lock on Session 1.13.0 Vulnerability: Lack of Authorization and CSRF Checks in Shortcut Macros WordPress Plugin CSRF Vulnerability in Comment License WordPress Plugin Critical Remote Code Execution Vulnerability in FileCloud's NTFS Handler Biometric Authentication Bypass in AppLock Version 7.9.29 CSRF Vulnerability in MyCSS WordPress Plugin Allows Unauthorized Settings Modification Stored Cross-Site Scripting Vulnerability in Google Tag Manager for WordPress (GTM4WP) Plugin Stack Exhaustion Vulnerability in go/parser GitLab Account Security Vulnerability: Unauthenticated Access to Two-Factor Authentication Status Unsanitized SVG Upload Vulnerability in Easy SVG Support WordPress Plugin Improper Error Handling in CODESYS Products Allows Remote File Deletion CSRF and Stored XSS Vulnerabilities in WP Championship WordPress Plugin Use After Free Vulnerability in GitHub Repository vim/vim (prior to version 8.2) Cross-Site Request Forgery Vulnerability in Mobile Browser Color Select Plugin for WordPress Open Redirect Vulnerability in Keycloak 18.0.0 via redirect_uri Parameter Stored Cross-Site Scripting Vulnerability in NextCellent Gallery WordPress Plugin Use-After-Free Vulnerability in Linux Kernel's NTFS Journal Handling Race Condition in Linux Kernel's NFC Core Functionality Allows Information Leakage Sleep-in-Atomic Bug in /net/nfc/netlink.c: Exploiting NFC Device Simulation to Crash Linux Kernel Use-after-free vulnerability in Linux kernel's IO-URING implementation allows for memory corruption and privilege escalation Blind SSRF Vulnerability in Import Export All WordPress Images, Users & Post Types Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Product Show Room Site 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Product Show Room Site 1.0 Bypassing Domain Allow-List in GitLab Group Invitations Server Crash Vulnerability via Crafted SVG Attachment in Mattermost 6.6.0 and Earlier Unauthorized Access to GitLab Container Registries via Deploy Key or Deploy Token Unsafe Deserialization Vulnerability in HYPR Windows WFA Versions Prior to 7.2 Reflected Cross-Site Scripting Vulnerability in Download Manager Plugin for WordPress OS Command Injection in Gogs GitHub Repository Prior to Version 0.12.9 Buffer Over-read Vulnerability in libmobi GitHub Repository (Version 0.11 and earlier) Cross-site Scripting (XSS) Vulnerability in neorazorx/facturascripts Repository Information Exposure in CODESYS Visualization Login Dialog Stored Cross-Site Scripting Vulnerability in Nested Pages WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Fast Food Ordering System 1.0 GitHub Repository Path Traversal Vulnerability in gogs/gogs prior to 0.12.9 GitHub Repository Path Traversal Vulnerability in gogs/gogs prior to 0.12.9 Cross-Site Scripting (XSS) Vulnerability in Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress Plugin Cross-Site Scripting Vulnerability in Malware Scanner WordPress Plugin GitHub Repository Authorization Bypass Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in francoisjacquet/rosariosis prior to 9.0 Use After Free Vulnerability in Linux Kernel File System Notify Functionality Unauthorized Label Description Modification Vulnerability in GitLab CE/EE Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 Arbitrary Code Execution in fish Shell via Git Repository Configuration Arbitrary Path Mounting Vulnerability in incfs on Android-12L (A-198657657) Improper Input Validation in checkSlicePermission Allows Unauthorized Access to Slice URIs APK Validation Bypass Vulnerability in PackageInstallerSession Race condition vulnerability in KeyguardServiceWrapper.java allows brief lockscreen bypass Race condition vulnerability allows app overlay and local privilege escalation Uninitialized Data Vulnerability in mmc_blk_read_single of Android Kernel Out of Bounds Write Vulnerability in Android USB Gadget Subsystem Cross-Site Request Forgery Vulnerability in DX Share Selection Plugin for WordPress Out of Bounds Read Vulnerability in l2cble_process_sig_cmd of l2c_ble.cc Notification Leak Vulnerability in getArray Method of NotificationManagerService Integer Overflow Vulnerability in MDP Driver Allows Local Privilege Escalation Race condition vulnerability in Vow Driver allows for local privilege escalation Memory Corruption Vulnerability in Vow Driver Allows Local Privilege Escalation Uninitialized Data in kd_camera_hw Driver Leads to Local Information Disclosure Memory Corruption Vulnerability in Vow Driver: Local Privilege Escalation without User Interaction Information Disclosure Vulnerability in ion driver Uninitialized Data Vulnerability in Seninf Driver: Local Information Disclosure Information Disclosure Vulnerability in libMtkOmxGsmDec Arbitrary Code Execution Vulnerability in GE CIMPICITY Versions 2022 and Prior Information Disclosure Vulnerability in libvcodecdrv Bluetooth Denial of Service Vulnerability Bluetooth Link Disconnection Vulnerability Bluetooth Denial of Service Vulnerability: LMP_AU_rand Packet Flooding Possible Local Privilege Escalation Vulnerability in System Service Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Out of Bounds Read Vulnerability in cmdq Driver AutomationDirect DirectLOGIC D0-06 Series CPUs Vulnerability: Cleartext Password Disclosure Stack-based Buffer Overflow in Vow Driver Allows for Local Privilege Escalation Possible Memory Corruption Vulnerability in fb driver Race condition vulnerability in Vow Driver allows for local information disclosure Camera Driver Out of Bounds Read Vulnerability Improper Certificate Validation in Preloader XFLASH Allows Local Privilege Escalation Possible Information Disclosure Vulnerability in VCU Driver Information Disclosure Vulnerability in ion driver Incorrect Bounds Check in ion driver leads to Local Information Disclosure Memory Corruption Vulnerability in CCU Driver: Local Privilege Escalation without User Interaction Integer Overflow Vulnerability in CCU Driver Allows for Local Privilege Escalation Denial-of-Service Vulnerability in AutomationDirect DirectLOGIC D0-06 Series CPUs Stack-based Buffer Overflow in power_hal_manager_service Allows Local Privilege Escalation Bluetooth Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Information Disclosure Vulnerability Bluetooth Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Use After Free Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Use After Free Vulnerability: Local Privilege Escalation without User Interaction Bluetooth Memory Corruption Vulnerability Out of Bounds Write Vulnerability in Video Decoder Unbounded Write Vulnerability in Video Decoder Allows Local Privilege Escalation Possible Local Privilege Escalation Vulnerability in VPU Insecure Credential Transport in AutomationDirect C-more EA9 Webserver Possible Local Privilege Escalation Vulnerability in connsyslogger Privilege Assignment Vulnerability in IMS Service Allows Local Denial of Service Possible Memory Corruption Vulnerability in mdp with Use After Free Possible Privilege Escalation Vulnerability in IMS Service AT Command Injection Vulnerability in IMS Service Preloader (USB) Out of Bounds Write Vulnerability: Local Privilege Escalation Preloader (USB) Out of Bounds Write Vulnerability Allows Local Privilege Escalation Possible Memory Corruption Vulnerability in btif with Incorrect Error Handling Preloader (USB) Out of Bounds Write Vulnerability: Local Privilege Escalation Preloader (USB) Out of Bounds Write Vulnerability: Local Privilege Escalation AutomationDirect DirectLOGIC DLL Vulnerability in Installation Process Preloader USB Vulnerability: Local Privilege Escalation via Permission Bypass Possible Memory Corruption Vulnerability: Local Privilege Escalation via Use After Free in mdp Possible Out of Bounds Write Vulnerability in ATF (SPM) Kernel Pointer Leak Vulnerability in ccci with Local Information Disclosure Possible Out of Bounds Read Vulnerability in ccci Potential Information Leak in ATF (HWFDE) with Incorrect Error Handling Out of Bounds Write Vulnerability in mdp Improper Link Resolution Vulnerability in mobile_log_d USB Preloader Integer Overflow Vulnerability Allows Local Privilege Escalation WebGPU Use After Free Vulnerability in Google Chrome Out of Bounds Write Vulnerability in ssmr Missing Certificate Validation Vulnerability in CCU Allows for Privilege Escalation Vulnerability: Local Privilege Escalation via Incorrect Comparison in Search Engine Service USB Preloader Integer Underflow Vulnerability Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Preloader Partition Integer Overflow Vulnerability in ged: Local Privilege Escalation without User Interaction (Patch ID: ALPS05838808; Issue ID: ALPS05838808) Memory Corruption Vulnerability in ged with Incorrect Error Handling Race condition vulnerability in vow allows for local privilege escalation Race condition vulnerability in vow allows for local privilege escalation Uninitialized Data Read Vulnerability in Vow with Local Information Disclosure Double Free Vulnerability in WebGL in Google Chrome Race condition vulnerability in SUB2AF allows for local privilege escalation Improper Certificate Validation in A-GPS Allows for Man-in-the-Middle Attack Race Condition Vulnerability in GPU Allows for Local Privilege Escalation Remote Code Execution Vulnerability in Modem 2G/3G CC Telephony Vulnerability: Unauthenticated Disabling of Emergency Broadcasts Improper Link Resolution Vulnerability in netdiag Possible Out of Bounds Write Vulnerability in CCU Possible Local Privilege Escalation in AEE Driver due to Reference Count Mistake Memory Corruption Vulnerability in AEE Driver with Debug Code Race condition vulnerability in aee driver allows for local privilege escalation Race condition vulnerability in aee driver allows for local privilege escalation Out of Bounds Read Vulnerability in ALAC Decoder SMS Message Disabling Vulnerability in Telephony Out of Bounds Write Vulnerability in imgsensor Out of Bounds Write Vulnerability in imgsensor Uninitialized Data Vulnerability in Camera Software: Local Information Disclosure Race condition vulnerability in aee daemon allows for local information disclosure Missing Permission Check in aee Daemon Allows Local Information Disclosure Out of Bounds Write Vulnerability in aee Daemon Sandbox Escape Vulnerability in Google Chrome's Compositing Possible Information Disclosure in aee Daemon due to Missing Permission Check Path Traversal Vulnerability in aee Daemon Allows Local Information Disclosure Missing Permission Check in aee Daemon Allows Local Information Disclosure Symbolic Link Following Vulnerability in aee Daemon Improper Access Control in aee Daemon Allows Local Information Disclosure Stack-based Buffer Overflow Vulnerability in MM Service Heap-based Buffer Overflow Vulnerability in MM Service Integer Overflow Vulnerability in Subtitle Service Stack-based Buffer Overflow Vulnerability in Voice Service Improper Reference Count Update Vulnerability in ion Use After Free Vulnerability in ANGLE in Google Chrome Race Condition Vulnerability in ion Leading to Local Privilege Escalation Possible Use After Free Vulnerability in ion Possible Privilege Escalation Vulnerability in PrivateDnsPreferenceController.java Possible Local Privilege Escalation in DefaultUsbConfigurationPreferenceController.java Foreground Service Permission Bypass Vulnerability in TelecomManager's placeCall Method Missing Permission Check in broadcastServiceStateChanged of TelephonyRegistry.java Allows Base Station Information Disclosure Intent Redirection Vulnerability in OngoingCallController.kt Allows for Local Privilege Escalation Possible Local Data Disclosure Vulnerability in Android GSC Encryption Race condition vulnerability in ion_ioctl and related functions of ion.c allows for local privilege escalation without additional execution privileges. Uninitialized Data in private_handle_t of mali_gralloc_buffer.h Leads to Local Information Disclosure Android Kernel Vulnerability: A-203213034 Potential ICCID Disclosure Vulnerability in USCCDMPlugin.java PowerVR GPU Driver Vulnerability: Unprivileged App Exploitation for Kernel Memory Corruption Out of Bounds Read Vulnerability in phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp Guest User Privilege Escalation in deletePackageX of DeletePackageHelper.java Sandbox Escape Vulnerability in GBoard Allows Bypassing Factory Reset Protections Potential Local Privilege Escalation in Bluetooth Discovery Mode in Android Double Free Vulnerability in ce_t4t_data_cback of ce_t4t.cc Allows Remote Code Execution Improper Input Validation in registerPhoneAccount of PhoneAccountRegistrar.java Allows Local Denial of Service Script Console Access Vulnerability in Octopus Server (Versions 2022.1.1495 - 2022.1.2647) Heap Buffer Overflow in transportDec_OutOfBandConfig of tpdec_lib.cpp Out-of-Bounds Read Vulnerability in nci_proc_rf_management_ntf of nci_hrcv.cc Out of Bounds Read Vulnerability in lg_probe and Related Functions of hid-lg.c Missing Permission Check in setDiscoverableTimeout of AdapterService.java Improper Input Validation in readArguments of CallSubjectDialog.java Allows for Phone Number Spoofing Possible Parcel Format Mismatch in GateKeeperResponse.java Allows Local Privilege Escalation Potential Local Privilege Escalation in NetworkProviderSettings.java Unprivileged App Can Escalate Privileges via ACTION_MANAGED_PROFILE_PROVISIONED Intent in DevicePolicyManagerService Code Injection Vulnerability in jgraph/drawio (prior to 19.0.2) Out-of-Bounds Write Vulnerability in read_multi_rsp of gatt_sr.cc Use-after-free vulnerability in ip_check_mc_rcu in igmp.c allows local users to gain privileges via crafted system calls that trigger IGMP membership updates in incorrect situations. Possible Arbitrary Code Execution in GeofenceHardwareRequestParcelable.java Possible Permanent Denial of Service Vulnerability in addAutomaticZenRule of ZenModeHelper.java Confused Deputy Vulnerability in AvatarPhotoController.java Allows Unauthorized Access to System Content Providers Possible VPN Credential Retrieval via Protocol Downgrade Attack in Android Possible Local Information Disclosure Vulnerability in FileUploadServiceImpl.java Out of Bounds Write Vulnerability in nfa_dm_check_set_config of nfa_dm_main.cc Race condition vulnerability leading to use-after-free in Android kernel Android Kernel Vulnerability: A-211685939 Stored Cross-site Scripting (XSS) Vulnerability in jgraph/drawio GitHub Repository (prior to version 19.0.2) Android Kernel Vulnerability: A-210712565 Out of Bounds Write Vulnerability in TitanM Chip Allows Local Privilege Escalation Use-after-free vulnerability in rcu_cblist_dequeue of rcu_segcblist.c allows for local privilege escalation Race condition vulnerability in lock_sock_nested in sock.c allows for use after free, leading to local privilege escalation on Android. Race condition vulnerability in ipu_core_jqs_msg_transport_kernel_write_sync in ipu-core-jqs-msg-transport.c allows for local privilege escalation without additional execution privileges needed Arbitrary Code Execution Vulnerability in unflatten of GraphicBuffer.cpp Use-after-free vulnerability in bdi_put and bdi_unregister in backing-dev.c Out-of-bounds Read Vulnerability in asn1_ec_pkey_parse of acropora/crypto/asn1_common.c Reflected Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts (prior to 2022.1) Android Kernel Vulnerability: A-210083655 Out-of-bounds Read Vulnerability in asn1_p256_int of Android Kernel Android Kernel Vulnerability: A-204891956 Out-of-bounds Read Vulnerability in asn1_parse of asn1.c Heap Buffer Overflow in Android Kernel Base Drivers Android Kernel Vulnerability: A-204956204 Android Kernel Vulnerability: A-210594998 Android Kernel Vulnerability: A-211162353 Critical SQL Injection Vulnerability in SourceCodester Prison Management System 1.0 Android Kernel Vulnerability: A-209421931 Android Kernel Vulnerability: A-215565667 Missing Permission Check in onbind of ShannonRcsService.java Allows for Local Information Disclosure Android Kernel Vulnerability: A-207116951 Out of Bounds Read Vulnerability in exynos_secEnv_init of mach-gs101.c Android Kernel Vulnerability: A-209252491 Uninitialized Memory Read Vulnerability in auth_store of sjtag-driver.c Android Kernel Vulnerability: A-209906686 Integer Overflow Vulnerability in ioctl_dpm_qos_update and ioctl_event_control_set of (TBD) Android Kernel Vulnerability: A-211683760 Critical SQL Injection Vulnerability in SourceCodester Prison Management System 1.0 Arbitrary Code Execution Vulnerability in mali_gralloc_reference.cpp Android Kernel Vulnerability: A-210936609 Missing Permission Check in handle_ramdump of pixel_loader.c Allows for Non-Secure Memory Ramdump and Local Information Disclosure Out-of-bounds Write Vulnerability in hypx_create_blob_dmabuf of faceauth_hypx.c Android Kernel Vulnerability: A-209153114 Possible Use After Free Bug in Android Kernel (A-208842348) Allows Local Escalation of Privilege Arbitrary Code Execution in kbase_mem_alias of mali_kbase_mem_linux.c Android Kernel Vulnerability: A-207254598 Critical Remote Code Execution Vulnerability in SourceCodester Prison Management System 1.0 Android Kernel Vulnerability: A-208744915 Android Kernel Vulnerability: A-209324757 Potential Local Privilege Escalation in Android-12L: GrantEmbeddedWindowFocus Vulnerability Incorrect Permission Attribution in getUniqueUsagesWithLabels of PermissionUsageHelper.java Possible Permission Bypass in ChooseLockGeneric.java in Android-12L Unsafe Deserialization in Keystore Library Allows for Local Denial of Service in Android-12L Permission Bypass Vulnerability in Gallery3D and Photos: Local Information Disclosure Permission Bypass Vulnerability in Parcel.java Allows Foreground Activity Start Out of Bounds Read Vulnerability in llcp_dlc_proc_connect_pdu of llcp_dlc.cc NFC Tag Disclosure Vulnerability in Android's NfcService.java Cross-Site Scripting (XSS) Vulnerability in SourceCodester Prison Management System 1.0 Potential Information Disclosure Vulnerability in SoftApManager.java Out of Bounds Read Vulnerability in getAppSize of InstalldNativeService.cpp Heap Buffer Overflow in ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c Memory Corruption Vulnerability in Nanopb Library Potential Local Privilege Escalation via Falsified Bug Reports in DevicePolicyManagerService.java Improper Input Validation in isFileUri of FileUtil.java Allows Local Information Disclosure Missing Permission Check in setPackageOrComponentEnabled of NotificationManagerService.java Insecure Default Value in GattServiceConfig.java Allows Permission Bypass and Privilege Escalation Out-of-bounds Read Vulnerability in parseRecursively of cppbor_parse.cpp Possible Heap Buffer Overflow in hme_add_new_node_to_a_sorted_array of hme_utils.c Remote Code Execution Vulnerability in Android SoC Modem Parsing Code Possible EoP Vulnerability in wifi.RequestToggleWifiActivity of AndroidManifest.xml Possible Denial of Service (DoS) Vulnerability in ApplicationsDetailsActivity of AndroidManifest.xml Tapjacking Vulnerability in Car Settings App Allows Unauthorized Modification of System Settings Possible Factory Reset Vulnerability in MasterClearConfirmFragment.java Android Exported Setting Allows Unauthorized Access to com.sprd.firewall Unauthorized Broadcast Vulnerability in SprdContactsProvider Permission Bypass Vulnerability in PermissionController Unencrypted User Directories Vulnerability in Android Storage and User Manager Services Stored Cross-site Scripting (XSS) Vulnerability in nocodb/nocodb prior to 0.91.7 Path Traversal Vulnerability in openFile of CallLogProvider.java Out-of-Bounds Read Vulnerability in avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc Out of Bounds Write Vulnerability in read_attr_value of gatt_db.cc Potential Local Privilege Escalation in AppRestrictionsFragment.java Out-of-bounds Read Vulnerability in AT_SKIP_REST of bta_hf_client_at.cc Missing Permission Check in getSubscriptionProperty of SubscriptionController.java Allows Local Information Disclosure Tapjacking Vulnerability in Android's WindowManagerService Heap Buffer Overflow in USB Driver: Local Information Disclosure Vulnerability Use-after-free vulnerability in C2DmaBufAllocator.cpp allows for remote information disclosure Out-of-Bounds Write Vulnerability in bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc Privilege Escalation Vulnerability in polonel/trudesk prior to 1.2.4 Improper Input Validation in choosePrivateKeyAlias of KeyChain.java Allows Local Information Disclosure Out-of-bounds Write Vulnerability in smc_intc_request_fiq of arm_gic.c Out-of-Bounds Write Vulnerability in param_find_digests_internal Function of Titan-M Source Misleading Notification Access Permission Vulnerability Memory Corruption Vulnerability in PowerVR GPU Kernel Driver Out-of-Bounds Vulnerability in Android DRM Driver: System Crash and Elevation of Privilege (EOP) Out of Bounds Write Vulnerability in BuildDevIDResponse of miscdatabuilder.cpp Kernel Memory Mapping Vulnerability in 'remap_pfn_range' Function Kernel Memory Mapping Vulnerability in Android's 'remap_pfn_range' Function OS Command Injection in Gogs GitHub Repository Prior to Version 0.12.11 Location Information Leak in sOpAllowSystemRestrictionBypass of AppOpsManager.java Improper Input Validation in Messaging App Allows Unauthorized File Attachment and Information Disclosure Telephony App Installation Information Disclosure Vulnerability Possible Log Information Disclosure in Core Utilities on Android Android Bluetooth Vulnerability: Local Privilege Escalation via Out of Bounds Write Insecure Default Value in WindowManager Allows Lock Screen Recording Incorrect UID/Permission Check in WindowManager Allows Privilege Escalation Android Heap Buffer Overflow Vulnerability Allows Remote Information Disclosure Logic Error in Android Settings Allows Bypassing DISALLOW_CONFIG_WIFI Restriction Side Channel Information Disclosure in LocaleManager Allows App Installation Detection without Query Permissions Stack Overflow Vulnerability in Grandstream GSD3710 (1.0.11.13): Unauthorized Shell Access Improper Input Validation Allows Unauthorized File Attachment in Android Messaging Side Channel Information Disclosure in LocaleManager Allows App Installation Detection without Query Permissions Side Channel Information Disclosure in PackageManager Allows Unprivileged App Detection Bluetooth Cleanup Failure Vulnerability Android Wi-Fi Permissions Bypass Vulnerability Allows Local Privilege Escalation Missing Permission Check in SettingsProvider Allows Unauthorized Access to Default Ringtone Race condition vulnerability in Audio HAL allows for local privilege escalation Bluetooth Pairing Vulnerability: Display Only Device Pairing Without PIN Confirmation Bluetooth Configuration Error Allows Local Privilege Escalation in Android Telephony Vulnerability: Unauthorized ICCID and EID Disclosure Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Android Phone App Resource Exhaustion Vulnerability Location Information Disclosure Vulnerability in LocationManager Missing Permission Check in ActivityManager Allows for Unauthorized Capability Check Missing Permission Check in ActivityManager Allows Local Information Disclosure Side Channel Information Disclosure in Usage Stats Service Allows App Installation Detection without Query Permissions Android Factory Reset Permissions Bypass Vulnerability Allows Local Privilege Escalation Improper Input Validation in Companion App Allows Local Privilege Escalation Bluetooth Connection Control Vulnerability Permissions Bypass in RestrictionsManager Allows Privilege Escalation on Android Devices Android Bluetooth Out of Bounds Write Vulnerability CSV Injection Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Android Content App Vulnerability: Unauthorized Access to Gmail Account Name Misleading UI in PermissionController allows for unauthorized permission grants and local privilege escalation Misleading Text in PermissionController Allows for Local Information Disclosure Android Bluetooth Heap Buffer Overflow: Remote Information Disclosure Vulnerability Missing Permission Check in Keyguard: Local Privilege Escalation and Screen Timeout Prevention Vulnerability Side Channel Information Disclosure in DevicePolicyManager Allows Unauthorized App Detection Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Insufficient Log Filtering in Android Accounts Allows for Local Information Disclosure Side Channel Information Disclosure in DevicePolicyManager Allows Unprivileged App Detection Cross-site Scripting (XSS) Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Improper Input Validation in MMSProvider Allows for Local Information Disclosure Missing Permission Check Allows Background Activity Start in Android Core (CVE-2021-12345) AppWidget Background Activity Start Vulnerability Critical Bluetooth Vulnerability Allows Remote Code Execution on Android Devices Telephony Information Disclosure Vulnerability in Android-13 (A-231986341) Side Channel Information Disclosure in PackageManager Allows Unauthorized App Detection Possible Bypass of Background Activity Restriction in Android Connectivity AppSearchManagerService Information Disclosure Vulnerability AppSearchManagerService Information Disclosure Vulnerability PackageInstaller Vulnerability: Unauthorized App Installation Detection via Side Channel Information Disclosure Cross-site Scripting (XSS) Vulnerability in GitHub Repository kromitgmbh/titra prior to 0.77.0 Android MIDI Permissions Bypass Vulnerability Allows Unauthorized Access to Private Devices App Installation Status Disclosure Vulnerability in AppOpsService Logic Error in Factory Reset Protections Allows Local Privilege Escalation on Android Side Channel Information Disclosure in LauncherApps Allows App Installation Detection without Query Permissions Local Information Disclosure Vulnerability in Android Account Existence Disclosure Vulnerability in ContentService Account Existence Disclosure Vulnerability in ContentService Logic Error in Factory Reset Protections Allows Local Privilege Escalation on Android Account Existence Disclosure Vulnerability in ContentService Missing Permission Check in ContentService Allows for Local Information Disclosure Directory Traversal Vulnerability in Zyxel USG FLEX and Other Firmware Versions Account Existence Disclosure Vulnerability in Android Account Existence Disclosure Vulnerability in Android Sandbox Escape Vulnerability Allows Bypass of Factory Reset Protections in Android Account Enumeration Vulnerability in ContentService Side Channel Information Disclosure Vulnerability in Android Missing Permission Check in ContentService Allows Disclosure of Available Account Types Use-after-free vulnerability in Camera Provider HAL allows for local privilege escalation Side Channel Information Disclosure in AlarmManagerService Allows Unprivileged App Installation Detection Insecure Default Configuration in hostapd Allows Remote Denial of Service PackageInstaller Side Channel Information Disclosure Vulnerability Samba Vulnerability: Ticket Decryption Exploit Telecomm Vulnerability: Local Information Disclosure in Android-13 Telecomm Vulnerability: Local Information Disclosure in Android-13 Potential Local Information Disclosure Vulnerability in WifiP2pManager Android Bluetooth Vulnerability: Local Privilege Escalation via Out of Bounds Write Improper Input Validation in KeyChain Allows for Local Privilege Escalation Missing Permission Check in ActivityManager Allows Disclosure of Installed Packages Side Channel Information Disclosure in ContentResolver Allows Unprivileged App Detection Logic Error in SystemUI Allows Unexpected Activation of External Speaker, Leading to Local Information Disclosure PackageInstaller Vulnerability: Unauthorized App Installation Detection via Side Channel Information Disclosure Arbitrary Protected Activity Launch Vulnerability in DreamServices Stored Cross-Site Scripting Vulnerability in Pandora FMS v7.0NG.761 and Below Unauthenticated App Installation Detection Vulnerability in ActivityManager Missing Permission Check in WiFi QR Code Reader Missing Permission Check in PackageManager Allows Installed Package Disclosure Missing Permission Check in PackageManager Allows Package Installation Disclosure Side Channel Information Disclosure Vulnerability in Android Android Use After Free Vulnerability Allows Local Privilege Escalation Telephony Vulnerability: Local Information Disclosure via Missing Permission Check in Android-13 Android Wi-Fi SSID Disclosure Vulnerability Unauthenticated App Presence Disclosure in PackageManager Android Wifi Vulnerability: Local Privilege Escalation via Missing Permission Check Bluetooth Device Connection Vulnerability Allows Unauthorized Access on Android Tapjacking/Overlay Attack in Android Framework Allows Unauthorized Work Profile Activation Side Channel Information Disclosure in PackageManager Allows Unauthorized App Detection Bluetooth Null Check Vulnerability in Android Bluetooth Null Pointer Dereference Vulnerability in Android Android Wi-Fi Settings Vulnerability Allows Unauthorized Adjustment of Wi-Fi Settings Android VPN Lockdown Mode Vulnerability: Unauthorized Application Disclosure Improper Input Validation in HierarchicalUri.readFrom of Uri.java Allows for Local Privilege Escalation Insecure SEpolicy Configuration Allows Unauthorized Access to Network Neighbor Table Information in Android Unauthenticated Access to Private Messages in Sensei LMS WordPress Plugin Missing Permission Check in SELinux Policy Allows for Local Information Disclosure Missing Permission Check in ConnectivityService Allows for Local Information Disclosure Insecure Default Value in WiFi Password Disclosure Vulnerability Race condition vulnerability in stealReceiveChannel of EventThread.cpp allows for local escalation of privilege without additional execution privileges needed Out of Bounds Write Vulnerability in l2cble_process_sig_cmd of l2c_ble.cc Out-of-bounds Read Vulnerability in MPEG4Extractor.cpp Possible Permission Bypass Vulnerability in onAttach of ConnectedDeviceDashboardFragment.java Admin Restriction Bypass in LocationServicesWifiScanningPreferenceController.java Admin Restriction Bypass in WifiScanningPreferenceController and BluetoothScanningPreferenceController Reflected Cross-Site Scripting (XSS) Vulnerability in SCORM Engine Improper Input Validation in NotificationAccessConfirmationActivity Allows Unauthorized Notification Access SQL Injection Vulnerability in CallLogProvider.java Allows Unauthorized Access to Voicemail Information Location Information Disclosure Vulnerability in LocationManagerService Improper Input Validation in DefaultRingtonePreference.java Allows Inappropriate File Read Possible VPN Disabling Vulnerability in onDefaultNetworkChanged of Vpn.java Improper Input Validation in PacProxyService.java Allows for Local Denial of Service Improper Input Validation Allows Unauthorized Foreground Service Start in Android Uninitialized Data Information Disclosure in writeToParcel of SurfaceControl.cpp Missing Permission Check in startSync of AbstractThreadedSyncAdapter Allows Local Information Disclosure Stored Cross-site Scripting (XSS) Vulnerability in francoisjacquet/rosariosis prior to 9.0.1 Missing Permission Check in setChecked of SecureNfcPreferenceController Allows Local Privilege Escalation Cross-Transport Key Derivation Vulnerability in btif_dm_auth_cmpl_evt of btif_dm.cc Critical Bluetooth Vulnerability Allows Remote Code Execution on Android Devices Out-of-bounds Write Vulnerability in sysmmu_unmap of Android Kernel Android Kernel Vulnerability: A-229632566 Integer Overflow in ioctl_dpm_clk_update of lwis_ioctl.c Integer Overflow in construct_transaction of lwis_ioctl.c Allows for Local Privilege Escalation in Android Kernel Android Kernel Vulnerability: A-224546354 Out-of-bounds Write Vulnerability in v4l2_m2m_querybuf of v4l2-mem2mem.c Critical Vulnerability: Excessive Attack Surface in tooljet/tooljet prior to v1.16.0 Android Kernel Vulnerability: A-215730643 Race condition leading to use after free vulnerability in dm_bow_dtr and related functions of dm-bow.c Out of Bounds Write Vulnerability in exynos5_i2c_irq Race condition vulnerability in st21nfc_loc_set_polaritymode of fc/st21nfc.c allows for local escalation of privilege with System execution privileges needed Out of Bounds Read Vulnerability in LteRrcNrProAsnDecode of LteRrcNr_Codec.c Possible Use After Free Vulnerability in trusty_log_seq_start of trusty-log.c Possible Local Privilege Escalation in Android Keymaster IPC Android Kernel Vulnerability: A-234657153 Use-after-free vulnerability in lwis_buffer_alloc of lwis_buffer.c allows for arbitrary code execution Android Kernel Vulnerability: A-212625740 Android Kernel Vulnerability: A-188935887 Possible Out of Bounds Write Vulnerability in Android Kernel Integer Overflow Vulnerability in AllocateInternalBuffers of g3aa_buffer_allocator.cc Android Kernel Vulnerability: A-211727306 Out-of-Bounds Access Vulnerability in 'nla_parse' Function Title: Android SoC Vulnerability (A-238227328) Title: Android SoC Vulnerability (A-238227324) Title: Android SoC Vulnerability (A-238227323) Title: Android SoC Vulnerability (A-238257004) Cross-Site Request Forgery Vulnerability in Free Live Chat Support Plugin for WordPress Title: Android SoC Vulnerability (A-238257002) Title: Android SoC Vulnerability (A-238257000) Improper Input Validation in declareDuplicatePermission of ParsedPermissionUtils.java Allows Unauthorized Acquisition of Dangerous Permission Integer Overflow Vulnerability in extract3GPPGlobalDescriptions of TextDescriptions.cpp Missing Permission Check in getInputMethodWindowVisibleHeight of InputMethodManagerService.java Allows Local Information Disclosure Path Traversal Vulnerability in MediaProvider.java Allows Local Privilege Escalation Bluetooth Discoverability Permissions Bypass Vulnerability in Android Out of Bounds Write Vulnerability in SitRilClient_OnResponse of SitRilSe.cpp Guest User Wi-Fi Configuration Permissions Bypass Vulnerability Insecure Default Value in SEPolicy Configuration Allows Unauthorized Access to 'ip' Utility Stored Cross-Site Scripting Vulnerability in Brizy WordPress Plugin Out of Bounds Write Vulnerability in cd_CodeMsg of cd_codec.c Out-of-Bounds Read Vulnerability in SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c Android Kernel Vulnerability: A-218701042 Android Kernel Vulnerability: A-207975764 Android Kernel Vulnerability: A-205714161 Android Kernel Vulnerability: A-216363416 Android Kernel Vulnerability: A-184676385 Android Kernel Vulnerability: A-210916981 Android Kernel Vulnerability: A-204782372 Use After Free Vulnerability in io_identity_cow of io_uring.c Stored Cross-Site Scripting Vulnerability in Brizy WordPress Plugin Integer Overflow Vulnerability in avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc Out-of-Bounds Write Vulnerability in avdt_msg_asmbl of avdt_msg.cc Out-of-bounds Read Vulnerability in fdt_next_tag of fdt.c Possible Audio Recording Vulnerability in Threads.cpp Uncaught Exception in setImpl of AlarmManagerService.java Leads to Local Denial of Service Vulnerability Possible bypass of background activity start restriction in handleFullScreenIntent of StatusBarNotificationActivityStarter.java Out-of-bounds Write Vulnerability in audioTransportsToHal of HidlUtils.cpp Out-of-bounds Write Vulnerability in audioTransportsToHal of HidlUtils.cpp Out of Bounds Read Vulnerability in pickStartSeq of AAVCAssembler.cpp Arbitrary Code Execution Vulnerability in setOptions of ActivityRecord.java GitHub Repository vim/vim Prior to 8.2 Use After Free Vulnerability Bypassing Device Policy Restrictions in getBackgroundRestrictionExemptionReason of AppRestrictionController.java Use-after-free vulnerability in binder_inc_ref_for_node in binder.c allows local attackers to gain privileges via a crafted application. Race condition vulnerability in emulation_proc_handler in armv8_deprecated.c allows for local privilege escalation without additional execution privileges. Integer Overflow Vulnerability in rndis_set_response of rndis.c in Android Kernel Possible Permanent Performance Degradation Due to Resource Exhaustion in addAutomaticZenRule of ZenModeHelper.java Phone Account Resource Exhaustion Vulnerability Memory Corruption Vulnerability in Android Kernel Possible Out of Bounds Write Vulnerability in Android Kernel (A-239555411) Permission Bypass Vulnerability in CarSettings App Package Allows Local Privilege Escalation in Bluetooth Settings Out-of-Bounds Write Vulnerability in MOXA NPort 5110 Firmware Versions 2.10 Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Missing Authorization in Android SoC Service: Local Elevation of Privilege Vulnerability Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Missing Authorization in Android SoC Service Allows Local Elevation of Privilege Android SoC Unauthorized Service Vulnerability: System Reboot Exploit Local Elevation of Privilege Vulnerability in Android SoC Unauthorized Broadcast Vulnerability in Android Messaging Unauthorized Broadcast Vulnerability in Android Messaging Unauthorized Provider Vulnerability in Android Messaging: Local Denial of Service Out-of-Bounds Write Vulnerability in MOXA NPort 5110 Firmware Versions 2.10 Unauthorized Broadcast Vulnerability in Android Messaging Unexported Intent Handler Launch Vulnerability in navigateUpTo of Task.java Tapjacking/Overlay Attack Vulnerability in ReviewPermissionsActivity.java Possible Tapjacking/Overlay Attack in Layer.cpp Allows Local Privilege Escalation without User Interaction Out-of-Bounds Read Vulnerability in sdp_discovery.cc Allows Remote Information Disclosure Missing Permission Check in AlwaysOnHotwordDetector Allows Unauthorized Microphone Access Out of Bounds Read Vulnerability in PAN_WriteBuf of pan_api.cc Permissions Bypass Vulnerability in NotificationManagerService Allows Data Sharing Across Users Path Traversal Vulnerability in writeApplicationRestrictionsLAr of UserManagerService.java Missing Permission Check in restorePermissionState of PermissionManagerServiceImpl.java Allows Local Privilege Escalation Missing Permission Check in onCallRedirectionComplete of CallsManager.java Arbitrary Code Execution Vulnerability in BaseBundle.java's initializeFromParcelLocked Method Path Traversal Vulnerability in MmsProvider.java Allows Local Denial of Service of SIM Recognition Integer Overflow in fdt_next_tag of fdt.c Allows for Local Privilege Escalation Persistent Denial of Service Vulnerability in addAutomaticZenRule of ZenModeHelper.java Resource Exhaustion Vulnerability in AutomaticZenRule of AutomaticZenRule.java Improper Input Validation in getMountModeInternal of StorageManagerService.java Allows Local Privilege Escalation Sensitive Information Leakage in CarNotificationListener.java Improper Input Validation in Android Kernel Allows for Local Privilege Escalation Unrestricted Plugin Download Vulnerability in Directorist WordPress Plugin Memory Mapping Corruption Vulnerability in mprot_unmap Out-of-Bounds Read Vulnerability in pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp Out-of-bounds Write Vulnerability in phNxpNciHal_write_unlocked of phNxpNciHal.cc Possible Audio Recording Vulnerability in Android Kernel Lockscreen Bypass Vulnerability in KeyguardHostViewController.java and Related Files Insecure Default Value in applyKeyguardFlags Allows Password Observation on Secondary Display Possible Incorrect File Read Vulnerability in BluetoothOppUtility.java Out-of-Bounds Read Vulnerability in BNEP_ConnectResp of bnep_api.cc Out of Bounds Write Vulnerability in avct_lcb_msg_asmbl of avct_lcb_act.cc Improper Parsing of Authority Segment in Jetty HttpURI Class Improper Input Validation in bindRemoteViewsService of AppWidgetServiceImpl.java Allows Local Privilege Escalation Out-of-bounds Read Vulnerability in SendIncDecRestoreCmdPart2 of NxpMfcReader.cc Out-of-bounds Read Vulnerability in toLanguageTag of LocaleListCache.cpp Out-of-bounds Read Vulnerability in toLanguageTag of LocaleListCache.cpp Arbitrary Code Loading Vulnerability in readLazyValue of Parcel.java Possible Hijacking of Apps with allowTaskReparenting Vulnerability Infinite Reboot Loop Vulnerability in PackageManager.setEnableSetting Possible Local Escalation of Privilege in KeyguardNotificationVisibilityProvider.kt Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Denial of Service Vulnerability in Eclipse Jetty HTTP/2 Server Implementation Resource Exhaustion Vulnerability in NotificationChannel Persistence WiFi Settings Residual Data Disclosure Vulnerability Resource Exhaustion Vulnerability in createNotificationChannel of NotificationManager.java Integer Overflow Vulnerability in avrc_pars_ct.cc and Related Files Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in AutomaticZenRule.java Regex Denial of Service Vulnerability in Octopus Deploy Package Upload Function Resource Exhaustion Vulnerability in AutomaticZenRule.java Resource Exhaustion Vulnerability in NotificationChannel Persistence Resource Exhaustion Vulnerability in AutomaticZenRule.java Improper Input Validation in Condition.java Allows for Notification Access Granting Persistent DoS Vulnerability in AutomaticZenRule of AutomaticZenRule.java Possible Local Escalation of Privilege in getEnabledAccessibilityServiceList of AccessibilityManager.java Arbitrary Code Execution Vulnerability in setDataSource of initMediaExtractor.cpp Incorrect State Transition in updatePublicMode of NotificationLockscreenUserManagerImpl.java Allows Sensitive Notification Disclosure on Lockscreen Out-of-bounds Read Vulnerability in fdt_path_offset_namelen of fdt_ro.c Uncaught Parsing Errors in PasspointConfiguration.java Could Lead to Local Persistent Denial of Service Stored Cross-Site Scripting Vulnerability in WP-Paginate WordPress Plugin Uncaught Exception in loadFromXml of ShortcutPackage.java Leads to Local Denial of Service Vulnerability Tapjacking/Overlay Attack Vulnerability in EnableAccountPreferenceActivity Use-after-free vulnerability in GetResolvedMethod in entrypoint_utils-inl.h allows for local information disclosure in Android. Potential Local Privilege Escalation in WifiDppConfiguratorActivity Missing Permission Check in DreamManagerService.java Allows Local Privilege Escalation and Dismissal of System Dialogs Possible Path Traversal Vulnerability in openFile of CallLogProvider.java Missing Permission Check in onCreate of WifiDialogActivity.java Allows Local Privilege Escalation Arbitrary Code Execution Vulnerability in UwbEventManager.java Guest User Privilege Escalation via Permissions Bypass in ConfigureWifiSettings.java Out-of-Bounds Write Vulnerability in mapGrantorDescr of MessageQueueBase.h Permissions Bypass in getNearbyNotificationStreamingPolicy of DevicePolicyManagerService.java Missing Permission Check in getNearbyAppStreamingPolicy of DevicePolicyManagerService.java Improper Input Validation in navigateUpTo of Task.java Allows for Local Privilege Escalation Possible Out of Bounds Read in decrypt_1_2 of CryptoPlugin.cpp Leading to Local Information Disclosure Out of Bounds Write Vulnerability in Idmap2Service.cpp Local Information Disclosure Vulnerability in AccountTypePreferenceLoader Integer Overflow Vulnerability in rw_t3t_act_handle_check_ndef_rsp of Android SQL Injection Vulnerability in getMessagesByPhoneNumber of MmsSmsProvider.java SQL Injection Vulnerability in MmsSmsProvider.java Allows Access to Restricted Tables Potential Local Privilege Escalation in AddAppNetworksActivity.java Default Privileged Windows Users and Passwords in Multiple Trumpf Products: A Gateway for Remote System Access Possible Tapjacking/Overlay Attack in Android's onCreate Method Null Pointer Dereference in sdpu_find_most_specific_service_uuid of sdp_utils.cc Missing Permission Check in getSlice of ProviderModelSlice.java Allows Local Escalation of Privilege in Android Out-of-bounds Read Vulnerability in IncFs_GetFilledRangesStartingFrom of incfs.cpp Use-after-free vulnerability in Vibrator.cpp allows for arbitrary code execution Possible Local Privilege Escalation Vulnerability in Android's enforceVisualVoicemailPackage Out of Bounds Write Vulnerability in CanvasContext::draw of CanvasContext.cpp Out of Bounds Read Vulnerability in HalCoreCallback of Android NFC Firmware Out of Bounds Read Vulnerability in HevcUtils.cpp Limited Lockscreen Bypass Vulnerability in WifiDialogActivity.java Undertow AJP POST Request DoS Vulnerability Misleading String Vulnerability Allows Remote Information Disclosure of Call Logs in Android Telecom App Installation Detection Vulnerability: Side Channel Information Disclosure Integer Overflow Vulnerability in parseTrackFragmentRun() of MPEG4Extractor.cpp in Android Potential Local Privilege Escalation in getSlice of WifiSlice.java Information Disclosure Vulnerability in registerLocalOnlyHotspotSoftApCallback of WifiManager.java Missing Permission Check in registerBroadcastReceiver of RcsService.java Allows Local Privilege Escalation Potential Local Privilege Escalation in createDialog of WifiScanModeActivity.java Possible Information Disclosure Vulnerability in RoleService.java Out of Bounds Write Vulnerability in Effect.cpp Could Lead to Local Privilege Escalation Code Injection Vulnerability in Nuitka Prior to Version 0.9 Arbitrary Code Execution Vulnerability in SurfaceFlinger::doDump of Android Out of Bounds Read Vulnerability in phNxpNciHal_ioctl of phNxpNciHal.cc Out-of-bounds Write Vulnerability in parseParamsBlob of types.cpp Title: Android Display Crash Loop Vulnerability Allows Local Denial of Service Bypass of Profile Owner Restrictions in ManageApplications.java Remote Denial of Service Vulnerability in bindArtworkAndColors of MediaControlPanel.java Out of Bounds Write Vulnerability in getCurrentConfigImpl of Effect.cpp Missing Permission Check in AdapterService.java Allows for Bluetooth State Manipulation Out-of-Bounds Write Vulnerability in setParameter of EqualizerEffect.cpp Out of Bounds Write Vulnerability in KeyMintUtils.cpp Arbitrary Protected Activity Launch Vulnerability in Android Possible Local Escalation of Privilege in AudioFlinger's createTrack Vulnerability Out of Bounds Read and Use After Free Vulnerability in btif_a2dp_sink_command_ready of btif_a2dp_sink.cc Tapjacking/Overlay Attack Vulnerability in LogAccessDialogActivity.java Possible OOB Read Vulnerability in removeEventHubDevice of InputDevice.cpp Out-of-bounds Read Vulnerability in ufdt_get_node_by_path_len of ufdt_convert.c Potential Local Privilege Escalation in NetworkProviderSettings Out of Bounds Read Vulnerability in MessageQueueBase of Android Potential Privilege Escalation via Permissions Bypass in DeviceCapabilityListener.java Side Channel Information Disclosure in revokeOwnPermissionsOnKill of PermissionManager.java Divide By Zero Denial-of-Service Vulnerability in libtiff 4.4.0 Android Kernel Vulnerability: A-212623833 Use-after-free vulnerability in aud_hal_tunnel.c allows for local privilege escalation Possible audio recording vulnerability in Android kernel Out of Bounds Read Vulnerability in ufdt_convert Function Out of Bounds Write Vulnerability in ufdt_output_strtab_to_fdt of ufdt_convert.c Use-after-free vulnerability in l2cap_chan_put in l2cap_core allows for local privilege escalation Race condition vulnerability in pppol2tp_create in l2tp_ppp.c allows for use after free, leading to local privilege escalation Use after free vulnerability in Android kernel allows for local privilege escalation Out-of-bounds Write Vulnerability in thermal_cooling_device_stats_update of thermal_sysfs.c Divide By Zero Denial-of-Service Vulnerability in libtiff 4.4.0 Android Kernel Vulnerability: A-230660904 Use-after-free vulnerability in extract_metadata of dm-android-verity.c allows local attackers to corrupt kernel memory and potentially escalate privileges. Missing Permission Check in dm-verity-target.c Allows for Modification of Read-Only Files Out-of-bounds Read Vulnerability in sec_sysmmu_info of drm_fw.c Out-of-bounds Read Vulnerability in read_ppmpu_info of drm_fw.c Out of Bounds Write Vulnerability in rilapplication.cpp Out of Bounds Write Vulnerability in OemSimAuthRequest::encode of wlandata.cpp Possible Stack Clash Vulnerability in RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp Possible Stack Clash Vulnerability in RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp Divide By Zero Denial-of-Service Vulnerability in libtiff 4.4.0 Out of Bounds Write Vulnerability in ufdt_do_one_fixup of ufdt_overlay.c Possible Use After Free Vulnerability in Pixel Camera Driver Out-of-Bounds Write Vulnerability in ppmp_unprotect_mfcfw_buf of drm_fw.c Out-of-Bounds Write Vulnerability in ppmp_unprotect_mfcfw_buf of drm_fw.c Improper Input Validation in shared_mem.c Allows Local Privilege Escalation Improper Input Validation in drm_access_control.c Allows for Local Escalation of Privilege in Android Kernel Improper Input Validation in drm_access_control.c Allows for Local Escalation of Privilege in Android Kernel Possible EoP Vulnerability in ppmp_validate_wsm of drm_fw.c in Android Kernel Possible EoP Vulnerability in sysmmu_map of sysmmu.c Improper Input Validation in valid_va_secbuf_check of drm_access_control.c in Android Kernel Allows for Local Information Disclosure Stored Cross-Site Scripting Vulnerability in Pandora FMS v7.0NG.761 and Below Information Disclosure in valid_va_sec_mfc_check of drm_access_control.c Information Disclosure in ppmpu_set of ppmpu.c in Android Kernel Information Disclosure in ppmp_validate_secbuf of drm_fw.c Out-of-bounds Read Vulnerability in pop_descriptor_string of BufferDescriptor.h Potential Out of Bounds Write Vulnerability in WirelessCharger.cpp Possible Out of Bounds Read in getWpcAuthChallengeResponse of WirelessCharger.cpp Out of Bounds Write Vulnerability in sendChunk of WirelessCharger.cpp Integer Overflow Vulnerability in ppmpu_set of ppmpu.c Integer Overflow Vulnerability in sec_media_protect of media.c Missing Bounds Check in Pixel Firmware Allows Local Privilege Escalation Stored Cross-site Scripting (XSS) Vulnerability in Dolibarr GitHub Repository (prior to version 16.0) Out of Bounds Write Vulnerability in Android Kernel Android Kernel Vulnerability: A-204541506 Android Kernel Vulnerability: A-211081867 Out of Bounds Write Vulnerability in SetDecompContextDb of RohcDeCompContextOfRbId.cpp Out-of-bounds Read Vulnerability in SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c Out of Bounds Read Vulnerability in SAECOMM_CopyBufferBytes of SAECOMM_Utility.c Out-of-bounds Read Vulnerability in SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c Out of Bounds Write Vulnerability in Pixel Cellular Firmware Allows Remote Code Execution Out of Bounds Read Vulnerability in Pixel Cellular Firmware Out of Bounds Read Vulnerability in Pixel Cellular Firmware Heap-based Buffer Overflow in Chafa GitHub Repository Out of Bounds Read Vulnerability in Cellular Modem Firmware Allows Remote Code Execution Carrier Restrictions Bypass Vulnerability in DeletePackageHelper.java CSRF Vulnerability in Jenkins Allows Unauthorized Job Build Triggering Jenkins Mailer Plugin CSRF Vulnerability Allows DNS Resolution Hijacking Vulnerability: Unauthorized DNS Resolution in Jenkins Mailer Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Matrix Project Plugin 1.19 and Earlier Jenkins Credentials Binding Plugin Vulnerability: Unauthorized Validation of Secret File Credentials Jenkins Docker Commons Plugin OS Command Execution Vulnerability Vulnerability: Enumeration of Credentials IDs in Jenkins Bitbucket Branch Source Plugin Jenkins Bitbucket Branch Source Plugin CSRF Vulnerability Sensitive Information Disclosure in GitHub repository nocodb/nocodb prior to 0.91.7+. Credential Enumeration Vulnerability in Jenkins SSH Agent Plugin Unencrypted Access Key Vulnerability in Jenkins Metrics Plugin Denial of Service Vulnerability in Cisco Embedded Wireless Controller with Catalyst Access Points Software Cisco NX-OS Software BFD Rate Limiter Logic Error Vulnerability Cisco NX-OS Software CFSoIP Denial of Service Vulnerability Cisco Discovery Protocol Service Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Privilege Escalation Vulnerability in nocodb/nocodb prior to 0.91.7+ Unsecured Logging Vulnerability in Cisco DNA Center Allows Unauthorized Access to Sensitive Information Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface GitHub Repository NocoDB Prior to 0.91.7+: Insufficient Session Expiration Vulnerability Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Cross-Site Scripting Vulnerabilities in Cisco Security Manager Web Interface Stored Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts Repository (prior to 2022.06) Arbitrary Command Execution Vulnerability in Cisco NX-OS Software's NX-API Unencrypted Credentials Exposure Vulnerability in Cisco ASDM Logging Component Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) DNS-based Authentication of Named Entities (DANE) Email Verification Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco Unified Contact Center Management Portal and Domain Manager Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Reflected Cross-Site Scripting (XSS) Vulnerability in neorazorx/facturascripts (prior to 2022.06) Unencrypted Storage Vulnerability in Cisco IP Phones: Confidential Information Extraction Persistent Code Execution and Permanent Denial of Service Vulnerabilities in Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Smart Card Authentication Bypass Vulnerability in Cisco Duo for macOS Sensitive Information Retrieval Vulnerability in Cisco Secure Email and Web Manager Privilege Escalation Vulnerability in Cisco StarOS CLI Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Critical SQL Injection Vulnerability in francoisjacquet/rosariosis (prior to 9.0) Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Common Services Platform Collector (CSPC) Software Denial of Service (DoS) Vulnerability in Cisco Email Security Appliance, Web Security Appliance, and Secure Email and Web Manager Privilege Escalation Vulnerability in Cisco IOS XE Tcl Interpreter Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOS XE Software AppNav-XE Feature Denial of Service Vulnerability IPSec Decryption Routine Buffer Exhaustion Vulnerability Command Injection Vulnerability in c_rehash Script Improper Privilege Enforcement in Cisco Prime Service Catalog Web Interface Privilege Escalation Vulnerability in Cisco Catalyst 9000 Family Switches and Wireless Controllers CAPWAP Protocol Processing Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Denial of Service Vulnerability in Cisco Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Vulnerability in Cisco ATA 190 Series Analog Telephone Adapter Firmware Allows Remote Code Execution and Denial of Service Cisco ATA 190 Series Analog Telephone Adapter Firmware LLDP Remote Code Execution Vulnerability Cisco ATA 190 Series Analog Telephone Adapter Firmware Remote Code Execution Vulnerability Cisco ATA 190 Series Analog Telephone Adapter Firmware Cisco Discovery Protocol Memory Corruption Vulnerability Out of Bounds Write Vulnerability in Siemens JT2Go and Teamcenter Visualization Cisco ATA 190 Series Analog Telephone Adapter Firmware Cisco Discovery Protocol Memory Corruption Vulnerability Cisco ATA 190 Series Adaptive Telephone Adapter Firmware DoS Vulnerability NETCONF over SSH Denial of Service Vulnerability in Cisco IOS XE Software Command Injection Vulnerability in Cisco IOS XE Software Web UI Denial of Service (DoS) Vulnerability in Cisco IOS XE Software's RPKI Implementation Authentication Bypass Vulnerability in Cisco Wireless LAN Controller (WLC) Software Vulnerability: Unauthenticated Access to Messaging Service Ports in Cisco SD-WAN vManage Software Containers Cisco IOS and IOS XE Software Web Services Interface Denial of Service Vulnerability Denial of Service Vulnerability in ClamAV Software's OOXML Parsing Module Multiple Vulnerabilities in Cisco Small Business RV Series Routers Stack Overflow Vulnerability in Grandstream GSD3710 (Version 1.0.11.13) Allows Remote Code Execution Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers CSRF and XSS Vulnerabilities in Name Directory WordPress Plugin Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Multiple Vulnerabilities in Cisco Small Business RV Series Routers Cross-Site Scripting (XSS) Vulnerability in Cisco ASA and FTD VPN Web Client Services Lightspeed-Plus Line Card Reset Vulnerability Denial of Service Vulnerability in Cisco ASA and FTD Software Privilege Escalation Vulnerability in Cisco SD-WAN Software Memory Exhaustion Vulnerability in Cisco SD-WAN vEdge Routers Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Reflected and Stored Cross-Site Scripting Vulnerability in Name Directory WordPress Plugin Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities Cisco IOx Application Hosting Environment Multiple Vulnerabilities VLAN Bypass Vulnerability in Cisco Access Points XML Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Code Injection in Grav CMS prior to 1.7.34 Bypassing Security Intelligence DNS Feed in Cisco Firepower Threat Defense Software Persistent Code Execution and Permanent Denial of Service Vulnerabilities in Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Improper Access Permissions Vulnerability in Cisco VIM Configuration Files Unauthenticated Access to All Roles in Cisco ISE Login Page Insufficient File System Restrictions in Cisco SD-WAN vManage Software Allows Unauthorized Access to Sensitive Information Title: Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability Unauthorized Access to Administrative Console in Cisco AppDynamics Controller Software Vulnerability in Cisco ASA Software's HTTP Authentication Handler Cisco Umbrella Secure Web Gateway: File Inspection Bypass Vulnerability Privilege Escalation Vulnerability in Cisco SD-WAN vManage Software Regex Denial of Service Vulnerability in Octopus Deploy's Variable Project Template Cross-Site Scripting Vulnerability in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Secure Network Analytics GCM Cipher Implementation Vulnerability in Cisco ASA and FTD Software Cisco Firepower Management Center (FMC) Software: File Upload Vulnerability Input Protection Bypass Vulnerability in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco ASA and FTD Software Cisco Firepower Threat Defense (FTD) Software TCP Proxy Denial of Service Vulnerability Insufficient API Authorization Checking in Cisco SD-WAN vManage Software Cisco Firepower Threat Defense (FTD) Software Local Malware Analysis Denial of Service Vulnerability Multiple Vulnerabilities in Cisco Small Business RV Series Routers Regex Denial of Service Vulnerability in Octopus Deploy Build Information Request Validation Cisco Redundancy Configuration Manager (RCM) Checkpoint Manager Process Restart Vulnerability Unauthenticated Remote Attackers Can Cause Denial of Service in Cisco Firepower Threat Defense Software Timing Attack Vulnerability in Cisco Unified Communications Manager, Unified CM SME, and Cisco Unity Connection Arbitrary Code Execution Vulnerability in Cisco Small Business RV340 and RV345 Routers Arbitrary Code Execution and File Write Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS Arbitrary Code Execution and File Write Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS Cisco Identity Services Engine (ISE) RADIUS Processing Denial of Service Vulnerability Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability Cisco IOS XR Software BGP EVPN Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco ASA and FTD Software Cisco ASA and FTD Software DNS Inspection DoS Vulnerability Cisco 1000 Series Connected Grid Router (CGR1K) Integrated AP Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) Software Arbitrary Java Code Injection Vulnerability in Cisco Webex Meetings Multiple Vulnerabilities in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Cross-Site Scripting Vulnerability in Cisco UCS Director Web Applications Cisco FTD Snort Rule Evaluation Function Denial of Service Vulnerability Clear Text Credential Exposure Vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) AireOS Software with FIPS Mode Enabled CHM File Parser Denial of Service Vulnerability in ClamAV TIFF File Parser Denial of Service Vulnerability in ClamAV HTTP Response Splitting Vulnerability in Cisco Email Security Appliance and Secure Email and Web Manager Static SSH Host Key Vulnerability in Cisco Umbrella Virtual Appliance Cross-Site Request Forgery Vulnerability in Cisco IP Phone Series with Multiplatform Firmware Privilege Escalation Vulnerabilities in Cisco SD-WAN Software CLI Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Escape from Guest VM to Host Machine and Command Injection Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Meetings Authentication Component Escape from Guest VM to Host Machine and Command Injection Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Buffer Overflow Vulnerability in Linux Kernel's nft_set_desc_concat_parse() Function Escape from Guest VM to Host Machine and Command Injection Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Stored XSS Vulnerability in Cisco Web Security Appliance (WSA) Management Interface Improper Privilege Enforcement in Cisco Identity Services Engine (ISE) Web Interface Allows Information Disclosure Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Denial of Service Vulnerability Web-Based Reputation Score (WBRS) Engine Bypass Vulnerability in Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) HTML File Parser Denial of Service Vulnerability in ClamAV SQL Injection Vulnerability in Cisco Unified Communications Manager IM & Presence Service Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Unity Connection Arbitrary File Write Vulnerability in Cisco Unified Communications Manager and Session Management Edition Stored Cross-site Scripting (XSS) Vulnerability in nocodb/nocodb prior to 0.91.7+ in GitHub Repository Arbitrary File Read Vulnerability in Cisco Unified Communications Manager Insufficient File Permission Restrictions in Cisco Unified Communications Manager: Arbitrary File Read Vulnerability Heap Buffer Overflow Vulnerability in ClamAV Signature Database Load Module Multiple Vulnerabilities in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software DTLS Protocol Implementation Denial of Service Vulnerability Denial of Service Vulnerability in ClamAV Versions 0.103.5 and Earlier and 0.104.2 and Earlier Arbitrary Command Execution Vulnerability in Cisco Secure Network Analytics Authentication Bypass Vulnerability in Cisco Secure Email and Web Manager Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV340 and RV345 Routers Arbitrary Private Message Sender Vulnerability in Sensei LMS WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Unity Connection Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV340 and RV345 Routers Cross-Site Scripting (XSS) Vulnerability in Cisco Enterprise Chat and Email (ECE) Web Interface Double-Free Vulnerability in ClamAV OLE2 File Parser Cisco Discovery Protocol Denial of Service Vulnerability Cisco Umbrella SWG SSL Decryption Bypass Vulnerability Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS: File Writing and Information Disclosure Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS: File Writing and Information Disclosure Cisco Smart Software Manager On-Prem (SSM On-Prem) Denial of Service Vulnerability Vulnerabilities in Cisco Expressway Series and Cisco TelePresence VCS: File Writing and Information Disclosure HCI Modbus TCP Function Vulnerability: Remote Reboot Exploit SNMP Information Disclosure Vulnerability in Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Arbitrary File Overwrite and Null Byte Poisoning Vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server Arbitrary File Overwrite and Null Byte Poisoning Vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager Web Interface Arbitrary File Deletion Vulnerability in Cisco Unified Communications Manager and Session Management Edition Manufacturing Key Duplication Vulnerability in Cisco Unified IP Phones Privilege Escalation Vulnerabilities in Cisco SD-WAN Software CLI Cisco Identity Services Engine (ISE) Web Management Interface Information Disclosure Vulnerability Cross-Site Scripting (XSS) and Frame Hijacking Vulnerabilities in Cisco Webex Meetings Web Interface Vulnerability: Unauthenticated Remote Access to Redis Instance in Cisco IOS XR Software Cisco Identity Services Engine (ISE) Web Management Interface File Read and Delete Vulnerability OSPFv3 Denial of Service Vulnerability in Cisco NX-OS Software Vulnerability in Cisco Discovery Protocol Allows Remote Code Execution and DoS Arbitrary Code Execution and DoS Vulnerability in Cisco Small Business RV Routers Secure Boot Bypass Vulnerability in Cisco Secure Firewalls 3100 Series Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Arbitrary Command Execution Vulnerability in Cisco FirePOWER Software for ASA FirePOWER Module Vulnerability in Cisco ASA Software Allows Remote Code Execution via Malicious ASDM Image OAuth client_secret leakage vulnerability in Simple Single Sign On WordPress plugin Unauthenticated Access to Cisco SD-AVC GUI Vulnerability Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco IOS XE Software DNS Application Layer Gateway Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Vulnerability: Exposing Hashed Passwords in World Readable Logs of cloud-init Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Default Static Username and Password Vulnerability in Cisco SD-AVC on vManage Cisco IOS XE Wireless Controller Software for Catalyst 9000 Family: DHCP Processing Denial of Service Vulnerability Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points: UDP Processing Denial of Service Vulnerability Ghostscript NULL Pointer Dereference Vulnerability Arbitrary File Deletion Vulnerability in Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software Arbitrary Command Injection Vulnerability in Cisco IOS XE Software Web UI Cross-Site Scripting (XSS) and Frame Hijacking Vulnerabilities in Cisco Webex Meetings Web Interface Cisco Firepower Software SSH Denial of Service Vulnerability Escape from Restricted Controller Shell: Arbitrary Command Execution Vulnerability in Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Cisco IOS XE Wireless Controller Software Denial of Service Vulnerability in CAPWAP Mobility Messages Multiple Remote Code Execution and File Upload Vulnerabilities in Cisco Nexus Dashboard Multiple Remote Code Execution and File Upload Vulnerabilities in Cisco Nexus Dashboard Insufficient Access Control Vulnerability in Cisco Unified Communications Manager and Unity Connection Critical SQL Injection Vulnerability in SourceCodester Bank Management System 1.0 Unauthenticated Remote Attackers Can Alter Communications and View Sensitive Information in Cisco Nexus Dashboard Multiple Remote Code Execution and File Upload Vulnerabilities in Cisco Nexus Dashboard Arbitrary File Read Vulnerability in Cisco Unified Communications Manager Cisco Webex App Messaging Interface Link Manipulation Vulnerability Vulnerability in Cisco Catalyst Switches' Password-Recovery Disable Feature Arbitrary Command Injection Vulnerability in Cisco FXOS Software Vulnerability: RSA Private Key Retrieval in Cisco ASA and FTD Software SQL Injection Vulnerability in Cisco Email Security Appliance and Cisco Secure Email and Web Manager Privilege Escalation Vulnerability in Cisco Email Security Appliance and Secure Web Manager Cross-Site Scripting Vulnerability in Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting (XSS) Vulnerability in SourceCodester Bank Management System 1.0 Denial of Service Vulnerability in Cisco Catalyst Switches' MPLS Packet Processing Function Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Privilege Escalation Vulnerability in Elcomplus SmartICS v2.3.4.0 Allows Unauthorized Process Termination Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Cross-Site Scripting (XSS) Vulnerability in Bold Page Builder WordPress Plugin Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Reflected Cross-Site Scripting in Discount Rules for WooCommerce WordPress Plugin Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard Privilege Escalation Vulnerabilities in Cisco Nexus Dashboard CSRF Vulnerability in Cache Images WordPress Plugin Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Multiple Remote Code Execution and Denial of Service Vulnerabilities in Cisco Small Business RV Series Routers Arbitrary File Write Vulnerability in Cisco Nexus Dashboard Excessive Verbosity in Cisco ISE ERS API Allows Information Disclosure Denial of Service (DoS) Vulnerability in Cisco IOS XE Software with IPv6 VPN over MPLS (6VPE) and Zone-Based Firewall (ZBFW) Cross-Site Scripting (XSS) Vulnerability in Cisco IoT Control Center Web Interface Manipulation of XMPP Messages in Cisco Jabber: A Remote Vulnerability Default Credential Vulnerability in Cisco FirePOWER Software and Cisco NGIPS Software Denial of Service Vulnerability in Cisco IOS Software and Cisco IOS XE Software Reflected Cross-Site Scripting Vulnerability in WooCommerce PDF Invoices & Packing Slips WordPress Plugin Remote Code Execution Vulnerability in Cisco IOS and IOS XE SSH Implementation Privilege Escalation Vulnerability in Cisco ACI Multi-Site Orchestrator (MSO) API Implementation Vulnerabilities in SMB2 Processor of Snort Detection Engine on Cisco Products Title: Cisco Small Business RV Series Routers Vulnerability: Bypassing IPSec VPN Server Authentication Cisco ASA and FTD Software SNMP DoS Vulnerability Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco ASA and FTD SSL/TLS Client Authentication Bypass Vulnerability in Cisco ASA and FTD Software Allows Unauthorized Access Insufficient Cryptographic Signature Verification in Cisco NFVIS Upgrade Process Cross-Site Scripting Vulnerability in WP Duplicate Page WordPress Plugin Arbitrary File Overwrite Vulnerability in Cisco SD-WAN Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Cisco AnyConnect VPN Server Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Stored Cross-Site Scripting Vulnerabilities in Cisco Firepower Management Center (FMC) Software Insufficient Resource Management in Cisco ISE Software: RADIUS Traffic Exploit XML Syntax Validation Vulnerability in Cisco Firepower Management Center Software Reflected Cross-Site Scripting in Yellow Yard Searchbar WordPress Plugin Unauthenticated Remote Access Vulnerability in Cisco Firepower Threat Defense (FTD) Software Unauthenticated Remote Access Vulnerability in Cisco Firepower Management Center Software Unauthorized Access Vulnerability in Cisco Email and Web Security Appliances Vulnerabilities in SMB2 Processor of Snort Detection Engine on Cisco Products Vulnerability: Unsigned Code Execution at System Boot Time in Cisco Catalyst 9200 Series Switches Denial of Service Vulnerability in Cisco Catalyst 9100 Series Access Points Cisco Firepower Threat Defense (FTD) Software GRE Tunnel Decapsulation DoS Vulnerability Cisco ASA and FTD Software Denial of Service Vulnerability in Dynamic Access Policies (DAP) Functionality Cisco Firepower Threat Defense (FTD) Software Management Web Server Remote Configuration Execution Vulnerability Improper Access Control Check in GitLab CE/EE Allows Unauthorized Viewing of Deploy Key Information SIP-Snort 3 Interaction Vulnerability in Cisco Firepower Threat Defense Software Server-Side Request Forgery (SSRF) Vulnerability in Cisco BroadWorks CommPilot Application Bypass of Configured Rule in Cisco Secure Web Appliance Scanning Engines Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Path Traversal and Arbitrary File Write Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software Cisco Identity Services Engine (ISE) Web-Based Management Interface Authorization Bypass Vulnerability Cisco BroadWorks CommPilot Application: Server-Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Software Denial of Service Vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance Cisco Identity Services Engine (ISE) Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability Cisco Identity Services Engine (ISE) Localdisk Management Feature Allows Unauthorized File System Changes Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Arbitrary Command Injection Vulnerability in Cisco Identity Services Engine Privilege Escalation in Cisco Identity Services Engine Web Management Interface Cisco Identity Services Engine Cross-Site Scripting Vulnerability Cisco Identity Services Engine Cross-Site Scripting Vulnerability Stack Overflow Vulnerability in Cisco IP Phone 7800 and 8800 Series Firmware Cross-Site Scripting (XSS) Vulnerability in Cisco Umbrella Management Dashboard Vulnerability: Incomplete Encryption in AES OCB Mode on 32-bit x86 Platforms Insecure Password Policy in GitHub Repository kromitgmbh/titra prior to 0.78.1 Stored HTML Injection in WooCommerce Payment Gateway Titles Cross-Site Scripting (XSS) Vulnerability in Page Generator WordPress Plugin Stored Cross-Site Scripting Vulnerability in Download Manager Plugin for WordPress Arbitrary File Upload Vulnerability FTP Port Vulnerability: Unauthorized Access and File Manipulation Apache Web Server Account Vulnerability: Unrestricted Sudo Access to Critical Commands Bypassing Client-side JavaScript Controls to Gain Unauthorized Access and Modify User Credentials and Permissions Path Traversal Vulnerability in Elcomplus SmartICS v2.3.4.0 Hard-coded Master Password Vulnerability in MiCODUS MV720 GPS Tracker API Server Vulnerability: Unauthorized Modification of Reviews and Settings in Wbcom Designs – BuddyPress Group Reviews Plugin Unrestricted File Upload Vulnerability in inventree/inventree prior to 0.7.2 CSV Formula Injection Vulnerability in inventree/inventree prior to 0.7.2 Arbitrary Code Execution Vulnerability in metacalc Package Intel(R) Processors Incomplete Cleanup Vulnerability: Local Access Information Disclosure CX-Programmer v9.76.1 Out-of-Bounds Write Vulnerability Intel(R) Processors: Incomplete Cleanup of Microarchitectural Fill Buffers Vulnerability Insecure Temporary Directory Creation in com.github.samtools:htsjdk Intel Processor Vulnerability: Incomplete Cleanup in Special Register Read Operations Privilege Escalation Vulnerability in Intel(R) Advisor Software Command Injection Vulnerability in nemo-appium before 0.0.9 Stored Cross-site Scripting (XSS) vulnerability in inventree/inventree prior to 0.7.2 Intel Xeon Processors: Local Access Information Disclosure Vulnerability Directory Traversal Vulnerability in pfSense-pkg-WireGuard Denial of Service Vulnerability in Intel(R) Trace Analyzer and Collector (before version 2021.5) Firmware Update Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Denial of Service Vulnerability in Intel Xeon Processors Stack-Based Buffer Overflow in Omron CX-One Versions 4.60 and Prior Weak Encryption Strength in Intel(R) PROSet/Wireless WiFi Products: Potential Privilege Escalation via Adjacent Access Stored Cross-Site Scripting Vulnerability in Data Tables Generator by Supsystic WordPress Plugin Local Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Multiple API Functions Vulnerability Authentication Bypass Vulnerability in a-blog cms Versions Prior to 2.11.41 Arbitrary Command Injection Vulnerability in MMP, PTP C-series, and PTMP C-series and A5x Devices Vulnerability: V8 Crash in libxmljs.parseXml with Non-Buffer Argument Stored Cross-Site Scripting Vulnerability in Lansweeper 9.1.20.2 WebUserActions.aspx Persistent Cross-Site Scripting Vulnerability in ipDIO Web Interface Out of Bounds Read Vulnerability in ESTsoft Alyac 2.5.7.7 Malware Scan Functionality Privilege Escalation Vulnerability in Intel(R) Edge Insights for Industrial Software Cross-site Scripting (XSS) Vulnerability in s-cart/s-cart and s-cart/core Packages (Versions before 6.9) Reflected Cross-Site Scripting in Popup Anything WordPress Plugin Intel Processor Optimization Vulnerability: Local Access Information Disclosure Improper Access Control in Intel(R) Edge Insights for Industrial Software: Local Information Disclosure Vulnerability Improper Access Control in Intel(R) Capital Global Summit Android App: Potential Information Disclosure via Local Access Integer Overflow and Buffer Overflow Vulnerability in Leadtools 22's fltSaveCMP Functionality Fernhill SCADA Server Version 3.77 and Earlier Exception Vulnerability Uninitialized Pointer Access Vulnerability in Intel(R) Trace Analyzer and Collector Improper Access Control in Intel(R) Smart Campus Android App: Potential Information Disclosure via Local Access Stored Cross-Site Scripting Vulnerability in marktext v0.17.0 and Earlier Denial of Service Vulnerability in libiec61850 1.5.0's parseNormalModeParameters Functionality Reflected Cross-Site Scripting in Contact Form DB WordPress Plugin Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Uncontrolled Search Path Vulnerability in Intel(R) HDMI Firmware Update Tool for NUC Improper Access Control in Intel(R) SGX Crypto API Toolkit: Potential Privilege Escalation via Local Access Denial of Service (DoS) Vulnerability in node-lmdb Package Before 0.9.7 Arbitrary Command Injection Vulnerability in font-converter Package Incomplete Cleanup in Special Register Write Operations on Intel Processors: Potential Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in masuit.tools.core's SocketClient.cs Component Invalid Pointer Initialization Vulnerability: Risk of Information Disclosure Prototype Pollution in express-xss-sanitizer before 1.1.3 via allowedTags attribute allows XSS bypass Sensitive Information Disclosure in GiveWP WordPress Plugin Certificate Revocation Check Bypass Vulnerability in i-FILTER and D-SPA Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi Products Hidden functionality vulnerability in ELECOM LAN routers: Remote OS command execution Privilege Escalation Vulnerability in Intel Quartus Prime Pro Edition SQL Injection Vulnerability in MMP, PTP C-series, and PTMP C-series and A5x Devices Path Traversal Vulnerability in Yokogawa Electric CAMS for HIS Log Server OS Command Injection Vulnerability in TCL LinkHub Mesh Wifi MS1G_00_01.00_14 CSRF Vulnerability in EC-CUBE Mail Magazine Management Plugin Cross-Site Scripting (XSS) Vulnerability in 404s WordPress Plugin before 3.5.1 Intel(R) Processors: Local Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Products Privilege Escalation Vulnerability in InHand Networks InRouter302 V3.5.4 Router Configuration Import Functionality Information Disclosure Vulnerability in Bachmann Visutec GmbH Atvise 3.5.4, 3.6, and 3.7: Login Credentials Disclosure via Plaintext HTTP Request Arbitrary Command Injection Vulnerability in @acrontum/filesystem-template (before 0.0.2) Command Injection Vulnerability in libvcs before 0.11.1 via Argument Injection Prototype Pollution in Dexie.setByKeyPath(obj, keyPath, value) Function Path Traversal Vulnerability in OFFIS DCMTK's Service Class Provider (SCP) Allows Remote Code Execution Bypass of Path Check in convict Package (CVE-2022-22143) Command Injection in global-modules-path getPath function Directory Traversal Vulnerability in serve-lite Package Arbitrary File Retrieval Vulnerability in TransmitMail 2.5.0 to 2.6.1 Unchanged Default Password Vulnerability in Yokogawa Electric Products ReDoS Vulnerability in url-regex Package: CPU Crash Risk API Authorization and Authentication Bypass Vulnerability Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products BIOS Firmware Time-of-Check Time-of-Use Race Condition Vulnerability Hardcoded TLS Key Information Disclosure Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Relative Path Traversal Vulnerability in OFFIS DCMTK SCU: Remote Code Execution Stack-based Buffer Overflow in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Out-of-Bounds Read Vulnerability Exposes Sensitive Information Privilege Escalation Vulnerability in SafeNet Sentinel Driver for Intel(R) Quartus(R) Prime Standard Edition Privilege Escalation Vulnerability in Intel(R) Quartus(R) Prime Pro Edition (Before Version 21.3) XML External Entity (XXE) Vulnerability in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition Unlimited Chunk Denial of Service (DoS) Vulnerability in node-opcua Arbitrary Code Execution via Out-of-Bounds Read in Project File Processing NULL Pointer Dereference Vulnerability in OFFIS DCMTK (All versions prior to 3.6.7) SQL Injection Vulnerability in Lansweeper 9.1.20.2: AssetActions.aspx Functionality Vulnerability: Crash and Type-check Failure in Package Posix's toString Method Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Unvalidated Recursive Object Access Vulnerability in mout Package Heap-Based Buffer Overflow Vulnerability in Affected Product Server-side Request Forgery (SSRF) Vulnerability in Mimosa MMP Server and PTP/PTMP C-series Devices Insufficient Granularity of Access Control in Out-of-Band Management: Potential Privilege Escalation Vulnerability in Intel Processors Out-of-Bounds Write Vulnerability in reolink RLC-410W v3.0.0.136_20121102 TestEmail Functionality Information Disclosure Vulnerability in Intel(R) Trace Analyzer and Collector CX-Programmer v9.76.1 Out-of-Bounds Read Vulnerability Potential Heap Overwrite Vulnerability in qtdemux using zlib Decompression XML External Entity (XXE) Vulnerability in Intel(R) Quartus(R) Prime Pro Edition Directory Traversal Vulnerability in fasthttp ServeFile Function (Windows Only) Regular Expression Denial of Service (ReDoS) in css-what before 2.1.3 via insecure regular expression in re_attr variable of index.js Command Injection Vulnerability in cocoapods-downloader before 1.6.2 via hg Argument Injection Privilege Escalation Vulnerability in Intel(R) Data Center Manager Software Intel(R) Trace Analyzer and Collector: Local Information Disclosure Vulnerability Vulnerability: Denial of Service (DoS) in sqlite3 Package Stack-Based Buffer Overflow Vulnerability in [Product Name]: Arbitrary Code Execution Risk Buffer Overflow Vulnerability in Intel(R) NUC 9 Extreme Laptop Kit Drivers CSRF Vulnerability in WP Opt-in WordPress Plugin Allows Unauthorized Settings Changes and Spam Email Sending Insecure File Permissions in org.nanohttpd:nanohttpd Prototype Pollution in deep-get-set's 'deep' function Intel(R) Processors Vulnerability: Improper Isolation of Shared Resources Enables Local Information Disclosure SQL Injection Vulnerability in Lansweeper 9.1.20.2's EchoAssets.aspx Functionality Command Injection Vulnerability in github.com/masterminds/vcs Package (Versions before 1.13.3) Reolink RLC-410W v3.0.0.136_20121102 Web Server Misconfiguration Information Disclosure Vulnerability Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows for Local Privilege Escalation Cross-Site Scripting (XSS) Vulnerability in InHand Networks InRouter302 V3.5.4 info.jsp Functionality Out-of-bounds Read Vulnerability in Intel QAT Driver for Windows Buffer Over-read Vulnerability in GitHub Repository vim/vim prior to 8.2 Intel(R) PROSet/Wireless WiFi Products: Local Privileged User Information Disclosure Vulnerability CSV+ Prior to 0.8.1 Cross-Site Scripting Vulnerability Vulnerability in Primavera Portfolio Management Web Access Vulnerability in Primavera Portfolio Management: Unauthorized Partial Denial of Service Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Oracle Database Server Core RDBMS Unauthorized Read Access Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Serialization Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service (DOS) via Multiple Protocols Heap-based Buffer Overflow in Vim prior to version 8.2 Oracle Trade Management Product Vulnerability: Unauthorized Data Access and Modification Oracle Installed Base Denial of Service Vulnerability Oracle WebLogic Server Samples Unauthenticated Access Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Server Hang or Crash Oracle Configurator UI Servlet Vulnerability Vulnerability in Oracle MySQL Server: Group Replication Plugin allows for Denial of Service (DoS) Attacks Vulnerability in Oracle WebLogic Server Samples Component: Unauthorized Data Access and Manipulation Vulnerability in Oracle WebLogic Server Samples Component (CVE-2021-2109) Oracle WebLogic Server Samples Component Vulnerability Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim (prior to 8.2) Vulnerability in Oracle WebLogic Server Samples Component: Unauthorized Data Access and Manipulation Oracle WebLogic Server Samples Component Vulnerability Oracle WebLogic Server Samples Component Vulnerability Oracle Solaris Fault Management Architecture Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation and Partial Denial of Service Oracle Communications Billing and Revenue Management Unauthenticated Remote Access Vulnerability Oracle Communications Billing and Revenue Management Unauthorized Data Access Vulnerability Oracle Communications Billing and Revenue Management Unauthorized Data Access Vulnerability Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Samba Winbind NTLM Authentication Out-of-Bounds Read Vulnerability MySQL Server Federated Component Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in Oracle Project Costing: Unauthorized Data Access and Modification Oracle Sourcing Product Vulnerability: Unauthorized Access and Data Manipulation Critical Vulnerability in Oracle Communications Billing and Revenue Management: Unauthorized Takeover Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service MySQL Cluster Takeover Vulnerability Unrestricted File Upload Vulnerability in GitHub Repository polonel/trudesk prior to 1.2.4 MySQL Cluster Takeover Vulnerability Vulnerability in Primavera Portfolio Management Web Access Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-10092) Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 MySQL Cluster Takeover Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Data Access via Multiple Protocols Oracle WebLogic Server Samples Unauthenticated Remote Code Execution Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle VM VirtualBox Prior to 6.1.32: Unauthorized Data Access Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-10092) MySQL Server Denial of Service Vulnerability Oracle Solaris Install Component Vulnerability Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-10092) Reflected Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.2.17 Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise CS SA Integration Pack Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation and Denial of Service Vulnerability in Oracle MySQL Server: Unauthorized Denial of Service (DoS) MySQL Server Stored Procedure Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Data Access via Multiple Protocols Critical Vulnerability in Oracle WebLogic Server: Unauthenticated Takeover via T3 MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability XML External Entity (XXE) Injection Vulnerability in OpenKM Community Edition 6.3.10 and Earlier MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Takeover of Infrastructure MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service DPDK Vulnerability: Denial of Service via Crafted Vhost Header MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability Vulnerability in Oracle MySQL Cluster: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability Unvalidated OAuth Access Token Requests in WordPress OAuth Single Sign On Plugin MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability Vulnerability in Oracle Communications Convergence 3.0.2.2.0: Unauthorized Data Access and Manipulation MySQL Server Vulnerability: Unauthorized Hang and Crash Unrestricted Resource Allocation in GitHub Repository inventree/inventree prior to 0.8.0 Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Serialization Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Critical Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Access to Critical Data Oracle BI Publisher Unauthenticated Access Vulnerability Oracle WebLogic Server T3 Unauthenticated Remote Code Execution Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Oracle Java SE and Oracle GraalVM Enterprise Edition 2D Component Denial of Service Vulnerability Multiple SQL Injection Vulnerabilities in Affected Product: Risk of Unauthorized Information Disclosure Oracle WebLogic Server T3 Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Oracle WebLogic Server T3 Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle iStore User Interface: Unauthorized Data Access and Manipulation MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-2021-2345) Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Low-Privilege SQL Injection Vulnerability Exposes Sensitive Information Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability MySQL Server Information Schema Denial of Service Vulnerability MySQL Connectors Product Takeover Vulnerability Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition ImageIO Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation High-Privilege SQL Injection Vulnerability Exposes Sensitive Information MySQL Server Denial of Service Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service (DOS) via Encryption Component Vulnerability in Oracle Partner Management of Oracle E-Business Suite: Unauthorized Data Access and Manipulation MySQL Server Information Schema Denial of Service Vulnerability Oracle Solaris Kernel Denial of Service Vulnerability Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Vulnerability in Primavera Portfolio Management Web API: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Group Replication Plugin allows for Denial of Service (DoS) Attacks Missing Authentication Vulnerability: Potential Data Breach and Code Execution MySQL Cluster Takeover Vulnerability Vulnerability in Oracle Enterprise Session Border Controller WebUI (CVE-2021-2345) Vulnerability in Oracle Enterprise Session Border Controller WebUI (CVE-2021-12345) Oracle Enterprise Session Border Controller Log Vulnerability Oracle Linux Kernel Vulnerability: Local Users Can Crash Machine via net_rds_alloc_sgs() Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle Commerce Platform Unauthenticated Read Access Vulnerability Oracle Communications Pricing Design Center: Unauthorized Data Access Vulnerability Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Directory Traversal Vulnerability: Unauthorized File Access and Code Execution Critical Vulnerability in Oracle Communications Billing and Revenue Management: Remote Takeover via Webservices Manager Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Oracle Database Server Java VM Component Denial of Service Vulnerability Vulnerability in Oracle VM VirtualBox Prior to 6.1.32: Unauthorized Access to Critical Data Oracle Communications Operations Monitor Mediation Engine Remote Code Execution Vulnerability Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Access and Partial Denial of Service Arbitrary Code Injection Vulnerability in Elcomplus SmartICS v2.3.4.0 Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Communications Operations Monitor: Unauthorized Data Access and Manipulation Vulnerability in Oracle Communications Operations Monitor: Unauthorized Access and Partial Denial of Service Helidon Reactive WebServer Vulnerability: Unauthenticated Takeover Critical Vulnerability in Oracle Support Tools: Unauthorized Access to Critical Data Vulnerability in Oracle JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Unauthenticated SMS-based GPS Command Execution Vulnerability in MiCODUS MV720 GPS Tracker Oracle Database - Enterprise Edition Sharding Component Privilege Escalation Vulnerability Vulnerability in Oracle Database Server RDBMS Gateway / Generic ODBC Connectivity Component MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Replication Vulnerability Oracle Solaris Utility Vulnerability Allows Unauthorized Data Access MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Highly Complex SQL Injection Vulnerability Exposes Sensitive Information Oracle Coherence Remote Code Execution Vulnerability Oracle Business Intelligence Enterprise Edition Unauthenticated Access Vulnerability Vulnerability in Oracle Communications Billing and Revenue Management: Connection Manager Takeover MySQL Server InnoDB Component Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle Communications Billing and Revenue Management: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition MySQL Server Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Oracle Communications Billing and Revenue Management Takeover Vulnerability Critical Command Injection Vulnerability in Affected Product Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Oracle Communications Billing and Revenue Management Product Takeover Vulnerability Oracle Database - Enterprise Edition RDBMS Security Partial Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Multiple Protocol Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle Solaris Kernel Denial of Service Vulnerability CSRF Vulnerability in Jquery Validation For Contact Form 7 WordPress Plugin Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Oracle WebLogic Server Unauthenticated Remote Denial of Service Vulnerability Oracle GoldenGate Prior to 23.1 Vulnerability: Unauthorized Takeover Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthenticated Network Access Compromises Partial Denial of Service MySQL Server Denial of Service Vulnerability Oracle JDeveloper ADF Faces Unauthenticated Remote Code Execution Vulnerability Oracle Solaris Utility Vulnerability: Unauthorized Access and Data Manipulation Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise CS Academic Advisement (9.2) Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Data Access and Modification Privilege Escalation and File Overwrite Vulnerability in Cloudflare WARP Client for Windows Vulnerability in Oracle PeopleSoft Enterprise PRTL Interaction Hub (9.1) Allows Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle WebLogic Server Console Unauthenticated Remote Code Execution Vulnerability MySQL Server Group Replication Plugin Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle MySQL Server Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Reflected Cross-Site Scripting in Import CSV Files WordPress Plugin MySQL Server Logging Vulnerability Oracle Solaris Kernel Vulnerability: Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Oracle Solaris Kernel Denial of Service Vulnerability JD Edwards EnterpriseOne Tools Prior to 9.2.6.3: Unauthorized Access and Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.34 Vulnerability: Unauthorized Access and Denial of Service Oracle Commerce Guided Search Unauthenticated Remote Access Vulnerability Oracle Agile PLM Attachment Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Data Access and Manipulation Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Manipulation Unquoted Service Path Vulnerability in Cloudflare Warp for Windows Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Oracle VM VirtualBox Prior to 6.1.34 Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Treasury Management: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Payments: Unauthorized Data Access and Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Multiple Protocol Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Cross-Site Scripting (XSS) Vulnerability in LinkedIn Company Updates WordPress Plugin Oracle Transportation Management User Interface Vulnerability Vulnerability in Oracle PeopleSoft Enterprise FIN Cash Management: Unauthorized Data Access and Manipulation MySQL Cluster Takeover Vulnerability MySQL Cluster Takeover Vulnerability MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service MySQL Cluster Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle VM VirtualBox Prior to 6.1.34 Allows Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Prior to 6.1.34: Unauthorized Data Manipulation MySQL Cluster Takeover Vulnerability Cross-Site Scripting (XSS) Vulnerability in Very Simple Breadcrumb WordPress Plugin MySQL Cluster Takeover Vulnerability Oracle VM VirtualBox Prior to 6.1.34 Windows Vulnerability: Unauthorized Takeover Vulnerability in Oracle Business Intelligence Enterprise Edition 5.9.0.0.0: Unauthorized Data Access and Manipulation Oracle Solaris Kernel Vulnerability: Unauthorized Hang and Crash Attacks Oracle Solaris Kernel Vulnerability: Unauthorized Hang and Crash Attacks Vulnerability in Oracle Java SE and Oracle GraalVM: Unauthorized Data Manipulation Vulnerability in Oracle Web Services Manager Allows Unauthorized Access and Data Manipulation Critical Vulnerability in Java VM Component of Oracle Database Server (Versions 12.1.0.2, 19c, and 21c) Kernel Debugger (KGDB and KDB) Allows Unauthorized Access to Kernel Memory Vulnerability in Oracle E-Business Suite: Unauthorized Access to Critical Data Oracle Cloud Infrastructure Vulnerability: Unauthorized Access to Data (CVE-2022-21503) Kernel Vulnerability: Local Denial of Service via Improper File Descriptor Handling Oracle Essbase Security and Provisioning Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Cross-Site Scripting Vulnerability in Best Contact Management Software WordPress Plugin Vulnerability in Oracle Database - Enterprise Edition Sharding Component Vulnerability in Oracle Database - Enterprise Edition Recovery Component Vulnerability in Oracle PeopleSoft Integration Broker: Unauthorized Access to Critical Data Oracle ZFS Storage Appliance Kit 8.8 Vulnerability: High Privileged Takeover Oracle Solaris Remote Administration Daemon Vulnerability: Unauthorized Hang and Crash Exploitation MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Partial Denial of Service MySQL Server InnoDB Component Denial of Service Vulnerability Oracle Health Sciences Data Management Workbench User Interface Vulnerability MySQL Cluster Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Duplicate Page and Post WordPress Plugin Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation XML Publisher Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Stored Procedure Denial of Service Vulnerability Oracle BI Publisher Unauthorized Read Access Vulnerability Oracle Solaris Filesystem Vulnerability: Unauthorized Access and Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash MySQL Server Denial of Service Vulnerability Vulnerability: Denial of Service in Linux Kernel's KVM due to SynIC IRQ Handling Flaw MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthorized Read Access Vulnerability in JD Edwards EnterpriseOne Orchestrator Oracle Solaris SMB Server Denial of Service Vulnerability MySQL Server Stored Procedure Denial of Service Vulnerability MySQL Shell Unauthenticated Remote Code Execution Vulnerability Critical Vulnerability in Oracle Enterprise Manager Base Platform: Policy Framework Compromise MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Partial Denial of Service Vulnerability in Oracle MySQL Server (InnoDB Component) Allows Unauthorized Data Access and Partial Denial of Service Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability: Unauthorized Read Access Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Access and Data Manipulation Title: Critical Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Takeover Oracle iRecruitment Product Vulnerability: Unauthorized Data Access MySQL Server Federated Component Denial of Service Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Vulnerability in Lumada APM's User Asset Group Feature Allows Unauthorized Access to Power BI Reports MySQL Cluster Takeover Vulnerability Oracle GoldenGate Remote Code Execution Vulnerability Oracle WebCenter Content Search Vulnerability MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.36 Denial of Service Vulnerability Vulnerability in MySQL Shell for VS Code: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Vulnerability in Oracle WebLogic Server: Unauthorized Access and Data Manipulation Vulnerability in Oracle Crystal Ball Installation Allows Takeover Oracle Commerce Platform: Unauthorized Access Vulnerability Use After Free Vulnerability in Google Chrome Allows Remote Code Execution Oracle WebLogic Server Vulnerability: Unauthorized Partial Denial of Service via T3 and IIOP Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Access to Critical Data Oracle SOA Suite Fabric Layer Unauthenticated Access Vulnerability Oracle ZFS Storage Appliance Kit 8.8 Vulnerability: Unauthorized Data Manipulation and Partial Denial of Service Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Critical Vulnerability in Java VM Component of Oracle Database Server (Versions 12.1.0.2, 19c, and 21c) Oracle Applications Framework Unauthenticated Remote Code Execution Vulnerability Oracle Workflow Product Vulnerability: Unauthorized Access to Critical Data Oracle iReceivables Access Request Vulnerability MySQL Server Denial of Service Vulnerability Use After Free Vulnerability in Google Chrome's Interest Groups Oracle Coherence Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.36 Vulnerability: High Privileged Takeover Vulnerability in Oracle Communications Billing and Revenue Management Allows Unauthorized Data Access and Manipulation Oracle Communications Billing and Revenue Management Denial of Service Vulnerability Oracle Communications Billing and Revenue Management Partial Denial of Service Vulnerability Vulnerability in Oracle WebCenter Sites Support Tools: Unauthorized Access and Data Compromise Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Access and Data Compromise Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Modification Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Modification Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Vulnerability in Oracle Financial Services Revenue Management and Billing: Unauthorized Access and Data Compromise Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Oracle Banking Trade Finance Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle Banking Trade Finance Product of Oracle Financial Services Applications (Version 14.5): Unauthorized Data Access and Modification Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Partial Denial of Service Critical Vulnerability in Oracle Banking Trade Finance: Unauthorized Data Access and Modification Oracle Web Applications Desktop Integrator Upload Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Oracle BI Publisher Core Formatting API Vulnerability Oracle Transportation Management UI Infrastructure Unauthorized Access and Partial Denial of Service Vulnerability MySQL Server Encryption Vulnerability Vulnerability in Oracle HTTP Server: Unauthorized Access and Data Compromise MySQL Server Vulnerability: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability Oracle Database - Advanced Queuing Vulnerability: Unauthorized Takeover Unauthenticated Unauthorized Read Access Vulnerability in Oracle GraalVM Enterprise Edition Vulnerability in Oracle Siebel CRM: Unauthorized Data Manipulation in Siebel Core - DB Deployment and Configuration MySQL Server Stored Procedure Denial of Service Vulnerability DevTools Insufficient Policy Enforcement Vulnerability in Google Chrome MySQL Server Vulnerability: Remote Takeover via Optimizer Component Oracle Communications Billing and Revenue Management Unauthenticated Network Access Vulnerability Unauthenticated Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Database - Sharding Component Takeover Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability MySQL Server Data Dictionary Denial of Service Vulnerability Vulnerability in Oracle Services for Microsoft Transaction Server in Oracle Database Server 19c MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Critical Vulnerability in Oracle Business Intelligence Enterprise Edition (OBIEE) 5.9.0.0: Unauthorized Data Access Use After Free Vulnerability in Google Chrome WebApp Provider Oracle Solaris LDoms Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in MySQL Server: Unauthorized Hang and Crash Oracle Enterprise Data Quality Dashboard Vulnerability Oracle Enterprise Data Quality Dashboard Vulnerability Oracle Enterprise Data Quality Dashboard Unauthenticated Access Vulnerability Vulnerability in Oracle Enterprise Data Quality Dashboard (CVE-2021-12345) Oracle WebLogic Server Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Java SE and Oracle GraalVM: Unauthorized Data Access via Kerberos Oracle Java SE and Oracle GraalVM Enterprise Edition Unauthenticated Network Access Vulnerability File System Access Bypass Vulnerability in Google Chrome on Windows Oracle VM VirtualBox Prior to 6.1.40 Vulnerability: High Privileged Takeover Oracle VM VirtualBox Prior to 6.1.40 Denial of Service Vulnerability Oracle SOA Suite Adapters Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Enterprise Manager Base Platform Unauthenticated Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (CVE-2022-0001) High-Privilege Network Access Vulnerability in Oracle MySQL Server (Versions 8.0.30 and Prior) Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Oracle VM VirtualBox Prior to 6.1.40 Denial of Service Vulnerability Oracle Java SE and Oracle GraalVM Enterprise Edition Lightweight HTTP Server Vulnerability Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Data Access and Manipulation Use After Free Vulnerability in Cast UI and Toolbar in Google Chrome Vulnerability in JD Edwards EnterpriseOne Tools: Unauthorized Data Access and Manipulation Vulnerability in JD Edwards EnterpriseOne Tools Allows Unauthorized Data Access and Manipulation MySQL Server Privilege Escalation Vulnerability MySQL Server Replication Vulnerability Oracle GraalVM Enterprise Edition: Multiple Protocol Denial of Service Vulnerability Vulnerability in Oracle MySQL Server (InnoDB Component) Allows Unauthorized Data Manipulation and Server Crash Oracle Applications Framework Session Management Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Bypassing Discretionary Access Control via Insecure Extensions API Implementation in Google Chrome MySQL Server Vulnerability: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability Whisper Participant Disclosure Vulnerability in Discourse SQL Injection Vulnerability in USOC CMS register.php SQL Injection Vulnerability in USOC CMS Usersearch.php Wildcard Ignored in Exclusion Vulnerability Deserialization of Untrusted Data in CodeIgniter4's `old()` Function: Remote Code Execution Vulnerability Sandbox Escape Vulnerability in Latte Template Engine Stored XSS Vulnerability in Convos Allows for Execution of Malicious Scripts Domain Spoofing Vulnerability in Google Chrome Stored XSS Vulnerability in Convos Allows Execution of Malicious Scripts Open Redirect Vulnerability in Shopware Router Session Invalidation Vulnerability in Shopware Vulnerability: Hash Collision Attack in Jawn JSON Parser Vulnerability: Re-use of TLS Cert Validation Settings in Envoy Denial of Service Vulnerability in Envoy Common Router Type Confusion Vulnerability in Envoy's Default Certificate Validation Vulnerability: Envoy Accepts Improper TLS Certificates Race condition vulnerability in Rust's `std::fs::remove_dir_all` function enables symlink following (CWE-363) User Enumeration Vulnerability in Flask-AppBuilder Excessive Authentication Attempts Vulnerability in GitHub Repository Mastodon/Mastodon (prior to 4.0.0) Privilege Escalation in Gin-vue-admin SQL Injection Vulnerability in WP_Query Stored XSS Vulnerability in WordPress Core WordPress Multisite Super Admin Object Injection Vulnerability Unintended SQL Query Execution Vulnerability in WordPress SQL Injection Vulnerability in USOC CMS Usersearch.php Unauthenticated POST Request Crash Vulnerability in Soketi WebSockets Server Arbitrary Remote Code Execution in pipenv via Requirements File Parsing Exposure of Bot Token in PuddingBot v0.0.6-b933652 and Prior Versions Reflected Cross-Site Scripting in Newspaper WordPress Theme Markdown-it Prior to Version 1.3.2 Denial of Service Vulnerability Exposure of Sensitive Information in @replit/crosis Library (CVE-2021-12345) Vulnerability: Misinterpretation of Mozilla certdata.txt in make-ca OAuth Identity Leakage in Grafana Arbitrary File Write via Archive Extraction (Zip Slip) Vulnerability in Bytecode Viewer (BCV) Engine.IO Server Denial of Service Vulnerability Discourse Group Visibility and Members Visibility Disclosure Vulnerability User Bios Exposed in Meta Tags on Private Profiles in Discourse Authorization Bypass Vulnerability in Istio 1.12.0/1.12.1 Reflected Cross-Site Scripting in Download Manager WordPress Plugin Regular Expression Denial of Service (ReDoS) in Marked Markdown Parser (prior to version 4.0.10) Catastrophic Backtracking Vulnerability in Marked Markdown Parser (CVE-2021-12345) Path Traversal Vulnerability in Flatpak Builder Allows for Potential Code Execution Improper Notification Filtering in Wagtail Comment Threads User Bypasses Approval Process and Gains Unauthorized Access in Discourse Integer Underflow Vulnerability in Frontier's MODEXP Precompile Implementation Twig Code Injection Vulnerability in PrestaShop 1.7.0.0 - 1.7.8.3 Arbitrary File Read Vulnerability in gh-ost (Versions prior to 1.1.3) OnionShare Desktop Application Denial of Service Vulnerability OnionShare Vulnerability: Denial of Service Attack on File Uploads Cross-Site Scripting (XSS) Vulnerability in Loading Page with Loading Screen WordPress Plugin HTML Injection Vulnerability in OnionShare OnionShare Vulnerability: Chatroom Spoofing in Affected Versions OnionShare Chat Vulnerability: Impersonation Exploit Vulnerability: Unauthorized Access to Sensitive Files in OnionShare Limited Security Enhancement for Websites Using JavaScript or External Resources OnionShare 2.5 Vulnerability: Unlisted Chat Participants Username Impersonation Vulnerability in OnionShare Jupyter Server Proxy 3.2.1 - Server-Side Request Forgery (SSRF) Vulnerability Denial of Service Vulnerability in client_golang's promhttp Package Arbitrary Code Execution Vulnerability in IPython Cross-Site Scripting (XSS) Vulnerability in Microsoft Advertising Universal Event Tracking (UET) WordPress Plugin Memory Leak in DefaultArgumentConversionContext due to Invalid Content Type Header in Micronaut Privilege Escalation Vulnerability in Istio Gateway API Cross-site Scripting (XSS) Vulnerability in Grafana Datasource and Plugin Proxy Cross-Site Request Forgery Vulnerability in Grafana Allows Privilege Escalation World-readable log files in log4js-node Arbitrary Code Execution via Unsafe Input Sanitization in OctoberCMS Insufficient Access Control with Multi-Use Invitations in Zulip Server Unverified Capability Authorization in wasmCloud Host Runtime GraphQL-Go Prior to 1.3.0: Denial of Service (DoS) Vulnerability CSRF and Stored XSS Vulnerabilities in Progressive License WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in ShortDescription Extension for MediaWiki Out-of-Bounds Read Vulnerability in elfspirit Prior to Version 1.1 Exposure of Cookies and Authorization Headers in Twisted Cross-Origin Redirects Unauthenticated Data Exposure in Grafana API Endpoints Cross-Site Scripting (XSS) Vulnerability in CodeIgniter4's API\ResponseTrait Twisted SSH Version Identifier Buffer Overflow Vulnerability Unauthenticated Access to Bluetooth Devices in Electron Framework Reflected Cross-Site Scripting Vulnerability in GLPI Versions Prior to 9.5.7 CSRF Vulnerability in LinkWorth WordPress Plugin SQL Injection Vulnerability in GLPI Prior to Version 9.5.7 Denial of Service Vulnerability in Next.js i18n Functionality Out-of-Bound Read Access Vulnerability in PJSIP 2.11.1 and Prior Out-of-Bound Read Access Vulnerability in PJSIP Multipart Parsing Vulnerability: Code Execution via Insecure Plugin Instantiation in pgjdbc Division by 0 vulnerability in TensorFlow convolution operations Heap OOB Access Vulnerability in TensorFlow's `Dequantize` Implementation Integer Overflow Vulnerability in TensorFlow's `Dequantize` Shape Inference Heap OOB Read Vulnerability in TensorFlow's `ReverseSequence` Shape Inference Implementation Integer Overflow Bug in `UnravelIndex` Function in TensorFlow Reflected Cross-Site Scripting in Advanced Database Cleaner WordPress Plugin Heap Overflow Vulnerability in TensorFlow's FractionalAvgPoolGrad Implementation Denial of Service Vulnerability in TensorFlow's `ConcatV2` Shape Inference Denial of Service Vulnerability in TensorFlow's `ThreadPoolHandle` Denial of Service Vulnerability in TensorFlow's StringNGrams Implementation Vulnerability in `MapStage` Implementation in TensorFlow Division by 0 vulnerability in FractionalMaxPool implementation in TensorFlow Null Pointer Dereference in SparseTensorSliceDataset Implementation Denial of Service Vulnerability in TensorFlow's *Bincount Operations Integer Overflow Vulnerability in TensorFlow's `SparseCountSparseOutput` Implementation Vulnerability: User-Controlled Inputs Trigger Null Pointer Reference in `QuantizedMaxPool` Implementation Reflected Cross-site Scripting (XSS) Vulnerability in microweber/microweber prior to 1.2.18 Heap Overflow Vulnerability in TensorFlow's `SparseCountSparseOutput` Implementation Division by Zero Vulnerability in TensorFlow's TFLite Model Implementation of Depthwise Convolutions Buffer Overflow Vulnerability in Realtek USB Driver Allows for Service Disruption Title: Ion Integer Overflow Use-After-Free Vulnerability Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Modem 2G RR Remote Privilege Escalation via Use After Free in WIFI Firmware Possible Out of Bounds Read Vulnerability in imgsensor Possible Out of Bounds Read Vulnerability in imgsensor Telephony Vulnerability: Local Information Disclosure via Missing Permission Check Telephony Vulnerability: Local Information Disclosure without User Interaction Buffer Over-read in Vim prior to version 8.2 Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Read Vulnerability in WLAN Driver Out of Bounds Read Vulnerability in WLAN Driver Remote Denial of Service Vulnerability in WIFI Firmware Double Free Vulnerability in CCU: Local Privilege Escalation without User Interaction Critical Vulnerability in Power Service Allows Local Privilege Escalation Integer Overflow Vulnerability in Apusys Driver: Local Denial of Service Exploit Integer Overflow Vulnerability in Apusys Driver: Local Denial of Service Exploit Integer Overflow Vulnerability in Apusys Driver: Local Denial of Service Exploit Telecom Service Vulnerability: Local Information Disclosure via Missing Permission Check Telecom Service Vulnerability: Local Information Disclosure without User Interaction Possible Out of Bounds Write Vulnerability in CCCI Possible Out of Bounds Write Vulnerability in CCCI Bluetooth Out of Bounds Write Vulnerability Bluetooth Out of Bounds Write Vulnerability Possible Out of Bounds Read Vulnerability in CCCI Unauthenticated SQL Injection Vulnerability in Kayrasoft Product (Before Version 2) Sound Driver Symlink Following Vulnerability Allows Local Information Disclosure Race condition vulnerability in GED driver allows for local privilege escalation Race condition vulnerability in TEEI driver allows for local privilege escalation Race condition vulnerability in TEEI driver allows for local privilege escalation Race condition vulnerability in TEEI driver allows for local privilege escalation Use-after-free vulnerability in sched driver allows for local privilege escalation Race condition vulnerability in MDP allows for local privilege escalation Autoboot Vulnerability: Local Privilege Escalation via Permission Bypass Possible Information Disclosure Vulnerability in VPU with Local Privilege Escalation Out of Bounds Write Vulnerability in WLAN Driver Cross-Site Scripting (XSS) Vulnerability in Starcities: before 1.1 Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in WLAN Driver Memory Corruption Vulnerability in Audio DSP with Local Privilege Escalation Audio DSP Out of Bounds Write Vulnerability Possible Local Privilege Escalation Vulnerability in SCP Race condition vulnerability in audio ipi allows for local privilege escalation Missing X-Frame-Options Header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and Prior: Clickjacking Vulnerability Camera ISP Out of Bounds Read Vulnerability Camera ISP Out of Bounds Read Vulnerability Out of Bounds Write Vulnerability in Camera ISP Denial of Service Vulnerability in Intel Ethernet Controller Drivers for VMWare Vulnerability: Privilege Escalation via Local Access in Intel NUC Boards and Kits Out-of-Bounds Write Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Arbitrary Code Execution Vulnerability in joblib's Parallel() Class CIMPLICITY Network Vulnerability: Cleartext Credential Transmission Allows Unauthorized System Access Cross-Site Scripting Vulnerability in ELECOM LAN Router WRC-300FEBK-R Firmware v1.13 and Earlier Arbitrary File Upload and Remote Code Execution (RCE) in GREYD.SUITE WordPress Theme Unsalted MD5 Password Hash Vulnerability Denial of Service Vulnerability in Reolink RLC-410W v3.0.0.136_20121102 Cross-site Scripting (XSS) vulnerability in grapesjs before 0.19.5 Prototype Pollution vulnerability in nconf before 0.11.4 allows modification of Object.prototype Escalation of Privilege Vulnerability in Intel QAT Driver for Windows Reflected Cross-Site Scripting Vulnerability in php_mailform Versions Prior to 1.40 Use-After-Free Vulnerability in Anker Eufy Homebase 2 2.1.8.5h Allows Remote Code Execution Uncontrolled Search Path Elements in Intel(R) VTune(TM) Profiler Software: Privilege Escalation Vulnerability Path Traversal Vulnerability in Yokogawa Electric CAMS for HIS Server Arbitrary File Upload Vulnerability in InHand Networks InRouter302 V3.5.4 Reflected Cross-Site Scripting in Advanced WordPress Reset WordPress Plugin Command Injection Vulnerability in smartctl Package via info Method Improper Access Control in Intel(R) HAXM Software: Potential Privilege Escalation via Local Access NVIDIA GPU Display Driver for Linux: Local User Write Access Vulnerability NVIDIA GPU Display Driver for Linux: Local User Write Access Vulnerability NVIDIA GPU Display Driver for Windows Kernel Mode NULL Pointer Dereference Vulnerability Denial of Service Vulnerability in NVIDIA vGPU Software NVIDIA Omniverse Launcher Cross-Origin Resource Sharing (CORS) Vulnerability NVIDIA License System Installation Script Vulnerability Vulnerability: Privilege Escalation and System Compromise via IOMMU Misconfiguration in NVIDIA Jetson Linux Heap-based Buffer Overflow in Vim prior to version 8.2 Vulnerability in NVIDIA DCGM's nvhostengine Allows for Code Execution and Privilege Escalation Integer Overflow Vulnerability in NVIDIA CUDA Toolkit SDK's cuobjdump NVIDIA FLARE Admin Interface Vulnerability: Resource Allocation Without Limits Insecure Storage of Sensitive Information Vulnerability in Ivanti Workspace Control <2021.2 (10.7.30.0) Prototype Pollution in console.table() Function in Node.js Local Privilege Escalation Vulnerability in Citrix Workspace App for Linux 2012 - 2111 with App Protection HTTP Request Smuggling Vulnerability in Pulse Secure Version 9.115 and Below Local Privilege Escalation Vulnerability in Citrix Gateway Plug-in for Windows Remote Code Execution Vulnerability in Incapptic Connect Web Console HTTP Zip File Code Execution Vulnerability in Concrete CMS Versions 9.0.0 - 9.0.2 and 8.5.7 and below Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Blind Self XSS Vulnerability in RocketChat LiveChat <v1.9 Active Storage Code Injection Vulnerability via Image Processing Arguments Virtual Machine IDE Drive Privilege Escalation Vulnerability Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Secure Your System: Microsoft Cryptographic Services Elevation of Privilege Vulnerability Windows Certificate Forgery Vulnerability SharePoint Server Remote Code Execution Vulnerability Windows Cleanup Manager Privilege Escalation Vulnerability Windows Event Tracing Service Denial of Service Vulnerability Arbitrary Code Execution via Cross-Site Request Forgery in CAPTCHA 4WP WordPress Plugin Exploiting the Microsoft Office Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word IKE Protocol Extensions Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Kernel Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Hyper-V DoS Vulnerability: Disrupting Windows Virtualization IKE Extension Denial of Service Vulnerability IKE Protocol Extensions Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in GitLab: Unauthorized Project Import Exploit Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Windows DWM Core Library Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services Windows Bind Filter Driver Privilege Escalation Vulnerability Windows Account Control Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in Simple Post Notes WordPress Plugin Windows AppContracts API Server Elevation of Privilege Vulnerability Task Flow Data Engine Privilege Escalation Vulnerability Windows Application Model Core API Privilege Escalation Vulnerability Windows StateRepository API Server File Privilege Escalation Vulnerability Windows UI Immersive Server API Privilege Escalation Vulnerability Exploiting the Connected Devices Platform Service for Privilege Escalation Windows System Launcher Privilege Escalation Vulnerability Windows Push Notifications Apps Privilege Escalation Vulnerability Windows Devices Human Interface Elevation of Privilege Vulnerability: Exploiting User Interfaces for Unauthorized Access Clipboard User Service Privilege Escalation Vulnerability Reflected Cross-Site Scripting Vulnerability in Contact Form 7 Captcha WordPress Plugin Windows Tablet UI Application Core Privilege Escalation Vulnerability Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Windows Event Tracing Privilege Escalation Vulnerability Privilege Escalation in Tile Data Repository Windows Security Center API Remote Code Execution Vulnerability: A Critical Threat to System Security Windows Storage Privilege Escalation Vulnerability Win32k Information Disclosure Vulnerability Exposes Sensitive Data Exposed Storage Spaces Controller Vulnerability GeoHack: Exploiting Windows Geolocation Service for Remote Code Execution Windows Kernel Privilege Escalation Vulnerability DXL Broker for Windows Prior to 6.0.0.280 Local Privilege Escalation Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Windows Kernel Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability IKE Extension Denial of Service Vulnerability Local Security Authority Subsystem Service Privilege Escalation Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Modern Execution Server RCE Vulnerability IKE Extension Denial of Service Vulnerability Reflected Cross-Site Scripting Vulnerability in WP Video Lightbox WordPress Plugin IKE Extension Denial of Service Vulnerability Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability: Impersonation Risk for Users ReFS Remote Code Execution Vulnerability in Windows Critical Remote Desktop Protocol Vulnerability Allows Remote Code Execution BootGuard Bypass Vulnerability Windows User Profile Service Privilege Escalation Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability Exploiting the DirectX Graphics Kernel for Remote Code Execution Windows EFI Security Bypass Vulnerability Reflected Cross-Site Scripting Vulnerability in Gallery Plugin for WordPress Hyper-V Security Feature Bypass Vulnerability in Windows Hyper-V Privilege Escalation Vulnerability in Windows Windows DWM Core Library Privilege Escalation Vulnerability Windows GDI Privilege Escalation Vulnerability Windows GDI Information Leakage Vulnerability Hyper-V Security Feature Bypass Vulnerability in Windows Windows Defender Application Control Security Feature Bypass Vulnerability: A Critical Security Flaw in Windows Defender HTTP Protocol Stack RCE Vulnerability Windows Installer Privilege Escalation Vulnerability ByteBufferPool Leak in Eclipse Jetty SslConnection Critical Vulnerability: Microsoft Cluster Port Driver Elevation of Privilege .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion Exploiting the DirectX Graphics Kernel for Remote Code Execution Domain Policy Remote Protocol Security Bypass Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Windows Common Log File System Driver Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions DirectX Graphics Kernel File Denial of Service Vulnerability: Exploiting System Crashes Windows User Profile Service Privilege Escalation Vulnerability Forced Browsing Vulnerability in HYPR Server: Privilege Escalation via Magic Link Path Tampering Kerberos Privilege Escalation Vulnerability in Windows Windows Defender Credential Guard Security Feature Bypass Vulnerability: A Critical Flaw in Credential Guard Protection RPC Runtime RCE Vulnerability Remote Protocol Security Feature Bypass Vulnerability in Workstation Service Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions ReFS Remote Code Execution Vulnerability in Windows Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1: Unauthorized Addition of FIDO2 Authenticator to Arbitrary Accounts Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Uncovering the Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 Customer Engagement Improper Input Validation Vulnerability in ASUS VivoMini/Mini PC Devices Account Takeover Vulnerability in Metasys ADS/ADX/OAS Server Versions Prior to 10.1.5 and 11.0.2 Unverified Password Change Vulnerability in Metasys ADS/ADX/OAS Unauthenticated Execution of Validated Actions in Metasys ADX Server 12.0 Code Injection Vulnerability in Metasys ADS/ADX/OAS Web Interface Code Injection Vulnerability in Metasys MUI Graphics Web Interface Cookie Vulnerability in Johnson Controls System Configuration Tool (SCT) Allows Unauthorized Access Cross-Site Scripting (XSS) Vulnerability in Accept Stripe Payments WordPress Plugin Insecure Cookie Handling in Johnson Controls System Configuration Tool (SCT) Versions 14 and 15 Command Injection Vulnerability in iSTAR Ultra Local Privilege Escalation Vulnerability in openSUSE Backports SLE-15-SP3 and Factory Watchman Insecure Temporary File Vulnerability in cscreen of openSUSE Factory Incorrect Permission Assignment in cscreen Allows Unauthorized Access and Manipulation of Running Sessions Rancher Desktop Vulnerability: Local Network Attackers Exploit Resource Exposure to Dashboard API Cross-Site Scripting (XSS) Vulnerability in openSUSE Paste Allows Remote Code Execution via SVG Files XML External Entity (XXE) Reference Vulnerability in SUSE Open Build Service Allows Remote Information Disclosure and Privilege Escalation Improper Access Control vulnerability in systemd service of canna in openSUSE Backports SLE-15-SP3 and SLE-15-SP4 Cleartext Transmission of Sensitive Information Vulnerability in SUSE Rancher Disk Exhaustion Denial of Service Vulnerability in SUSE Manager Server 4.1 and 4.2 Unauthorized Shell Pod Creation and Kubectl Access Vulnerability in SUSE Rancher Edge Chromium Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 On-Premises ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows KVM nVMX Regression: Spectre v2 Attack on L1 via L2 ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows ReFS Remote Code Execution Vulnerability in Windows Remote Desktop Licensing Diagnoser Information Disclosure Teams Service Disruption Vulnerability Xbox Live Auth Manager Windows Elevation of Privilege Vulnerability SharePoint Server Security Feature Bypass Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Authentication Bypass Vulnerability Edge Chromium Elevation of Privilege Vulnerability Windows Runtime Remote Code Execution Vulnerability: A Critical Security Flaw Pervasive Windows PPTP Remote Code Execution Vulnerability Windows Media Center Update DoS Vulnerability Roaming Security Rights Management Services RCE Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Exposed Secrets: Media Foundation Information Disclosure Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Exposed Secrets: Microsoft Exchange Server Information Disclosure Vulnerability Unauthenticated Access to Private Messages in WPQA Builder WordPress Plugin Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Windows Common Log File System Driver Privilege Escalation Vulnerability Stream Enumeration Remote Code Execution Vulnerability in Win32 Critical Remote Code Execution Vulnerability in Windows DNS Server Windows Remote Access Connection Manager Information Disclosure Vulnerability .NET Framework Denial of Service Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Windows Kernel Privilege Escalation Vulnerability Reflected Cross-Site Scripting Vulnerability in MiCODUS MV720 GPS Tracker Web Server Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Visual Studio Code Remote Development Extension RCE Vulnerability Windows Mobile Device Management RCE Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows Windows Kernel Win32k Elevation of Privilege Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Common Log File System Driver Information Leakage Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Prototype Pollution Vulnerability in Firefox and Thunderbird Windows Common Log File System Driver Privilege Escalation Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Profile Picture DoS Vulnerability in Windows User Accounts Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability ClickToRun Remote Code Execution Vulnerability in Microsoft Office SharePoint Server Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Hyper-V Remote Code Execution Vulnerability in Windows Hyper-V Remote Code Execution Vulnerability in Windows Exposed Secrets: Media Foundation Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Exposed Secrets: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows PlayToManager Privilege Escalation Vulnerability Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Critical Remote Code Execution Vulnerability in HEVC Video Extensions RPC Runtime RCE Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Print Spooler Privilege Escalation Vulnerability in Windows Windows Portable Device Enumerator Service Security Bypass Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service IIS Cachuri Module Denial of Service Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service Windows Network File System (NFS) Information Disclosure Vulnerability Windows Network File System RCE Vulnerability Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Pervasive PPTP Vulnerability: Remote Code Execution on Windows Windows Performance Counters Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability RPC Runtime RCE Vulnerability Windows Network File System RCE Vulnerability IIS Dynamic Compression Module Denial of Service Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Hyper-V Data Exposure Vulnerability Windows Fast FAT File System Driver Privilege Escalation Vulnerability Windows.Devices.Picker.dll Elevation of Privilege Vulnerability Windows CSRSS Elevation of Privilege Vulnerability BitLocker Security Feature Bypass: A Critical Vulnerability in Data Encryption Windows CSRSS Elevation of Privilege Vulnerability Windows Fax Service Privilege Escalation Vulnerability Path Traversal Vulnerability in ASUS RT-AX56U Router Allows Unauthorized Access and File Download SQL-Injection Vulnerability in Le-yan Dental Management System Hard-coded Credentials Vulnerability in Le-yan Dental Management System Race condition vulnerability in graphics fence leading to use after free in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Use-after-free vulnerability in Snapdragon Kernel: Memory Corruption Exploit Critical Memory Corruption Vulnerability in Snapdragon Platforms: Out-of-Bound Read during Video File Parsing Critical Out-of-bounds Read Vulnerability in GitHub Repository vim/vim prior to 8.2 Improper Validation in Reconfiguration Message Processing Leads to Assertion Vulnerability Improper Length Check in Device ID Verification Leads to Out of Bounds Writing in Snapdragon Compute, Connectivity, and Mobile Improper Length Check Vulnerability in Snapdragon Platforms Boot Remapper Vulnerability: Memory Corruption in Core Configuration Buffer Over Read Vulnerability in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms: Potential for Denial of Service (DoS) Improper Length Check Vulnerability in Snapdragon Platforms Critical Memory Leak Vulnerability in Snapdragon Modem Processing NSA RRC Reconfiguration Unintended Content Injection Vulnerability in Snapdragon Platforms Unencrypted Keybox Storage Vulnerability in Snapdragon Devices Heap-based Buffer Overflow in Vim prior to version 8.2 Invalid Routing Address Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Widespread Memory Corruption Vulnerability in Snapdragon Platforms during WMA File Playback GPU Context Switch Vulnerability: Exposing Sensitive Graphics Information Cryptographic Vulnerability in Core: RPMB Read Request Information Disclosure Exploiting Use-After-Free Vulnerability in Snapdragon Mobile Graphics Dispatcher Logic Leads to Memory Corruption Integer Overflow Vulnerability in Snapdragon Platforms: Denial of Service in BOOT Partition Size Calculation Fastboot Flash Command Buffer Over Read Vulnerability Critical NULL Pointer Dereference Vulnerability in vim/vim Backend ID Validation Vulnerability in Snapdragon Platforms Critical Vulnerability: Integer Overflow Leads to Memory Corruption in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Platforms Critical Memory Corruption Vulnerability in Snapdragon Platforms: Exploiting QCP Audio File Extraction Buffer Overflow Vulnerability in Snapdragon Platforms: Corrupting Video Memory through DTS File Parsing Double Free Vulnerability in Snapdragon Platforms: Corrupted Video Memory Exploit Critical Memory Corruption Vulnerability in Snapdragon Platforms: Buffer Overflow Exploitation in Video Parsing Buffer Overflow Vulnerability in Bluetooth HOST Audio Memory Corruption Vulnerability in Snapdragon Connectivity, Snapdragon Mobile, and Snapdragon Wearables Audio Memory Corruption Vulnerability in Snapdragon Compute, Connectivity, and Mobile Replayed LTE Security Mode Command Vulnerability in Snapdragon Platforms Kernel Memory Corruption: Use After Free Vulnerability in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile Concurrent Hypervisor Operations Vulnerability in Snapdragon Platforms Race condition vulnerability leading to memory corruption in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile Kernels Use-after-free vulnerability in synx driver leads to memory corruption in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile platforms Stack-based buffer overflow vulnerability in Snapdragon Connectivity and Snapdragon Mobile allows for memory corruption in Bluetooth HOST Critical Memory Corruption Vulnerability in Snapdragon Consumer IOT Graphic Driver Critical Memory Corruption Vulnerability in Snapdragon Auto Multimedia Driver Critical Vulnerability: Memory Corruption in Snapdragon Auto's Multimedia Component Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 8.2 Exploitable Memory Corruption Vulnerability in Snapdragon Auto's Multimedia Component Critical Vulnerability: Denial of Service Exploit in Snapdragon Auto's Multimedia Parsing of HAB Messages Critical Memory Corruption Vulnerability in Snapdragon Auto's Multimedia Component Double Free Vulnerability in Snapdragon Auto Multimedia Driver Critical Memory Corruption Vulnerability in Snapdragon Auto Multimedia Critical Vulnerability: Integer Overflow in Bluetooth HFP-UNIT Profile Processing Critical Memory Corruption Vulnerability in Snapdragon Auto's Multimedia Component Missing Authorization Vulnerability in Daybyday CRM Allows Unauthorized Access to User Appointments Missing Authorization Vulnerability in Daybyday CRM Versions 2.0.0 - 2.2.0: Unauthorized Access to User Absences Stored Cross-Site Scripting (XSS) Vulnerability in Daybyday CRM 2.2.0 Denial of Service Vulnerability in libguestfs get_keys() Function Weak Password Enforcement in Daybyday CRM User Update Functionality Missing Authorization Allows Unauthorized Password Changes in DayByDay CRM DayByDay CRM Application-Wide Client-Side Template Injection (CSTI) Vulnerability Insufficient Session Expiration in DayByDay CRM Versions 2.2.0 - 2.2.1 Reflected Cross-Site Scripting (XSS) Vulnerability in Teedy v1.5 - v1.9 Stored Cross-Site Scripting (XSS) Vulnerability in Teedy v1.5 - v1.9 Stored Cross-Site Scripting (XSS) Vulnerability via SVG File Upload in Directus Media Upload Functionality Unrestricted File Upload in Directus Media Upload Functionality Leads to Cross-Site Scripting Vulnerability Unrestricted Upload Vulnerability in SourceCodester Library Management System 1.0 Observable Discrepancy in Password-Reset Feature Allows Email Enumeration in NocoDB CSV Injection Vulnerability in NocoDB User Management Endpoint Halo v1.0.0 to v1.4.17 Vulnerability: Stored Cross-Site Scripting (XSS) in Article Titles Stored Cross-Site Scripting (XSS) Vulnerability in Halo Profile Image Upload Stored Cross-Site Scripting (XSS) Vulnerability in Halo v1.0.0 to v1.4.17 Stored XSS vulnerability in Openmct versions 1.3.0 to 1.7.7 via Web Page element URL field Tableau Server Broken Access Control Vulnerability Path Traversal Vulnerability in Tableau Server Administration Agent's File Transfer Service Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in SourceCodester Library Management System 1.0 Accusoft ImageGear 19.10 Memory Corruption Vulnerability Denial of Service (DoS) Vulnerability in fast-string-search Package Uncontrolled Search Path Vulnerability in Intel(R) XTU Software Critical SQL Injection Vulnerability in SourceCodester Library Management System 1.0 OS Command Injection Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Improper ACL Configuration in Yokogawa Electric Products' Long-term Data Archive Package Service Reflected Cross-Site Scripting Vulnerability in php_mailform Checkbox Prototype Pollution in convict Package (Versions before 6.2.2) via Missing ParentKey Validation Hard-coded Root Password Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Uncontrolled Resource Consumption Vulnerability in Yokogawa Electric CAMS for HIS Log Server Arbitrary Script Injection Vulnerability in TransmitMail 2.5.0 to 2.6.1 Improper ACL Configuration in Yokogawa Electric Products' Root Service SQL Injection Vulnerability in Lansweeper HelpdeskEmailActions.aspx Stored Cross-Site Scripting Vulnerability in GiveWP WordPress Plugin Memory Corruption Vulnerability in Foxit PDF Reader 11.1.0.52543 Log Output Neutralization Failure in Yokogawa Electric Products Confidential Information Leakage Vulnerability in Juniper Networks Contrail Service Orchestration REST API Insufficient Algorithmic Complexity and Resource Allocation Vulnerability in Juniper Networks Junos OS Junos Fusion External Control of Critical State Data Vulnerability Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS on ACX5448 Router Improper Certificate Validation in Juniper Networks Junos OS Allows Person-in-the-Middle Attacks Traffic Classification Bypass Vulnerability in Juniper Networks Junos OS on SRX Series Services Gateways Vulnerability in Juniper Networks Junos OS NETISR Network Queue Functionality SSRF Vulnerability in ionicabizau/parse-url prior to 7.0.0 Unauthenticated DoS Vulnerability in Juniper Networks Junos OS Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Generation of Error Message Containing Sensitive Information Vulnerability in Juniper Networks Junos OS CLI Improper Input Validation in Juniper DHCP Daemon (jdhcpd) Allows DoS Improper Initialization Vulnerability in Juniper Networks Junos OS Evolved Allows Telnet Service to Remain Enabled Improper Validation of Specified Quantity in Input Vulnerability in Juniper Networks Junos OS Traffic Classification Bypass Vulnerability in Juniper Networks Junos OS on SRX Series Services Gateways Improper Validation of Specified Type of Input in Juniper Networks Junos OS Kernel Leading to Denial of Service (DoS) Improper Initialization Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Cross-site Scripting (XSS) Vulnerability in ionicabizau/parse-url prior to 7.0.0 Missing Release of Resource after Effective Lifetime vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Memory Leak Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Memory Consumption DoS Vulnerability in Juniper Networks Junos OS PKI Daemon (pkid) IPv6 Packet DMA Memory Leak Vulnerability in Juniper Networks Junos OS on QFX5000 Series and EX4600 Switches Improper Locking Vulnerability in Juniper Networks Junos OS SIP ALG Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS DHCP Daemon Memory Vulnerability in Juniper Networks Junos OS and Junos OS Evolved SNMP Daemon Allows for Denial of Service Stack-based Buffer Overflow Vulnerability in Juniper Networks Junos OS Improper Validation of Specified Index in Juniper Networks Junos OS DHCP Daemon (jdhcpd) Leads to Denial of Service (DoS) Stored Cross-site Scripting (XSS) vulnerability in GitHub repository ionicabizau/parse-url prior to version 7.0.0 Improper Check for Unusual or Exceptional Conditions Vulnerability in IPv6 Packet Processing on EX Series Devices Leading to DoS Reflected Cross-site Scripting (XSS) Vulnerability in J-Web of Juniper Networks Junos OS Cross-site Scripting (XSS) Vulnerability in Juniper Networks Junos OS J-Web Allows Remote Code Execution Improper Access Control Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on SRX Series with 'preserve-incoming-fragment-size' Feature Enabled Improper Initialization Vulnerability in Juniper Networks Junos OS on EX4650 Devices Privilege Escalation via Windows Installer in Juniper Networks Juniper Identity Management Service (JIMS) Uncontrolled Memory Allocation Vulnerability in Juniper Networks Junos OS: Heap-based Buffer Overflow in PFE Elevation of Privilege Vulnerability in Juniper Networks Contrail Service Orchestration (CSO) Unyson WordPress Plugin Reflected Cross-Site Scripting Vulnerability Improper Access Control in Juniper Networks Paragon Active Assurance Control Center Allows Unauthorized PDF Report Generation Juniper Networks Junos OS EX4300 Switch Denial of Service (DoS) Vulnerability Improper Validation of Syntactic Correctness of Input Vulnerability in Juniper Networks Junos OS Evolved on PTX Series Improper Handling of Unexpected Data Type Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Unauthenticated DoS Vulnerability in Juniper Networks Junos OS SIP ALG Improper Validation of Specified Index, Position, or Offset in Input Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability on PTX Series Devices in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS 19.4R3-S4 Improper Release of Memory in Juniper Networks Junos OS SIP ALG Allows Partial DoS Memory Leak Vulnerability in Juniper Networks Junos OS on SRX Series Buffer Overflow Vulnerability in Juniper Networks Junos OS on SRX Series Use After Free Vulnerability in Juniper Networks Junos OS AFT Manager Process Use After Free Vulnerability in Juniper Networks Junos OS and Junos OS Evolved RDP Missing Release of Memory after Effective Lifetime Vulnerability in Juniper Networks Junos OS Information Exposure Vulnerability in Devolutions Remote Desktop Manager Allows Unauthorized Access to User Credentials NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS on QFX5000 Series and MX Series FPC Resource Exhaustion Vulnerability in Juniper Networks Junos OS Evolved on PTX Series Unauthenticated DoS Vulnerability in Juniper Networks Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Missing Release of File Descriptor or Handle after Effective Lifetime Vulnerability in Juniper Networks Junos OS and Junos OS Evolved PAM Etherleak Vulnerability in Juniper Networks Junos OS on PTX and QFX Series Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS on QFX10K Series Switches Improper Check for Unusual or Exceptional Conditions in SRX Series Devices: Certificate Management Protocol Version 2 (CMPv2) DoS Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Arbitrary File Download Vulnerability in Download Monitor WordPress Plugin TOCTOU Race Condition Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Neutralization of Special Elements in Juniper Networks Junos OS Download Manager Allows Unauthorized Device Control Denial of Service Vulnerability in Juniper Networks Junos OS on QFX10000 Series Devices with Transit IP/MPLS Penultimate Hop Popping (PHP) Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved TOCTOU Race Condition Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (rpd) Allows DoS Uncontrolled Memory Allocation Vulnerability in Juniper Networks Junos OS Improper Check for Unusual or Exceptional Conditions Vulnerability in Juniper Networks Junos OS Evolved on ACX7000 Series Improper Validation of Specified Type of Input in Juniper Networks Junos OS RPD Daemon Leading to DoS Stored Cross-Site Scripting (XSS) Vulnerability in Juniper Networks Paragon Active Assurance (Formerly Netrounds) Control Center Controller Cross-Site Request Forgery Vulnerability in WordPress Image Slider Plugin (Versions up to 1.1.121) Improper Input Validation Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Allows DoS via OSPFv3 LSA Unchecked Return Value to NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS on SRX Series Unchecked Return Value to NULL Pointer Dereference Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Improper Preservation of Consistency Between Independent Representations of Shared State Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on SRX Series Unauthenticated DoS Vulnerability in Juniper Networks Junos OS SIP ALG Improper Authentication Vulnerability in Juniper Networks Junos OS Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Privilege Escalation Vulnerability in Juniper Networks Junos OS Evolved Cross-Site Request Forgery Vulnerability in Gallery for Social Photo WordPress Plugin Memory Leak and DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (rpd) Improper Input Validation Vulnerability in Juniper Networks Junos OS J-Web Component Cross-site Scripting (XSS) Vulnerability in Juniper Networks Junos OS J-Web Component XPath Injection Vulnerability in Juniper Networks Junos OS XPath Injection Vulnerability in Juniper Networks Junos OS J-Web Component Path Traversal Vulnerability in Juniper Networks Junos OS: Arbitrary File Upload Juniper Networks Junos OS PHP Local File Inclusion (LFI) Vulnerability Improper Input Validation in Juniper Networks Junos OS Evolved TCP Segment Processing Leading to DoS Incorrect Permission Assignment Vulnerability in Juniper Networks Junos OS Evolved Improper Control of Resource Lifetime Vulnerability in Juniper Networks Junos OS on MX Series Bypassing Zero Trust Security Policies and 'Lock WARP Switch' Feature via warp-cli Subcommands Improper Control of Resource Lifetime in Juniper Networks Junos OS and Junos OS Evolved: Denial of Service (DoS) Vulnerability Vulnerability: Privilege Escalation in Juniper Networks Junos OS on cSRX Series Devices UAF Vulnerability in DFX Module: Impact on System Stability DFX Module Vulnerability: Improper Validation of Integrity Check Values NFC CAs TEE Permission Bypass Vulnerability Application Framework DoS Vulnerability: Impact on Availability DFX Module Access Control Vulnerability: Threat to Data Confidentiality Improper Permission Control in Customization Framework: A Threat to Data Integrity Wi-Fi Module Event Notification Vulnerability: Elevation-of-Privilege Exploitation FLMG-10 10.0.1.0(H100SP22C00) Improper Authentication Vulnerability Inconsistent Date Verification in Thunderbird Digital Signatures Title: Kernel Module UAF Vulnerability: Threatening Data Integrity and Availability Vulnerability in HiAIserver's Weight Verification Poses Risk to AI Services Improper Link Resolution Vulnerability in ROG Live Service's Temp File Deletion Function Unprotected Dynamic Receiver Vulnerability in SecSettings Prior to SMR Jan-2022 Release 1 File Manipulation Vulnerability in Dressroom Prior to SMR Jan-2022 Release 1 Arbitrary Memory Write and Code Execution Vulnerability in NPU Driver Unprotected WifiEvaluationService in TencentWifiSecurity Application: Unauthorized Access to WiFi Information ActivityMetricsLogger Implicit Intent Hijacking Vulnerability Knox Guard Vulnerability: Temporary Unlock via Samsung DeX Mode Unprotected BluetoothSettingsProvider Vulnerability: Unauthorized Access to Local Bluetooth MAC Address Improper Access Control in GitLab Runner Jobs API Allows Unauthorized Data Access Contact Information Exposure Vulnerability in Dialer App (SMR Jan-2022 Release 1) Arbitrary Memory Copy Vulnerability in TIMA Trustlet (SMR Jan-2022 Release 1) IMSISpy: Unauthorized Access to IMSI in TelephonyManager OS Command Injection Vulnerability in End-of-Life Secure Remote Access (SRA) and Secure Mobile Access (SMA) Products Stack-based Buffer Overflow Vulnerability in SonicOS Allows Remote Code Execution TCP Handshake Bypass Vulnerability in HTTP/S Inbound Traffic SonicOS SNMP Service Vulnerability: Unauthorized Access to Sensitive Information Clear-text Exposure of Wireless Access Point Sensitive Information in SonicOS SNMP Service SonicOS CFS Vulnerability: HTTP Denial of Service (DoS) Attack via Large 403 Forbidden Response Post-Authentication Arbitrary File Read Vulnerability in End-of-Life Secure Remote Access (SRA) and Older Firmware Versions of Secure Mobile Access (SMA) Products GitLab EE Information Exposure Vulnerability: Unauthorized Access to CI Variables Unauthenticated SQL Injection Vulnerability in SonicWall GMS and Analytics On-Prem Buffer Overflow Vulnerability in SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) Allows Arbitrary Code Execution Improper Access Control in SonicWall SMA1000 Series Firmware Session Hijacking Vulnerability in Samsung Health App Bypassing Secret Mode Password Authentication in Samsung Internet (prior to 16.0.2.19) Hijacking and Privilege Escalation Vulnerability in Reminder App Bixby Routines PendingIntent Hijacking Vulnerability Arbitrary File Access Vulnerability in Samsung Email Prior to 6.1.60.16 Remote App Installation Vulnerability in Galaxy Store (Version < 4.5.36.5) Remote Information Disclosure Vulnerability in S Assistant v7.5 and earlier Unprotected Variable Extraction Vulnerability in GitLab CE/EE Domain Spoofing Vulnerability in Samsung Internet Downloads Excessive Data Logging Vulnerability in Telephony: Unauthorized Cell Location Information Retrieval Dynamic Receiver Vulnerability in Telecom: Arbitrary Activity Launch HTML Injection in Dolibarr 7.0.2 via admin/limits.php ZFAKA<=1.43 SQL Injection Vulnerability Allows Unauthorized Administrator Account Creation SQL Injection Vulnerability in Metinfo v7.5.0 via table_para parameter in parameter_admin.class.php Insecure Permissions in Sourcecodester Hospital's Patient Records Management System 1.0 Arbitrary File Read Vulnerability in FortiWeb and FortiRecorder OS Command Injection Vulnerability in Fortinet FortiIsolator Title: Authenticated Command Injection via Format String Vulnerability in FortiADC, FortiProxy, FortiOS, and FortiMail Stored Cross-Site Scripting Vulnerability in GitLab CE/EE Project Settings Insufficient Permissions Vulnerability in Fortinet FortiAnalyzer and FortiManager Command Injection Vulnerability in FortiAP-C Console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 Clear Text Storage of Sensitive Information Vulnerability in FortiGate and FortiAuthenticator Unauthorized Access to FortiGate User Credentials via Config Conflict File Vulnerability Cross-Site Scripting (XSS) Vulnerability in FortiAuthenticator OWA Agent for Microsoft Version 2.2 and 2.1 Improper Certificate Validation Vulnerability in Fortinet Products FortiOS Improper Certificate Validation Vulnerability Elevated Privileges Vulnerability in IBM Security Guardium 11.3, 11.4, and 11.5 Remote File Include (RFI) Vulnerability in IBM Planning Analytics 2.0 Unauthenticated Serial Port/TTY Interface Login Vulnerability in POWER Systems FSP NULL Pointer Dereference in Vim prior to 8.2 Weak Security and Unauthorized Access in IBM WebSphere Application Server Liberty 21.0.0.10-21.0.0.12 Vulnerability: Improper Validation of JWT Tokens in IBM Security Verify Access Heap-based Buffer Overflow in IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x Weak Cryptographic Algorithms in IBM QRadar Data Synchronization App 1.0 through 3.0.1 Local File Inclusion Vulnerability in IBM Planning Analytics Local 2.0 Elevated Privilege Vulnerability in IBM UrbanCode Deploy (UCD) 7.2.2.1 IBM MQ Appliance 9.2 CD and 9.2 LTS Denial of Service Vulnerability Session Invalidation Vulnerability in IBM Curam Social Program Management 8.0.0 and 8.0.1 Session Invalidation Vulnerability in IBM Curam Social Program Management 8.0.0 and 8.0.1 Vulnerability: Queue Deletion Disruption in IBM Robotic Process Automation 21.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Insufficient Protection of Password Hash in IBM MQ Appliance 9.2 CD and 9.2 LTS Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Heap-based Buffer Overflow in IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x Information Disclosure Vulnerability in IBM MQ for HPE NonStop 8.1.0 Insufficient Authorization Checks in IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 Weak Cryptographic Algorithms in IBM UrbanCode Deploy (UCD) 7.x.x Privilege Escalation Vulnerability in IBM SterlingPartner Engagement Manager 6.2.0 Insecure Cookie Handling in IBM Control Desk 7.6.1 Cross-Site Request Forgery Vulnerability in Banner Cycler WordPress Plugin (up to version 1.4) IBM Control Desk 7.6.1 HTTPOnly Flag Failure Vulnerability Insecure Direct Object Vulnerability in IBM SterlingPartner Engagement Manager 6.2.0 Missing Revocation Mechanism in IBM Sterling Partner Engagement Manager 6.2.0 Allows User Impersonation Buffer Overflow Vulnerability in IBM Sterling Secure Proxy and External Authentication Server Unauthorized Access to Tenant Information in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 Denial of Service Vulnerability in IBM Sterling External Authentication Server and IBM Sterling Secure Proxy Information Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 IBM Planning Analytics 2.0 SSRF Vulnerability Command Injection Vulnerability in mySCADA myPRO 8.26.0 HTTP Header Injection Vulnerability in IBM Spectrum Copy Data Management Cross-Site Scripting (XSS) Vulnerability in IBM QRadar 7.3, 7.4, and 7.5 Cross-Site Request Forgery Vulnerability in IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx Reverse Tabnabbing Vulnerability in IBM Spectrum Protect Operations Center Path Traversal Vulnerability in IBM Sterling External Authentication Server Cross-Site Scripting (XSS) Vulnerability in GitLab EE's External Issue Tracker Denial of Service Vulnerability in IBM AIX and VIOS NIMSH Daemon Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 Data Masking Bypass Vulnerability in IBM Big SQL on IBM Cloud Pak for Data Unrestricted Connection Length Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management Denial of Service Vulnerability in IBM MQ Appliance 9.2 CD and 9.2 LTS Login Component Account Enumeration Vulnerability in IBM MQ Appliance 9.2 CD and 9.2 LTS XML External Entity Injection (XXE) Vulnerability in IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 Cross-Site Request Forgery Vulnerability in IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 - LDAP Injection Vulnerability Cross-Site Request Forgery Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager SSL Server Hostname Spoofing Vulnerability in IBM WebSphere Application Server with Ajax Proxy Web Application Clear Text Storage of User Credentials in IBM UrbanCode Deploy Local User Disclosure of Sensitive Database Information in IBM UrbanCode Deploy Weak Cryptographic Algorithms in IBM Spectrum Scale 5.1.0 through 5.1.3.0: A Threat to Highly Sensitive Data Local Privilege Escalation Vulnerability in IBM Workload Scheduler 9.4 and 9.5 Open Redirect Vulnerability in Keycloak Node.js Adapter's checkSso Function Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 Session Impersonation Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 Improper Validation Vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs Firmware Downgrade Vulnerability in IBM Power 9 AC922 BMC (X-Force ID: 221442) Arbitrary Command Execution Vulnerability in IBM Security Verify Privilege On-Premises 11.5 HTTP Strict Transport Security Bypass in IBM Security Verify Privilege On-Premises 11.5 Vulnerability in Red Hat Advanced Cluster Management for Kubernetes Allows Pod Crashing and System Availability Impact Certificate Validation Vulnerability in IBM Security Verify Privilege On-Premises 11.5 Hazardous Input Validation Vulnerability in IBM Security Verify Privilege On-Premises 11.5 Clear Text Transmission Vulnerability in IBM Security Verify Privilege On-Premises 11.5 IBM Security Verify Privilege On-Premises 11.5 HTTP Strict Transport Security Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Application Gateway Allows for Credential Disclosure Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows Cross-Site Scripting (XSS) Vulnerability in Request a Quote WordPress Plugin Improper Privilege Management in IBM Db2 for Linux, UNIX and Windows Information Disclosure Vulnerability in IBM Aspera High-Speed Transfer 4.3.1 and Earlier Arbitrary File Upload Vulnerability in IBM Planning Analytics Local 2.0 Information Disclosure Vulnerability in IBM WebSphere Application Server Liberty Improper Access Control Enforcement in IBM Spectrum Protect 8.1.14.000 Server Clear Text Credential Printing Vulnerability in IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 CVE-2022-22399 CSV File Upload Vulnerability in Request a Quote WordPress Plugin IBM Aspera Faspex 5.0.5 Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Aspera Faspex 5.0.5 Excessive Rate Limiting Vulnerability in IBM App Connect Enterprise Certified Container Dashboard UI IBM Aspera Faspex 5.0.5 HTTP Strict Transport Security Bypass Vulnerability Insecure Configuration in IBM Aspera Faspex 5.0.5 Allows Information Gathering CSRF and Stored XSS Vulnerabilities in Featured Image from URL (FIFU) WordPress Plugin IBM Watson Query with Cloud Pak for Data as a Service Information Disclosure Vulnerability Excessive Permissions Vulnerability in IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 Local Host Login Access Token Vulnerability in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 SQL Injection Vulnerability in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 Local User Credential Exposure in IBM Robotic Process Automation 21.0.2 Unauthorized View-Only Access to Admin Pages in IBM Robotic Process Automation 21.0.1 Control Center IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 SSRF Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SaaS 22.2 Improper Access Control in KUKA SystemSoftware V/KSS Versions Prior to 8.6.5 Improper Input Validation in IBM Common Cryptographic Architecture (CCA) 5.x and 7.x MTM for 4767 and 4769 Local User Information Disclosure in IBM QRadar SIEM 7.3, 7.4, and 7.5 CSV Injection Vulnerability in IBM InfoSphere Information Server 11.7 Authentication Bypass Vulnerability in IBM Spectrum Copy Data Management Admin Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Access Control Vulnerability in GitLab EE/CE Allows Enumeration of Issues in Non-Linked Sentry Projects IBM Robotic Process Automation 21.0.1 and 21.0.2 External Service Interaction Vulnerability IBM Robotic Process Automation 21.0.0-21.0.2 Physical Access API Object Creation Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.1.2 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.1.2 Improper Authorization Vulnerability in GitLab EE/CE Allowing Unauthorized Management of Issues in Error Tracking Feature Privilege Escalation Vulnerability in IBM InfoSphere Information Server 11.7 Improper Access Controls in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Local Denial of Service Vulnerability in IBM AIX and VIOS Critical Vulnerability: Compromise of Partition Firmware via FSP Access or Admin Authority (POWER9) Potential Security Misconfigurations in IBM Disconnected Log Collector 1.0 through 1.8.2: Information Disclosure Vulnerability Sensitive Information Disclosure in IBM Security Verify Governance, Identity Manager 10.01 CSRF Vulnerability in Counter Box WordPress Plugin before 1.2.1 Privileged User File Upload Vulnerability in IBM Security Verify Identity Manager 10.0 Inadequate Account Lockout Setting in IBM Security Verify Identity Manager 10.0 Weak Cryptographic Algorithms in IBM Security Verify Identity Manager 10.0: A Potential Decryption Vulnerability Arbitrary Command Execution Vulnerability in IBM InfoSphere Information Server 11.7 Privilege Escalation Vulnerability in IBM Security Verify Governance Identity Manager 10.0 Virtual Appliance Cross-Site Scripting (XSS) Vulnerability in IBM Security Verify Governance, Identity Manager 10.0.1 Clear Text Storage of User Credentials in IBM Security Verify Governance, Identity Manager 10.0.1 Clear Text Storage of User Credentials in IBM Security Verify Governance, Identity Manager 10.0.1 Sensitive Information Exposure in IBM Security Verify Identity Manager 10.0 Weak Cryptographic Algorithms in IBM Security Verify Governance, Identity Manager 10.0.1: A Potential Decryption Vulnerability Weak Cryptographic Algorithms in IBM Security Verify Governance, Identity Manager Virtual Appliance Component 10.0.1: A Potential Decryption Vulnerability SQL Injection Vulnerability in IBM Security Access Manager Appliance 10.0.0.0 - 10.0.3.0 Weak Cryptographic Algorithms in IBM Security Access Manager Appliance 10.0.0.0 - 10.0.3.0 Improper Access Permissions in IBM Security Access Manager Appliance 10.0.0.0 - 10.0.3.0 Hard-coded Credentials Vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance 10.0 Local User Credential Exposure Vulnerability Improper Disclosure of Session Information in IBM Spectrum Protect Plus Container Backup and Restore Improper Handling of Administrative Console Data in IBM WebSphere Application Server Denial of Service Vulnerability in IBM Spectrum Protect Client Operations Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty Identity Spoofing Vulnerability in IBM WebSphere Application Server Liberty and Open Liberty (CVE-2021-20592) Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Clear Text Storage of User Credentials in IBM Spectrum Protect Client Cross-Site Request Forgery Vulnerability in IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 Data Node Rebalancing Vulnerability in IBM QRadar SIEM 7.4 and 7.5 Remote Access to IBM Navigator for i Web Interface without Valid Credentials File Upload Denial of Service Vulnerability in IBM Sterling B2B Integrator Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows Sensitive Information Exposure in IBM Spectrum Protect Operations Center Unauthenticated Brute Force Access to IBM Spectrum Protect Server XML External Entity Injection (XXE) Vulnerability in IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 Unlimited Login Attempts Vulnerability in IBM Spectrum Protect Storage Agent Denial of Service Vulnerability in IBM OpenBMC OP910 and OP940 XML External Entity Injection (XXE) Vulnerability in IBM MQ 8.0 and 9.x Local Privilege Escalation Vulnerabilities in Avaya Aura Communication Manager Privileged User Information Disclosure in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 Cross-Site Request Forgery Vulnerability in IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 Information Disclosure Vulnerability in IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 IBM i 7.3, 7.4, and 7.5 SQL Injection Vulnerability Offline Dictionary Attack Vulnerability in IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 Unauthorized Access Vulnerability in IBM Aspera Faspex 4.4.1 and 5.0.0 Open Redirect Vulnerability in GitLab EE/CE Versions 11.1 to 14.10.5, 15.0 to 15.0.4, and 15.1 to 15.1.1 Cross-Site Scripting (XSS) Vulnerability in IBM Robotic Process Automation 21.0.1 and 21.0.2 Clickjacking Vulnerability in IBM Robotic Process Automation 21.0.0 Exposure of IBM Tenant Credentials in IBM Robotic Process Automation 21.0.0-21.0.2 User ID Exposure Vulnerability in IBM Robotic Process Automation 21.0.2 Consecutive Login Blocking Vulnerability in Multiple CODESYS V3 Products Privilege Escalation Vulnerability in Phoenix Contact FL SWITCH Series 2xxx Version 3.00 GitLab Runner Branch Name Command Execution Vulnerability Null Pointer Dereference Vulnerability in Codesys Profinet v4.2.0.0 Allows Unauthenticated DoS Attack via SNMP Reflected XSS Vulnerability in Device Configuration Pages Allows Unauthorized Access to Confidential Information Vulnerability: Hard-coded Credentials in VARTA Storage Web-UI Null Pointer Dereference Vulnerability in CmpSettings Component of CODESYS Products Dereferenced Pointer Vulnerability in CmpTraceMgr Leading to Memory Overwrite Remote Code Execution Vulnerability in CODESYS Control Runtime System Memory Space Access Vulnerability in SysDrv3S Driver on Windows Remote Code Execution Vulnerability in CODESYS Products Partial Application of Security Policies in CmpUserMgr Component Vulnerability Remote Code Execution Vulnerability in CODESYS Control Runtime System Open Redirect Vulnerability in GitHub Repository Microweber/Microweber Prior to 1.2.19 User Enumeration Vulnerability in MB Connect Line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual (up to v2.11.2) Privilege Escalation in Miele Benchmark Programming Tool Hard-coded Credentials Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Authentication Bypass Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server SQL-Injection Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Arbitrary Command Execution Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Missing Authentication in Carlo Gavazzi UWP3.0 and CPY Car Park Server: Full API Access Vulnerability Privilege Escalation Vulnerability in SAP ASE Installer XSS Vulnerability in SAP Enterprise Threat Detection (ETD) Version 2.0 Remote Code Execution Vulnerability in Distributed Data Systems WebHMI 4.1.1.7662 File Upload and Download Vulnerability in SAP S/4HANA F0743 Create Single Payment Application Arbitrary Script Code Execution in SAP S/4HANA F0743 Create Single Payment Application Improper Shared Memory Buffer Handling Vulnerability in SAP NetWeaver Application Server Java SAP NetWeaver Application Server Java Memory Buffer Consumption Vulnerability Insufficient Encoding of User Input in SAP NetWeaver: Code Injection Vulnerability Unauthorized Access to Payroll Data in SAP ERP HCM Portugal Vulnerability: Request Smuggling and Request Concatenation in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher SAP 3D Visual Enterprise Viewer 9.0 TIFF File Format Crash Vulnerability Adobe Illustrator File Format Denial of Service Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9.0 JPEG File Format Denial of Service Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9.0 Privilege Escalation Vulnerability in Distributed Data Systems WebHMI 4.1.1.7662 SAP NetWeaver AS ABAP (Workplace Server) Database Query Disclosure Vulnerability Unauthorized Data Disclosure in SAP BusinessObjects Business Intelligence Platform Confidential Information Disclosure in S/4HANA Supplier Factsheet and Enterprise Search SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) Denial-of-Service Vulnerability Vulnerability: Unauthorized Code Execution and System Control in SAP Solution Manager (Diagnostics Root Cause Analysis Tools) Unauthorized Access to Connection Details in SAP NetWeaver Application Server ABAP and ABAP Platform XSS Vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - Version 420 Unrestricted Information Access via Random Port in Simple Diagnostics Agent (Versions 1.0 to 1.57) Improper Certificate Validation in Dell PowerScale OneFS: Man-in-the-Middle Attack on Administrative Credentials Untrusted Proxy Header Injection Vulnerability in mod_wsgi Dell PowerScale OneFS Password Disclosure Vulnerability Vulnerability: Unauthenticated Session Hijacking in DELL EMC AppSync Versions 3.9 to 4.3 Clickjacking Vulnerability in Dell EMC AppSync Versions 3.9 to 4.3 Dell EMC AppSync Account Takeover Vulnerability Unprotected Storage of Credentials in Dell EMC System Update Dell EMC PowerStore OS Command Injection Vulnerability Uncontrolled Resource Consumption Vulnerability in Dell PowerStore User Interface Plain-Text Password Storage Vulnerability in PowerStore X & T Environments Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS Use of Broken Cryptographic Algorithm in Dell PowerScale OneFS 9.3.0: Potential Information Disclosure Vulnerability Stored Cross-site scripting (XSS) vulnerability in Red Hat Single Sign-On 7's Keycloak Admin Console Hard Coded Credentials in Dell EMC PowerScale OneFS 8.1.x - 9.1.x Improper Restriction of Excessive Authentication Attempts in Dell PowerScale OneFS Dell PowerScale OneFS Denial-of-Service Vulnerability Dell EMC Powerscale OneFS Account Information Omission Vulnerability Dell EMC Unity Vulnerability: Broken Cryptographic Algorithm Allows for MitM Attacks and Information Disclosure Improper Authorization in Dell PowerScale OneFS: Sensitive Data Disclosure and Modification Pre-Boot DMA Vulnerability in Dell Client Platforms: Exploiting Physical Access for Arbitrary Code Execution Insufficient Verification of Data Authenticity Vulnerability in Dell Client Commercial and Consumer Platforms Critical Out-of-bounds Read Vulnerability in vim/vim Repository (prior to 9.0) UniFi Door Access Reader Lite Firmware Buffer Overflow Vulnerability Stored XSS Vulnerability in Incapptic Connect: Authenticated High Privileged Users Can Perform Attack Privilege Escalation via Password Reset in Incapptic Connect < 1.40.1 Improper Authentication Vulnerability in curl 7.33.0 to 7.82.0 XSS Vulnerability in Action Pack: Bypassing CSP for Non-HTML Responses Root Privilege Escalation Vulnerability Patched in Apple Operating Systems Vulnerability: Information Disclosure and Arbitrary Code Execution via Malicious STL File Unauthorized Access to Tagsets in Octopus Deploy Symlink Validation Vulnerability Allows Arbitrary File Writing Vulnerability: File Access Permissions Bypass Arbitrary Code Execution Vulnerability Patched in Apple Operating Systems Path Validation Logic Vulnerability Kernel Privilege Escalation via Out-of-Bounds Write in macOS Monterey 12.2 Kernel Privilege Escalation Vulnerability in Apple Operating Systems Denial of Service Vulnerability in iOS 15.2.1 and iPadOS 15.2.1 via Malicious HomeKit Accessory Name Arbitrary JavaScript Execution via Malicious Mail Message in iOS 15.3 and macOS Monterey 12.2 Unauthorized Access to Workerpools in Octopus Deploy Use After Free Vulnerability Patched in Multiple Apple Platforms Memory Corruption Vulnerability in macOS Monterey 12.2 Allows Arbitrary Code Execution with Kernel Privileges Content Security Policy Bypass Vulnerability Buffer Overflow Vulnerability in iOS, iPadOS, watchOS, tvOS, macOS Fixed Cross-Origin Information Leakage in IndexDB API Arbitrary Code Execution Vulnerability in watchOS, iOS, and iPadOS Memory Corruption Vulnerability Patched in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina Camera Metadata Leakage Vulnerability Siri Lock Screen Location Information Disclosure Vulnerability CSRF Vulnerability in GiveWP WordPress Plugin Allows DoS Attack Privacy Bypass Vulnerability Patched in Apple's Latest Updates Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Improper Bounds Checking in Xcode 13.3 Leads to Arbitrary Code Execution Application Settings Exposure Vulnerability Patched in Latest Apple Updates Local File Inclusion vulnerability in WPIDE WordPress Plugin before 3.0 Memory Corruption Vulnerability in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, iPadOS 15.4, and tvOS 15.4 Arbitrary Code Execution via Maliciously Crafted Image Heap Corruption Vulnerability in Apple Operating Systems and Applications Arbitrary Code Execution Vulnerability with Kernel Privileges Arbitrary Code Execution Vulnerability in Apple Operating Systems Arbitrary Code Execution Vulnerability in Apple Operating Systems Gatekeeper Bypass Vulnerability in ZIP Archives Privilege Escalation Vulnerability in macOS Big Sur, macOS Monterey, and Security Update 2022-003 Catalina Emergency SOS Passcode Bypass Vulnerability Patched in watchOS 8.5, iOS 15.4, and iPadOS 15.4 Critical SQL Injection Vulnerability in Online Hotel Booking System 1.0 Use After Free Vulnerability in macOS Monterey, iOS, iPadOS, and Safari Sensitive Information Exposure via Keyboard Suggestions on iOS Devices Keyboard Suggestion Vulnerability Allows Unauthorized Access to Sensitive Information on iOS Devices Use After Free Vulnerability Patched in macOS Monterey 12.3, iOS 15.4, and More AppleScript Binary Processing Vulnerability Improper Bounds Checking in AppleScript Binary Processing Improper Bounds Checking in AppleScript Binary Processing Use After Free Vulnerability Patched in macOS Monterey 12.3, Safari 15.4, and More Buffer Overflow Vulnerability Patched in Multiple Apple Products Critical SQL Injection Vulnerability in Online Hotel Booking System 1.0 Improper Memory Management Leads to Remote Code Execution in macOS Elevated Privileges Vulnerability Patched in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina Privilege Escalation Vulnerability Patched in Apple Operating Systems Memory Corruption Vulnerability in PDF File Parsing Improved Bounds Checking Fixes Buffer Overflow Vulnerability in tvOS 15.4, iOS 15.4, and iPadOS 15.4 Elevated Privileges Vulnerability Fixed in tvOS 15.4, iOS 15.4, and iPadOS 15.4 Arbitrary Code Execution Vulnerability in tvOS, iOS, and iPadOS 15.4 Cross-Origin Logic Issue in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, iPadOS 15.4, and tvOS 15.4 Null Pointer Dereference Vulnerability Patched in Multiple Apple Operating Systems Elevated Privileges Vulnerability Patched in iOS 15.4, iPadOS 15.4, and macOS Monterey 12.3 Heap-based Buffer Overflow in Vim prior to version 9.0 Arbitrary Code Execution Vulnerability in Apple Operating Systems Elevated Privileges Vulnerability Fixed in Apple Operating Systems Emergency SOS Passcode Bypass Vulnerability Patched in iOS 15.4 and iPadOS 15.4 Unintentional Audio and Video Transmission Vulnerability in FaceTime Privacy Vulnerability: Unauthorized Access to Contact Information in macOS Monterey 12.3 Vulnerability Patched: File System Modification Exploit in macOS Monterey 12.2 Login Window Bypass Vulnerability in macOS Memory Disclosure Vulnerability in macOS Unauthenticated Path Traversal Vulnerability in Çekino Bilgi Teknolojileri Identity and Directory Management System (before version 2.1.25) Vulnerability: Privilege Escalation via Plug-in Inheritance Improper Bounds Checking Leading to System Termination and Kernel Memory Corruption Lock Screen Vulnerability Allows Unauthorized Access to Carrier Account Information and Settings Improved Restrictions for Addressing Logic Issue in iOS 15.4 and iPadOS 15.4: Mitigating Unauthorized Access to User and Device Information Address Bar Spoofing Vulnerability Fixed in watchOS 8.5 and Safari 15.4 Sandbox Improvements Patch Vulnerability: Sensitive User Information Leakage Desktop View Leakage Vulnerability Memory Initialization Vulnerability in Logic Pro, GarageBand, and macOS Monterey iOS 16.0.3 Patch: Denial-of-Service Vulnerability in Email Processing Improved State Management Addresses Logic Issue in iOS 15.4 and iPadOS 15.4, Preventing Sensitive User Information Leakage Unauthenticated Reflected XSS Vulnerability in Yordam Bilgi Teknolojileri's University Library Automation System (pre-version 19.2) Vulnerability: App Spoofing System Notifications and UI Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Improved Cookie Management in Security Update 2022-003 Catalina and macOS Big Sur 11.6.5 Gatekeeper Bypass Vulnerability Vulnerability Patched: Out-of-Bounds Read in Logic Pro, GarageBand, and macOS Monterey Root Privilege Escalation Vulnerability in macOS Monterey 12.3 Heap Corruption Vulnerability Fixed in iOS, iPadOS, tvOS, and watchOS Arbitrary Code Execution Vulnerability in iOS 15.4 and iPadOS 15.4 Improved Restrictions for Logic Issue in iOS 15.4, iPadOS 15.4, and macOS Monterey 12.3: Mitigating Sensitive User Information Leakage Kernel Privilege Escalation via Use After Free Vulnerability in macOS Monterey 12.3 Mailchimp for WooCommerce WordPress Plugin 2.7.0 and Earlier: Unauthorized AJAX Action Allows Server Impersonation and Network Scanning Improved Access Restrictions in tvOS 15.4, iOS 15.4, iPadOS 15.4, and watchOS 8.5 Prevent Malicious App from Identifying Installed Applications Lock Screen Photo Access Vulnerability Memory Corruption Vulnerability in iOS, iPadOS, macOS Fixed in Latest Updates Denial of Service Vulnerability Fixed in iOS 15.5 and iPadOS 15.5 Kernel Memory Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Apple Operating Systems XPC Services API Event Handler Validation Vulnerability Concurrent Media Handling Logic Issue in WebRTC Call Interrupted by Phone Call Path Traversal Vulnerability in Synology DiskStation Manager (DSM) Allows Arbitrary File Write Arbitrary File Upload and Remote Code Execution Vulnerability in Import any XML or CSV File to WordPress Plugin Sensitive Information Exposure Vulnerability in Synology DiskStation Manager (DSM) Web Server Session Fixation Vulnerability in Synology Photo Station Access Control Management Cross-site Scripting (XSS) vulnerability in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in Event Management. Classic Buffer Overflow Vulnerability in Synology Media Server before 1.8.1-2876 OS Command Injection Vulnerability in Synology DiskStation Manager (DSM) Path Traversal Vulnerability in Synology WebDAV Server CSRF Vulnerability in Synology Calendar Allows Authentication Hijacking Classic Buffer Overflow Vulnerability in Synology DiskStation Manager (DSM) Authentication Functionality Command Injection Vulnerability in Synology DiskStation Manager (DSM) File Service Functionality Arbitrary Code Execution Vulnerability in CA Harvest Software Change Manager SQL Injection Vulnerability in Website File Changes Monitor WordPress Plugin Persistent URL Manipulation Vulnerability in Umbraco CMS Password Reset URL Manipulation Vulnerability in Umbraco GitLab Vulnerability: Conan Package Names Leakage Predictable Value Ranges in 'X-CFY-TX-TM' Response Header Expose User Existence in CyberArk Identity Local File Disclosure Vulnerability in PartKeepr v1.4.0 SSRF and Port Enumeration Vulnerability in PartKeepr v1.4.0 Cleartext User Password and PSK Leakage in Stormshield SSO Agent Installer Log File Privilege Escalation to Root in Zabbix-Agent2 Package for Alpine Linux Arm Mali GPU Kernel Driver Write Access Vulnerability Stack-based Buffer Overflow in mod_extforward_Forwarded Function of lighttpd VP9 Video Extensions RCE Vulnerability Stored Cross-Site Scripting Vulnerability in WP Database Backup WordPress Plugin Windows Common Log File System Driver Denial of Service Vulnerability Windows BitLocker Data Leakage Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Hyper-V DoS Vulnerability: Disrupting Windows Virtualization PipeFS Elevation of Privilege Vulnerability Excel Data Leakage Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Apache HTTP Server 2.4.52 and Earlier: Remote Memory Read Vulnerability Authentication Bypass Vulnerability in Sante PACS Server 3.0.4 Apache HTTP Server 2.4.52 and earlier Vulnerability: HTTP Request Smuggling Integer Overflow Vulnerability in Apache HTTP Server 2.4.52 and Earlier Hard-coded SSH Key Vulnerability in Easergy P5 (Firmware versions prior to V01.401.101) Buffer Overflow Vulnerability in Easergy P5 (Firmware Versions prior to V01.401.101) Denial of Service Vulnerability in Modicon M340 CPUs: Uncontrolled Resource Consumption on Ports 80 and 502 Buffer Overflow Vulnerability in Easergy P3 (Versions prior to V30.205) Arbitrary File Read Vulnerability in EcoStruxure Power Monitoring Expert (Versions 2020 and prior) CWE-20: Improper Input Validation in EcoStruxure Power Monitoring Expert (Versions 2020 and prior) Buffer Overflow Vulnerability in Apache libapreq2 Improper Authentication Vulnerability in Yokogawa Electric CAMS for HIS Server Membership Level Escalation Vulnerability in Simple Membership WordPress Plugin Authentication Bypass Vulnerability in Intel(R) Edge Insights for Industrial Software Path Traversal Vulnerability in EcoStruxure Power Commission (Versions prior to V2.22) Cross-Origin Resource Sharing (CORS) Misconfiguration in EcoStruxure Power Commission (Versions prior to V2.22) Privilege Escalation via Unauthorized Access in Apache ShardingSphere ElasticJob-UI Cross-Site Scripting (XSS) Vulnerability in Simple Quotation WordPress Plugin Vulnerability: SQL Injection and Lack of Authorization Checks in Simple Quotation WordPress Plugin Local Privilege Escalation in Firefox for Windows with Non-Default Installation Race Condition and Use-After-Free Vulnerability in Audio Sinks of Firefox ESR, Firefox, and Thunderbird CSS Filter Effect Heap Buffer Overflow Vulnerability URL Protocol Handler Launch Vulnerability in Firefox ESR, Firefox, and Thunderbird Vulnerability: Remote Code Execution in OpenSSL 3.0.4 RSA Implementation on AVX512IFMA Machines Use-after-free vulnerability in network request handling Popup Resizing Vulnerability in Firefox ESR, Firefox, and Thunderbird Out-of-Bounds Memory Access Vulnerability in Firefox ESR, Firefox, and Thunderbird Fullscreen Hijacking Vulnerability Command Injection Vulnerability in Thunderbird for Windows Cross-Origin Information Leakage in Firefox ESR, Firefox, and Thunderbird Race Condition Vulnerability in Firefox for Windows Allows Fullscreen Window Spoofing Empty PKCS7 Sequence Handling Vulnerability in Firefox ESR, Firefox, and Thunderbird Origin Confusion Vulnerability in Firefox and Thunderbird Vulnerability in Firefox for Android Allows Navigation to Non-Web URLs via QR Codes CSRF Vulnerability in WP Edit Menu WordPress Plugin Allows Arbitrary Post/Page Deletion Privilege Escalation through Cross-Process Resource Handle Confusion Memory Safety Bugs in Firefox 95 and Firefox ESR 91.4 Memory Corruption Vulnerabilities in Firefox 95 Arbitrary Directory Write Access Vulnerability in Firefox Maintenance Service Extension Auto-Update Bypass Vulnerability Persistent JavaScript Execution Vulnerability in Firefox < 97 Drag-and-Drop Image Execution Vulnerability Remote Code Execution Vulnerability in Firefox WebDriver USSD Code Injection Vulnerability in Firefox for Android Sandboxed iFrame Event Handler Bypass Vulnerability Unauthenticated Deletion Vulnerability in WP Edit Menu WordPress Plugin Cross-Origin Information Disclosure in Web Workers Insecure Frame-Ancestors Enforcement in Web Extension Pages Cross-Window Scripting Vulnerability in Firefox for Android (Version < 97) Late Lifecycle Script Execution Vulnerability in Firefox, Thunderbird, and Firefox ESR Memory Corruption Vulnerabilities in Firefox 96 and Firefox ESR 91.5 Hardcoded Credentials Vulnerability in BD Viper LT System Versions 2.0 and Later Hardcoded Credentials Vulnerability in BD Pyxis Products Default Credentials Vulnerability in BD Pyxis™ Products Stored Cross Site Scripting (XSS) Vulnerability in TIBCO EBX and Add-ons Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 allows for denial-of-service Unauthenticated Remote Code Execution in TIBCO AuditSafe Web Server Directory Traversal Vulnerability in TIBCO JasperReports Server Components Remote Code Execution (RCE) Vulnerability in TIBCO Managed File Transfer Platform Server for UNIX and z/Linux Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO JasperReports Server XML External Entity (XXE) Vulnerability in TIBCO Managed File Transfer Components Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO BPM Enterprise and TIBCO Silver Fabric Stored Cross Site Scripting (XSS) Vulnerability in TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting (XSS) Vulnerability in TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery (CSRF) Vulnerability in TIBCO BusinessConnect Trading Community Management Vulnerability: Information Disclosure via Unremoved Exploded Messages in Keybase Clients Stored Cross-Site Scripting Vulnerability in Featured Image from URL (FIFU) WordPress Plugin Zip Bomb Vulnerability in Zoom Client for Meetings Zoom Client for MacOS Update Vulnerability Local Privilege Escalation Vulnerability in Zoom Client for Windows Exposure of Process Memory Fragments in Zoom On-Premise Meeting Connector Controller and MMR XML Parsing Vulnerability in Zoom Client for Meetings Session Cookie Spoofing Vulnerability in Zoom Client for Meetings Zoom Client and Zoom Rooms for Windows Vulnerability: Unauthorized Downgrade Attack Zoom Client for Meetings Vulnerability: Server Switch Request Hostname Validation Failure Zoom Opener Installer DLL Injection Vulnerability FormStorm Enterprise Account Takeover Vulnerability NULL Pointer Dereference Vulnerability in libmobi prior to version 0.11 SYNEL - eharmony Directory Traversal Vulnerability: Unauthorized Access to Sensitive Files SYNEL - eharmony Authenticated Blind & Stored XSS Vulnerability MobiSoft - MobiPlus User Take Over and Password Exposure Vulnerability PineApp Mail Relay Local File Inclusion Vulnerability PineApp Mail Relay Unauthenticated SQL Injection Vulnerability XML External Entity (XXE) Vulnerability in Signiant Manager+Agents: Unauthorized Extraction of Internal Files Sysaid System Takeover: Authentication Bypass via /wmiwizard.jsp and /ConcurrentLogin.jsp Sysaid Open Redirect Vulnerability SysAid Help Desk Broken Access Control Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in Microweber GitHub Repository (prior to version 1.2.19) Cross-Site Scripting (XSS) Vulnerability in EcoStruxure Power Monitoring Expert (Versions 2020 and prior) Buffer Overflow Vulnerability in SmartConnect Family UPS Devices Authentication Bypass by Capture-replay Vulnerability in SmartConnect Family UPS Devices CWE-1021: Unintended Modifications via Deceptive UI Rendering in EcoStruxure EV Charging Expert Cross-Site Request Forgery (CSRF) Vulnerability in EcoStruxure EV Charging Expert Unauthorized Modification of Touch Configurations in spaceLYnk, Wiser for KNX, and fellerLYnk Information Disclosure Vulnerability in GitLab EE Allows Disclosure of Release Titles Excessive Authentication Attempts Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk CSRF Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk (V2.6.2 and prior) Cross-Site Scripting (XSS) Vulnerability in spaceLYnk, Wiser for KNX, and fellerLYnk CWE-798: Use of Hard-coded Credentials in Courier Tunneling Communication Network Privilege Escalation Vulnerability in MyASUS System Diagnosis Service (Before 3.1.2.0) Improper Initialization of ImagePath.Path in Pillow's path_getbbox Function Buffer Over-read Vulnerability in Pillow's path_getbbox Function Arbitrary Expression Evaluation Vulnerability in PIL.ImageMath.eval Improper Context Encoding in Django Template Tag Leads to XSS Vulnerability Buffer Overflow Vulnerability in NXP LPC55S6x Microcontrollers (ROM version 1B) CPU Consumption Vulnerability in LINE for Windows 7.4 and Earlier Path Traversal Vulnerability in NVIDIA NeMo ASR WebApp Allows Directory Deletion Integer Overflow in addBinding function in Expat XML Parser (libexpat) before 2.4.3 Integer Overflow in build_model function in Expat (libexpat) before 2.4.3 Integer Overflow in defineAttribute function in Expat (libexpat) before 2.4.3 Integer Overflow Vulnerability in Expat (libexpat) XML Parsing Library Integer Overflow in nextScaffoldPart in Expat (libexpat) before 2.4.3 Integer Overflow in storeAtts function in Expat (libexpat) before 2.4.3 Insecure Direct Object Reference in Synametrics SynaMan: Unauthorized File Access via Modified Filename Unauthorized User Creation via Manipulation of Authorization Header Unauthenticated Access to Authorization Data in Servisnet Tessa 0.0.2 Sensitive Information Disclosure in Servisnet Tessa 0.0.2 via /js/app.js Request XSLT Injection Vulnerability in OverIT Geocall XXE Vulnerability in OverIT Geocall Allows Arbitrary File Read Directory Traversal Vulnerability in CoreFTP Server before 727 Heap-based Buffer Overflow in Vim prior to version 9.0 Out-of-Bounds Read Vulnerability in LibTIFF 4.3.0 Insecure JWT Secret Key Sharing in QXIP SIPCAPTURE homer-app Unverified ID Matching Vulnerability in dnslib Package File Inclusion Vulnerability in Formpipe Lasernet before 9.13.3 Integer Overflow or Wraparound in Vim prior to 9.0 Stored XSS Vulnerability in Sourcecodtester Hospital's Patient Records Management System 1.0 Stored XSS Vulnerability in Sourcecodtester Hospital's Patient Records Management System 1.0 Stored XSS Vulnerability in Sourcecodtester Hospital's Patient Records Management System 1.0 Stored XSS Vulnerability in Hospital Patient Record Management System v1.0 Privilege Escalation Vulnerability in Hospital Patient Record Management System v1.0 Critical Out-of-bounds Read Vulnerability in vim/vim Repository (prior to 9.0) Cross-Site Scripting (XSS) Vulnerability in Gibbon CMS v22.0.01 Critical Out-of-bounds Read Vulnerability in vim/vim Repository (prior to 9.0) Critical Out-of-bounds Write Vulnerability in GitHub Repository vim/vim prior to 9.0 SQL Injection Vulnerability in Jeecg-boot v3.0 via /jeecg-boot/sys/user/queryUserByDepId Code Parameter SQL Injection Vulnerability in Jeecg-boot v3.0 via /sys/user/queryUserComponentData Code Parameter Hutool v5.7.18's HttpRequest Ignoring TLS/SSL Certificate Validation Vulnerability Stack Overflow Vulnerability in Jerryscript 3.0.0 via ecma_op_object_find_own Use After Free vulnerability in GitHub repository vim/vim prior to version 9.0 Assertion Failure in Jerryscript 3.0.0: Invalid Scanner Arguments SEGV Vulnerability in Jerryscript 3.0.0 via ecma_ref_object_inline in ecma-gc.c Assertion Failure in Jerryscript 3.0.0: Invalid Value Type Stack Overflow Vulnerability in Jerryscript 3.0.0 via vm_loop.lto_priv.304 Stack Overflow Vulnerability in Jerryscript 3.0.0 via ecma_lcache_lookup Heap Buffer Overflow in Jerryscript 3.0.0 via ecma_utf8_string_to_number_by_radix SQL Injection Vulnerability in ApolloTheme AP PageBuilder Component for PrestaShop Unauthenticated DoS Vulnerability in Core FTP / SFTP Server v2 Build 725 Reflected Cross-site Scripting (XSS) Vulnerability in zadam/trilium prior to 0.52.4, 0.53.1-beta Assertion Failure in JerryScript Commit a6ab5e9: parser_parse_function_arguments Information Disclosure Vulnerability in Sangfor VDI Client 5.4.2.1006 HotelDruid v3.0.3 Remote Code Execution (RCE) Vulnerability via Crafted Payload in Create New Room Module Cross-Site Scripting (XSS) Vulnerability in SourceCodester Hotel Management System 2.0 Prototype Pollution Vulnerability in Plist.parse() Allows for DoS and Remote Code Execution Path Traversal Vulnerability in FileManager Component of Ovidentia CMS 6.0 O2OA v6.4.7 Remote Code Execution (RCE) Vulnerability via /x_program_center/jaxrs/invoke SSO Login URL Redirection Vulnerability in Adenza AxiomSL ControllerView 10.8.1 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Hotel Management System 2.0 Session Key Vulnerability in TP-Link TL-WA850RE Wi-Fi Range Extender Hardcoded Shiro-Key Vulnerability in MCMS v5.2.4 Arbitrary Code Execution via File Upload in MCMS v5.2.4 New Template Module Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Sales Management System 1.0 Template Management Function RCE Vulnerability in MCMS v5.2.4 Improper Directory Validation in Maildir and Sieve File Repository Allows Unauthorized Access Path Traversal Vulnerability in Apache Karaf obr:* Commands and karaf-maven-plugin Run Goal Unauthenticated Arbitrary Pillar Data Substitution in SaltStack Salt Minion Authentication Denial of Service Vulnerability Replay Attack Vulnerability in SaltStack Salt Denial-of-Service Vulnerability in VMware Workstation and Horizon Client for Windows via Cortado ThinPrint Component Information Disclosure Vulnerability in VMware Cloud Foundation: Plain-text Logging of Credentials in SDDC Manager Logs WebRTC Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Vulnerability: Unauthorized Command Execution in SaltStack Salt Dangling 'file' Pointer Vulnerability in vmwgfx Driver Allows Local Privilege Escalation Uncontrolled Search Path Vulnerability in VMware Tools for Windows Stored Cross-Site Scripting (XSS) Vulnerability in VMware Workspace ONE Boxer VMware NSX Edge CLI Shell Injection Vulnerability Insecure TrustManager Configuration in Spring Cloud Gateway Code Injection Vulnerability in Spring Cloud Gateway vCenter Server Information Disclosure Vulnerability: Unauthorized Access to Sensitive Data Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome Denial of Service Vulnerability in Spring Framework VMware Carbon Black App Control Remote Code Execution Vulnerability File Upload Vulnerability in VMware Carbon Black App Control VMware HCX Information Disclosure Vulnerability Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager Authentication Bypass Vulnerabilities in VMware Workspace ONE Access OAuth2 ACS Framework Authentication Bypass Vulnerabilities in VMware Workspace ONE Access OAuth2 ACS Framework Remote Code Execution Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation through Malicious JDBC URI Deserialization Remote Code Execution Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation through Malicious JDBC URI Deserialization Cross-Site Request Forgery Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Use After Free Vulnerability in Chrome OS Shell Allows Remote Heap Corruption Privilege Escalation Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Information Disclosure Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation: Exposing Hostname VMware Horizon Agent for Linux: Local Privilege Escalation via Vulnerable Symbolic Link Remote Code Execution and Local Resource Access Vulnerability in Spring Cloud Function Routing Local Privilege Escalation in VMware Horizon Agent for Linux (prior to 22.x) via Vulnerable Configuration File Remote Code Execution (RCE) Vulnerability in Spring MVC and Spring WebFlux Applications Remote Code Execution Vulnerability in VMware Cloud Director Allows Unauthorized Server Access PAM Auth Bypass Vulnerability in SaltStack Salt Case Sensitivity Vulnerability in DataBinder DisallowedFields Pattern Denial-of-Service (DoS) Vulnerability in Spring Security OAuth 2.5.x and Older Versions Unrestricted File Upload Vulnerability in SourceCodester Clinics Patient Management System 2.0 File Upload DoS Vulnerability in Spring Framework Vulnerability: Denial of Service Attack in Spring Framework STOMP over WebSocket Endpoint Authentication Bypass Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Privilege Escalation Vulnerability in VMware Workspace ONE Access and Identity Manager LDAP Query Injection Vulnerability in Pinniped Supervisor Integer Overflow Vulnerability in Spring Security XML External Entity (XXE) Vulnerability in VMware Tools for Windows Authorization Bypass Vulnerability in Spring Security RegexRequestMatcher Denial-of-Service Vulnerability in Spring Cloud Function's Function Catalog Component Critical SQL Injection Vulnerability in SourceCodester Clinics Patient Management System 2.0 SpEL Injection Vulnerability in Spring Data MongoDB Application vCenter Server SSRF Vulnerability: Exploiting URL Requests and Internal Service Access Unprotected Storage of Credentials Vulnerability in VMware Workstation (16.x prior to 16.2.4) Command Injection Vulnerability in Snyk CLI and Plugins Injection Vulnerability in Web Application Allows Execution of Malicious Code Arbitrary OS Command Execution Vulnerability in Netcommunity OG410X and OG810X Series Hardcoded Private Key Vulnerability Enhanced File and Directory Permissions Mitigate Unauthorized Access Vulnerability Pre-Authenticated Stack Overflow Vulnerability in My Cloud OS 5 FTP Service Unsanitized SVG File Upload Vulnerability in Allow SVG Files WordPress Plugin My Cloud Devices: Limited Authentication Bypass Vulnerability with Remote Code Execution and Privilege Escalation Vulnerability: DNS Spoofing and Command Injection Exploit Leading to Unsecured HTTP Access on NAS Device Command Injection Remote Code Execution Vulnerability in Western Digital My Cloud Devices SSRF Vulnerability in Western Digital My Cloud Devices Allows Server Impersonation and Unauthorized Access Remote Code Execution Vulnerability in Western Digital My Cloud Devices Arbitrary Code Execution via SMB and AFP File Writing Vulnerability DLL Hijacking Vulnerability in G-RAID 4/8 Software Utility Setups for Windows Title: Mitigation of Remote Code Execution Vulnerability and Command Injection in My Cloud Home Devices Unsecured AWS Credentials: A Breach Waiting to Happen Cross-Site Scripting Vulnerability in Western Digital My Cloud Devices Allows Unauthorized Access and Data Manipulation Stored Cross-site Scripting (XSS) Vulnerability in Microweber GitHub Repository (prior to version 1.2.19) Weak SSLContext in Western Digital My Cloud Web App Allows Unauthorized Access to Port Forwarding Configuration Elliptic Curve Point Compression/Decompression Sign Bit Vulnerability Invalid Output Vulnerability in NIST P-256 Elliptic Curve Compression/Decompression Invalid Output Vulnerability in NIST P-256 Curve Computation Zero X Coordinate Vulnerability in NIST P-256 Curve: Limited Denial of Service UFS Boot Feature Vulnerability in Western Digital Systems Stack-based Buffer Overflow Vulnerability on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi Allows Unauthorized Access to /etc/version File Remote Code Execution via Undisclosed API Endpoints in NGINX Controller API Management Unauthorized Access to Managed BIG-IP Devices on BIG-IQ Centralized Management 8.x before 8.1.0 Buffer Over-read Vulnerability in GitHub Repository hpjansson/chafa prior to 1.10.3 Memory Resource Utilization Vulnerability in BIG-IP Virtual Server Configuration SYN Cookie Protection Vulnerability in BIG-IP Platforms HTTP/2 Profile Configuration Vulnerability in BIG-IP Versions 15.1.x and 14.1.x DOM-based Cross-Site Scripting (XSS) Vulnerability in BIG-IP DNS & GTM Configuration Utility Undisclosed Requests Vulnerability in BIG-IP APM Portal Access Memory Resource Utilization Vulnerability in BIG-IP Virtual Servers with Client SSL Profiles Undisclosed Requests Vulnerability in BIG-IP SSL Forward Proxy with TLS 1.3 Rapid Response Mode Vulnerability in BIG-IP Systems Undisclosed Requests Vulnerability in BIG-IP AFM Memory Resource Utilization Vulnerability in BIG-IP Virtual Server with Diameter Session and Router Profiles Lenze Cabinet Series: Password Bypass Vulnerability Undisclosed Requests Vulnerability in BIG-IP Version 16.1.x Vulnerability: Denial of Service in BIG-IP version 16.1.x before 16.1.2 Undisclosed Requests Vulnerability in BIG-IP Version 16.1.x Memory Resource Utilization Vulnerability in BIG-IP and BIG-IQ IPsec ALG Virtual Server Termination Vulnerability SIP ALG Profile Vulnerability in BIG-IP Software Unauthenticated User Data Upload Vulnerability in BIG-IP ASM & Advanced WAF Virtual Server Denial of Service Vulnerability TCP Connection Failure Vulnerability in BIG-IP AFM Memory Resource Utilization Vulnerability in BIG-IP Virtual Server with FastL4 Profile Bypassing 2FA Enforcement in GitLab CE/EE Increased CPU Resource Utilization in BIG-IP Virtual Edition with ixlv Driver and TCP Segmentation Offload Configuration Enabled XML External Entity (XXE) Vulnerability in F5 Advanced WAF and BIG-IP ASM Traffic Management User Interface (TMUI) DNS Rebinding Vulnerability in BIG-IP APM System Insecure Guest Physmap Removal in Arm Architecture XSA-380: Denial of Service Vulnerability in Xen Hypervisor Interrupt Handling Vulnerability in x86 HVM Guests Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Stack-based Buffer Overflow in Vim Prior to Version 9.0 Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Multiple Vulnerabilities in Linux PV Device Frontends Authenticated Admin User Bypasses File Upload Restriction in Zenario CMS 9.2 CSRF Vulnerability in Tiny File Manager version 2.4.8 Persistent XSS vulnerability in PhpIPAM v1.4.4 via Site title parameter injection SQL Injection Vulnerability in PhpIPAM v1.4.4 via subnet parameter in app/admin/routing/edit-bgp-mapping-search.php Persistent JavaScript Injection in Exponent CMS 2.6.0patch2 Site Settings Arbitrary Remote Code Execution in Exponent CMS 2.6.0patch2 Persistent JavaScript Injection in Exponent CMS 2.6.0patch2 via User-Agent Header Stored Cross-Site Scripting Vulnerability in WordPress Popup WordPress Plugin DLL Hijack Vulnerability in ManageEngine AppManager15 (Build No:15510) Persistent JavaScript Injection Vulnerability in PeteReport Version 0.5 CSRF Vulnerability in PeteReport Version 0.5 Allows Unauthorized Deletion of Users, Products, Reports, and Findings Stored XSS vulnerability in Openmct's Condition Widget element allows for malicious JavaScript injection Stored XSS vulnerability in Openmct Summary Widget allows for JavaScript injection Missing Authorization in ERPNext Chat Rooms: Impersonation and Unauthorized Message Access Stored XSS Vulnerability in ERPNext Patient History Page Allows Account Takeover Stored Cross-Site Scripting (XSS) Vulnerability in ERPNext Versions v12.0.9--v13.0.3 Stored XSS Vulnerability in ERPNext Versions v12.0.9-v13.0.3 Allows Account Takeover Stored Cross Site Scripting (XSS) Vulnerability in Shopizer 2.0 - 2.17.0 via Manage Images Tab Session Token Reuse Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in Shopizer 2.0 - 2.17.0: File Injection Exploit Insecure Direct Object Reference (IDOR) Vulnerability in Shopizer Versions 2.0 to 2.17.0 Allows Regular Admins to Permanently Delete Superadmins Insufficient Session Expiration in Shopizer Versions 2.3.0 to 3.0.1 Host Header Injection Vulnerability in Snipe-IT: Account Takeover via Password Reset Token Leak Stored XSS Vulnerability in Vendure: Uploading Malicious SVG Files via Assets Tab Solana rBPF Incorrect Calculation Vulnerability Token Leakage via Referer Header in ToolJet Versions v0.5.0 to v1.2.2: Account Takeover Vulnerability HTML Injection Vulnerability in ToolJet Versions v0.6.0 to v1.10.2 Vulnerability: Retention of Usable Group Access Token after Group Deletion in GitLab CE/EE Vulnerability: Server Side Request Forgery (SSRF) in Recipes' Import Recipe Functionality Stored Cross-Site Scripting (XSS) Vulnerability in Recipes' Add to Cart Functionality Stored Cross-Site Scripting (XSS) Vulnerability in Recipes Application's Copy to Clipboard Functionality Stored Cross-Site Scripting (XSS) Vulnerability in Recipes 0.17.0 - 1.2.5 DOM XSS Vulnerability in Habitica Login Page (Versions v4.119.0 - v4.232.2) Open Redirect Vulnerability in Habitica Login Page Host Header Injection in Motor-Admin Password Reset Functionality Uninitialized Memory Leak Vulnerability in vDPA with VDUSE Backend Server-Side Request Forgery (SSRF) Vulnerability in Directus Media Upload Functionality Reflected XSS Vulnerability in OpenLibrary Versions deploy-2016-07-0 through deploy-2021-12-22 Path Traversal Vulnerability in CureKit Versions v1.0.1 - v1.1.3 XSS Vulnerability in NetMaster 12.2 Network Management and File Transfer Management Time-of-check to time-of-use bug in nmreq_copyin() leading to kernel memory corruption and potential host environment compromise Integer Overflow Vulnerability in nmreq_copyin() Function Heap Data Overwrite Vulnerability in mpr, mps, and mpt Drivers Vulnerability: Memory Overwrite in e1000 Network Adapters Remote Code Execution Vulnerability in FreeBSD Wi-Fi Client Scanning Mode Out-of-Bound Read Vulnerability in proc_getargv() Function NULL Pointer Dereference Vulnerability in lxml and libxml2 2.9.10 through 2.9.14 Use After Free Vulnerability in aio_aqueue Function Memory Leakage Vulnerability in Virtual Memory System Memory Overwrite Vulnerability in lib9p's RWALK Message Handling Buffer overflow vulnerability in ping's pr_pack() function Denial of Service Vulnerability in Libreswan 4.2 through 4.5 Memory Corruption Vulnerability in Open Design Alliance Drawings SDK Out-of-Bounds Read Vulnerability in Connman DNS Proxy Out-of-Bounds Read Vulnerability in Connman DNS Proxy Infinite Loop Vulnerability in Connman DNS Proxy Block-wise read XSS vulnerability in OX App Suite through 7.10.6 Authentication Bypass Vulnerability in Skyhigh SWG Allows Unauthorized Access to Admin Interface OS Command Injection in OX App Suite Documentconverter Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.6 via Deep Link in E-mail Open Redirect Vulnerability in SINEMA Remote Connect Server (All versions < V2.0) Allows for Phishing Attacks Stack-Based Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Local Privilege Escalation Vulnerability in WIN-911 2021 R1 and R2 Unencrypted Transmission of Data in Jenkins Active Directory Plugin Insecure Token Validation in Jenkins Configuration as Code Plugin Arbitrary File Write and Read Vulnerability in Jenkins Warnings Next Generation Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Badge Plugin 1.9 and Earlier Unmasked Vault Credentials in Jenkins Pipeline Logs and Step Descriptions Reflected Cross-Site Scripting in Find and Replace All WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Publish Over SSH Plugin Jenkins Publish Over SSH Plugin CSRF Vulnerability: Unauthorized SSH Server Access Vulnerability: Unauthorized SSH Server Connection in Jenkins Publish Over SSH Plugin Path Traversal Vulnerability in Jenkins Publish Over SSH Plugin Unencrypted Password Storage in Jenkins Publish Over SSH Plugin CSRF Vulnerabilities in Jenkins Batch Task Plugin 1.19 and Earlier: Unauthorized Access and Control Jenkins Conjur Secrets Plugin: Agent Process Control Vulnerability Jenkins Conjur Secrets Plugin: Unauthorized Retrieval of Stored Credentials Arbitrary OS Command Execution in Jenkins Debian Package Builder Plugin Directory Traversal Vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux CSRF and Stored XSS Vulnerabilities in Student Result or Employee Database WordPress Plugin Privilege Escalation and Arbitrary Code Execution Vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux Remote Code Execution in Netatalk via AppleDouble Entries (ZDI-CAN-15819) Remote Code Execution Vulnerability in Netatalk (ZDI-CAN-15837) Remote Code Execution Vulnerability in Netatalk (ZDI-CAN-15830) Remote Code Execution Vulnerability in Netatalk (ZDI-CAN-15870) Remote Code Execution in Netatalk via copyapplfile Function (ZDI-CAN-15869) TeslaMate Docker Configuration Vulnerability: Unauthorized Access and Control of Tesla Vehicles Cross-Site Scripting Vulnerability in Mitsubishi Electric MC Works64 and ICONICS MobileHMI WebSocket Authentication Bypass Vulnerability in Mitsubishi Electric MC Works64, ICONICS GENESIS64, Hyper Historian, AnalytiX, and MobileHMI Plaintext Storage of Passwords in Mitsubishi Electric MC Works64 and ICONICS GENESIS64 DLL Hijacking Vulnerability in MA Smart Installer for Windows Buffer Over-read Vulnerability in Mitsubishi Electric MC Works64, ICONICS GENESIS64, and ICONICS Hyper Historian SAML SSO Authentication Vulnerability: Privilege Escalation and Admin Access in Zabbix Frontend Zabbix RPM Installation Vulnerability: DAC_OVERRIDE SELinux Capability Bypass XSS Vulnerability Allows Session Hijacking and Account Takeover via Hosts Group Creation Unauthenticated Access to Critical Setup Steps in Zabbix Frontend Directory Traversal Vulnerability in ZTE Home Gateway Products Stored XSS Vulnerability in ZTE Home Gateway Allows Remote Code Execution ZXCDN Product Reflective XSS Vulnerability Weak Random Value Generation Vulnerability in ZTE MF297D ZXMP M721 Product Permission and Access Control Vulnerability Arbitrary PHP Function Execution Vulnerability in VR Calendar WordPress Plugin Information Leak Vulnerability in ZXMP M721 DoS Vulnerability in ZXEN CG200: Product Management Websites Unavailable ZTE OTCP Product Permission and Access Control Vulnerability ZTE ZXvSTB Product: Broken Access Control Vulnerability Allows Deletion of Default Application Type Unauthenticated SQL Injection Vulnerability in Database Software Accreditation Tracking/Presentation Module (Before Version 2) Unrestricted File Upload Vulnerability in Dell Wyse Management Suite Versions 2.0-3.5.2 Improper Authentication Vulnerability in Wyse Device Agent Version 14.6.1.4 and Below Sensitive Data Exposure Vulnerability in Wyse Device Agent 14.6.1.4 and Below Sensitive Data Exposure Vulnerability in Wyse Device Agent 14.6.1.4 and Below Dell PowerScale OneFS Memory Release Vulnerability HTML Injection Vulnerability in Devolutions Server (before 2022.2): Altering Page Rendering and Redirecting Users Dell PowerScale OneFS Improper Handling of Insufficient Permissions Vulnerability Denial-of-Service Vulnerability in Dell PowerScale OneFS SmartConnect Dell PowerScale OneFS Denial of Service Vulnerability Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) Vulnerability Sysaid Local File Inclusion (LFI) Vulnerability: Unauthorized System Access via /lib/tinymce/examples/index.html Path Unauthenticated Local File Inclusion (LFI) Vulnerability in mobile/downloadfile.aspx SQL Injection Vulnerability in Login Panel SQL Injection Vulnerability in Admin Panel's agentid Parameter Insufficient Parameter Checking in Simple Membership WordPress Plugin Allows Membership Manipulation at Registration Stage XML External Entity Injection Vulnerability in SysAid - Okta SSO Integration Privilege Escalation via Named Pipe Messages in AtlasVPN Client User Enumeration Vulnerability Privilege Escalation via Prog Step Parameter Manipulation Remote Privilege Escalation in WatchGuard Firebox and XTM Appliances Unauthenticated Disclosure of User Credentials in Crestron HD-MD4X2-4K-E 1.0.0.2159 HDMI Switcher Cross-Site Scripting Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin Use-After-Free Vulnerabilities in Linux Kernel Timer Handler Unauthenticated User Access and Settings Modification Vulnerability in Contact Form & Lead Form Elementor Builder WordPress Plugin Time of Check, Time of Use Vulnerability in Apache Tomcat with FileStore Session Persistence Improper Access Control in Intel(R) Data Center Manager Software: Potential Privilege Escalation via Adjacent Access Unauthorized Database Access Vulnerability in Advanced Custom Fields Open Redirect Vulnerability in Octopus Server Adobe Illustrator Out-of-Bounds Write Vulnerability Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Illustrator (CVE-2021-XXXX) Buffer Overflow Vulnerability in Adobe Illustrator: Arbitrary Code Execution Null Pointer Dereference Vulnerability in Adobe Illustrator: Application Denial-of-Service via Malicious File Xorg-x11-server Out-of-Bounds Access Vulnerability in ProcXkbSetGeometry Function Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Null Pointer Dereference Vulnerability in Adobe Illustrator: Application Denial-of-Service via Malicious File Null Pointer Dereference Vulnerability in Adobe Illustrator: Application Denial-of-Service via Malicious File Privilege Escalation and Arbitrary Code Execution in Xorg-x11-server Out-of-Bounds Write Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe RoboHelp 2020.0.7 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Creative Cloud Desktop Software Buffer Overflow Vulnerability in Adobe Photoshop: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Premiere Rush Versions 2.0 and Earlier Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Apache Traffic Control Traffic Ops Unprivileged User Port Scanning Vulnerability GitHub Repository Nakama Prior to 3.13.0: Login Brute-Force Vulnerability Buffer Overflow Vulnerability in svcunix_create Function of glibc Buffer Overflow Vulnerability in clnt_create Function of glibc Arbitrary Code Execution Vulnerability in USBView 2.1 Arbitrary Code Execution in H2 Console (CVE-2021-42393) Privilege Escalation via Pointer Arithmetic in Linux Kernel (CVE-2021-44252) Apache ShenYu 2.4.0 and 2.4.1 Password Disclosure Vulnerability Unauthenticated Arbitrary User Addition and Code Execution Vulnerability in NUUO NVRmini2 through 3.11 Improper WebRTC Input Validation in Pexip Infinity before 27.0 Allows Remote Denial of Service Remote Code Execution Vulnerability in SonicWall Switch 1.1.1.0-2s and Earlier Versions Vulnerability: Unauthorized S3 Access for Disabled User Accounts in StorageGRID StorageGRID (formerly StorageGRID Webscale) < 11.6.0 Denial of Service (DoS) Vulnerability SnapCenter Local Authentication Vulnerability: Exposing Plaintext HANA Credentials Information Disclosure Vulnerability in Active IQ Unified Manager Plaintext Storage of LDAP BIND Password in E-Series SANtricity OS Controller Software Host Header Injection Vulnerability in E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 Vulnerability in Linux Deployments of StorageGRID: Unauthorized Access and Email Modification Stored Cross-Site Scripting (XSS) Vulnerability in Active IQ Unified Manager Bypass of Capture ATP Security Service in SonicWall Hosted Email Security Appliance Unauthorized EMS Subscription Update Vulnerability in Active IQ Unified Manager SnapLock Configured FlexGroups Vulnerability: Arbitrary Modification and Deletion of WORM Data Remote Code Execution Vulnerability in TeamViewer Linux Versions Stored Cross-Site Scripting Vulnerability in Invitation Based Registrations WordPress Plugin Exposed Secrets: Microsoft Office Information Disclosure Vulnerability PPTP DoS Vulnerability in Windows OS Power BI Data Exposure Vulnerability Android OneDrive Security Feature Bypass Vulnerability Azure Data Explorer Spoofing Vulnerability: Exploiting Trust in Data Sources Hyper-V Remote Code Execution Vulnerability in Windows Edge for Android Spoofing Vulnerability Exposes Users to Phishing Attacks Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 On-Premises Email Invite Vulnerability in GitLab CE/EE Versions Before 15.2.1 EdgeTamper: A Critical Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Critical Remote Code Execution Vulnerability in Microsoft Defender for IoT Guardian Breached: Microsoft Defender for IoT Elevation of Privilege Vulnerability Exposed .NET and Visual Studio DoS Vulnerability: Exploiting Software Resource Exhaustion Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Unauthenticated Spoofing Vulnerability in Microsoft Dynamics GP Vulnerability: Inconsistent Identity Handling in io_uring Operations Pervasive Windows PPTP Remote Code Execution Vulnerability Unauthenticated Elevation of Privilege Vulnerability in Microsoft Dynamics GP Unauthenticated Elevation of Privilege Vulnerability in Microsoft Dynamics GP Unauthenticated Elevation of Privilege Vulnerability in Microsoft Dynamics GP Exploiting the Microsoft Dynamics GP Remote Code Execution Vulnerability Containerized SQL Server for Linux: Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Microsoft Defender for Endpoint Spoofing Vulnerability: Exploiting Trust in Endpoint Security ALPC Privilege Escalation Vulnerability in Windows Cross-Site Scripting (XSS) Vulnerability in Flexi Quote Rotator WordPress Plugin Outlook for Mac Security Feature Bypass Vulnerability Windows Common Log File System Driver Information Leakage Vulnerability Exploiting the Paint 3D Remote Code Execution Vulnerability ALPC Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Critical Remote Desktop Client Vulnerability Allows Remote Code Execution Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability ALPC Privilege Escalation Vulnerability in Windows Windows DWM Core Library Privilege Escalation Vulnerability Heap-based Buffer Overflow Vulnerability in IGSS Data Server (Versions prior to V15.0.0.22073) Windows Inking COM Privilege Escalation Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Power BI Spoofing Vulnerability: Impersonation Exploit in Microsoft's Business Intelligence Platform Windows Fast FAT File System Driver Privilege Escalation Vulnerability Tracing the Danger: Windows Event Remote Code Execution Vulnerability Raw Image Extension RCE Vulnerability Windows Installer Privilege Escalation Vulnerability Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Windows NT OS Kernel Elevation of Privilege Vulnerability: A Critical Security Flaw Windows PDEV Elevation of Privilege Vulnerability: Exploiting System Weaknesses XML External Entity (XXE) Reference Vulnerability in DLP Endpoint for Windows prior to 11.9.100 Raw Image Extension RCE Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Vulnerability: Remote Code Execution via JMSSink in Log4j 1.x Vulnerability: Side Channel Attacks in SAE Implementations Vulnerability: Side-Channel Attacks in EAP-pwd Implementations SQL Injection Vulnerability in Log4j 1.2.x JDBCAppender Deserialization Vulnerability in Apache Chainsaw and Apache Log4j Use-After-Free Vulnerability in libxml2's valid.c Cross-Site Scripting (XSS) Vulnerability in Spectrum Power 4 Online Help SQL Injection Vulnerability in MCMS v5.2.4 via /ms/mdiy/model/importJson.do Arbitrary File Upload Vulnerability in MCMS v5.2.4 via /ms/template/writeFileContent.do Component Arbitrary File Read Vulnerability in taoCMS v3.0.2 CobaltStrike <=4.5 HTTP(S) Listener URL Validation Vulnerability Heap Buffer Overflow in pcf2bdf: Exploiting Unsafe Memory Access in PCF Font Files PCF File Parsing Vulnerability: Triggering Program Crash via Specially Crafted Font File Insecure Permission Assignment Vulnerability in Honeywell SoftMaster 4.51 Authentication Bypass and SQL Injection Vulnerability in XMPie uStore 12.3.7244.0 Persistent XSS Vulnerability in XMPie UStore Application (Version 12.3.7244.0) Ethereum Node DoS Vulnerability: Exploiting Transaction Purging Flaw Denial of Service (DoS) Vulnerability in Go-Ethereum: Exploiting Memory Pool Occupation Arbitrary Command Execution Vulnerability in UJCMS Jspxcms v10.2.0 DLL Hijacking Vulnerability in Honeywell SoftMaster Version 4.51 Application Remote Code Execution (RCE) Vulnerability in jpress v4.2.0 HelloWorldAddonController.java Critical Security Vulnerability in DataEase v1.6.1: Unauthorized Access and Password Manipulation Remote Command Injection Vulnerability in Shenzhen Ejoin ACOM508/ACOM516/ACOM532 Manual Ping Form Weak Signature Checks in Ip-label Newtest Robot Application Allow Privilege Escalation SQL Injection Vulnerability in Metinfo v7.5.0 via doModifyParameter in language_general.class.php SQL Injection Vulnerability in S-CMS v5.0 via member_pay.php O_id Parameter SQL Injection Vulnerability in DedeCMS v5.7.87 via article_coonepage_rule.php DLL Hijacking Vulnerability in Softing Secure Integration Server V1.22 Remote Code Execution in Joplin 2.6.10 through User Search Results Username Enumeration Vulnerability in Hyland OnBase Application Server Incorrect Access Control in BigAnt Server v5.6.06 Incorrect Access Control Issues in BigAnt Server v5.6.06 Directory Traversal Vulnerability in BigAnt Server v5.6.06 Weak Password Hashes in BigAnt Server v5.6.06 Cross-Site Request Forgery (CSRF) Vulnerability in BigAnt Server v5.6.06 Denial-of-Service Vulnerability in Softing Secure Integration Server V1.22 Cross-Site Scripting (XSS) Vulnerability in BigAnt Server v5.6.06 Denial of Service (DoS) Vulnerability in BigAnt Server v5.6.06 Directory Traversal Vulnerability in mozilo2.0 via curent_dir Parameter SQL Injection Vulnerability in EasyCMS v1.6 via ArticlemAction.class.php Default Administrator Credentials in Softing Secure Integration Server Software SQL Injection Vulnerability in Online Banking System v1.0 via index.php SQL Injection Vulnerability in HMS v1.0's adminlogin.php SQL Injection Vulnerability in HMS v1.0 via doctorlogin.php SQL Injection Vulnerability in HMS v1.0's patientlogin.php DOM-based XSS Vulnerability in Fulusso v1.1's SuccessTips.js Missing HTTP URI in Crafted HTTP Packet Vulnerability in Softing Secure Integration Server V1.22 Authenticated Remote Code Execution in WikiDocs v0.1.18 via Image Upload Form Multiple Reflected XSS Vulnerabilities in WikiDocs Version 0.1.18 Local File Inclusion Vulnerability in Archeevo Below 5.0: Exploiting file=~/web.config Cross-Site Scripting (XSS) Vulnerability in TastyIgniter 3.2.2 SQL Injection Vulnerability in Emlog v6.0 via $TagID Parameter Authentication Bypass via Machine-in-the-Middle Attack in Softing Secure Integration Server V1.22 SQL Injection Vulnerability in Taocms 3.0.2 - Parameter id:action=admin&id=2&ctrl=edit Denial of Service Vulnerability in Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 Broken Access Control in YzmCMS v6.3 Allows Unauthorized Access to User's Personal Home Pages Cross-Site Request Forgery (CSRF) Vulnerability in YzmCMS v6.3 /admin.add SQL Blind Injection Vulnerability in taocms 3.0.2 Remote Code Execution (RCE) Vulnerability in PublicCMS v4.0 via cmdarray Parameter SSRF Vulnerability: Exploiting Internal Address Access for Unauthorized Data Leakage Arbitrary File Upload Vulnerability in BBS Forum v5.3 and below Cross-Site Scripting (XSS) Vulnerability in Pybbs v6.0 via Crafted Search Payload Prototype Pollution in jQuery Cookie 1.4.1: Exploiting DOM XSS Vulnerability Reflected Cross-Site Scripting Vulnerability in Cedar Gate EZ-NET Portal 6.5.5 6.8.0 Stack-based Buffer Overflow Vulnerability in TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Stored Cross-Site Scripting Vulnerability in W-DALIL WordPress Plugin Stack-based Buffer Overflow in Accusoft ImageGear 19.10's IGXMPXMLParser::parseDelimiter Functionality Insecure DLL Loading Vulnerability in Yokogawa Electric Products Hard-coded Password Vulnerability in Yokogawa Electric CAMS Server Applications Denial of Service Vulnerability in Intel(R) Data Center Manager Software Non-Random IV Values Vulnerability in wolfSSL 5.x before 5.1.1 Arbitrary File Read Vulnerability in Logs Plugin for Craft CMS Stored Cross-Site Scripting Vulnerability in Simple Page Transition WordPress Plugin Remote Code Execution and Local Privilege Escalation via DLL Hijacking in AXIS IP Utility Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository outline/outline prior to v0.64.4 Exynos Baseband Vulnerability: Arbitrary NAS Signaling Message Injection File Access Vulnerability in DeX Home and DeX for PC: Exploiting PendingIntent for System Privilege Escalation KnoxPrivacyNoticeReceiver Implicit Intent Media Access Vulnerability Arbitrary Memory Write and Code Execution Vulnerability in eden_runtime hal Service Audio HAL Service Vulnerability: Improper Boundary Check Leading to Memory Read and Application Crash Heap-based Buffer Overflow in Vim prior to 9.0.0044 Boundary Check Vulnerability in RPMB ldfw Prior to SMR Feb-2022 Release 1 Enables Arbitrary Memory Write and Code Execution Arbitrary Memory Write and Code Execution Vulnerability in RPMB ldfw Improper Access Control Vulnerability in Reminder App Allows Remote Reminder Registration and Activity Execution Bixby Vision PendingIntent Hijacking Vulnerability Denial of Service Vulnerability in Android-Gif-Drawable Infinite Loop Vulnerability in Apache Xerces Java XML Parser (XercesJ) Captive Portal Authentication Replacement Page XSS Vulnerability in FortiOS Heap-based Buffer Overflow in Vim Prior to 9.0.0045 Vulnerability: Hard-coded Cryptographic Key in FortiEDR Collectors Vulnerability: Hard-coded Cryptographic Key Allows Network Impersonation and Message Forgery in FortiEDR Improper Access Control Allows Gathering Checksum Information in FortiOS Versions 6.2.0-6.2.11, 6.4.0-6.4.8, and 7.0.0-7.0.5 Improper Access Control in Fortinet FortiSOAR Allows Unauthenticated Access to Gateway API Data Improper Resource Control Vulnerability in Fortinet FortiEDR 5.0.3 and Earlier Path Traversal Vulnerability in FortiExtender Management Interface Improper Permissions Assignment Vulnerability in SIMATIC Energy Manager Basic and PRO DLL Hijacking Vulnerability in SIMATIC Energy Manager Basic and PRO (All versions < V7.3 Update 1) GitHub Repository vim/vim: Use After Free Vulnerability (CVE-XXXX-XXXX) Insecure Deserialization Allows Remote Code Execution in SIMATIC Energy Manager OpenStack-Barbican Authorization Flaw: Unrestricted Access to Secret Metadata API OpenStack-Barbican Authorization Flaw: Admin Role Privilege Escalation and Denial of Service Vulnerability Critical Security Vulnerabilities Discovered in HP Support Assistant: Privilege Escalation, Integrity Compromise, and Unauthorized File Modification Critical Security Vulnerabilities Discovered in HP Support Assistant: Privilege Escalation, Integrity Compromise, and Unauthorized File Modification Critical Security Vulnerabilities Discovered in HP Support Assistant: Privilege Escalation, Integrity Compromise, and Unauthorized File Modification Arbitrary File Deletion Vulnerability in HP Support Assistant Software Improper Control-Flow Bypass in ESAPI Validator.getValidDirectoryPath() Cross-Site Scripting Vulnerability in Toast UI Grid (Versions prior to 4.21.3) Memory Corruption Vulnerability in Jsonxx/Json++ Vulnerability: Unauthorized Access to Extension Endpoints in Octopus Deploy Stack Exhaustion Vulnerability in jsonxx JSON Parser Jodit Editor XSS Vulnerability Stack Buffer Overflow Vulnerability in IOWOW Library Allows for Denial of Service (DOS) SpEL Injection Vulnerability in Nepxion Discovery Server-Side Request Forgery (SSRF) vulnerability in Nepxion Discovery Arbitrary Command Execution via Window Title Modification in SwiftTerm DOM-based Cross-Site Scripting (XSS) Vulnerability in teler Dashboard Stack Address Leakage Vulnerability in OpenRazer Buffer Overflow Vulnerability in xrdp < v0.9.21 Authorization Header Leakage in Traefik Debug Logs Unbounded Length Field Vulnerability in UBoot's USB DFU Implementation Arbitrary File Read Vulnerability in Galaxy 22.01 and Higher Memory Exhaustion Vulnerability in containerd's CRI Implementation Insecure Random Number Generation in Passeo Password Generator (Versions < 1.0.5) Improper Authorization Verification in Tuleap MediaWiki Standalone Plugin Code Injection via Pasted Input in Editor.js (Versions prior to 2.26.0) Vulnerability: Account Takeover in daloRadius 1.3 and prior versions Null Pointer Exception in Nokogiri XML Reader's attribute_hash Method Buffer Overflow Vulnerability in xrdp < v0.9.21's audin_send_open() Function Out of Bound Write Vulnerability in xrdp < v0.9.21 Buffer Overflow Vulnerability in xrdp < v0.9.21 Buffer Overflow Vulnerability in xrdp < v0.9.21 Out of Bound Read Vulnerability in xrdp < v0.9.21 Out of Bound Read Vulnerability in xrdp < v0.9.21 Out of Bound Read Vulnerability in xrdp < v0.9.21 Integer Overflow Vulnerability in xrdp_mm_process_rail_update_window_text() Function Multiple Account Creation and Unauthorized Organization Access via Manipulated Invite Link in Sentry Python Library Memory Exhaustion Denial of Service Vulnerability in libp2p-rust (versions prior to 0.45.1) Resource Exhaustion Vulnerability in js-libp2p Versions Prior to v0.38.0 Unenforced Moderators-Only Webcams Lock Setting in BigBlueButton Sensitive Information Exposure in BigBlueButton Polls Vulnerability: TrustCor Root Certificates Removed from Certifi's Trust Store Vulnerability: Targeted Resource Exhaustion Attacks in go-libp2p (Versions <= 0.18.0) Out of Bound Read Vulnerability in xrdp < v0.9.21 Cross-Site Scripting (XSS) Vulnerability in TinyMCE Alert and Confirm Dialogs Panic-inducing Encode Errors in go-merkledag's ProtoNode ArrayIndexOutOfBoundsException in Yauaa Library Leads to Application Crash Remote User Access to FreshRSS Configuration Files Exposes Hashed Passwords Session Hijacking Vulnerability in Grafana Cross-Site Scripting (XSS) Bypass in typo3/html-sanitizer Unauthenticated User Blocking Vulnerability in Disable User Login WordPress Plugin Recursive Amplification Vulnerability in TYPO3 Versions Prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 Improper Authentication Vulnerability Session Revocation Vulnerability in TYPO3 Code Injection Vulnerability in TYPO3 Form Designer Backend Module TYPO3 Sensitive Information Disclosure Vulnerability Passport-wsfed-saml2 Authentication Bypass Vulnerability Exposure of AWS Credentials in Spinnaker's Rosco Packer Logs Improper Verification of Cryptographic Signature in Tendermint Light Client Unauthenticated Access to S3 Bucket in Weave GitOps Run Unencrypted Communication Vulnerability in Weave GitOps Cross-Site Scripting (XSS) Vulnerability in Post SMTP Mailer/Email Log WordPress Plugin Arbitrary SQL Execution Vulnerability in Cube.js 0.31.23 Privilege Escalation Vulnerability in Amazon CloudWatch Agent for Windows Path Injection Vulnerability in MeterSphere Versions Prior to 2.4.1 Unauthorized Query Search Vulnerability in Pi-Hole AdminLTE Denial of Service Vulnerability in Loofah < 2.19.1 Cross-Site Scripting (XSS) Vulnerability in Loofah <= 2.19.1 via image/svg+xml Media Type in Data URIs Stack Exhaustion Vulnerability in Loofah Library Denial of Service Vulnerability in rails-html-sanitizer < 1.4.4 Cross-Site Scripting (XSS) Vulnerability in rails-html-sanitizer Possible XSS vulnerability in rails-html-sanitizer prior to version 1.4.4 Unauthenticated Blind SSRF Vulnerability in Post SMTP Mailer/Email Log WordPress Plugin Incomplete Fix for XSS Vulnerability in rails-html-sanitizer (CVE-2022-32209) Arbitrary Heap Read/Write Vulnerability in Git's Parsing of gitattributes TarSlip vulnerability in MindsDB's `shutil.unpack_archive()` function allows for unintended file extraction and overwriting outside of the intended destination directory Infinite Loop Vulnerability in linux-loader Crate Uncontrolled Resource Consumption in Helm SDK's _strvals_ Package Leads to Denial of Service NULL Pointer Dereference Vulnerability in Helm _repo_package NULL Pointer Dereference Vulnerability in Helm Chartutil Package Open Redirect vulnerability in mod_auth_openidc prior to 2.4.12.2 Cross-Site Request Forgery and Token Theft Vulnerability in Microweber v1.2.20 Arbitrary File Write Vulnerability in GuardDog v0.1.7 and earlier GuardDog CLI Tool Relative Path Traversal Vulnerability Path Traversal Vulnerability in Neo4j's APOC Export Procedures Deserialization of Untrusted Data in LiteDB Remote File Read Vulnerability in Cortex Alertmanager Configuration API Buffer Overread Vulnerability in PJSIP's STUN Message Parsing Vulnerability: Leakage of HTTP Authorization Header in scs-library-client Insecure Key Type Misconfiguration in `jsonwebtoken` Library (<=8.5.1) Arbitrary Command Execution Vulnerability in WP-DBManager WordPress Plugin Signature Validation Bypass in jsonwebtoken Library (<=8.5.1) due to Defaulting to None Algorithm Vulnerability: Insecure Key Retrieval in JSON Web Tokens (JWT) Verification Authorization Bypass Vulnerability in OpenFGA 0.3.0 Cross-Site Scripting (XSS) vulnerability in Silverware Games' YouTube video embedding Server-Side Request Forgery leading to Cross-Site Scripting in MeterSphere v2.5.0 and below Information Leakage Vulnerability in Discourse 2.9.0.beta14 Allows Admin Digest Exposure Buffer Overread Vulnerability in PJSIP's STUN Message Parsing Regular Expression Denial of Service (ReDoS) Vulnerability in Discourse HTML comment bypass allows creation of posts with excessive length in Discourse CSRF Vulnerability in Easy Username Updater WordPress Plugin Allows Unauthorized Username Changes Vulnerability: Bypassing NMI Validation in AAD Pod Identity Stored XSS Vulnerability in Grafana GeoMap Plugin URL Access Filter Bypass in Alpine Library (CVE-2021-12345) Alpine Authentication Filter Bypass Vulnerability Improper Authentication in authentik Identity Provider allows Access Control Bypass via Token Reuse in Invitation URLs IP Address Spoofing Vulnerability in CodeIgniter Division by Zero Vulnerability in TensorFlow's BiasAndClamp Implementation Integer Overflow Vulnerability in TfLiteIntArrayCreate in TensorFlow Integer Overflow Vulnerability in TFLite Model Embedding Lookup Operations Unfiltered File Extension Upload Vulnerability in Frontend File Manager & Sharing WordPress Plugin TFLite Model Conversion Vulnerability Allows Limited Reads and Writes Arbitrary Write Vulnerability in TFLite Memory Allocator Integer Overflow Vulnerability in TensorFlow's `Range` Implementation Vulnerability: TOC/TOU Weakness in TensorFlow's Use of `tempfile.mktemp` Denial of Service Vulnerability in TensorFlow Resource Handle Decoding Denial of Service Vulnerability in TensorFlow via Assertion Failure Heap OOB Write Vulnerability in TensorFlow's Grappler Vulnerability: Integer Overflow in Sparse*Cwise* Ops in TensorFlow Integer Overflow Vulnerability in `AddManySparseToTensorsMap` Function in TensorFlow Denial of Service Vulnerability in TensorFlow Operations WSM Downloader WordPress Plugin Allows Unauthorized Remote File Download Null-dereference vulnerability in TensorFlow's protobuf decoding Denial of Service Vulnerability in TensorFlow's Protobuf Decoding Failure to Specialize Type during Shape Inference in TensorFlow Uninitialized Data Copy Vulnerability in TensorFlow's `AssignOp` Implementation Heap OOB Read/Write Vulnerability in TensorFlow's `SpecializeType` Integer Overflow Vulnerability in Tensorflow's OpLevelCostEstimator::CalculateTensorSize Integer Overflow Vulnerability in OpLevelCostEstimator::CalculateOutputSize in TensorFlow Null Pointer Dereference Vulnerability in TensorFlow's `GetInitOp` Implementation Memory Leak Vulnerability in TensorFlow's `ImmutableExecutorState::Initialize` Implementation Denial of Service Vulnerability in TensorFlow's Grappler Optimizer TensorFlow Shape Inference Vulnerability in User-Controlled Tensors Denial of Service Vulnerability in TensorFlow's Grappler Optimizer Denial of Service Vulnerability in TensorFlow's SavedModel with TensorByteSize Denial of Service Vulnerability in TensorFlow's SavedModel Binary Operator Use after free vulnerability in TensorFlow's PNG image decoding Memory Leak Vulnerability in TensorFlow's PNG Image Decoding Denial of Service Vulnerability in TensorFlow's SavedModel Assertion Handling Integer Overflow Vulnerability in TensorFlow's Grappler Component during Cost Estimation for Crop and Resize Denial of Service Vulnerability in TensorFlow's Grappler Optimizer Null Pointer Dereference Vulnerability in TensorFlow's Grappler Component Malicious `GraphDef` Alteration Vulnerability in TensorFlow Stack Overflow Vulnerability in TensorFlow's `GraphDef` Format Heap Out of Bounds Read Vulnerability in TensorFlow 2.8.0 Vulnerability: Denial of Service in TensorFlow's `simplifyBroadcast` Function Vulnerability: Heap OOB Read/Writes in TensorFlow MLIR Conversion Null Pointer Dereference Vulnerability in TensorFlow's XLA Compilation Cache Infinite Loop Vulnerability in Junrar Library Remote Program Execution Vulnerability in Element Desktop < 1.9.7 Cross-Site Scripting (XSS) vulnerability in laminas-form prior to version 3.1.1 Reflected Cross-Site Scripting and Open Redirect Vulnerability in Products.ATContentTypes Fleet 4.9.1 Vulnerability: SAML Authentication Spoofing with Missing Audience Verification Vulnerability: Lack of CSRF Protection in Symfony Form Component Arbitrary File Inclusion Vulnerability in NimForum Code Injection Vulnerability in iTunesRPC-Remastered Command Impersonation Vulnerability in x26-Cogs Defender Cog (prior to version 1.10.0) Ephemeral Messages Not Properly Removed from Local Chat History in Wire Webapp Stack Exhaustion Vulnerability in Envoy's Cluster Discovery Service (CDS) Vulnerability: Unbound Cookies in treq Library Premature Freeing of Hash Key in PJSIP Dialog Set Vulnerability File Deletion Vulnerability in iTunesRPC-Remastered Stored Cross-Site Scripting Vulnerability in WP Social Chat WordPress Plugin Vulnerability: SAML SSO Bypass and Impersonation in wire-server OS Command Injection in iTunesRPC-Remastered Arbitrary File Exfiltration Vulnerability in OpenMRS Heap Overflow Vulnerability in xrdp Sesman Server Code Injection Vulnerability in Twig's Sort Filter Arbitrary Document Modification and Privilege Escalation Vulnerability in XWiki Platform Remote Code Execution via Reset Password Feature in XWiki Platform Content Disclosure Vulnerability in XWiki Platform URL Redirection Vulnerability in XWiki Platform User Account Enumeration Vulnerability in XWiki Platform IP Spoofing Vulnerability in Download Manager WordPress Plugin Unescaped Filesystem Syntax in XWiki Platform HTML Export Process Arbitrary File Read Vulnerability in XWiki Platform Cross-Site Scripting (XSS) Vulnerability in XWiki Platform's `registerinline.vm` Template Input Validation Vulnerability in Frourio v0.26.0 and Earlier Versions Input Validation Vulnerability in Frourio-Express Wire-ios Vulnerability: Malformed Resource Identifiers Crash Unvalidated Image Upload Vulnerability in m1k1o/blog Inadequate Access Verification in ArchiSteamFarm (ASF) Allows Unauthorized Resource Access Vulnerability: Adverse Effect on Logic due to Pretty-Printing of Synthetic Nodes in OPA AST Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Parking Management System 1.0 Gradle Vulnerability: Inconsistent Dependency Verification Arbitrary Code Execution Vulnerability in superjson Traefik Vulnerability: TLS Configuration Bypass with FQDN Host Header Data Leakage Vulnerability in Action Pack Information Leakage Vulnerability in Puma and Rails Unauthenticated Remote Crash Vulnerability in Istio Control Plane Uninitialized Pointer Vulnerability in Wasmtime's Runtime Stored Cross-Site Scripting (XSS) Vulnerability in K-Box Markdown Editor Cross-Site Scripting Vulnerability in svg-sanitizer Library Misalignment vulnerability in crossbeam-utils 0.8.7 and earlier Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Parking Management System 1.0 XML Entity Expansion Vulnerability in Excel-Streaming-Reader Denial of Service Vulnerability in Discourse Prior to 2.8.1 Remote Code Execution in Sourcegraph's gitserver Service Reintroduced Side-Channel Vulnerability in Sourcegraph Code Monitoring Feature (CVE-2021-43823) Server-Side Request Forgery Vulnerability in BookWyrm: Exploiting the Cover Loading Functionality Out-of-Bounds Read Vulnerability in swtpm Vulnerability: User Interface (UI) Misrepresentation of Critical Information in Next.js Prism Command Line Plugin Cross-Site Scripting Vulnerability Arbitrary File Read Vulnerability in containerd's CRI Implementation Cosign Container Signing Vulnerability in Rekor Transparency Log Stored Cross-site Scripting (XSS) vulnerability in GitHub repository zadam/trilium prior to version 0.53.3 Hard-coded cryptographic key vulnerability in Netmaker server component Key Disclosure Vulnerability in b2-sdk-python 1.14.0 and below Privilege Escalation via Malicious Connection Header in capsule-proxy B2 Command Line Tool Local Key Disclosure Vulnerability Improper Access Control in Wiki.js Allows Unauthorized Page Updates Vulnerability: Lack of Gateway Server Signature Validation in OctoberCMS Cross-Site Scripting Vulnerability on Zulip Server's Recent Topics Page Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Remote Reflected XSS Vulnerability Trusted IP Header Misconfiguration in Mattermost 6.7.0 and Earlier Allows Rate Limit Bypass and IP Manipulation Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Multiple Versions Remote Authenticated SSRF Vulnerability Aruba ClearPass Policy Manager Remote Authorization Bypass Vulnerability Bypassing Link Parameter Validation in WSM Downloader WordPress Plugin Aruba ClearPass Policy Manager Remote Authenticated Information Disclosure Vulnerability Aruba ClearPass Policy Manager Remote Authenticated Information Disclosure Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Authenticated Remote Command Injection Vulnerability Aruba ClearPass Policy Manager Multiple Versions Remote Authenticated Stored XSS Vulnerability Aruba ClearPass Policy Manager Multiple Versions Remote Authenticated Stored XSS Vulnerability ArubaOS-Switch Devices Remote Code Execution Vulnerability ArubaOS-Switch Devices Remote Code Execution Vulnerability Aruba VIA Client Vulnerability: Intercepting Sensitive Information in Windows OS ArubaOS-CX Switches Vulnerability: Lack of Anti-CSRF Protections GitHub Repository Authentication Bypass Vulnerability in microweber/microweber prior to 1.2.20 ArubaOS-CX Switches Vulnerability: Lack of Anti-CSRF Protections ArubaOS-CX Command Injection Vulnerabilities ArubaOS-CX Command Injection Vulnerabilities Title: ArubaOS-CX Switches: Authenticated Command Injection Vulnerabilities in NAE Scripts Privilege Escalation Vulnerability in AOS-CX Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability in Aruba ClearPass Policy Manager LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches LLDP Service Packet Processing Vulnerabilities in ArubaOS-CX Switches Unrestricted Access to YaySMTP WordPress Plugin Logs AOS-CX Web Management Interface Version Fingerprinting Vulnerability ArubaOS-CX Switches Authentication Bypass Vulnerability SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager Title: HPE OneView Remote Cross-Site Scripting (XSS) Vulnerability Prior to 6.6 Remote Unauthenticated Information Disclosure Vulnerability in HPE OneView Local Authentication Restriction Bypass Vulnerability in HPE OneView Prior to 6.6 Mailer Credentials Exposed in YaySMTP WordPress Plugin 2.2.1 Local Unauthorized Read Access Vulnerability in HPE OneView Prior to 6.6 Remote Host Header Injection Vulnerability in HPE Integrated Lights-Out 4 (iLO 4) Firmware Privilege Escalation Vulnerability in HPE Superdome Flex and Superdome Flex 280 Servers Network Communication Interception and Modification Vulnerability in HPE Nimble Storage Arrays during Software Updates Remote Denial of Service Vulnerability in iLO 4 Unauthorized Update Binary Upload Vulnerability in HPE Nimble Storage Arrays Title: Remote Cross-Site Scripting (XSS) Vulnerability in HPE OneView Prior to 7.0 Kibana Index Patterns XSS Vulnerability Allows Injection of Malicious JavaScript Vulnerability in Elasticsearch 7.17.0 Upgrade Assistant Allows Unauthorized Access to Security Index Kibana Vulnerability: Unauthorized Modification of Alerting Rules by Read Users Unauthenticated Stored Cross-Site Scripting in YaySMTP WordPress Plugin Data Preview Pane XSS Vulnerability Kibana Vulnerability Exposes Sensitive Information in Page Source Elasticsearch Denial of Service Vulnerability Vega Charts Kibana Integration XSS Vulnerability Local Privilege Escalation Vulnerability in Elastic Endpoint Security for Windows Sensitive Information Disclosure in ECE 3.4.0 and Earlier Versions SAML Signing Private Key Disclosure Vulnerability in ECE Denial of Service Vulnerability in PingID Windows Login Prior to 2.8 with Offline Security Keys Remote Code Execution Vulnerability in PingID Windows Login Application PingID Windows Login Prior to 2.8 Local Java Service Spoofing Vulnerability Stored Cross-Site Scripting Vulnerability in YaySMTP WordPress Plugin PingID Windows Login Vulnerability: Unauthorized Deployment of Administrator Privileged API Credentials Username Collision Vulnerability in PingID Integration for Windows Login Password Reset Vulnerability: User Authentication Bypass PingFederate PingOne MFA Integration Kit: HTML Template MFA Bypass Vulnerability Static Encryption Key Material Allows Authentication Token Forgery and MFA Bypass Improper Permissions on PingID Windows Login Registry Entries Exposure of Sensitive Information in PingCentral Versions Prior to Listed Versions WebOS TV Privilege Escalation Vulnerability: Unauthorized Access to Higher Privileges LG LVE-SMP-210011 Vulnerability: Device Reset via AT Command during Reboot Unauthenticated Shell Access in LG LVE-SMP-210010 Unauthenticated Access to WordPress User Details in Simply Schedule Appointments Plugin API Access Control Bypass Vulnerability V8 JavaScript Engine Heap Vulnerability: Privilege Escalation in webOS TV Models GitHub Enterprise Server Path Traversal Vulnerability Allows CSRF Bypass and Privilege Escalation Stored XSS Vulnerability in GitHub Enterprise Server Allows Arbitrary Attribute Injection GitHub Enterprise Server Deserialization Vulnerability Improper Privilege Management Vulnerability in GitHub Enterprise Server Allows Unauthorized Page Creation and Deletion Improper Cache Key Vulnerability in GitHub Enterprise Server Allows Unauthorized Access to Private Repository Files GitHub Enterprise Server Privilege Escalation via GraphQL API Requests Stored Cross-Site Scripting Vulnerability in Simply Schedule Appointments WordPress Plugin GitHub Enterprise Server Remote Code Execution Vulnerability GitHub Enterprise Server Privilege Escalation Vulnerability Vulnerability: Unauthorized File Replacement in Check Point Endpoint Security Client for Windows Local Privilege Escalation and Arbitrary File Write Vulnerabilities in Check Point ZoneAlarm Vulnerability: Local Administrator Bypass in Check Point Endpoint E86.50 Memory Corruption Vulnerability Discovered in Capsule Workspace Android App Vulnerability: Brute-Force Attack on IPsec VPN Blade's SSL Network Extender Portal Out of Bound Memory Access Vulnerability in Sony Xperia Series 1, 5, and Pro Music Playback DLL Sideloading Vulnerability in mDNSResponder.exe Unauthenticated Settings Modification and Stored Cross-Site Scripting Vulnerability in WP Sticky Button WordPress Plugin Email Address Disclosure Vulnerability in Directorist WordPress Plugin NeoRS ActiveX Module Origin Validation Error Vulnerability: Arbitrary File Download and Execution Insufficient Verification Procedures in WebCube Update: Enabling Remote Code Execution Root Privilege Escalation via Malicious POST Request in IPTIME NAS Arbitrary File Execution Vulnerability in BigFileAgent Critical Vulnerabilities in SecureGate: SQL-Injection and Path Traversal Exploits Pose Serious Threats Exposed External Port in NIS-HAP11AC Allows Remote Code Hijacking and Device Takeover Insufficient User Privilege Verification in reverseWall-MDS Allows Remote Code Execution and Account Theft Arbitrary Email Sending Vulnerability in Directorist WordPress Plugin Improper Parameter Validation in API Constructors Allows Remote Command Execution IPTIME NAS User Account Creation and Deletion Vulnerability Overflow Vulnerability in Rat.SetString in math/big in Go Misinterpretation of Branch Names as Version Tags in Go (CVE-2022-12345) Arbitrary File Movement Vulnerability in Docker Desktop for Windows Incorrect Access Control in TrueStack Direct Connect 1.4.7 Information Disclosure: Exposing Internal Hostname in Zoho ManageEngine Desktop Central Reflected Cross-Site Scripting in Easy Student Results WordPress Plugin Unauthenticated Access to Sensitive Student Data in Easy Student Results WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Firmanet Software and Technology Customer Relation Manager Cross-Site Scripting (XSS) Vulnerability in Firmanet Software and Technology Customer Relation Manager Arbitrary File Write Vulnerability in Joomla! 3.x and 4.x File Upload Path Disclosure Vulnerability in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0 Account Takeover Vulnerability in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0 Cross-Site Scripting (XSS) Vulnerability in Joomla! com_fields SQL Injection Vulnerability in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0 Inadequate URL Validation in Joomla! Allows for Internal Redirect Bypass Joomla! 4.0.0 - 4.1.0: JInput Method-Specific Input Bag Pollution Vulnerability Linux Kernel Out-of-Bounds Memory Access Vulnerability in sm712fb.c:smtcfb_read() Function XSS Vulnerabilities in Joomla! 4.0.0 through 4.1.0 due to Inadequate Content Filtering XSS Vulnerability in Joomla! 4.0.0 through 4.1.0 via SVG Embedding in com_media Insecure Permissions in Joomla Guru Extension 5.2.5: Remote Information Disclosure Stack-Based Buffer Overflow Vulnerability in KiCad EDA 6.0.1 and master commit de006fc010 Stack-based Buffer Overflow in KiCad EDA Gerber Viewer Local Attacker Exploits Out-of-Bounds Read Vulnerability in Trend Micro Worry-Free Business Security Server Incorrect Validation of Big.Int in Curve.IsOnCurve in Go Crypto/Elliptic Bypassing Two-Factor Authentication in phpMyAdmin XSS and HTML Injection Vulnerability in phpMyAdmin 5.1 before 5.1.2 CSRF Vulnerability in E Unlocked - Student Result WordPress Plugin Arbitrary File Retrieval via Template Injection in a-blog cms Vulnerability: Malicious Code in node-ipc Package Memory Integrity Vulnerability in ASP and SMU Interfaces: Threat to Confidential Compute Environment Address Validation Vulnerability in BIOS Commands VM_HSAVE_PA Input Validation Vulnerability Arbitrary Blog Options Deletion Vulnerability in Product Slider for WooCommerce WordPress Plugin AMD SMM Communication Buffer Validation Vulnerability SMM Access Control Vulnerability: Potential Arbitrary Code Execution via SPI ROM Write Zynq-7000 SoC First Stage Boot Loader (FSBL) Authentication Bypass Vulnerability Timing Attack Vulnerability in AMD Processors with Frequency Scaling Pre-IBPB Branch Target Specification Vulnerability Branch Predictor Alias Vulnerability in AMD Processors: Potential Information Disclosure Reflected Cross-Site Scripting in Feed Them Social WordPress Plugin Vulnerability: Limited Loss of Guest Memory Integrity due to Mutable SMM Configuration with Enabled SNP Insufficient Validation of IOCTL Input Buffer in AMD μProf: Potential Windows Kernel Crash and Denial of Service Vulnerability Infinite Loop Vulnerability in Django MultiPartParser Persistent Access Vulnerability in Visual Voice Mail (VVM) Application for Android Unrestricted Graph Stats Request Vulnerability in Sidekiq API Cross-Site Scripting (XSS) Vulnerability in Digital Publications by Supsystic WordPress Plugin Unvalidated Input Stream in Alluxio Logserver (CVE-2021-XXXXX) Biometric Authentication Bypass Vulnerability in Devolutions Password Hub for iOS Username Modification Vulnerability in aws-iam-authenticator Allows Privilege Escalation Stack-based Buffer Overflow in epub2txt through xhtml_translate_entity in xhtml.c Signed Integer Overflow in XML_GetBuffer in Expat (libexpat) Prior to 2.4.4 Insecure Execution of Language Server Protocol (LSP) Server Binary in KDE Kate and KTextEditor Path Traversal Vulnerability in AVEVA InTouch Access Anywhere Authentication Bypass Vulnerability in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x User Enumeration Vulnerability in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x SQL Injection Vulnerability in Navidrome Smart Playlists Processing Privilege Escalation Vulnerability in StarWind Command Center REST API Reflected Cross-Site Scripting in Crowdsignal Dashboard WordPress Plugin Privilege Escalation: Unauthorized Password Modification in Zoho ManageEngine Desktop Central SQL Injection Vulnerability in Nyron 1.0 through Nyron/Library/Catalog/winlibsrch.aspx CSV Injection Vulnerability in RuoYi v4.7.2 via ruoyi-admin when Opening .xlsx Log File Unauthorized Password Reset Vulnerability in RuoYi v4.7.2 WebUI CSRF Vulnerability in Easy Digital Downloads WordPress Plugin Allows Arbitrary Post Deletion Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gibbon CMS v22.0.01 Stored XSS Vulnerability in Emlog Pro v1.1.1 via /admin/configure.php (footer_info parameter) SQL Injection Vulnerability in Victor CMS v1.0 Allows Arbitrary Command Injection via 'user_firstname' Parameter Arbitrary Code Execution Vulnerability in seacms V11.5 admin_config.php CSRF Vulnerability in WP Coder WordPress Plugin Arbitrary File Upload Vulnerability in taoCMS v3.0.2 File Management Module Remote Command Execution (RCE) Vulnerability in ZZZCMS zzzphp v2.1.0 via danger_key() at zzz_template.php SQL Injection Vulnerability in TuziCMS 2.0.6 BannerController.class.php Integer Overflow Vulnerability in Mojang Bedrock Dedicated Server 1.18.2 Arbitrary User Account Deletion Vulnerability in YzmCMS v6.3 Title: Cross-Site Request Forgery (CSRF) Vulnerability in YzmCMS v6.3 Concurrent Comment Operation Vulnerability in YzmCMS v6.3 Unauthenticated User Can Create Automations in Autonami WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Admidio 4.1.2 SQL Injection Vulnerability in MCMS v5.2.5 via categoryId Parameter in IContentDao.xml SQL Injection Vulnerability in MCMS v5.2.5 via search.do in MCmsAction.java Vulnerability: Improper Mutability Flag in Google Play Services SDK Remote Code Execution Vulnerability in Wavlink WL-WN531P3 Router API Stack Overflow Vulnerability in re2c 2.2: Infinite Recursion in src/dfa/dead_rules.cc SQL Injection Vulnerability in Tongda2000 v11.10's export_data.php via d_name Parameter Cross Site Scripting (XSS) Vulnerability in pearadmin pear-admin-think <=5.0.6 Allows Arbitrary Function Access and Stored XSS via Fake User-Agent Cross-Site Request Forgery (CSRF) Vulnerability in Rainworx Auctionworx < 3.1R2 Allows Unauthorized Account Upgrade and Admin Access Remote Command Execution (RCE) Vulnerability in CMS Made Simple v2.2.15 via Upload Avatar Function Reflected Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple v2.2.15 via m1_fmmessage Parameter Unquoted Service Path Vulnerability in Sherpa Connector Service Unsanitized Description in Inspiro PRO WordPress Plugin Allows JavaScript Injection SQL Injection Vulnerability in Testimonial WordPress Plugin Reflected Cross-Site Scripting in Testimonial WordPress Plugin before 1.4.7 Apache ActiveMQ Artemis Memory Consumption DoS Vulnerability Remote Code Execution (RCE) via Argument Injection in Weblate Package Unspecified Cross-Site Scripting Vulnerability in a-blog cms Ver.2.8.x - Ver.3.0.x Stack-based Buffer Overflow in confsrv set_mf_rule Functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Stack-based Buffer Overflow in confsrv set_mf_rule Functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Arbitrary File Download Vulnerability in Lana Downloads Manager WordPress Plugin Title: Local Privilege Escalation and Code Execution Vulnerability in CIMPLICITY Server Local File Write and Privilege Escalation Vulnerability in WIN-911 2021 R1 and R2 Sandbox Bypass Vulnerability in Jailed Package via Exported alert() Method Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Directory-based authentication vulnerability in pki-core allows unauthorized certificate issuance Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Critical BIOS Vulnerabilities in HP PC Products: Escalation of Privilege, Arbitrary Code Execution, and More Command Injection Vulnerability in ExifTool.pm Vulnerability: Out-of-Bounds Read in Wind River VxWorks 6.9 and 7 during IKE Initial Exchange Sensitive Parameters Logging Vulnerability in Puppet Bolt Remote Code Execution via PHP Deserialization in SuiteCRM Scheduled Reports Module Hardcoded Key and IV in Apache Doris LDAP Password Cipher Initialization Vulnerability Apache HTTP Server mod_sed Out-of-bounds Write Vulnerability Unauthenticated Access to /plugin API in Apache ShenYu 2.4.0 and 2.4.1 Unauthenticated Registration Vulnerability in Apache ShenYu 2.4.0 and 2.4.1 Stack-Based Buffer Overflow Vulnerability in KiCad EDA 6.0.1 and master commit de006fc010 Stack-Based Buffer Overflow Vulnerability in KiCad EDA 6.0.1 and Master Commit de006fc010 Insecure Mount Logic in Keylime Agent Allows Secret Leakage Unsanitized UUIDs in Keylime before 6.3.0 can lead to log spoofing on verifier and registrar Cross-Site Scripting (XSS) Vulnerability in weForms WordPress Plugin before 1.6.14 Fixed /tmp Path Vulnerability in Keylime Revocation Notifier Zip Bomb Vulnerability in Keylime World-readable keylime.conf file vulnerability Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS Denial of Service Vulnerability in HP PC BIOS HTTP/1 Request Smuggling Vulnerability in Varnish Cache Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple e-Learning System 1.0 Spectre-BHB: Exploiting Cache Speculation in Arm Cortex and Neoverse Processors Remote Denial of Service Vulnerability in Xerox VersaLink Devices Path Traversal Vulnerability in ASUS RT-AX56U's update_json Function ASUS RT-AX56U Path Traversal Vulnerability in update_PLC/PORT File ASUS RT-AX56U's SQL Injection Vulnerability: Unauthenticated LAN Attackers Can Manipulate Database Vulnerability: Stack-Based Buffer Overflow in ASUS RT-AX56U's User Profile Configuration Function Apache Pinot Segment Upload Path Vulnerability CSRF Vulnerability in Access Demo Importer Plugin Allows Unauthorized Plugin Activation CSRF Vulnerability in Access Demo Importer Plugin Allows Data Reset Ultimate Reviews WordPress Plugin <= 3.0.15: Authenticated Stored XSS Vulnerability Unescaped Field Error Message in WordPress Comments Fields Plugin Allows Cross-Site Scripting Attacks Yasr WordPress Plugin XSS Vulnerability in 'source' Parameter WordPress Perfect Brands for WooCommerce Plugin (<= 2.0.4) Allows Unauthorized Brand Creation by Subscriber+ Users Server Information Exposure Vulnerability in WordPress Perfect Brands for WooCommerce Plugin (<= 2.0.4) CSRF Vulnerability in WP Content Copy Protection & No Right Click Plugin (<= 3.4.4) Allows Unauthorized Settings Update Critical Data Exposure Vulnerability Found in wpDiscuz WordPress Plugin (<= 7.3.11) Arbitrary Code Execution via Out-of-Bounds Write in Project File Processing Unauthenticated Remote SQL Injection Vulnerability in phpUploader v1.2 and Earlier Cross-Site Scripting Vulnerability in WS Form LITE and Pro WordPress Plugins Unsanitized Form Data in WS Form WordPress Plugins Allows XSS Attacks Denial of Service Vulnerability in Stormshield Network Security (SNS) WebGPU Use After Free Vulnerability in Google Chrome Integer Overflow in Expat's doProlog Function Arbitrary Command Execution Vulnerability in XCOM Data Transport 11.6 Releases Cross-Site Scripting (XSS) Vulnerability in pfSense CE and pfSense Plus Improper Access Control Vulnerability in StBedtimeModeReceiver Allows Unauthorized Bedtime Mode Changes Unprotected Component Vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 Unprotected Component Vulnerability: Unauthorized Bedtime Mode Activation in Wear OS 3.0 Theater Mode Disabling Vulnerability in Wear OS 3.0 Camera Access Control Vulnerability in Android R, Q, and P CpaReceiver PendingIntent Hijacking Vulnerability in KnoxPrivacyNoticeReceiver Arbitrary File Path Manipulation in dompdf/dompdf prior to 2.0.0 DataUsageReminderReceiver Vulnerability: Implicit Intent Hijacking for Unauthorized Media Access Edge Panel Information Disclosure Vulnerability: Clipboard Screenshot Access Improper Authorization Vulnerability in Link Sharing: Unauthorized Access to Protected Activity via PreconditionActivity Unprotected Intent Access Vulnerability in Bixby Vision (prior to version 3.7.50.6) Stored Cross-Site Scripting (XSS) Vulnerability in REDCap Messenger Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Unrestricted Information Disclosure Vulnerability in Mattermost Version 6.7.0 and Earlier Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14's GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: Exploiting Configuration Values in GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Kernel Stack Overflow Vulnerability in dlpfde.sys Driver Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14's GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14's GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: GetValue Functionality OpenShift Container Platform: Credentials Leak in oauth-serving-cert ConfigMaps SMM Memory Corruption Vulnerability in AhciBusDxe SMM Memory Corruption Vulnerability in NvmExpressDxe User Enumeration Vulnerability in Adenza AxiomSL ControllerView 10.8.1 Purge-Requested Intent Vulnerability in ONOS 2.5.1 Unauthenticated Access Vulnerability in Karmasis Informatics Infraskope SIEM+: Log Modification Unauthenticated Access Vulnerability in Karmasis Informatics Infraskope SIEM+ Unauthenticated Access Vulnerability in Karmasis Informatics Infraskope SIEM+ Desigo PXC4 and PXC5 XML Injection Vulnerability Reflected Cross-Site Scripting in WP Popup Builder WordPress Plugin Denial of Service (DoS) Vulnerability in Desigo DXR2, PXC3, PXC4, and PXC5 Password Hash Retrieval and Offline Cracking Vulnerability in Desigo DXR2 and PXC Series Persistent AuthToken Vulnerability in Desigo DXR2, PXC3, PXC4, and PXC5 Username Enumeration Vulnerability in Desigo Building Automation Systems Vulnerability: Lack of Countermeasures Against Password Spraying and Credential Stuffing Attacks in Desigo DXR2, Desigo PXC3, Desigo PXC4, and Desigo PXC5 Session Cookie Exposure in Desigo Building Automation Systems Arbitrary Code Execution Vulnerability in Sonos One Speaker (ZDI-CAN-15828) BMC Track-It! 20.21.01.102 Authentication Bypass Vulnerability MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability Stack-based Buffer Overflow in Sonos One Speaker ALAC Audio Codec (ZDI-CAN-15798) Arbitrary Popup Deletion Vulnerability in WP Popup Builder WordPress Plugin MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via Malicious GIF Files (ZDI-CAN-14972) Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via J2K File Parsing Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via J2K File Parsing Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 via J2K File Parsing Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 Unrestricted File Size Import Vulnerability in Mattermost Slack Import Feature Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.7.0 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 13.2.0.21165 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 13.2.0.21165 Remote Code Execution Vulnerability in Sante DICOM Viewer Pro 11.8.8.0 via J2K Image Parsing Command Injection Vulnerability in cookiecutter before 2.1.1 via hg Argument Injection Incomplete Fix for Command Injection Vulnerability in simple-git SMM Callout Vulnerability in AhciBusDxe Stored Cross-Site Scripting Vulnerability in WP phpMyAdmin WordPress Plugin Memory Corruption Vulnerability in Subversion's mod_dav_svn Whale Browser Built-in Extension Rendering Process Compromise Vulnerability Arbitrary JavaScript Injection in Whale Browser Extension Store via Devtools API Web Request API Vulnerability in Whale Browser Allows Access Denial and Unauthorized Redirection Whale Bridge Extension Vulnerability: Remote Control Exploit Whale Browser Vulnerability: Local File Access via JavaScript Replacement in HWP Viewer Arbitrary Code Execution Vulnerability in Naver Cloud Explorer Beta Improper Restriction of Guest User Permissions in Mattermost Version 6.7.0 and Earlier Remote Code Execution via Exposed JMX Interface in On-Premise Pega Platform Installations Local Account Password Authentication Bypass Vulnerability Arbitrary Code Execution Vulnerability in Adobe Commerce Cross-Site Scripting (XSS) Vulnerability in Rough Chart WordPress Plugin Out-of-Bounds Read Vulnerability in Adobe Photoshop Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 21.007.20099 and Earlier Arbitrary Code Execution Vulnerability in Adobe Commerce Versions 2.4.3-p1 and 2.3.7-p2 Stack-based Buffer Overflow Vulnerability in Adobe After Effects Stack-based Buffer Overflow Vulnerability in Adobe After Effects Heap-based Buffer Overflow Vulnerability in Adobe After Effects Out-of-Bounds Write Vulnerability in Adobe After Effects Allows Arbitrary Code Execution Arbitrary Code Execution via PCX File Parsing in Adobe Photoshop Adobe Photoshop Out-of-Bounds Read Vulnerability Leading to Memory Disclosure Stored Cross-Site Scripting Vulnerability in mTouch Quiz WordPress Plugin Use-after-free vulnerability in Acrobat Reader DC versions 20.001.20085 and earlier, 20.005.3031x and earlier, and 17.012.30205 and earlier, leading to sensitive memory disclosure Use-After-Free Vulnerability in Acrobat Reader DC Versions 20.001.20085 and Earlier Use-After-Free Vulnerability in Acrobat Reader DC Versions 20.001.20085 and Earlier Use-After-Free Vulnerability in Acrobat Reader DC Versions 20.001.20085 and Earlier Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution JPEG Decoder Interleaved Flag Manipulation Vulnerability in Xpdf Integer Overflow Vulnerability in Xpdf JPXStream.cc Remote Code Execution and File Write Vulnerability in Skyoftech So Listing Tabs Module 2.2.0 for OpenCart Intent Key Manipulation Vulnerability in ONOS 2.5.1 Stored Cross-Site Scripting Vulnerability in Auto More Tag WordPress Plugin Unauthorized Password Reset Vulnerability in Kiteworks MFT 7.5 Unauthenticated Access to Portfolios in Mahara Vulnerability: Bypassing IP Restriction in Apache APISIX Batch-Requests Plugin Excessive Permissions in Acronis Products Lead to Local Privilege Escalation Race Condition Vulnerability in Acronis Cyber Protect Home Office and Acronis True Image 2021 (macOS) Unrestricted Loading of Unsigned Libraries Vulnerability in Acronis Cyber Protect Home Office and Acronis True Image 2021 (macOS) Inadequate Encryption Strength in General Electric Renewable Energy Products: iNET and iNET II (Before 8.3.0) Firmware Download Vulnerability in General Electric Renewable Energy Products Vulnerability: Unauthorized Reboot to Factory Default Configuration in General Electric Renewable Energy Products Hidden Remote Access Vulnerability in General Electric Renewable Energy Products Stored Cross-Site Scripting Vulnerability in Better Tag Cloud WordPress Plugin Cleartext Credential Storage Vulnerability in General Electric Renewable Energy Products Critical SQL Injection Vulnerability in Unified Office Total Connect Now: Cookie Parameter Exploitation Use-After-Free and Privilege Escalation in Linux Kernel with Unprivileged User Namespaces Remote Code Execution via Unsanitized Mermaid Block Rendering in MarkText SQL Injection Vulnerability in Casdoor's Query API Remote Code Execution Vulnerability in Bandai Namco FromSoftware Dark Souls III Matchmaking Servers Buffer Overflow Vulnerability in Dark Souls III NRSessionSearchResult Parser Stored Cross-Site Scripting (XSS) Vulnerability in REDCap 12.0.11: Arbitrary Code Injection in Project Title Privilege Escalation during Extension Installation in TimescaleDB Server-side Request Forgery (SSRF) Vulnerability in OIDC OP Plugin for Shibboleth Identity Provider Unsanitized Slide Title Injection Vulnerability in Slide Anything WordPress Plugin Buffer Overflow Vulnerability in xterm Patch 370 with Sixel Support Cross Site Scripting (XSS) Vulnerability in DouPHP v1.6 Release 20220121 Denial of Service (DoS) Vulnerability in phpshe V1.8 Cross Site Scripting (XSS) Vulnerability in QingScan 1.3.0 Search Functions Unrestricted Upload of Dangerous File Type Vulnerability in Hospital Management System v1.0 Privilege Escalation Vulnerability in IOBit Advanced System Care (Asc.exe) 15 and Action Download Center Privilege Escalation via Named Pipe Impersonation in IOBit Advanced System Care (AscService.exe) 15 XML External Entity (XXE) Vulnerability: Remote File Retrieval via Crafted HTTP Requests Vulnerability: Remote Code Execution via Fake Update Config File Named Pipe Impersonation Vulnerability in iTop VPN 3.2 Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Denial of Service via formSetFirewallCfg Stack Overflow Vulnerability in Tenda AX3 and AX12 Routers Command Injection Vulnerability in Tenda AX3 v16.03.12.10_CN Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formWifiBasicSet Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetQosBand Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS Exploitation via fromAdvSetMacMtuWan Function Command Injection Vulnerability in Tenda AX3 v16.03.12.10_CN Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via wpapsk_crypto Parameter Heap Buffer Overflow in WebGL in Google Chrome Command Injection Vulnerability in Tenda AX3 v16.03.12.10_CN Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Denial of Service via shareSpeed Parameter Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via fromSetRouteStatic Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formAddMacfilterRule Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Denial of Service via formSetRebootTimer Heap Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN's setSchedWifi Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetVirtualSer Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetMacFilterCfg Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via fromSetIpMacBind Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetPPTPServer Function Octopus Deploy Vulnerability: Unauthorized Enumeration of Environments Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via formSetDeviceName Heap Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN's GetParentControlInfo Function Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Exploiting saveParentControlInfo Function for Denial of Service (DoS) Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: DoS via timeZone Parameter Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Vulnerability: Insufficient Validation in GitLab CE/EE for Importing Projects with 40 Hexadecimal Character Branch Names Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Command Injection Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Stack Overflow Vulnerability in Tenda Routers G1 and G3 v15.11.0.17(9502)_CN Cross-Site Scripting (XSS) Vulnerability in Ex Libris ALEPH 500 v18.1 and v20 Critical Unrestricted Upload Vulnerability in URVE Web Manager Arbitrary Code Injection via Host Header in PKP Open Journals System Insecure Direct Object Reference Vulnerability in Ourphoto App Version 1.4.1 Clear-text Password Disclosure in Ourphoto App Version 1.4.1: Exploiting Insecure Direct Object References for Unauthorized Access User Token Authorization Bypass Vulnerability in Ourphoto App Version 1.4.1 Critical Unrestricted Upload Vulnerability in URVE Web Manager Unauthenticated Account Binding Vulnerability in Ourphoto App Version 1.4.1 Buffer Overflow Vulnerability in HTMLDOC 1.9.14's gif_read_lzw Function Command Injection Vulnerability in CasaOS v0.2.7 and Earlier Versions iText v7.1.17 Out-of-Memory Denial of Service Vulnerability Stack-based Buffer Overflow in iText v7.1.17: Denial of Service via ByteBuffer.append Out-of-Bounds Exception in iText v7.1.17 ARCFOUREncryption.encryptARCFOUR Component Critical Unrestricted Upload Vulnerability in URVE Web Manager SQL Injection Vulnerability in Tongda2000 v11.10 via DEVICE_LIST Parameter Improper Type Validation in Socket.io JS Library Allows Arbitrary Function Placement Arbitrary File Deletion Vulnerability in eliteCMS v1.0 SQL Injection Vulnerability in eliteCMS v1.0 via /admin/edit_page.php SQL Injection Vulnerability in Feathers.js with feathers-sequelize Package SQL Injection Vulnerability in eliteCMS v1.0 via /admin/edit_post.php SQL Injection Vulnerability in eliteCMS v1.0 via /admin/functions/functions.php SQL Injection Vulnerability in eliteCMS v1.0 via /admin/edit_user.php SQL Injection Vulnerability in AtomCMS v2.0 via /admin/login.php Blind SQL Injection Vulnerability in Hospital Management System v4.0 Cross-Site Scripting (XSS) Vulnerability in BoltWire v7.10 and v8.00 via Crafted Payload in Name and Lastname Parameters Arbitrary Code Injection through ONLYOFFICE Document Server Example XSS Vulnerability Stored Cross-Site Scripting Vulnerability in DW Promobar WordPress Plugin SQL Injection Vulnerability in Simple Student Information System v1.0 via add/Student Arbitrary Code Execution Vulnerability in Hospital Patient Record Management System v1.0 CSRF Vulnerability in Snapt Aria v12.8 Management Portal Allows Privilege Escalation and Code Execution Insecure Permissions Vulnerability in Snapt Aria v12.8 Allows Email Spoofing Command Injection Vulnerability in Snapt Aria v12.8's snaptPowered2 Component Cross-Site Scripting (XSS) Vulnerability in ACEweb Online Portal 3.5.065 Unrestricted File Upload Vulnerability in ACEweb Online Portal 3.5.065 via attachments.awp Stored Cross-Site Scripting Vulnerability in Google Maps Anywhere WordPress Plugin SQL Injection Vulnerability in ACEweb Online Portal 3.5.065 via showschedule.awp External Controlled File Path and Name Vulnerability in ACEweb Online Portal 3.5.065 Arbitrary File Overwrite via Path Traversal in RiteCMS Admin Panel Arbitrary File Deletion via Path Traversal in RiteCMS Admin Panel Null Pointer Dereference Vulnerability in GPAC 1.1.0 via xtra_box_write Function Stored Cross-Site Scripting Vulnerability in WP DS Blog Map WordPress Plugin Authenticated Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 FileTransferServlet Component Authenticated Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 Unrestricted File Upload Vulnerability in Extensis Portfolio v4.0 Backup/Restore Archive Component Hardcoded Credentials in Extensis Portfolio v4.0 Allow Unauthorized Administrator Access Privilege Escalation Vulnerability in Voipmonitor GUI (CVE-2021-XXXX) Stored Cross-Site Scripting Vulnerability in Thinkific Uploader WordPress Plugin Privilege Escalation via SQL Injection in Voipmonitor GUI v24.96 Arbitrary Command Execution Vulnerability in Voipmonitor GUI SQL Injection Vulnerability in Hospital Management System v4.0 via Email Parameter SQL Injection Vulnerability in Cuppa CMS v1.0 via search_word Parameter SQL Injection Vulnerability in Cuppa CMS v1.0 via menu_filter Parameter SQL Injection Vulnerability in Cuppa CMS v1.0 via order_by Parameter MongoDB Server v5.0: Invariant Assertion Vulnerability in $external Database Validation Directory Traversal Vulnerability in convert-svg-core before 0.6.4 Prototype Pollution in madlib-object-utils setValue Method Arbitrary HTTP Request Vulnerability in Jupyter Notebook Viewer in GitLab EE/CE Improper Input Validation vulnerability in Apache Pulsar Proxy allows TCP/IP Connection Spoofing Arbitrary Command Execution Vulnerability in SINEC NMS and SINEMA Server Insecure Deserialization Vulnerability in SINEC NMS and SINEMA Server Local Privilege Escalation Vulnerability in Acer Care Center 4.00.30xx Local Privilege Escalation Vulnerability in Acer QuickAccess Escape from WinCC Kiosk Mode via Missing Printer Configuration OS Command Injection Vulnerability in Apache Airflow Example DAGs Arbitrary Code Execution via Hessian Serialization in Apache Cayenne ROP CSV Injection Vulnerability in Ultimate SMS Notifications for WooCommerce Plugin Stack Overflow Vulnerability in Teamcenter Versions V12.4 - V14.0 HP Print Devices Vulnerability: Information Disclosure, Denial of Service, and Remote Code Execution HP Print Devices Vulnerability: Information Disclosure, Denial of Service, and Remote Code Execution HP Print Devices Vulnerability: Information Disclosure, Denial of Service, and Remote Code Execution Apache MXNet Regular Expression Denial-of-Service Vulnerability Command Injection Vulnerability in Okta Advanced Server Access Client for Windows Broken or Risky Cryptographic Algorithm Vulnerability in Multiple Air Conditioning Systems Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation via Local Access Denial of Service (DoS) Vulnerability in freeopcua/freeopcua Package: Excessive Memory Consumption via CloseSession Requests Arbitrary Command Execution Vulnerability in pfSense CE and pfSense Plus Stored Cross-Site Scripting Vulnerability in Visual Composer Website Builder Plugin for WordPress ItemStack Meta Injection Vulnerability in Minetest Inventory Manipulation Vulnerability in Minetest Race Condition in Paramiko's write_private_key_file Function Allows Unauthorized Information Disclosure File Deletion Vulnerability in Pillow before 9.0.1 due to Mishandling of Spaces in Temporary Pathnames Zoho ManageEngine SharePoint Manager Plus Vulnerability: Sensitive Data Leak and Privilege Escalation Account Takeover Vulnerability in Zoho ManageEngine SharePoint Manager Plus Incorrect Access Control in Mastodon before 3.3.2 and 3.4.x before 3.4.6 due to Uncompacted Signed JSON-LD Activities Information Disclosure Vulnerability in Automox Agent Installation Process XPath Constraint Bypass Vulnerability in Mendix Applications Arbitrary File Deletion Vulnerability in Download Manager Plugin for WordPress Heap-based Buffer Overflow Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Remote Code Execution Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Remote Code Execution Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Stack-based Buffer Overflow in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Out-of-bounds Read Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Denial of Service Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) CWE-665: Information Exposure Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Information Exposure Vulnerability in Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) Weak Encryption Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert Title: Man-in-the-Middle Attack Vulnerability in ClearSCADA and Geo SCADA Expert Cross-Site Request Forgery Vulnerability in Ecwid Ecommerce Shopping Cart Plugin for WordPress Title: Man-in-the-Middle Attack Vulnerability in ClearSCADA and EcoStruxure Geo SCADA Expert Denial of Service Vulnerability in Geo SCADA Server via Malformed HTTP Request Buffer Overflow Vulnerability in EcoStruxure Control Expert (V15.0 SP1 and prior) Modicon Controller Communication Disruption Vulnerability Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22073) Excessive Permissions Exposed in JetBrains Hub Integration with JetBrains Account Unprivileged User Denial of Service Vulnerability in JetBrains Hub (CVE-2021-XXXXX) Dependency Locking Vulnerability in JetBrains Kotlin 1.5.0 and earlier WordPress Infinite Scroll – Ajax Load More Plugin Unauthenticated Arbitrary PHP Object Deserialization Vulnerability External Site Redirection Vulnerability in JetBrains TeamCity (CVE-2021-XXXX) GitLab Authentication Impersonation Vulnerability in JetBrains TeamCity Persistent Remember Me Cookie Vulnerability in JetBrains TeamCity Blind SSRF Vulnerability in JetBrains TeamCity before 2021.2 via XML-RPC Call Agent Push Vulnerability: Unauthorized Selection of Private Key in JetBrains TeamCity Time-of-check/Time-of-use (TOCTOU) Race-Condition Vulnerability in JetBrains TeamCity Agent Registration via XML-RPC Unauthenticated Remote Build Cancellation in JetBrains TeamCity Unauthorized Access to Health Items in JetBrains TeamCity Prior to 2021.2 Reflected XSS Vulnerability in JetBrains TeamCity before 2021.2.1 Stored XSS Vulnerability in JetBrains TeamCity before 2021.2.1 Unauthenticated Remote Code Execution in String Locator Plugin for WordPress XXE Vulnerability in JetBrains TeamCity Configuration File Parsing (CVE-2021-XXXX) Session Persistence Vulnerability in JetBrains TeamCity CSRF Vulnerability in JetBrains TeamCity before 2021.2.1 Arbitrary Custom Logo Setting Vulnerability in JetBrains YouTrack Stored XSS Vulnerability in JetBrains YouTrack before 2021.4.31698 Critical Security Vulnerability in JetBrains IntelliJ IDEA: Unauthorized Local Code Execution on Project Opening RLO Character Code Execution Vulnerability in JetBrains IntelliJ IDEA Stored XSS Vulnerability in JetBrains YouTrack via Project Icon Directory Traversal Vulnerability in Argo CD Allows Unauthorized Access to Helm Charts Reflected XSS Vulnerability in Zabbix Frontend Cross-Site Request Forgery Vulnerability in AnyMind Widget Plugin for WordPress Buffer Overflow Vulnerability in IhisiSmm in Insyde InsydeH2O Insyde InsydeH2O TOCTOU Race-Condition Vulnerability Arbitrary Code Execution Vulnerability in TP-Link AC1750 Routers Unauthenticated Remote Code Execution in TP-Link AC1750 Routers (ZDI-CAN-15769) Arbitrary Code Execution Vulnerability in TP-Link AC1750 Routers Arbitrary Code Execution Vulnerability in TP-Link TL-WR940N Routers Arbitrary Code Execution Vulnerability in Foxit PDF Reader Foxit Reader 11.0.1.0719 macOS Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15703) Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15702) Arbitrary PHP Object Deserialization Vulnerability in Download Manager Plugin for WordPress Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15744) Arbitrary Code Execution via JPEG2000 Parsing in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via AcroForms Parsing in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via Annotation Object Handling in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 (ZDI-CAN-15851) Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.1.0.52543 Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.1.0.52543 Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JP2 Image Parsing Arbitrary PHP Object Deserialization Vulnerability in Feed Them Social WordPress Plugin Remote Code Execution Vulnerability in Foxit PDF Reader 11.0.1.0719 macOS Arbitrary File Read Vulnerability in Linksys MR9600 Devices Regular Expression Denial of Service (ReDoS) in react-native-reanimated before 3.0.0-rc.1 Unspecified Cross-Site Scripting Vulnerability in a-blog cms Ver.2.8.x - Ver.3.0.x Denial of Service (DoS) Vulnerability in node-opcua Package Command Injection Vulnerability in git-promise Package Command Injection Vulnerability in package cycle-import-check before 1.3.2 Improper Initialization in Intel(R) Data Center Manager Software: Local Access Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel(R) Server System M70KLP Family BIOS Firmware Vulnerability: Untrusted Input Deserialization in Broken Link Checker Plugin for WordPress Denial of Service (DoS) Vulnerability in asneg/opcuastack Package: Unrestricted Chunk Reception Privilege Escalation Vulnerability in Intel(R) NUC Firmware Out-of-Bounds Read Vulnerability in [Product Name]: Risk of Code Execution SmarterTools SmarterTrack XSS Vulnerability Information Disclosure Vulnerability in SmarterTools SmarterTrack 100.0.8019.14010 Stored XSS Vulnerability in SmarterTools SmarterTrack 100.0.8019.14010 File Overwrite Vulnerability in SmarterTrack v100.0.8019.14010 Root Command Injection Vulnerability in rconfig 'date' in Fidelis Network and Deception Components Root Command Injection Vulnerability in rconfig cert_utils Remote Command Injection Vulnerability in rconfig SQL Injection Vulnerability in Fidelis Network and Deception CommandPost Command Injection Vulnerability in Fidelis Network and Deception CommandPost Command Injection Vulnerability in Fidelis Network and Deception CommandPost Command Injection Vulnerability in Fidelis Network and Deception CommandPost Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Unauthenticated Access to Administrative Functionalities in Simple Diagnostics Agent Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Unauthorized Information Access in SAP Business Objects Business Intelligence Platform Cross-Site Scripting (XSS) Vulnerability in SAP Focused Run (Real User Monitoring) - Versions 200, 300, REST Service TETRA Authentication Vulnerability: Predictable MS Challenge RAND2 Allows Setting Session Key DCK to Zero TETRA Air-Interface Encryption Vulnerability: Adversary-Induced Keystream Re-Use Inadequate Key Register Initialization in TETRA TEA1 Keystream Generator TETRA TA61 Identity Encryption Vulnerability Exploitable Weakness in TETRA Air-Interface Encryption: Manipulation of Cleartext Data by Active Adversary OS Command Injection in OX App Suite Documentconverter API Predictable Multipart/Form-Data Boundaries in OX App Suite 7.10.6 Allows SSRF and Injection into Internal Documentconverter API Calls SQL Injection Vulnerability in Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28 Privilege Escalation Vulnerability in SINUMERIK MC and SINUMERIK ONE Covert Timing Channel Vulnerability in Dell BSAFE SSL-J Remote Code Execution Vulnerability in ImageMagick Engine Plugin for WordPress Information Exposure Vulnerability in Dell BIOS via Debug Interfaces Elevation of Privilege Vulnerability in Dell PowerScale OneFS 8.2.2 and Above Improper Handling of Value Vulnerability in Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x Time-of-Check-to-Time-of-Use Vulnerability in Dell PowerScale OneFS: Risk of Data Loss Dell EMC CloudLink Auth Token Exposure in GET Requests Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Arbitrary PHP Object Deserialization Vulnerability in WPvivid WordPress Plugin Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell iDRAC9 Improper Authentication Vulnerability Dell iDRAC8 Denial of Service Vulnerability Dell EMC AppSync Path Traversal Vulnerability Local Privilege Escalation Vulnerability in Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 Dell PowerScale OneFS Privilege Escalation and Information Disclosure Vulnerability Arbitrary Code Injection Vulnerability in convert-svg-core Cross-Site Request Forgery Vulnerability in FreeMind WP Browser Plugin for WordPress Command Injection Vulnerability in abacus-ext-cmdline Package Persistent Cross-Site Scripting (XSS) in ipDIO Web Interface Allows Arbitrary JavaScript Injection Command Injection Vulnerability in simple-git before 3.3.0 Denial of Service Vulnerability in dicer Package Arbitrary Script Injection Vulnerability in phpUploader v1.2 and Earlier Power Management Throttling Vulnerability in Intel(R) Processors: Potential Information Disclosure via Network Access Command Injection Vulnerability in git-pull-or-clone Package Remote Code Execution (RCE) Vulnerability in gitpython Allows Injection of Malicious Remote URLs WordPress Plugin Visualizer: Tables and Charts Manager <= 3.7.9 - Unauthenticated Remote Code Execution Vulnerability Command Injection Vulnerability in cocoapods-downloader Code Injection Vulnerability in Snyk Package (CVE-2022-40764) Server-Side Template Injection (SSTI) Vulnerability in JetBrains YouTrack before 2021.4.40426 Session Fixation Vulnerability in Silverstripe Framework 4.10 Unauthorized Access to SSH Server and User Information in Zoho ManageEngine Key Manager Plus 6.1.6 Insecure SSL Certificate Export in Zoho ManageEngine Key Manager Plus Uninitialized Data Leakage in NFS Atomic Open Vulnerability Vulnerability in Solar appScreener 3.10.4: XXE and SSRF Attacks via Crafted XML Document Privilege Escalation via Misuse of Dynamically Provisioned Sandbox Accounts in NATS nats-server VP9 Video Extensions RCE Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Security Support Provider Interface Privilege Escalation Vulnerability Windows CD-ROM Driver Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions HEIF Image Extensions Remote Code Execution Vulnerability Windows Fax and Scan Service Privilege Escalation Vulnerability Windows Tablet UI Application Elevation of Privilege Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Word Security Feature Bypass Vulnerability: Exploiting Microsoft's Document Protection Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication .NET and Visual Studio DoS Vulnerability: Exploiting Software Resource Exhaustion iOS Security Feature Bypass Vulnerability in Microsoft Intune Portal Hyper-V Security Feature Bypass Vulnerability in Windows Critical Remote Code Execution Vulnerability in Azure Site Recovery Critical Remote Code Execution Vulnerability in Azure Site Recovery Azure Site Recovery Privilege Escalation Vulnerability Time Lag Vulnerability in Keystone Critical Remote Code Execution Vulnerability in Azure Site Recovery Critical Remote Code Execution Vulnerability in Azure Site Recovery Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Windows Win32k Privilege Escalation Vulnerability Edge Chromium Elevation of Privilege Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Telemetry Elevation of Privilege Vulnerability Stored Cross-Site Scripting Vulnerability in reSmush.it WordPress Plugin Outlook for Android Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability ALPC Privilege Escalation Vulnerability in Windows Windows Kernel Information Leakage Vulnerability Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability: Disrupting Cluster Shared Volumes on Windows Systems Win32 File Enumeration RCE Vulnerability Kerberos Privilege Escalation Vulnerability in Windows Windows LSA Remote Code Execution Vulnerability Windows Desktop Bridge Privilege Escalation Vulnerability CCF Elevation of Privilege Vulnerability CSRF Vulnerability in reSmush.it WordPress Plugin (Version 0.4.4 and below) Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Windows Network File System RCE Vulnerability RPC Runtime RCE Vulnerability Unveiling Sensitive Information: Microsoft LSA Server Vulnerability Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Windows DirectShow Remote Code Execution Vulnerability Windows LSA Elevation of Privilege Vulnerability Windows Network File System RCE Vulnerability Windows iSCSI Target Service Information Disclosure Vulnerability Exposes Sensitive Data Windows Installer Privilege Escalation Vulnerability Unauthorized Access to AJAX Actions in reSmush.it WordPress Plugin Critical Windows SMB Remote Code Execution Vulnerability Discovered VP9 Video Extensions RCE Vulnerability HTML Platform Security Bypass Vulnerability Exposed Remote Desktop Protocol Client Information Vulnerability Pervasive Windows PPTP Remote Code Execution Vulnerability ALPC Privilege Escalation Vulnerability in Windows Azure Site Recovery Privilege Escalation Vulnerability Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Win32 File Enumeration RCE Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Word Document Tampering Vulnerability in Microsoft Office Exploiting the .NET and Visual Studio Remote Code Execution Vulnerability Exploiting Visual Studio's Elevation of Privilege Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Azure Site Recovery Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Azure Site Recovery Windows Common Log File System Driver Privilege Escalation Vulnerability Skype Extension for Chrome Information Leakage Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Windows Update Stack Privilege Escalation Vulnerability Visual Studio Code URL Spoofing Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Endpoint Configuration Manager RPC Runtime RCE Vulnerability Use After Free vulnerability in gpac/gpac prior to 2.1-DEV Windows Installer Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Desktop Protocol Vulnerability Allows Remote Code Execution Stream Enumeration Remote Code Execution Vulnerability in Win32 Critical Remote Code Execution Vulnerability in Windows DNS Server Hyper-V Remote Code Execution Vulnerability in Windows Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability: Disrupting Cluster Shared Volumes on Windows Systems Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Integer Overflow or Wraparound in GPAC GitHub Repository ALPC Privilege Escalation Vulnerability in Windows Critical Remote Code Execution Vulnerability in Windows Server Service Windows Win32k Privilege Escalation Vulnerability Windows Upgrade Assistant RCE Vulnerability Kerberos Privilege Escalation Vulnerability in Windows Kerberos Remote Code Execution Vulnerability in Windows Windows DWM Core Library Privilege Escalation Vulnerability Windows Digital Media Receiver Privilege Escalation Vulnerability Microsoft Defender DoS Vulnerability Windows AppX Package Manager Privilege Escalation Vulnerability GitLab Business Logic Issue: Resource Exhaustion via Malicious Project Import Windows Telephony Server Privilege Escalation Vulnerability Unauthenticated Password Reset Vulnerability in StarWind Stack Arbitrary Command Injection Vulnerability in StarWind Stack REST API Remote Command Execution Vulnerability in Zfaka <= 1.4.5 Vulnerability: Unauthorized Visibility Change in GitLab CE/EE Arbitrary File System Access and Remote Code Execution Vulnerability in IOBit IOTransfer 4.3.1.1561 Stored XSS Vulnerability in Genixcms v1.1.11 via intro_title and intro_image parameters Cross Site Scripting (XSS) Vulnerability in Checkmk <=2.0.0p19 User Attribute Help Text Cross Site Scripting (XSS) Vulnerability in Checkmk <=2.0.0p19 and <=1.6.0p27 Cross Site Scripting (XSS) vulnerability in Checkmk <=2.0.0p19 and <=1.6.0p27 Server-Side Request Forgery (SSRF) Vulnerability in Novel-plus v3.6.0 Unlimited Login Attempts Vulnerability in Red Hat Process Automation Manager 7 SQL Injection Vulnerability in Car Driving School Management System v1.0 Login Page Cross Site Scripting (XSS) Vulnerability in Car Driving School Management System v1.0 User Enrollment Form (Username Field) Stored XSS Vulnerability in Element-IT HTTP Commander 7.0.0 Allows Unauthenticated Admin Access NULL Pointer Dereference in gf_dump_vrml_field.isra() in GPAC 1.0.1 Stack-Based Buffer Overflow in GPAC 1.0.1 via MP4Box Use After Free Vulnerability in GPAC 1.0.1 through MP4Box NULL Pointer Dereference Vulnerability in GPAC 1.0.1 Heap-Based Buffer Overflow in SFS_AddString() in GPAC 1.0.1 Title: XML External Entity Injection (XXE) Vulnerability: External Service Interaction and Internal File Read in Business Central and Kie-Server APIs Unauthenticated SMB Hash Capture Vulnerability in ACEweb Online Portal 3.5.065 XSS-PHPSESSID-Hijacking Vulnerability in Accounting Journal Management 1.0 Vulnerability: Unauthorized Reprogramming of Yubico OTP Functionality Stored XSS Vulnerability in PluXml v5.8.7: Arbitrary Code Execution via /core/admin/comment.php Stored XSS Vulnerability in PluXml v5.8.7: Arbitrary Code Execution via /core/admin/categories.php Stored XSS Vulnerability in PluXml v5.8.7 core/admin/medias.php Component Cross-Site Scripting (XSS) Vulnerability in Flatpress v1.2.1 Upload SVG File Function Stored Cross-Site Scripting (XSS) Vulnerability in Burden v3.0's Add Category Function Vulnerability: Email Invited Members Bypass Group Project Settings in GitLab EE Stored XSS Vulnerability in BackdropCMS v1.21.1 Add Link Function IP Address Forgery Vulnerability in Waline 1.6.1 Incorrect Access Control in Automotive Grade Linux Kooky Koi 11.0.0-11.0.5: Exploiting usr/bin/afb-daemon Vulnerability Memory Leak Vulnerability in printfileinfo Function of autofile Audio File Library 0.3.6 Multiple SQL Injection Vulnerabilities in WPDating WordPress Plugin (Before 7.4.0) SQL Injection Vulnerability in Luocms v2.0 Admin Login SQL Injection Vulnerability in Luocms v2.0's /admin/manager/admin_mod.php Allows for Unauthorized Data Access SQL Injection Vulnerability in Luocms v2.0's /admin/news/news_mod.php SQL Injection Vulnerability in Luocms v2.0 - /admin/news/sort_mod.php SQL Injection Vulnerability in Luocms v2.0's /admin/link/link_mod.php SQL Injection Vulnerability in Luocms v2.0's /admin/link/link_ok.php SQL Injection Vulnerability in Luocms v2.0 - /admin/news/sort_ok.php SQL Injection Vulnerability in Luocms v2.0's /admin/news/news_ok.php Cross Site Scripting (XSS) Vulnerability in Luocms v2.0 Arbitrary Shell File Write Vulnerability in Luocms v2.0 Unauthenticated Users Can Manipulate Transposh WordPress Translation Plugin Settings Wi-Fi Passphrase Visibility Vulnerability in Alecto DVC-215IP Camera Version 63.1.1.173 and Below Z-Wave S0 NonceGet Protocol Vulnerability Allows Local Attackers to Block Protected Z-Wave Networks Stored XSS vulnerability in EyesOfNetwork 5.3.11 ITSM Module via XML file upload Denial of Service Vulnerability in metadata-extractor Library JPEG File Denial of Service Vulnerability in metadata-extractor up to 2.16.0 Denial of Service Vulnerability in zip4j Library Insecure Permissions in Heimdal.Wizard.exe Installer Allows Privilege Escalation Sensitive Information Disclosure in Transposh WordPress Translation Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Piwigo Version 12.2.0 Allows Privilege Escalation and Cookie Theft Unauthenticated SQL Injection in AudioCodes Device Manager Express Authenticated SQL Injection in AudioCodes Device Manager Express Remote Code Execution via Directory Traversal in AudioCodes Device Manager Express Path Traversal Vulnerability in Rockwell Automation ISaGRAF Workbench Software Arbitrary Command Execution in AudioCodes Device Manager Express Stored XSS Vulnerability in AudioCodes Device Manager Express Directory Traversal Vulnerability in AudioCodes Device Manager Express User Enumeration Vulnerability in FileCloud Versions Prior to 21.3 Unauthenticated Remote Information Disclosure and Privilege Escalation in Open Web Analytics (OWA) Path Traversal Vulnerability in Rockwell Automation ISaGRAF Workbench Software OpenEMR Hospital Information Management System 6.0.0 - Stored XSS Vulnerability Remote Code Execution Vulnerability in ZZ Inc. KeyMouse Windows 3.08 and Prior SQL Injection Vulnerability in Hospital Management System v4.0's contact.php Arbitrary File Deletion Vulnerability in Cuppa CMS v1.0 Deserialization of Untrusted Data Vulnerability in Rockwell Automation ISaGRAF Workbench Software Arbitrary File Upload Vulnerability in SentCMS 4.0.x Arbitrary File Upload and PHP Code Execution in SentCMS 4.0.x Authenticated Stored XSS Vulnerability in INTELBRAS ATA 200 Firmware 74.19.10.21 via Field Server Address Field Stack Overflow Vulnerability in Netgear EX6100v1, CAX80, and DC112A: Arbitrary Code Execution without Authentication Cross Site Scripting (XSS) Vulnerability in HexoEditor 1.1.8 Goldshell ASIC Miners v2.1.x: Critical SSH Remote Access Vulnerability Path Traversal Vulnerability in Goldshell ASIC Miners v2.2.1 and Below: Arbitrary File Retrieval Quarkus 2.10.x HTTP Requests Header Context Termination Vulnerability Publicly Exposed Debug Interface in Goldshell ASIC Miners v2.2.1 and Below: A Gateway to Passwords and Sensitive Data Memory Corruption Vulnerability in Simcenter STAR-CCM+ Viewer (All versions < V2022.1) Allows Code Execution Arbitrary PHP Code Execution via WordPress Shortcodes in PHP Everywhere <= 2.0.3 WordPress Metabox PHP Code Execution Vulnerability WordPress Gutenberg Block PHP Code Execution Vulnerability Denial of Service Vulnerability in swift-nio-http2: Crash on Parsing HTTP/2 HEADERS Frame Denial of Service Vulnerability in swift-nio-http2: Crashing Servers with Specially Crafted HPACK-Encoded Header Blocks Denial of Service Vulnerability in swift-nio-http2: ALTSVC and ORIGIN Frame Handling Information Leakage Vulnerability: Exploiting Deployment Details for Network Service Probing Critical SQL Injection Vulnerability in SourceCodester Garage Management System 1.0 Unrestricted LDAP Queries: A Gateway to Configuration Entry Disclosure Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac 11.0.2150 and Below Arbitrary Code Execution Vulnerability in Canon imageCLASS MF644Cdw 10.02 Printers Arbitrary Code Execution via SLP Protocol in Canon imageCLASS MF644Cdw 10.02 Printers Privilege Escalation Vulnerability in Canon imageCLASS MF644Cdw 10.02 Printers Stack Overflow Vulnerability in Go's encoding/pem Library Arbitrary File Upload Vulnerability in update_code function of Admin.php in HYBBS2 through 2.3.2 Remote Code Execution Vulnerability in Admin.php of HYBBS2 through 2.3.2 Resource Exhaustion Denial-of-Service Vulnerability in Trend Micro Security Agents Local Privilege Escalation Vulnerability in Trend Micro Products Critical SQL Injection Vulnerability in SourceCodester Garage Management System 1.0 Local Privilege Escalation Vulnerability in Trend Micro Products XSS Vulnerability in Zoho ManageEngine ADSelfService Plus Zimbra Collaboration Suite 8.8.x Calendar HTML Injection Vulnerability Arbitrary File Read Vulnerability in HashiCorp Nomad and Nomad Enterprise Panic Vulnerability in HashiCorp Nomad and Nomad Enterprise Excessive CPU Usage Vulnerability in HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 Race condition vulnerability in HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 allows for incorrect artifact downloads Consul Ingress Gateway Service Registration Vulnerability Unrestricted File Upload and Remote Code Execution in DSKNet Unauthenticated Access to Personal Data and Brute Force PIN Guessing in DSKNet Server-side Read-Out-of-Bounds Vulnerability in GNU SASL libgsasl with Malicious Authenticated GSS-API Client DSK DSKNet 2.16.136.0 and 2.17.136.5 PresAbs.php SQL Injection Vulnerability Blind Boolean-Based SQL Injection in DSKNet 2.16.136.0 and 2.17.136.5 Stored XSS Vulnerability in DSKNet's New Menu Option Hardcoded SSH Credentials Vulnerability in Baicells Nova436Q and Neutrino 430 Devices Folder Name Disclosure Vulnerability Bluetooth Classic Vulnerability: Device Information Leakage and Unauthorized Connection Establishment Local Privilege Escalation in Mirametrix Glance before 5.1.1.42207 Command Injection Vulnerability in Kylin's Cube Designer Function Reflected Cross-site Scripting (XSS) Vulnerability in Microweber CMS Buffer Overflow in WinAPRS 2.9.0 Allows Remote DoS via Malicious AX.25 Packet Buffer Overflow in national.txt Processing in WinAPRS 2.9.0 Remote Code Execution via Buffer Overflow in WinAPRS 2.9.0 VHF KISS TNC Component Buffer Overflow Vulnerability in rad_packet_recv Function Remote Code Execution Vulnerability in rad_packet_recv Function Unauthenticated Access and Privilege Escalation in Apache CouchDB SQL Injection and Time-Based Blind Injection Vulnerabilities in Anuko Time Tracker Puncher Plugin Unescaped JavaScript Execution in Anuko Time Tracker Unsanitized User Input in @awsui/components-react Allows JavaScript Injection Stack-based Buffer Overflow Vulnerability in EZVIZ Motion Detection Component Allows Remote Code Execution Cross-Site Scripting Vulnerability in Weblate Versions Prior to 4.11 Improper Input Validation Vulnerability in CodeIgniter4 Allows Execution of CLI Routes via HTTP Request CodeIgniter4 Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability Denial of Service Vulnerability in regex Crate (Versions <= 1.5.4) Access Control Vulnerability in Icinga Web 2 with IDO Writer Enabled Arbitrary Code Execution via SSH Resource File Creation in Icinga Web 2 Unauthenticated File Leakage in Icinga Web 2 Allows Access to Database Credentials Cross-Site Scripting (XSS) Vulnerability in SSR-Pages Path Traversal Vulnerability in SSR-Pages (CVE-2021-XXXX) Vulnerability in Fluture-Node: Exposing Confidential Headers in Redirects Improper Initialization Vulnerability in EZVIZ CS-C6N-A0-1C2WFR Allows Unauthorized Access to Encrypted Admin Password Arbitrary Command Execution in image_processing and Active Storage Improper Authorization Vulnerability in CometD Allows Unauthorized Access and Manipulation Cross-Site Scripting (XSS) Vulnerability in ViewComponent Gem Improper URL Parsing Due to Leading Whitespace in URI.js (CVE-2021-XXXX) Integer Overflow in cmark-gfm's Table Row Parsing (CVE-2021-12345) Exposure of Home Directory in Shescape Shell Escape Package Istio Control Plane Crash Vulnerability CKEditor 4 HTML Processing Module Vulnerability CKEditor4 Dialog Plugin Regular Expression Abuse Vulnerability Stored Cross-Site Scripting Vulnerability in WP-UserOnline Plugin for WordPress Path Traversal and Improper Access Control Vulnerability in Argo CD Path Traversal Vulnerability in Argo CD Allows Leakage of Sensitive Files Missing Password and Account Expiry Checking in Maddy Mail Server (Versions prior to 0.5.4) Clickjacking vulnerability in Sylius eCommerce platform versions prior to 1.9.10, 1.10.11, and 1.11.2 MyBB Admin CP Settings Module Remote Code Execution Vulnerability Lua Script Injection Vulnerability in Redis Redis Lua Scripting Vulnerability: NULL Pointer Dereference Session Cookie Exposure in HTTPie Unclaimed Funds Drain Vulnerability in Evmos Versions Prior to 2.0.1 Vulnerability in AllTube HTML Front End Allows Open Redirect and SSRF Attacks Unauthenticated Remote Macro Injection Vulnerability in Haas Controller Version 100.20.000.1110 Authentication Cookie Replacement Vulnerability in Volto Denial of Service Vulnerability in Nextcloud Server User Data Leakage Vulnerability in Sylius eCommerce Platform Multiple Use of Reset Password Token Vulnerability in Sylius eCommerce Platform Session Persistence Vulnerability in Shopware Guest Session Sharing Vulnerability in Shopware Code Injection Vulnerability in Shopware Voucher Code Form Improper HTTP Header Caching in Shopware 6.4.8.1 and below Improper API Route Checking Vulnerability in Shopware Cross-Site Scripting (XSS) Vulnerability in Sylius eCommerce Platform Insufficient Granularity of Access Control in Haas Controller Version 100.20.000.1110 Local Privilege Escalation Vulnerability in UltraVNC Versions Prior to 1.3.8.0 Race Condition Vulnerability in Zulip Group Chat Application Allows Continued Access by Deactivated Users SQL Injection Vulnerability in SyliusGridBundle Vulnerability in Stripe CLI on Windows Allows Arbitrary Code Execution Stack-buffer overflow vulnerability in PJSIP versions prior to 2.12 Bareos Director PAM Authentication Bypass Vulnerability Memory Leak Vulnerability in Bareos Director Unauthorized Access to Sensitive Information in Jupyter Server Logs Unauthorized Access to Sensitive Information in Jupyter Notebook Server Logs Improper Signature Validation in `@chainsafe/libp2p-noise` Null Pointer Dereference Bug in wavpack-5.4.0: AddressSanitizer SEGV in main Remote Code Execution (RCE) Vulnerability in Parse Server Versions Prior to 4.10.7 Vulnerability in Waitress Web Server Gateway Interface Server Cross-Origin Communication Interception in sysend.js Denial-of-Service Vulnerability in PJSIP XML Parsing Stack Buffer Overflow Vulnerability in PJSIP Versions 2.12 and Prior Vulnerability: Untrusted Parties Exploiting Git for Windows Directory Search HTTP Request Smuggling Vulnerability in mitmproxy 7.0.4 and below Vulnerability: DLL Hijacking in Git for Windows' Uninstaller Improper Access Control Vulnerability in Argo CD Privilege Escalation in Moby (Docker Engine) Prior to 20.10.14 Use After Free Vulnerability in Google Chrome's Guest View Arbitrary Command Execution via CSV File in `gradio` (CVE-2021-12345) RSA PKCS#1 v1.5 Signature Forgery Vulnerability in node-forge RSA PKCS#1 v1.5 Signature Verification Vulnerability in node-forge RSA PKCS#1 v1.5 Signature Verification ASN.1 Structure Vulnerability in node-forge Improper Input Validation in CycloneDX BOM Repository Server Allows Path Traversal Improper Header Parsing Vulnerability in GuzzleHTTP/PSR7 Open Redirect Vulnerability in Flask-AppBuilder Login Page (Versions below 3.4.5) Denial of Service Vulnerability in grpc-swift Server via Reachable Assertion Vulnerability: Authorization Bypass in imgcrypt's CheckAuthorization Function Remote Code Execution Vulnerability in Google Chrome PDF Handling Remote Code Execution Vulnerability in iTop User Portal Session Hijacking Vulnerability in Geon Board Game Data Leak in Discourse: Disclosure of Secure Category Names in User Activity Export Arbitrary Shell Code Execution Vulnerability in Deno Runtime (Versions 1.18.0 - 1.20.2) Password Hash Confirmation Vulnerability in Statamic CMS REST API Path Traversal Vulnerability in Moment.js Allows Unauthorized File Access Unparsed RTCP Feedback RPSI Packet Vulnerability in PJSIP Versions 2.12 and Prior Vulnerability in Vyper Smart Contract Language Allows Incorrect Word-for-Word Comparisons Buffer Overrun Vulnerability in Vyper Smart Contract Language (Versions < 0.3.2) C1 CMS v6.12 Authenticated SSRF and File Truncation Vulnerability File Directory Traversal Vulnerability in Google Chrome on Android HTTP Request Smuggling Vulnerability in Puma Server Use After Free Vulnerability in Wasmtime with Externrefs and Epoch Interruption Denial-of-Service Vulnerability in PJSIP 2.12 and Prior: Invalid WAV File Handling Buffer Overflow Vulnerability in PJSIP DNS Resolution (CVE-2023-27585) Open Redirect Vulnerability in Express OpenID Connect Middleware Integer Overflow and Heap Memory Corruption in yajl-ruby RaspberryMatic WebUI File Upload Remote Code Execution Vulnerability Pomerium Identity-Aware Access Proxy Exposes Sensitive Information and Allows Limited Denial of Service Unfiltered Password Hash Retrieval Vulnerability in Internet Routing Registry Daemon Version 4 Arbitrary Code Execution in Wire-Webapp Markdown Code Highlighting Heap Corruption Vulnerability in Google Chrome's Service Worker API Race condition vulnerability in October CMS prior to versions 1.0.476, 1.1.12, and 2.2.15 allows unauthenticated remote code execution HTTP Request Smuggling Vulnerability in Twisted Web HTTP 1.1 Server Prototype Pollution in deepmerge-ts: defaultMergeRecords() Arbitrary Command Execution in Asciidoctor-include-ext (CVE-2021-12345) Information Leakage: Group Name Exposure in Discourse Use After Free Vulnerability in Google Chrome Views Cross-Site Scripting (XSS) Vulnerability in Combodi iTop Privilege Escalation in Grafana Enterprise with Fine-Grained Access Control Vulnerability: Unauthenticated Anonymous Commenting in CreateWiki Extension Arbitrary JavaScript Execution via Rich Text HTML Interface in Directus (CVE-XXXX-XXXX) SQL Injection Vulnerability in JHipster Generated Applications with Reactive Spring WebFlux Remote Code Execution Vulnerability in JAI-EXT API via Jiffle Script Injection Code Injection via Malicious Kubeconfig in Flux2 Arbitrary Code Execution via Unchecked JNDI Lookups in GeoTools Library User Enumeration Vulnerability in XWiki Platform Arbitrary Code Execution Vulnerability in Nokia ASIK AirScale System Module Unauthenticated User Can List Documents in XWiki Platform Unrestricted Creation of Global SSX/JSX Vulnerability in XWiki Platform Podium Proxy Endpoint Denial of Service Vulnerability Insufficient Fix for Local Information Disclosure in Netty's Multipart Decoders Cache Poisoning Vulnerability in Discourse Bypassing Deny List in Smokescreen Proxy Vulnerability: Arbitrary Code Execution via Git LFS on Windows SQL Injection Vulnerability in Elide 6.1.2 - Bypassing Authorization Filters through Parameterized TEXT Columns Code Injection Vulnerability in Composer's VcsDriver::getFileContent Method Unauthenticated Access to Garden Dashboard Endpoint in Versions Prior to 0.12.39 Vulnerability: Permanent Disabling of Secure Boot in Nokia ASIK AirScale System Module Path Traversal Vulnerability in OpenClinica Prior to Version 3.16: Arbitrary File Read/Write and Remote Code Execution SQL Injection Vulnerability in OpenClinica Versions Prior to 3.16.1 LDAP Injection Vulnerability in GoCD LDAP Authentication Plugin Cross-Site Scripting (XSS) Vulnerability in PrivateBin < v1.4.0 Allows Code Execution via Crafted SVG Attachment Heap Overflow Vulnerability in Redis Lua Scripting Excessive Backtracking Vulnerability in Nokogiri < v1.13.4 Information Leakage of Uploaded Documents in HedgeDoc SMTP Command Injection in Nextcloud Calendar Java.lang.OutOfMemoryError vulnerability in Nokogiri's fork of org.cyberneko.html Bypassing Signature Check in Nokia ASIK AirScale System Module Version 474021A.101 Traversal vulnerability in django-s3file prior to 5.5.1 allows unauthorized access and deletion of files in AWS S3 bucket Authorization Bypass Vulnerability in Fleet Device Management Privilege Escalation via Service Account Creation in MinIO Arbitrary File Read Vulnerability in Gin-vue-admin 2.50 PostgreSQL JWT Authentication Bypass Vulnerability in Gin-Vue-Admin Unvalidated Return of `returns_int128()` in Vyper Smart Contract Language Arbitrary Code Execution via Unchecked JNDI Lookup in GeoWebCache Disk Quota Mechanism Unchecked JNDI Lookup Vulnerability in GeoServer Allows Arbitrary Code Execution SQL Injection Vulnerability in DHIS2 API Endpoint Potential Bot Token Exposure in DisCatSharp API Wrapper Vulnerability: Password Exposure in AutomationDirect Stride Field I/O Information Disclosure Vulnerability in Discourse Category Group Permissions Stored XSS and Path Traversal Vulnerabilities in LDAP Account Manager (LAM) Arbitrary URL Loading Vulnerability in Metabase Allows NTLM Relay Attack SQLite Database Connection Hijacking Vulnerability Cross Site Scripting (XSS) Vulnerability in Metabase Server-side Request Forgery (SSRF) Vulnerability in FlyteConsole Bypass of Multi Factor Authentication in django-mfa3 for Django Admin Login Vulnerability in next-auth versions 3.29.2 and 4.3.2 allows unauthorized redirects Infinite Loop Vulnerability in PyPDF2 Prior to 1.27.5 Critical OS Command Injection Vulnerability in WAVLINK WN535K2 and WN535K3 Use of Hard-coded Cryptographic Key Vulnerability in Databasir 1.01 Remote Code Execution Vulnerability in Databasir 1.01 Server-Side Request Forgery Vulnerability in Databasir 1.01 Denial of Service Vulnerability in http-swagger Prior to 1.2.6 Origin Protocol Website Allows for XSS via POST Request to /presale/join User Data Retrieval Vulnerability in HumHub User and Group Information Leakage in Discourse Assign Plugin Unfiltered LDAP Password Disclosure in GLPI Cross-Site Scripting (XSS) Vulnerability in GLPI Allows Injection of JavaScript via SVG Avatars Cross-Site Scripting (XSS) Vulnerability in GLPI Versions Prior to 10.0.0 Critical OS Command Injection Vulnerability in WAVLINK WN535K2 and WN535K3 Stored Cross-Site Scripting Vulnerability in iTop Customization Mechanism Vulnerability: Server-side Abuse of Shopware Admin SDK Vulnerability: Unauthorized Access to Sales Channel Permissions in Shopware Non-Stored Cross-Site Scripting Vulnerability in Shopware Storefront User Secrets Logging Vulnerability in CVEProject/cve-services (CVE-XXXX-XXXX) Cross-Site Scripting Vulnerability in GLPI Kanban View Path Traversal Vulnerability in kustomize-controller via Malicious `kustomization.yaml` Path Traversal Vulnerability in kustomize-controller via Malicious `kustomization.yaml` Vulnerability: Cross-Site Request Forgery (CSRF) Token Validation Malfunction in Shopware Critical OS Command Injection Vulnerability in WAVLINK WN535K2 and WN535K3 Bypassing Captcha Verification in flask-session-captcha Remote Code Execution Vulnerability in Ballcat Codegen Empty Password NTLM Authentication Vulnerability in FreeRDP Server Implementations Vulnerability: Server-side Authentication Bypass in FreeRDP Vulnerability: Signature Forgery in ecdsautils Bypassing Lock on Nextcloud Android App Unauthenticated Access to Contacts in Nextcloud Android App Arbitrary URL Opening Vulnerability in Nextcloud Talk File and Folder Name Injection Vulnerability in Nextcloud Server Unnecessary App Expansion Vulnerability in Nextcloud Server Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System 1.0 Indirect Webcam Activation Vulnerability in Nextcloud Talk Cross-Site Scripting Vulnerability in ESAPI Prior to Version 2.3.0.0 Multiple Password Reset Tokens Vulnerability in Shopware Memory corruption vulnerability during provisioning in ESP-BLE-MESH SDK Session Hijacking Vulnerability in Symfony HTTP Cache System Session Fixation Vulnerability in Symfony Framework Improper Authorization Verification in Tuleap Tracker Report Renderer and Chart Widgets Unsanctioned File Access Vulnerability in Velocity Scripts XML External Entity Injection in org.xwiki.commons:xwiki-commons-xml Code Injection Vulnerability in Contao CMS Versions Prior to 4.13.3 Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System 1.0 Path Traversal Vulnerability in Piano LED Visualizer (Versions 1.3 and prior) Apple Game Center Authentication Adapter URL Validation Vulnerability Uncontrolled Memory Consumption Vulnerability in TKVideoplayer Heap Buffer Overflow in Rsyslog TCP syslog reception with Octet-Counted Framing Symlink Following Vulnerability in Argo CD's Repo-Server Spoofing of Error Messages in Argo CD Login Screen Unauthenticated Access to Full Application Path in Nextcloud Deck Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JP2 Image Parsing Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JP2 Image Parsing Critical SQL Injection Vulnerability in SourceCodester Library Management System 1.0 Remote Code Execution Vulnerability in InHand Networks InRouter302 V3.5.4 Timing Attack Vulnerability in Atlantis Webhook Event Validator Insecure Temporary File Exposure in com.fasterxml.util:java-merge-sort (before 1.1.0) Code Injection Vulnerability in Web Application of Vulnerable Device Economic Griefing Vulnerability in Optimism before @eth-optimism/l2geth@0.5.11 Reflected JavaScript Code Execution via CSRF Token in Authenticated User Link Reflected JavaScript Code Execution via CSRF Token in Social Engineering Attacks Reflected JavaScript Code Execution via CSRF Token in Graphs Page Critical SQL Injection Vulnerability in SourceCodester Library Management System 1.0 Stack Exhaustion Vulnerability in Go's regexp.Compile Improper Access Control Vulnerability in Samsung SearchWidget: Arbitrary URL and Local File Loading Improper Access Control in LiveWallpaperService Allows Unauthorized System Directory Creation Permanent Denial of Service Vulnerability in Android SettingsProvider XSS Vulnerability in SmartTagPlugin Prior to Version 1.2.15-6 Privilege Escalation Vulnerability in Samsung Video Player RKP Security Misconfiguration Vulnerability Unauthenticated AppLock App Manipulation Vulnerability Unrestricted Data Access in openemr/openemr prior to 7.0.0 Untrusted Applications Exploit Improper Access Control to Reset Default App Settings in Wear OS 3.0 Dynamic Receiver Access Control Vulnerability in ApkInstaller Alternate Path Vulnerability in Setup Wizard Process Remote Code Execution Vulnerability in Kingsoft WPS Office through 11.2.0.10382 via wpsupdater.exe Lexmark Products: Critical Incorrect Access Control Vulnerability Vulnerability: Out-of-Bounds Error in GBL Parser Allows Flash Sign Key and OTA Decryption Key Overwrite Buffer Overflow Vulnerability in Silicon Labs Ember ZNet Ember ZNet Stack Vulnerability: Malformed Packet Triggers Stack Overflow and Reset Ember ZNet Stack Vulnerability: Malformed Packet Triggers Stack Overflow and Reset Stored Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0 Remote Code Execution Vulnerability in Micrium uC-HTTP 3.01.01 Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V and other models CSRF Vulnerability in Apache JSPWiki User Preferences Form Allows Account Takeover Apache JSPWiki User Preferences XSS Vulnerability Privilege Escalation to Root in Eternal Terminal: Race Condition, Buffer Overflow, and Logic Bug in PipeSocketHandler::listen() Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository microweber/microweber prior to 1.2.21 Race Condition in Eternal Terminal Allows Hijacking of SSH Authorization Socket Race Condition Vulnerability in Eternal Terminal Prior to Version 6.2.0 Allows Local Attacker to Hijack IPC Socket Denial of Service Vulnerabilities in Eternal Terminal Prior to Version 6.2.0 Insecure Option Handling in Crypt_GPG Extension for PHP Stack-Based Buffer Overflow in Foxit PDF Reader and Editor (Versions before 11.2.1) via XFA Subform and Draw Substrings Uncontrolled Search Path Element for DLL files in Foxit PDF Reader and Editor before 11.2.1 SQL Injection Vulnerability in Shopware B2B-Suite (Versions up to 4.4.1) Persistent XSS Vulnerability in DHC Vision eQMS (Version 5.4.8.322) Allows Attackers to Execute Malicious Code Improper Buffer Release in Linux Kernel USB Gadget Legacy Driver Memory Leak in yam_siocdevprivate in Linux Kernel Use After Free Vulnerability in PDFTron SDK 9.2.0 Unassociated Portainer Agent API Server Persistence Vulnerability Buffer Overflow Vulnerability in apr_encode functions of Apache Portable Runtime (APR) Stored Cross-site Scripting (XSS) Vulnerability in Black Rainbow NIMBUS before 3.7.0 WebSocket Connection Hijacking Vulnerability in Mellium XMPP Library Apache Dubbo Open Redirect and SSRF Vulnerability Vulnerability: Exfiltration of Integration Access Token in GitLab CE/EE Remote Code Execution Vulnerability in Foxit PDF Reader 11.1.0.52543 via JPEG2000 Image Parsing Unauthenticated Information Disclosure Vulnerability in TP-Link TL-WR940N Routers Arbitrary Code Execution Vulnerability in TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) Routers Email Link Rewriting Vulnerability GitBleed: Undisclosed Deleted Content Vulnerability in Git --mirror Documentation Authentication Bypass Vulnerability in Atheme IRC Services Remote Code Execution in ImpressCMS before 1.4.2 via Directory Traversal and Unsafe Interaction with CKEditor processImage.php Privilege Escalation Vulnerability in Zoho ManageEngine ADAudit Plus Unauthenticated Access to Internal Content Elements in Varnishcache Extension for TYPO3 Misattributed Pipeline Creator Vulnerability Unauthenticated SSRF Vulnerability in Kitodo.Presentation Extension for TYPO3 Reflected Cross-Site Scripting (XSS) Vulnerability in JQueryForm.com Forms Cleartext Credential Exposure in JQueryForm.com Forms Information Disclosure and Remote Code Execution in JQueryForm.com (CVE-2022-24984) Remote Code Execution via File Upload Vulnerability in JQueryForm.com Remote Authentication Bypass Vulnerability in JQueryForm.com Forms KDE KCron File Interception Vulnerability Off-by-one Buffer Overflow in PrimitivePolynomialField::new in galois_2p8 before 0.1.2 Remote Code Execution in TerraMaster NAS (CVE-2022-24990) Insecure Direct Object Reference Vulnerability in GitLab's Jira Integration TerraMaster NAS 4.2.29 and Earlier Information Disclosure Vulnerability Directory Traversal Vulnerability in QR Code Generator v5.2.7's process.php Component Stack Overflow Vulnerability in Tenda AX3 v16.03.12.10_CN: Exploiting fromSetSysTime Function for Denial of Service (DoS) Remote Code Execution Vulnerability in qs Library Stored XSS Vulnerability in GitLab CE/EE Versions Prior to 15.2.1 SQL Injection Vulnerability in Hospital Patient Record Management System v1.0 SQL Injection Vulnerability in Hospital Patient Record Management System v1.0 Unauthenticated Access Vulnerability in totolink EX300_v2 and EX1200T Bypassing IP Allow-listing to Download Artifacts in GitLab EE Root File System Vulnerability in Stepmania v5.1b2 and Below Weak Password Encryption in Argus Surveillance DVR v4.0 Multiple Reflected XSS Vulnerabilities in Ice Hrm 30.0.0.OS via key and fm Parameters in login.php Component Reflected Cross-Site Scripting (XSS) Vulnerability in Ice Hrm 30.0.0.OS via m Parameter in Dashboard Stored XSS Vulnerability in Ice Hrm 30.0.0.OS Allows Cookie Theft via Crafted First Name Field Payload Arbitrary File Upload Vulnerability in Home Owners Collection Management System v1.0 Command Injection Vulnerability in Hitron CHITA 7.2.2.0.3b6-CD Devices via Device/DDNS ddnsUsername Field Arbitrary Code Execution Vulnerability in Pluxml v5.8.7 Buffer Overflow Vulnerability in HCI IEC 60870-5-104 Function of RTU500 Series Pluxml v5.8.7 Cross-Site Scripting (XSS) Vulnerability in Thumbnail Path Cross-Site Scripting (XSS) Vulnerability in Htmly v2.8.1 Allows Arbitrary Code Execution via Crafted Blog Post Content Heap-Buffer Overflow in fouBytesToInt() Function in AudioFile.h Typecode Decoding Error in json2xml Package: Remote Denial of Service Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Rocket TRUfusion Portal v7.9.2.1 Authentication Bypass Vulnerability in Rocket TRUfusion Portal v7.9.2.1 Cross-Site Scripting (XSS) Vulnerability in Home Owners Collection Management System v1.0 Vulnerability: Root Privilege Bypass and Unverified Firmware/Module Loading Unquoted Service Path Privilege Escalation in Remote Desktop Commander Suite Agent SQL Injection vulnerability in SDD-Baro software (before 2.8.432) allows unauthorized database access Incorrect Access Control Issue in OpenEMR v6.0.0 Stack Buffer Overflow in Espruino 2v11.251 via jsvNewFromString in src/jsvar.c Hardcoded Credentials Vulnerability in Home Owners Collection Management System v1.0 Arbitrary Code Execution Vulnerability in CWP v0.9.8.1122 via Path Traversal in loader.php Predictable Password Reset Tokens in CWP v0.9.8.1126 Root-level command injection vulnerability in CWP v0.9.8.1126, enabling unauthorized users to execute commands with root privileges. Memory Corruption Vulnerabilities in Firefox 102 and Thunderbird 102.1 Stack Overflow Vulnerability in rtl_433 21.12: Denial of Service (DoS) via Crafted File Off-by-one Error in cmr113_decode of rtl_433 21.12 when decoding crafted file Command Injection Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709 via oal_startPing Component Command Injection Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709 via oal_setIp6DefaultRoute Component Integer Overflow Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709: Exploiting dm_checkString Function for DoS Attacks Remote Code Execution Vulnerability in TP-LINK TL-WR840N(ES)_V6.20_180709 via oal_wan6_setIpAddr Function DOM-based Cross-Site Scripting (XSS) Vulnerability in Mark Text v0.16.3 User Input Rendering Vulnerability in Octopus Deploy Stack Overflow in TP-Link Archer A54 Router Allows Arbitrary Code Execution Stack Overflow Vulnerability in TL-WR841Nv14_US_0.9.1_4.18 Routers: Unauthenticated Remote Code Execution Stack Overflow Vulnerability in TP-Link TL-WR902AC(US)_V3_191209 Routers: Remote Code Execution Command Injection Vulnerability in TOTOLink A3000RU V5.9c.2280_B20180512 Command Injection Vulnerability in TOTOLink A800R V4.1.2cu.5137_B20200730 Command Injection Vulnerability in TOTOLink A3100R V4.1.2cu.5050_B20200504 Command Injection Vulnerability in TOTOLink A3600R V4.1.2cu.5182_B20201102 Command Injection Vulnerability in TOTOLink A810R V4.1.2cu.5182_B20201026 Verbose Error Messaging Allows Unauthorized Resource Discovery in Octopus Server Command Injection Vulnerability in TOTOLink A830R V5.9c.4729_B20191112 Command Injection Vulnerability in TOTOLink T10 V5.9c.5061_B20200511 Main Function Command Injection Vulnerability in TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 Command Injection Vulnerability in TOTOLink A860R V4.1.2cu.5182_B20201027 Command Injection Vulnerability in TOTOLink T6 V5.9c.4085_B20190428 Main Function Privileged API Misuse in Printix Secure Cloud Print Management Double Free Vulnerability in gnutls_pkcs7_verify Function Insecure Permissions in Printix Secure Cloud Print Management Allows Privilege Escalation Unauthenticated Users Can Disclose Messages in Private Forums via Quote Reply Feature Remote Code Execution Vulnerability in Home Owners Collection Management System v1.0 via cover Parameter in SystemSettings.php Unauthenticated Account Compromise in Home Owners Collection Management System v1.0 SQL Injection Vulnerability in Home Owners Collection Management System v1.0 Arbitrary File Deletion Vulnerability in ECTouch v2 Arbitrary Code Execution Vulnerability in WBCE CMS v1.5.2 Arbitrary HTML Injection (XSS) Vulnerability in BlueSpice Extension:ExtendedSearch Arbitrary Code Execution Vulnerability in WBCE CMS v1.5.2 via /templates/install.php Arbitrary File Download Vulnerability in HorizontCMS v1.0.0-beta.2 Stack-based Buffer Overflow in D-Link DIR-859 v1.05 via genacgi_main Function NULL Pointer Dereference Vulnerability in Foxit PDF Reader and Editor and PhantomPDF Arbitrary HTML Injection via commonuserinterface Component Title Parameter in BlueSpice Reflected XSS Vulnerability in Event Management v1.0 via register.php Remote Code Execution (RCE) Vulnerability in Home Owners Collection Management System v1.0 Confidential Note Leakage Vulnerability in GitLab CE/EE SQL Injection Vulnerability in MCMS v5.2.4 via search.do in /mdiy/dict/listExcludeApp Clear-text Credential Storage Vulnerability in Hitachi Energy's PCM600 Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Command Injection Vulnerability in TOTOLINK Technology Router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 Command Injection Vulnerability in TOTOLINK Technology Router T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 Command Injection Vulnerability in TOTOLINK Technology Router T6 V3 Firmware T6_V3_V4.1.5cu.748_B20211015 Command Injection Vulnerability in TOTOLINK T6 V3 Router Firmware Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Command Injection Vulnerability in TOTOLINK Technology Routers T6 and T10 Stored Cross-Site Scripting (XSS) Vulnerability in Axelor Open Suite v5.0 via Name Parameter Heap Use-After-Free Vulnerability in njs through 0.7.0 Reflected XSS Vulnerability in Fava Prior to v1.22 CSRF Token Exfiltration Vulnerability in Liferay Portal and Liferay DXP Integer Overflow or Wraparound Vulnerability in apr_base64 Functions of Apache Portable Runtime Utility (APR-util) Allows Buffer Overflow SQL Injection Vulnerability in WP Statistics WordPress Plugin SQL Injection Vulnerability in WP Statistics WordPress Plugin Stored Cross-Site Scripting Vulnerability in Simple Banner WordPress Plugin (Versions up to 2.11.0) Privilege Escalation Vulnerability in Malwarebytes Binisoft Windows Firewall Control Sensitive Information Exposure and Cross-Site Scripting Vulnerability in ITarian Service Desk Module Vulnerability: Arbitrary Code Execution and System Takeover via ITarian Platform Procedure Approval Bypass Insecure OpenSSL Settings Allow Privilege Escalation in ITarian Endpoint Management Communication Client DLL Hijacking Vulnerability in Samsung Portable SSD T5 PC Software Allows Privilege Escalation Replay Attack Vulnerability in Mitsubishi Electric MELSEC PLC Series Weak Hash Vulnerability in Mitsubishi Electric MELSEC Industrial Control Systems Authentication Bypass via Password Hash Disclosure in Mitsubishi Electric MELSEC PLCs Cleartext Storage of Password Hashes vulnerability in Mitsubishi Electric MELSEC PLCs Authentication Bypass by Capture-replay Vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPUs Stored Cross-Site Scripting Vulnerability in Visual Composer Website Builder Plugin for WordPress Cleartext Storage of Sensitive Information Vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series CPUs Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-F series Remote Code Execution and Denial of Service Vulnerability in Mitsubishi Electric MELSEC-Q, MELSEC-L, and MELSEC iQ-R Series Cleartext Storage of Sensitive Information Vulnerability in Mitsubishi Electric GX Works3 and MX OPC UA Module Configurator-R TOCTOU Race Condition in Amazon AWS VPN Client Allows Arbitrary File Write Net-NTLMv2 Hash Leakage Vulnerability in Amazon AWS VPN Client 2.0.0 Remote Code Execution (RCE) Vulnerability in Apache Flume JMS Source with JNDI LDAP Data Source URI Arbitrary Command Injection in Apache Hadoop's FileUtil.unTar() API Apache Tika BPG Parser Memory Allocation Vulnerability Stored Cross-Site Scripting Vulnerability in Beaver Builder WordPress Page Builder Stack-Based Buffer Overflow Vulnerability in Project File Processing Command Injection Vulnerability in p4 Package (Versions before 0.0.7) Information Disclosure Vulnerability in InHand Networks InRouter302 V3.5.4: Session Cookie Missing HttpOnly Flag Jenkins Pipeline: Groovy Plugin Arbitrary OS Command Execution Vulnerability Jenkins Pipeline: Shared Groovy Libraries Plugin Arbitrary OS Command Execution Vulnerability Arbitrary OS Command Execution Vulnerability in Jenkins Pipeline: Multibranch Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Groovy Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Arbitrary File Read Vulnerability in Jenkins Pipeline: Multibranch Plugin Cross-Site Request Forgery Vulnerability in Stockists Manager for Woocommerce Plugin Jenkins Pipeline: Groovy Plugin Password Parameter Leakage Vulnerability Sandbox Bypass Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Jenkins Pipeline: Shared Groovy Libraries Plugin Sandbox Bypass Vulnerability Arbitrary Code Execution in Jenkins Pipeline Shared Groovy Libraries Plugin Jenkins Pipeline: Build Step Plugin Default Password Parameter Disclosure Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Generic Webhook Trigger Plugin Jenkins HashiCorp Vault Plugin: Unauthorized Retrieval of Vault Secrets by Agent Processes Unredacted Sensitive Information in Jenkins Support Core Plugin Jenkins Fortify Plugin 20.2.34 and earlier - Unsanitized Parameters Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Custom Checkbox Parameter Plugin 1.1 and Earlier Double Free or Corruption Vulnerability in rotateImage() Function of libtiff 4.4.0rc1 Vulnerability: Enumeration of Credentials IDs in Jenkins Conjur Secrets Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Agent Server Parameter Plugin Jenkins Snow Commander Plugin CSRF Vulnerability Allows Unauthorized Credential Capture Unauthenticated Remote Code Execution in Jenkins Snow Commander Plugin CSRF Vulnerability in Jenkins Autonomiq Plugin Allows Unauthorized Server Connections Unauthenticated Remote Code Execution in Jenkins AutonomIQ Plugin Jenkins GitLab Authentication Plugin URL Redirection Vulnerability Arbitrary File Read Vulnerability in Jenkins HashiCorp Vault Plugin CSRF Vulnerability in Jenkins SCP Publisher Plugin Allows Unauthorized SSH Server Connections Vulnerability: Unauthorized SSH Server Connection in Jenkins SCP Publisher Plugin Sysmalloc Assertion Fail in libtiff 4.4.0rc1's rotateImage() Function Jenkins Checkmarx Plugin 2022.1.2 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Allows Unauthorized Access to Jenkins Credentials Jenkins Checkmarx Plugin 2022.1.2 and Earlier Vulnerability: Unauthorized Access to Attacker-Specified Webserver Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Promoted Builds (Simple) Plugin 1.9 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Team Views Plugin 0.9.0 and Earlier Jenkins Doktor Plugin File Existence Disclosure Vulnerability Jenkins dbCharts Plugin 0.5.2 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Jenkins dbCharts Plugin 0.5.2 and earlier: Unauthorized Database Access via JDBC Jenkins Chef Sinatra Plugin CSRF Vulnerability Jenkins Chef Sinatra Plugin 1.20 and Earlier: Missing Permission Check Allows HTTP Request Parsing Vulnerability XML External Entity (XXE) Vulnerability in Jenkins Chef Sinatra Plugin 1.20 and Earlier Invalid Pointer Free Vulnerability in libtiff 4.4.0rc1 Static Field Vulnerability in Jenkins Convertigo Mobile Platform Plugin Unauthenticated Remote Code Execution in Jenkins SWAMP Plugin CSRF Vulnerability in Jenkins SWAMP Plugin Allows Unauthorized Server Connections Vulnerability: Unauthorized Root Shell Access via Unprotected UART Port and Das U-Boot BIOS Shell Unauthenticated Remote Access to Sensitive Network Information and WPA Passphrases Unauthenticated Remote Access Control Vulnerability in LocalMACConfig.asp Absolute Path Traversal Vulnerability in DVDFab 12 Player (PlayerFab) Allows Unauthorized File Downloads Hard-coded Cryptographic Key Pair Vulnerability in Telnetd_Startup Service Vulnerability Title: Unauthenticated Remote Code Execution in telnetd_startup with RSA Algorithm Padding Issue Null Byte Interaction Error in Telnetd_Startup Daemon: Predictable Ephemeral Passwords (CVE-2022-25218) Heap-based Buffer Overflow in Vim Prior to 9.0.0061 Persistent JavaScript Injection Vulnerability in PeteReport Version 0.5 URL-based JavaScript Injection Vulnerability in Money Transfer Management System Version 1.0 SQL Injection Vulnerability in Money Transfer Management System Version 1.0 SQL Injection Vulnerability in Money Transfer Management System Version 1.0 Proton v0.2.0 Markdown File XSS and OS Command Injection Vulnerability SQL Injection and Remote Code Execution in Network Olympus v1.8.0 Unauthenticated Remote Code Execution in ThinVNC Version 1.0b1 Thinfinity VNC v4.0.0.1 Cross-Origin Resource Sharing (CORS) Vulnerability SQL Injection Vulnerabilities in CandidATS Version 3.0.0 Beta Stored XSS and OS Command Injection in Popcorn Time 0.4.7 via 'Movies API Server(s)' Field Reflected Cross-site Scripting (XSS) Vulnerability in beancount/fava prior to 1.22.2 CX-Programmer v9.76.1 and Earlier Use After Free Vulnerability in CXP File Parsing Denial of Service (DoS) Vulnerability in node-opcua Package CX-Programmer v9.76.1 Out-of-Bounds Write Vulnerability in CXP File Parsing Expat (libexpat) XML Parsing Vulnerability: Lack of Encoding Validation Expat (libexpat) XML Namespace URI Injection Vulnerability Authentication/Authorization Bypass Vulnerability in Bonita Web 2021.2 Cross-Site Scripting (XSS) Vulnerability in Silverstripe Framework CSV User Import Functionality CSRF Vulnerability CSRF Vulnerability in FileCloud before 21.3 Allows Unauthorized File Upload Wildcard Certificate Issuance Vulnerability in Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 Tokenization Key Exposure in Vault Enterprise Clusters Default Currency Name Disclosure Vulnerability in Zoho ManageEngine ServiceDesk Plus Hard-coded Credentials in Axeda Agent and Axeda Desktop Server for Windows Allow Remote Control Exploitation Unauthenticated Remote Code Execution in Axeda Agent and Axeda Desktop Server Information Disclosure Vulnerability in Axeda Agent and Axeda Desktop Server Directory Traversal Vulnerability in Axeda Agent and Axeda Desktop Server for Windows Excessive Authentication Attempts Vulnerability in janeczku/calibre-web prior to 0.6.20 Unauthenticated Remote Shutdown Vulnerability in Axeda Agent and Axeda Desktop Server Unauthenticated Remote Configuration Modification Vulnerability in Axeda Agent and Axeda Desktop Server Remote Unauthenticated Crash Vulnerability in Axeda Agent and Axeda Desktop Server Binary Execution Vulnerability in QProcess Cross-Site Scripting (XSS) Vulnerability in SAS Web Report Studio 4.4 Memory Corruption Vulnerability in USB Gadget Subsystem Reflected XSS Vulnerability in JetBrains Hub before 2021.1.14276 Use-After-Free Vulnerability in systemd's resolved-dns-stream.c Blind Server-Side Request Forgery (SSRF) Vulnerability in JetBrains Hub Reflected XSS Vulnerability in JetBrains TeamCity before 2021.2.2 SAML Request Takeover Vulnerability in JetBrains Hub before 2022.1.14434 OS Command Injection in JetBrains TeamCity Agent Push Configuration Sensitive Password Logging Vulnerability in JetBrains TeamCity Executable Attribute Vulnerability in Legacy Linux Kernel Versions Directory Traversal Vulnerability in Passwork On-Premise Edition before 4.6.13 Directory Traversal Vulnerability in Passwork On-Premise Edition before 4.6.13 CSRF Vulnerability in Passwork On-Premise Edition before 4.6.13 Multiple XSS Vulnerabilities in Passwork On-Premise Edition before 4.6.13 Arbitrary Content Injection Vulnerability in GitLab CE/EE Quick Edit Module Access Control Vulnerability Vulnerability: Improper Input Validation in Drupal Core's Form API Vulnerability: Improper Input Validation in Drupal Core's Form API Access Bypass Vulnerability in Drupal 9.3's Generic Entity Access API Insecure Derivative Image Access Vulnerability Insecure Domain Validation in Media oEmbed iframe Route Vulnerability: Improper Sanitization of Filenames with Dangerous Extensions in Drupal Core Vulnerability: Incorrect Form Element Access Evaluation in Drupal Core Insufficient Permissions Vulnerability in Octopus Deploy's Built-in Feed Insufficient Packet Sanitization in sFlow Decode Package: A Denial of Service Vulnerability Authenticated Remote Retrieval of Certificate Private Keys in WatchGuard Firebox and XTM Appliances Heap-based Buffer Overflow in WatchGuard Firebox and XTM Appliances via Malicious Firmware Update Image Remote Code Execution Vulnerability in WatchGuard Firebox and XTM Appliances via Malicious Firmware Update Systemd Stack-Based Buffer Overflow in WatchGuard Firebox and XTM Appliances Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Agent for Windows Open Redirect Vulnerability in gophish before 0.12.0 Prototype Pollution in bodymen package via handler function Arbitrary File Write Vulnerability in drogonframework/drogon before 1.7.5 Arbitrary File Fetch Vulnerability in sprinfall/webcc before 0.3.0 Arbitrary File Write Vulnerability in cesanta/mongoose before 7.6 Prototype Pollution vulnerability in jsgui-lang-essentials package Denial of Service (DoS) Vulnerability in asneg/opcuastack Package: Unvalidated Data Forwarding in OpcUaNodeIdBase.h Cross-site Scripting (XSS) Vulnerability in Whoogle-Search Package Unlimited Chunk Denial of Service (DoS) Vulnerability in opcua and asyncua Packages Cross-Site Scripting Vulnerability in WP Statistics WordPress Plugin Cross-Site Scripting Vulnerability in WP Statistics WordPress Plugin Cross-Site Scripting Vulnerability in WP Statistics WordPress Plugin Stack-based Buffer Overflow Vulnerability in Fribidi Package Heap-based Buffer Overflow Vulnerability in Fribidi's fribidi_cap_rtl_to_unicode() Function Path Traversal Vulnerability in GitLab EE Allows Unauthenticated Users to Perform Unauthorized Queries via Grafana API Fribidi Package SEGV Vulnerability in fribidi_remove_bidi_marks() Function Privilege Escalation Vulnerability in SINEC NMS and SINEMA Server XML External Entity (XXE) Injection Vulnerability in Any23 RDFa XSLTStylesheet Extractor Stack Exhaustion Vulnerability in Expat (libexpat) before 2.4.5 via Large Nesting Depth in DTD Element Integer Overflow in copyString in Expat (libexpat) before 2.4.5 Integer Overflow in storeRawNames in Expat (libexpat) before 2.4.5 Reflected XSS Vulnerability in Cerebrate's genericForm Incorrect Sharing Group ACL Allows Unauthorized Editing and Modification in Cerebrate 1.4 Open Endpoints Vulnerability Reflected Cross-Site Scripting in Feed Them Social WordPress Plugin Username Enumeration Vulnerability in Cerebrate 1.4 Cross-Site Scripting (XSS) Vulnerability in Cerebrate Bookmarks Component ZEROF Web Server 2.0 SQL Injection Vulnerability ZEROF Web Server 2.0 Vulnerability: /admin.back XSS Vulnerability: Denial of Service (DoS) in package bignum due to V8 Type-Check Exception CX-Programmer v9.76.1 and Earlier Use After Free Vulnerability in CXP File Parsing World-writable directory vulnerability in fscrypt v0.3.2 and below PAM Module for fscrypt Denial of Service Vulnerability Privilege Escalation Vulnerability in fscrypt Bash Completion Script Static Credential Authentication Vulnerability in Trend Micro ServerProtect 6.0/5.8 Information Server Authentication Bypass Vulnerability in GitLab Package Registries Remote Code Execution Vulnerability in Trend Micro ServerProtect 6.0/5.8 Information Server Remote Code Execution Vulnerability in Trend Micro ServerProtection 6.0/5.8 Information Server Timing Side Channel Vulnerability in AES Implementation on Texas Instruments OMAP L138 Vulnerability: Arbitrary Code Execution in Texas Instruments OMAP L138 TEE Vulnerability: Stack Overflow in Texas Instruments OMAP L138 TEE SK_LOAD Module Loading Routine Vulnerability: Lack of onlyOwner Modifier in RigoBlock Dragos' setMultipleAllowances Allows Token Manipulation Insecure Direct Object Reference (IDOR) Vulnerability in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x Injection Attacks via Image Filenames in Ibexa DXP ezsystems/ezpublish-kernel 7.5.x and 1.3.x Physical Proximity Access Control Vulnerability in ownCloud Android App Incorrect Access Control in ownCloud Android 2.20: Local Attackers Exploit Improper Data Handling in GitLab's Datadog Integration Leads to Disclosure of Contributor Emails Broken Access Control Vulnerability on Olivetti d-COLOR MF3555 2XD_S000.002.271 Devices Denial of Service Vulnerability in Olivetti d-COLOR MF3555 2XD_S000.002.271 Web Application Cross-Site Scripting (XSS) Vulnerability on Olivetti d-COLOR MF3555 2XD_S000.002.271 Devices Denial of Service (DoS) Vulnerability in @discordjs/opus Package Path Traversal Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Untrusted Search Path Vulnerability in AttacheCase ver. 4.0.2.7 and Earlier Cross-site Scripting (XSS) Vulnerability in materialize-css Autocomplete Component Unauthenticated Users Can Disclose Private/Draft/Pending Post Titles in SearchWP Live Ajax Search Plugin Command Injection Vulnerability in puppet-facter's getFact Function Prototype Pollution in libnested before 1.5.2 via set function in index.js Prototype Pollution in set-in package (versions before 2.0.3) via setIn method Improper Handling of HTTP Host Header in EC-CUBE Leads to Email Spoofing Vulnerability XML Injection Vulnerability in Alt-N MDaemon Security Gateway through 8.5.0 Improper Access Control in Pexip Infinity 27.x before 27.2 Path Traversal Vulnerability in awful-salmonella-tar before 0.0.4 Unauthenticated Remote File Manipulation Vulnerability in ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 Unauthenticated Setting Changes Vulnerability in Transposh WordPress Translation Plugin (Versions up to 1.0.8.1) Arbitrary File Upload Vulnerability in WatchGuard Firebox and XTM Appliances Arbitrary File Deletion Vulnerability in WatchGuard Firebox and XTM Appliances Privileged Management User Credential Modification Vulnerability in WatchGuard Firebox and XTM Appliances Default Built-in Build Cache Configuration Allows Anonymous Write Access in Gradle Enterprise Arbitrary File Movement Vulnerability in Docker Desktop on Windows DYLIB Injection Vulnerability in Cryptomator 1.6.5 Spectre BHB: Exploiting Shared Branch History for Cache Allocation Inference Reflected Cross-Site Scripting in WooCommerce PDF Invoices & Packing Slips WordPress Plugin Stored XSS Vulnerability in Apache OFBiz Birt Plugin Remote Code Execution Vulnerability in Apache OFBiz via Birt Plugin (CVE-2020-9484) Local Privilege Escalation Vulnerability in Pritunl Client for Windows Stored XSS Vulnerability in Zoho ManageEngine SupportCenter Plus before 11020 Insecure Logging of Inbound HTTP Requests in HashiCorp Terraform Enterprise RNDIS USB Gadget Size Validation Vulnerability Arbitrary File Read Vulnerability in Appwrite ACME-Challenge Endpoint Reflected Cross-Site Scripting in WP Hide & Security Enhancer WordPress Plugin Arbitrary File Download Vulnerability in DCN Firewall DCME-520 Vulnerability: Unauthorized Filtering of Issues by Contact and Organization in GitLab CE/EE Remote Command Execution (RCE) Vulnerability in DCN Firewall DCME-520 via /system/tool/ping.php Host Parameter SQL Injection Vulnerability in Simple Bakery Shop Management v1.0 SQL Injection Vulnerability in Medical Store Management System v1.0 via cid parameter in customer-add.php Multiple Reflected Cross-Site Scripting (XSS) Attacks in Cosmetics and Beauty Product Online Store v1.0 SQL Injection Vulnerability in Cosmetics and Beauty Product Online Store v1.0 via Search Parameter SQL Injection Vulnerability in Auto Spare Parts Management v1.0 SQL Injection Vulnerability in Simple Real Estate Portal System v1.0 via id Parameter Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting in Link Optimizer Lite Plugin for WordPress Arbitrary File Read Vulnerability in Cuppa CMS v1.0 Unauthenticated Access Control Vulnerability in HMS v1.0 Allows Unauthorized PHP File Access and Modification SQL Injection Vulnerability in HMS v1.0 via admin.php Component SQL Injection Vulnerability in Tongda2000 v11.10's delete.php via DELETE_STR Parameter SQL Injection Vulnerability in Tongda2000 v11.10's change_box.php via DELETE_STR Parameter SQL Injection Vulnerability in Tongda2000 v11.10's delete_query.php Stored XSS Vulnerability in Hospital Management System v1.0 via Doctor Parameter Stored XSS Vulnerability in Hospital Management System v1.0 via dpassword parameter at /admin-panel1.php Stored Cross-Site Scripting (XSS) Vulnerability in Hospital Management System v1.0 Vulnerability: Cross-Site Request Forgery to Cross-Site Scripting in uContext for Amazon WordPress Plugin Stored XSS Vulnerability in Maxsite CMS v180 via f_file_description Parameter at /admin/files Maxsite CMS v180 Remote Code Execution (RCE) Vulnerability at /admin/options Arbitrary File Deletion Vulnerabilities in Maxsite CMS v180 Stored Cross-Site Scripting (XSS) Vulnerability in Maxsite CMS v108 via f_tags Parameter at /admin/page_edit/3 Stack Overflow Vulnerability in Tenda AC9 V15.03.2.21_cn via NPTR Parameter Stack Overflow Vulnerability in Tenda AC9 V15.03.2.21_cn via saveparentcontrolinfo Function Stack Overflow Vulnerability in Tenda AC9 V15.03.2.21_cn via openSchedWifi Function Vulnerability: Cross-Site Request Forgery and Cross-Site Scripting in uContext for Clickbank Plugin CLRF Injection Vulnerability in NTT Resonant Incorporated goo blog App Web Application 1.0 Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via schedendtime Parameter in openSchedWifi Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via deviceId Parameter in saveparentcontrolinfo Function Buffer Overflow Vulnerability in Tenda AC9 v15.03.2.21 via Time Parameter in saveparentcontrolinfo Function Arbitrary CSS Injection in Visual Portfolio WordPress Plugin Multiple Stack Overflow Vulnerabilities in Tenda AC9 v15.03.2.21 Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via urls Parameter in saveparentcontrolinfo Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 Firewall Configuration Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via SetStaticRoutecfg Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via SetVirtualServerCfg Function Remote Command Execution Vulnerability in Tenda AC9 v15.03.2.21 via SetIPTVCfg Function Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via SetIpMacBind Function Unauthenticated Directory Listing Vulnerability in Ninja Job Board WordPress Plugin Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21 via ntpserver Parameter Remote Command Execution Vulnerability in Tenda AC9 v15.03.2.21 via vlanid Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi PowerSaveSet Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via schedstarttime Parameter in openSchedWifi Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via schedendtime Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via openSchedWifi Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AC6 V15.03.05.09_multi via SetVirtualServerCfg Function Stack Overflow Vulnerability in Tenda AC6 V15.03.05.09_multi via setstaticroutecfg Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via URLs Parameter in saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via time Parameter in saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via loginpwd Parameter in SetFirewallCfg Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via SetIpMacBind Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via security_5g Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via ntpserver Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via cmdinput Parameter Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via S1 Parameter in SetSysTimeCfg Function Arbitrary HTML and JavaScript Injection in All-in-One WP Migration WordPress Plugin Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via endip Parameter in SetPptpServerCfg Function Stack Overflow Vulnerability in Tenda AC6 v15.03.05.09_multi via SetPptpServerCfg Function Segmentation Fault Vulnerability in Yafu v2.0 via /factor/avx-ecm/vecarith52.c Stored XSS Vulnerability in DoraCMS v2.1.8's /admin/contenttemp Component Stack Buffer Overflow in Espruino 2v11 Release via jsvGetNextSibling in src/jsvar.c Denial-of-Service Vulnerability in Softing Secure Integration Server V1.22 OpenEMR 6.0.0 Insecure Direct Object Reference (IDOR) Vulnerability Unprotected PATHINFO Parameter in ThinkPHP Framework v5.0.24 Allows Access to System Environment Parameters Reachable Assertion in tcpprep v4.4.1: Assertion Failure in packet2tree() Local File Inclusion Vulnerability in CuppaCMS v1.0 Local File Inclusion Vulnerability in CuppaCMS v1.0 Remote Code Execution (RCE) Vulnerability in Atom CMS v2.0 via /admin/uploads.php SQL Injection Vulnerability in Atom CMS v2.0 via id parameter in /admin/ajax/avatar.php Reflected Cross-Site Scripting (XSS) Vulnerability in Atom CMS v2.0 NULL Pointer Dereference Vulnerability in gpac/gpac prior to v2.1.0-DEV SQL Injection Vulnerability in HMS v1.0 via editid Parameter in department.php SQL Injection Vulnerability in HMS v1.0 via editid Parameter in appointment.php SQL Injection Vulnerability in HMS v1.0 via medicineid Parameter in ajaxmedicine.php Reflected XSS Vulnerability in HMS v1.0 via treatmentrecord.php SQL Injection Vulnerability in Online Banking System v1.0 via staff_login.php Arbitrary File Upload and Code Execution Vulnerability in CuppaCMS v1.0 Arbitrary File Read Vulnerability in CuppaCMS v1.0 CuppaCMS v1.0 Remote Code Execution (RCE) Vulnerability in saveConfigData Function OS Command Injection in Hestia Control Panel (HestiaCP) prior to version 1.6.5 SQL Injection Vulnerability in Taocms v3.0.2 via id parameter in \include\Model\Category.php SQL Injection Vulnerability in FreeTAKServer-UI v1.9.8 via /AuthenticateUser API Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in FreeTAKServer-UI v1.9.8 via Callsign Parameter Access Control Issue in FreeTAKServer v1.9.8: Unauthenticated DoS and Route Manipulation Vulnerability Unauthenticated Access to Full Site Backup in Duplicator WordPress Plugin Hardcoded Flask Secret Key in FreeTAKServer 1.9.8 Allows Authentication Bypass and Privilege Escalation Arbitrary File Placement Vulnerability in FreeTAKServer-UI v1.9.8 Sensitive API and Websocket Key Leakage in FreeTAKServer-UI v1.9.8 Heap-buffer-overflow vulnerability in stb_truetype.h v1.26 via ttUSHORT() function Heap-buffer-overflow vulnerability in stb_truetype.h v1.26 via ttULONG() function Heap-buffer-overflow vulnerability in stb_truetype.h v1.26 via stbtt__find_table SQL Injection Vulnerability in MyBatis Plus v3.4.3 via Column Parameter in AbstractWrapper.java Vulnerability: Password Exposure in CMDBuild Temporary Log Table Unauthenticated Information Disclosure in Duplicator WordPress Plugin Access Control Issue in NUUO v03.11.00 TypesetterCMS v5.1 Cross-Site Request Forgery (CSRF) Vulnerability Ignored Authfile Directive Allows Unauthorized Communication in Cluster Path Traversal Vulnerability in Enable Media Replace WordPress Plugin Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsUser Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via fromSetSysTime Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting fromSetSysTime Function for DoS Attacks Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsEn Parameter CSRF Vulnerability in Yotpo Reviews for WooCommerce WordPress Plugin Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Denial of Service via deviceName Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsDomain Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Denial of Service via ssid Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via ddnsPwd Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Denial of Service via saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting fromSetSysTime Function for DoS Attacks Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21: Denial of Service (DoS) via sub_42E328 Heap Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting saveParentControlInfo Function for DoS Attacks Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via formSetProvince Function Mailchimp for WooCommerce WordPress Plugin 2.7.2 Privilege Escalation and Network Scanning Vulnerability Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21: Denial of Service (DoS) via sub_4327CC Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21: Denial of Service (DoS) via sub_42DE00 Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting saveParentControlInfo Function for Denial of Service (DoS) MotionEye v0.42.1 and below: Sensitive Information Disclosure via Unconfigured Regular User Password Static SSH Key Reuse Vulnerability in Bettini Srl GAMS Product Line v4.3.0 Arbitrary File Download and Deletion Vulnerability in Team WordPress Plugin Privilege Escalation Vulnerability in Click Studios Passwordstate 9435 Critical Information Leak Vulnerability in Bluedon Internet Access Detector v1.0 Stored XSS Vulnerability in Image Upload Function of /admin/show.php Cross-Site Scripting (XSS) Vulnerabilities in Parking Management System v1.0 Cross-Site Request Forgery (CSRF) vulnerability in Anchor CMS v0.12.7 allows arbitrary post deletion Hardcoded Password Vulnerability in ALF-BanCO v8.2.5 and Below Code Injection Vulnerability in Taocms v3.0.2 via .htaccess File Editing Directory Listing Vulnerability in Simple Job Board WordPress Plugin Arbitrary File Upload and Code Injection Vulnerability in Classcms v2.5 and Below Stored XSS Vulnerability in ClassCMS v2.5 and Below: Column Module Allows Arbitrary Code Execution FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY Information Disclosure Vulnerability Stored XSS Vulnerability in Unioncms v1.0.13 Default Settings SQL Injection Vulnerability in Fluent Support WordPress Plugin Session Cookie Retention Vulnerability in SurveyKing v0.2.0 Arbitrary File Deletion Vulnerability in BlogEngine.NET v3.3.8.0 Sensitive Information Exposure in Microprogram's Parking Lot Management System Improper User Request Handling in ASUS RT-AC86U: LAN Denial of Service Vulnerability Heap-based Buffer Overflow Vulnerability in ASUS RT-AC56U Configuration Function Command Injection Vulnerability in ASUS RT-AC86U’s LPD Service Apache DolphinScheduler User Registration Regular Express Denial of Service (ReDoS) Vulnerability CSRF Vulnerability in Spiffy Calendar WordPress Plugin Allows Event Deletion Arbitrary File Deletion Vulnerability in EnterpriseDT CompleteFTP Server 22.1.0 CSRF Vulnerability in WP Google Map Plugin (<= 4.2.3) Allows Unauthorized Deletion and Copying of Maps Contact Form X WordPress Plugin <= 2.4 Reflected XSS Vulnerability in &tab Parameter Responsive Menu WordPress Plugin <= 4.1.7: Nonce Token Leak Vulnerability MaxGalleria WordPress Plugin Authenticated Stored XSS Vulnerability WordPress Price Table Plugin <= 0.2.2 Authenticated Stored XSS Vulnerability Title: Multiple Authenticated Stored XSS Vulnerabilities in WP-DownloadManager WordPress Plugin (<= 1.68.6) Title: WP-DownloadManager Plugin <= 1.68.6 Multiple Authenticated Stored XSS Vulnerabilities Critical Authenticated SQL Injection Vulnerability in FV Flowplayer Video Player WordPress Plugin (<= 7.5.15.727) CSRF Vulnerability in Yoo Slider – Image Slider & Video Slider WordPress Plugin Allows Unauthorized Slider Actions Stored Cross-Site Scripting (XSS) Vulnerability in Yoo Slider – Image Slider & Video Slider WordPress Plugin Arbitrary Code Execution via XML Deserialization in OPC Labs QuickOPC 2022.1 Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner Plugin <= 1.5.4 Simple Event Planner WordPress Plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) Vulnerabilities Title: Authenticated Persistent XSS Vulnerability in FV Flowplayer Video Player WordPress Plugin (<= 7.5.18.727) via &fv_wp_flowplayer_field_splash Parameter CSRF Vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress Plugin (<= 1.3.7) Allows Unauthorized Zoom Meeting Sync CSRF Vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar WordPress Plugin Allows Cache Deletion Code Snippets Plugin XSS Vulnerability via &orderby Parameter Authenticated Stored XSS Vulnerability in wpDataTables Plugin (<= 2.1.27) Command Injection Vulnerability in Profelis IT Consultancy SambaBox 4.0 and Prior Versions XSS Vulnerability in Profelis IT Consultancy SambaBox Group Functionality Arbitrary OS Command Execution Vulnerability in UNIVERGE WA Series Denial of Service Vulnerability in SIMATIC Industrial Control Systems Privilege Escalation Vulnerability in Symantec Management Agent Allows Local Account to Gain SYSTEM Level Access PAM User Exploitation: Unauthorized Access and Configuration Manipulation Unauthenticated Access to Identity Manager's Management Console Specific Page URLs Remote Command Execution Vulnerability in Symantec Identity Manager 14.4 XML External Entity Injection Vulnerability in Symantec Identity Manager 14.4 Management Console Arbitrary Code Execution via Malicious Annotations Stored Cross-Site Scripting Vulnerability in Tutor LMS WordPress Plugin XSS Vulnerability in Admin Group Policy Page Allows for Embedded Malicious Content Title: Elevation of Privilege Vulnerability in Symantec Endpoint Protection (CVE-2021-XXXX) Unintended Working Directory Vulnerability in Qt Buffer Overflow Vulnerability in Realtek Linux/Android Bluetooth Mesh SDK Heap Out-of-Bounds Write Privilege Escalation in Linux Kernel's nf_dup_netdev.c Certificate Validation Bypass in wolfSSL 5.2.0 and Earlier Prototype Pollution in Mongoose prior to 6.4.6 TLS 1.3 Mutual Authentication Bypass Vulnerability in wolfSSL Vulnerability: Cross-Reference Mishandling in Foxit PDF Reader, PDF Editor, and PhantomPDF XSS Vulnerability in Obyte Wallet Allows Remote Code Execution Privilege Escalation via User-Supplied Socket Pathname in seatd 0.6.x before 0.6.4 Arbitrary Code Execution Vulnerability in @pendo324/get-process-by-name Package Prototype Pollution in dset/merge mode allows for bypassing top-level path validation Cross-site Scripting (XSS) Vulnerability in x-data-spreadsheet Package Deserialization of Untrusted Data Vulnerability in com.google.code.gson:gson Command Injection Vulnerability in Git 1.11.0 and Earlier Improper Access Control Vulnerabilities in StoreApps Affiliate For WooCommerce Plugin Cross-Site Scripting Vulnerability in Simple Payment Donations & Subscriptions WordPress Plugin Protected Field Information Extraction Vulnerability Integer Overflow Vulnerability in Bluetooth Host Processing BT HFP-UNIT Profile Improper Hash Verification in Snapdragon Wired Infrastructure and Networking: A Cryptographic Vulnerability AVI File Processing Vulnerability Leads to Information Disclosure in Snapdragon Devices Kernel Memory Corruption Vulnerability in Snapdragon Platforms WLAN HAL Memory Corruption Vulnerability Improper Validation of Buffer Size in Snapdragon Platforms: Potential Integer Overflow and Memory Corruption Vulnerability Buffer Overflow Vulnerability in Snapdragon Platforms Processing Invalid MKV Clips Endianness-related Memory Corruption Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms when Parsing Invalid Bitmap Size in MKV Clips Heap Out-of-Bounds Memory Write Vulnerability in FFMPEG (CVE-2021-XXXX) Double Free Vulnerability in Snapdragon Kernel Untrusted Pointer Dereference Vulnerability in Snapdragon Platforms Untrusted Pointer Dereference Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity: A Potential Denial of Service Threat GPU Data Exposure Vulnerability in Snapdragon Platforms Kernel Buffer Over Read Vulnerability in Snapdragon Platforms Multiple Thread Use After Free Vulnerability in Snapdragon Platforms ICMP Request Handling Vulnerability in Snapdragon Wired Infrastructure and Networking Double Free Vulnerability in Snapdragon Video Driver: Exploiting ASF Clip Parsing Critical Vulnerability: Buffer Over Read Leads to Denial of Service in Snapdragon Devices Stored Cross-Site Scripting Vulnerability in Form Builder CP WordPress Plugin Buffer Over Read Vulnerability in Snapdragon Devices Snapdragon Mobile Vulnerability: Denial of Service Exploit in MODEM Critical Denial of Service Vulnerability in Snapdragon Mobile Modems Vulnerability: Denial of Service in Snapdragon Mobile MODEM due to Reachable Assertion during Network Configuration Processing Critical Cryptographic Vulnerability in WPA/WPA2 Group Key Handshake in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music Vulnerability: Denial of Service in Snapdragon Compute, Industrial IOT, and Mobile due to Reachable Assertion in Modem Critical Vulnerability: Buffer Over-read in AVI File Parsing in Snapdragon Devices Use After Free Vulnerability in Diag Processing in Snapdragon Platforms Buffer Overwrite Vulnerability in CoAP Connection Leads to Memory Corruption in Modem Critical Vulnerability: Denial of Service Exploit in Snapdragon Devices' Video Broadcast Receivers Ansible Automation Platform Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto's Multimedia Processing Memory Corruption Vulnerability in Snapdragon Processors Out-of-Range Pointer Offset Vulnerability in MODEM UIM Decoding in Snapdragon Platforms Improper Authorization Vulnerability in Snapdragon Modules Leads to Denial of Service WAV File Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms: Corrupted Video Memory Exploitation Buffer Overflow Vulnerability in Snapdragon Platforms: Memory Corruption in Video Parsing Vulnerability: Denial of Service Exploit in Snapdragon Mobile Modem Cleartext Storage of OAuth Session Data Vulnerability Array Index Out of Bounds Vulnerability in ANQP Action Frame Parsing in Snapdragon Platforms Vulnerability: Denial of Service in Snapdragon Mobile Modem due to Invalid SCS and Bandwidth Settings in SIB1 Processing Vulnerability: Denial of Service in Modem during Common Config Procedure in Snapdragon Platforms Graphics Profiling Vulnerability in Snapdragon Connectivity and Snapdragon Mobile: Memory Corruption Exploitation Out-of-range Pointer Offset Vulnerability in UIM Leading to Memory Corruption in Modem Memory Corruption Vulnerability in Snapdragon Devices Race condition vulnerability in Snapdragon platforms leading to memory corruption in display Critical Memory Corruption Vulnerability in Snapdragon Mobile and Wearables: Improper Input Validation in i2c Driver Memory Corruption Vulnerability in Snapdragon Mobile and Wearables SPI Buses Vulnerability: Denial of Service in Modem through Reconfiguration Message Processing in Snapdragon Platforms Integer Overflow Vulnerability Leading to Buffer Overflow in Modem's APDU Response Handling Bluetooth Driver Buffer Over-read Vulnerability in Snapdragon Devices Buffer Overflow Vulnerability in Snapdragon Connectivity and Snapdragon Mobile WLAN Key Parsing Out-of-Range Pointer Offset Vulnerability in Modem's QMI Message Processing Heap-based Buffer Overflow in Vim Prior to 9.0.0101 Null Pointer Dereference Vulnerability in Snapdragon Devices Array Index Out of Bounds Vulnerability in Snapdragon Platforms Unbounded Buffer Copy Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in Automotive Systems: Exporting Shared Key without Proper Memory Bounds Restriction Type Casting Vulnerability Leads to Memory Corruption in Display Driver Unsafe Access to Data Members in Multimedia Framework Leads to Memory Corruption Double Free Vulnerability in Display Frame Buffer Allocation Improper Return Value Check in WLAN Authentication Handshake Vulnerability Improper Length Check Vulnerability in Snapdragon Connectivity Stack API Key Persistence Vulnerability Out-of-Bound Array Access Vulnerability in Snapdragon Connectivity Type Confusion Vulnerability in Video Driver Leads to Memory Corruption during Video Playback Memory Leakage Vulnerability in DSP Services Exploiting Use After Free Vulnerability in Snapdragon Mobile: Memory Corruption in Multimedia Buffer Overflow Vulnerability in Snapdragon Platforms: Exploiting Graphics Memory Corruption MODEM Denial of Service Vulnerability: Improper Pointer Handling Array Out of Bounds Access Vulnerability in Modem Data Handling Leads to Information Disclosure Critical Memory Corruption Vulnerability in Snapdragon IOT and Voice & Music Devices Modem Vulnerability: Information Disclosure through DNS Response Buffer Over-read Modem Memory Corruption: Improper Length Check Vulnerability Modem Vulnerability: IP Type Check Failure Leads to Information Disclosure Modem Vulnerability: Information Disclosure via DNS Packet Buffer Over-read Modem Vulnerability: Information Disclosure via DNS Client Buffer Over Read Modem Vulnerability: Denial of Service Exploit via DNS Packet Processing Vulnerability: Denial of Service in Modem Due to Missing Null Check in IP Packet Processing Vulnerability: Denial of Service in Modem due to Missing Null Check in TCP/UDP Packet Processing Vulnerability: Denial of Service in WLAN due to Out-of-Bound Read in Snapdragon Platforms Modem Vulnerability: Information Disclosure via Missing NULL Check Buffer Over-read Vulnerability in Modem Leads to Information Disclosure Critical Vulnerability: Denial of Service Exploit in Modem via Missing Null Check in IPv6 Packet Processing during ECM Call Stored Cross-Site Scripting Vulnerability in Meks Easy Social Share WordPress Plugin IPv6 Multicast Address Buffer Overflow Vulnerability in Modem Critical Denial of Service Vulnerability in Snapdragon Devices: Null Pointer Dereference in WLAN Infinite Loop Vulnerability in Snapdragon IOT Modems: Exploiting IGMPv2 Packet Parsing Critical Memory Corruption Vulnerability in Multiple Snapdragon Platforms Critical Vulnerability: Memory Corruption in Modem via CoAP Message Handling Kernel Memory Corruption Vulnerability: Missing Access Rights Checks in Memextent Mapping Update CoAP Message Parsing Vulnerability in Modem Leads to Information Disclosure WLAN Integer Overflow Vulnerability Leads to Buffer Overflow in Multiple Snapdragon Platforms Buffer Over-read Vulnerability in WLAN Parsing MDNS Frames in Multiple Snapdragon Platforms Stored Cross-Site Scripting Vulnerability in WBW Currency Switcher for WooCommerce WordPress Plugin Double Free Vulnerability in BTHOST: Exploiting Memory Corruption in Snapdragon Mobile HTTP Header Validation Vulnerability in SCALANCE X-Series Network Devices Insecure Session Management in SCALANCE X300 Series Network Devices Buffer Overflow Vulnerability in SCALANCE X-Series Network Devices Vulnerability: Remote Code Execution via SCALANCE X-Series Web Server Missing Security Headers in SCALANCE X-Series Network Devices Cross-Site Scripting (XSS) Vulnerability in SCALANCE X300 Series Improper Input Validation in Apache APISIX Allows Bypass of Request-Validation Plugin Vulnerability: Regular Expression Denial of Service (ReDoS) in scss-tokenizer package Remote Code Injection Vulnerability in convert-svg-core before 0.6.2 DTLS Resumption Handshake Vulnerability in Eclipse Californium Arbitrary Code Injection Vulnerability in accesslog Package Unlimited Chunk Denial of Service Vulnerability in open62541 WebSocket Connection Closure Vulnerability HTTP/2 Request Validation Vulnerability in Apache Traffic Server Command Injection Vulnerability in pdfkit 0.0.0: Improper Sanitization of URL Input Remote Code Execution (RCE) Vulnerability in ungit Package (Versions before 1.5.20) via Argument Injection Remote Code Execution and Arbitrary File Read Vulnerability in com.bstek.ureport:ureport2-console Critical SQL Injection Vulnerability in SourceCodester Garage Management System 1.0 Remote Code Execution via Cross-Site Scripting (XSS) in Mautic Web Tracking Component CSRF Vulnerability in Secomea GateManager Web UI Allows Phishing Attackers to Hijack User Sessions Insecure Audit Log Vulnerability in Secomea GateManager Critical Access Control Vulnerability in SourceCodester Garage Management System 1.0 Unauthorized Access to Devices Outside Scope in Secomea GateManager Web UI Secomea GateManager Web UI XSS Vulnerability Insufficient Privileges Exploit in Secomea GateManager Web UI Insufficient Logging Vulnerability in Secomea GateManager Web Server Cross-Site Scripting (XSS) Vulnerability in Secomea SiteManager Web GUI Arbitrary Code Execution Vulnerability in Secomea SiteManager Versions Prior to 9.7 Unprotected Alternate Channel Vulnerability in GateManager Debug Console Allows Unauthorized Access to Sensitive Information Secomea GateManager API Information Exposure Through Query Strings Vulnerability Buffer Overflow Vulnerability in Autodesk AutoCAD 2022 JT File Parsing AutoCAD Use-After-Free Vulnerability in DWF, 3DS, and DWFX Files Cross-Site Scripting (XSS) Vulnerability in SourceCodester Garage Management System 1.0 Boundary Write Vulnerability in Autodesk AutoCAD and Navisworks Memory Corruption Vulnerability in Autodesk AutoCAD and Navisworks Allows Code Execution via Malicious DLL Files Buffer Overflow Vulnerability in Autodesk AutoCAD and Navisworks Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max: Arbitrary Code Execution Out-Of-Bounds Read Vulnerability in Autodesk FBX Review Allows Code Execution and Information Disclosure Remote Code Execution Vulnerability in Autodesk TrueView 2022 and 2021 via Malicious DWG Files Remote Code Execution Vulnerability in Autodesk Navisworks 2022 Autodesk AutoCAD PDF Parsing Vulnerability Open Redirect Vulnerability in CERT/CC VINCE Software Prior to 1.50.0 Heap-based Buffer Overflow in Vim prior to 9.0.0102 SSRF Vulnerability in Best Practical RT for Incident Response (RTIR) SSRF Vulnerability in Best Practical RT for Incident Response (RTIR) Cross-Site Scripting (XSS) Vulnerability in Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 Open Redirect Vulnerability in Best Practical Request Tracker (RT) before 5.0.3 Insecure Permissions in IGEL Universal Management Suite (UMS) Allow Unauthorized Access to Superuser Credentials Cleartext LDAP Bind Credential Exposure in IGEL Universal Management Suite (UMS) 6.07.100 Hardcoded DES Key Vulnerability in IGEL Universal Management Suite (UMS) 6.07.100 Hardcoded DES Key Vulnerability in IGEL Universal Management Suite (UMS) 6.07.100 Alexa versus Alexa (AvA) Attack: Arbitrary Voice Command Execution on Amazon Echo Dot Devices GitHub Repository vim/vim Out-of-bounds Read Vulnerability Vulnerability: Privilege Escalation and Sensitive Action Exposure in Transposh WordPress Translation Plugin SQL Injection Vulnerability in Transposh WordPress Translation Plugin Unvalidated Debug Settings in Transposh WordPress Translation Plugin Allow for Remote Code Execution (RCE) Remote Code Execution (RCE) Vulnerability in Apache OFBiz eCommerce Plugin Wearable Manager Installer PendingIntent Hijacking Vulnerability Weather Application PendingIntent Hijacking Vulnerability Authentication Bypass Vulnerability in Samsung Lock and Mask Apps Setting One UI Home Vulnerability: Unauthorized Pinned-Shortcut Generation Arbitrary Code Execution Vulnerability in UWB Stack Prior to SMR Mar-2022 Release 1 Kernel Stack Memory Disclosure Vulnerability in HDCP2 Device Node Unencrypted Hash Leakage in AWS S3 Crypto SDK Fingerprint Matching Algorithm Vulnerability: Brute Force Attack on Screen Lock Password SMS Buffer Pointer Vulnerability in Shannon Baseband Prior to SMR Mar-2022 Release 1: OOB Read Kernel Crash Vulnerability in sdp Driver Prior to SMR Mar-2022 Release 1: Use After Free Information Exposure Vulnerability in Galaxy Watch Plugin: Unauthorized Access to User Information in Log Improper Access Control Vulnerability in BixbyTouch: Arbitrary URL and Local File Loading Improper Access Control Vulnerability in Samsung Account: Unauthorized Access to Authcode WiFiAp Password Information Exposure in Galaxy S3 Plugin (v2.2.03.22012751) Password Exposure in Galaxy Watch Plugin: Accessing WiFiAP Passwords Watch Active Plugin Information Exposure Vulnerability: Unauthorized Access to WiFiAp Passwords Watch Active2 Plugin Information Exposure Vulnerability: Unauthorized Access to WiFiAp Passwords Race Condition Vulnerability in HTTP Request Routing Password Exposure in Galaxy Watch3 Plugin: Accessing WiFiAP Passwords Improper Access Control Vulnerability in S Secure: Unauthorized Access to Secured Data S Secure Prior to SMR Apr-2022 Release 1: Unauthorized Access to Locked Myfiles App IMS Authentication Bypass Vulnerability in ImsService Arbitrary Command Execution via Crafted Filename in Percona XtraBackup Bluetooth® Low Energy Pairing Vulnerability: Unauthenticated MITM Attack via Passkey Brute Forcing Bluetooth® Pairing Vulnerability: Unauthenticated MITM Exploitation via Passkey Brute Forcing Laravel Fortify TOTP Reuse Vulnerability Improper Input Validation in package url-js allows for Hostname Spoofing Panic Vulnerability in dag-pb Codec when Decoding Invalid Blocks Uncontrolled Search Path Elements in Intel(R) Datacenter Group Event Android Application: Privilege Escalation Vulnerability Arbitrary File Write via Archive Extraction (Zip Slip) in com.alibaba.oneagent:one-java-agent-plugin Angular Package ReDoS Vulnerability in Custom Locale Rule Deserialization of Untrusted Data Vulnerability in com.alibaba:fastjson Cross-site Scripting (XSS) Vulnerability in serve-lite Package Insecure Path Joining in static-dev-server Cross-site Scripting (XSS) vulnerability in joyqi/hyper-down package (0.0.0) due to inadequate href attribute filtering in the markdown parser Use-after-free vulnerability in POSIX CPU timers when exec'ing from a non-leader thread Server-side Request Forgery (SSRF) Vulnerability in Proxyscotch Package Denial of Service (DoS) Vulnerability in jpeg-js Package before 0.4.4 Denial of Service (DoS) Vulnerability in pg-native and libpq Packages Command Injection Vulnerability in semver-tags Package XSS Vulnerability in @yaireo/tagify Package Command Injection Vulnerability in create-choo-app3 Package Directory Traversal Vulnerability in Argo Events GitArtifactReader API Denial of Service (DoS) Vulnerability in org.yaml:snakeyaml Package Regular Expression Denial of Service (ReDoS) Vulnerability in Terser Package NFT Object Cross-Table Reference Vulnerability Remote Code Execution (RCE) via simple-git package clone(), pull(), push(), and listRemote() methods (CVE-2022-25912) Prototype Pollution in sds 0.0.0 via set.js Unsanitized Input Vulnerability in gatsby-plugin-mdx Uncontrolled Search Path Vulnerability in Intel(R) oneMKL Software Command Injection Vulnerability in workspace-tools Package Command Injection Vulnerability in czproject/git-php Package NULL Pointer Dereference Vulnerability in io.socket:socket.io-client Insecure Page Caching in Internet Explorer Allows Cross-site Scripting (XSS) in Angular Package Heap Corruption Vulnerability in Chrome OS Audio Server Prototype Pollution vulnerability in querymen package Out-of-bounds Read Vulnerability in fast-string-search Package Cross-site Scripting (XSS) vulnerability in Vuetify's VCalendar component Cross-Site Scripting (XSS) Vulnerability in Svelte Package (Versions before 3.49.0) Server-side Request Forgery (SSRF) vulnerability in package link-preview-js before 2.1.16 Prototype Pollution in protobufjs before 6.11.3 allows Object.prototype Modification Zero-Handle Filter Removal Vulnerability in Linux Kernel's cls_route Implementation Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Cache Poisoning Vulnerability in http-cache-semantics Directory Traversal Vulnerability in onnx Package (Versions < 1.13.0) Vulnerability: Regular Expression Denial of Service (ReDoS) in semver package (versions before 7.5.2) Denial of Service Vulnerability in muhammara and hummus Packages Vulnerability: Regular Expression Denial of Service (ReDoS) in sanitize-html package Unlimited Chunk Denial of Service (DoS) Vulnerability in opcua Package Reflected Cross-site Scripting (XSS) Vulnerability in beancount/fava prior to 1.22.3 Command Injection Vulnerability in wifey Package's connect() Function Denial of Service (DoS) Vulnerability in github.com/containrrr/shoutrrr/pkg/util before 0.6.0 Denial of Service (DoS) Vulnerability in muhammara and hummus Packages Arbitrary Code Execution Vulnerability in vm2 Package (Versions before 3.9.10) Remote Code Execution (RCE) vulnerability in com.bstek.uflo:uflo-core via ExpressionContextImpl class Directory Traversal Vulnerability in lite-dev-server Session Regeneration Vulnerability in Passport Package Denial of Service (DoS) Vulnerability in org.eclipse.milo:sdk-server before 0.6.8 Improper Verification of Cryptographic Signature in jsrsasign before 10.5.25 Open AMT Cloud Toolkit Software Authentication Bypass Vulnerability Privilege Escalation via Copy-on-Write (COW) Race Condition in Linux Kernel Command Injection Vulnerability in git-clone Package Vulnerability: Regular Expression Denial of Service (ReDoS) in cookiejar package Unlimited Nesting Levels in opcua Package Leads to Denial of Service (DoS) Vulnerability Prototype Pollution in safe-eval Package: Object.prototype Modification via safeEval Function Uncontrolled Search Path Element Vulnerability in Intel(R) oneAPI Data Analytics Library (oneDAL) Command Injection Vulnerability in is-http2 Package Prototype Pollution Vulnerability in ts-deepmerge before 2.0.2 Command Injection Vulnerability in create-choo-electron Package Critical Denial of Service Vulnerability in TEM FLEX-1085 1.6.0 Remote Code Execution (RCE) in simple-git via ext transport protocol Remote Code Execution (RCE) vulnerability in com.google.cloud.tools:jib-core before 0.22.0 via isDockerInstalled function Access Control Bypass Vulnerability in ELECOM LAN Routers Command Injection in mt7688-wiscan before 0.8.3 Firmware Vulnerability in Intel(R) Server Board M50CYP Family: Potential Denial of Service via Local Access Regular Expression Denial of Service (ReDoS) vulnerability in shescape package (1.5.10 - 1.6.1) via insecure regex in escapeArgBash function Denial of Service Vulnerability in GitLab CE/EE Snippet Descriptions Arbitrary Code Execution Vulnerability in morgan-json Package Unauthenticated Diagnostic Function Invocation in PLC4TRUCKS J2497 Trailer Brake Controllers Command Injection Vulnerability in exec-local-bin before 1.2.0 Command Injection Vulnerability in window-control Package (Versions < 1.4.5) Regular Expression Denial of Service (ReDoS) in ua-parser-js trim() function Cross-site Scripting (XSS) Vulnerability in smoothie Package SQL Injection Vulnerability in Better Search Replace WordPress Plugin Directory Traversal Vulnerability in easy-static-server Package Incomplete Fixes in InHand Networks InRouter302 V3.5.45 Firmware: Privilege Escalation and Information Disclosure Vulnerabilities Directory Traversal Vulnerability in servst before 2.0.3 Directory Traversal Vulnerability in Glance Versions before 3.0.9 Unauthenticated File Upload Vulnerability in Advanced Custom Fields Plugin Denial of Service (DoS) Vulnerability in lite-server Package Out-of-Bounds Read Vulnerability in HDF5 Group libhdf5 1.10.4's gif2h5 Functionality Improper ACL Configuration in WPS Office Installer for Windows Versions Prior to v11.2.0.10258 Bypass of Appliance Mode Restrictions in F5 BIG-IP Guided Configuration Information Exposure in liquidjs Package (before 10.0.0) with ownPropertyOnly Parameter Set to False Stack-based Buffer Overflow in KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 GitHub Repository kromitgmbh/titra: Improper Authorization Vulnerability CSRF Vulnerability in Keywordrush Content Egg Plugin for WordPress Memory Corruption Vulnerability in Omron CX-Position Software (Versions 2.5.3 and Prior) Allows Arbitrary Code Execution Regular Expression Denial of Service (ReDoS) Vulnerability in node-fetch/node-fetch Command Injection Vulnerability in vagrant.js Privilege Escalation Vulnerability in Intel(R) Edge Insights for Industrial Software Remote Code Execution (RCE) via Template Engine Configuration Overwrite in eta < 2.0.0 Insecure DLL Loading Vulnerability in WPS Office Version 10.8.0.6186 Installer Arbitrary CSS Injection in Visual Portfolio WordPress Plugin (CVE-2021-12345) Out-of-Bounds Write Vulnerability in HDF5 Group libhdf5 1.10.4's gif2h5 Functionality Arbitrary Command Execution Vulnerability in mc-kill-port Package Denial of Service Vulnerability in Intel(R) VROC Software Cross-site Scripting (XSS) Vulnerability in github.com/usememos/memos/server Cross-site Scripting (XSS) vulnerability in jsuites before 5.0.1 Out-of-bounds Write Vulnerability in GitHub Repository vim/vim (prior to 9.0.0100) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Scheduler Data Exposure Vulnerability Unicode Encoding Vulnerability in Intel(R) C++ Compiler Classic (before version 2021.6) and Intel(R) oneAPI Toolkits (before version 2022.2) Allows Privilege Escalation via Network Access Authentication Bypass Vulnerability in Anker Eufy Homebase 2 2.1.8.5h Reflected Cross-Site Scripting in Anti-Malware Security and Brute-Force Firewall WordPress Plugin External Exposure of Registry Ports in F5OS-A Software Versions Prior to 1.0.1 Insecure Inherited Permissions in Intel(R) oneAPI Toolkits: Privilege Escalation Vulnerability InHand Networks InRouter302 V3.5.4 Console Command Execution Vulnerability Stack-based Buffer Overflow in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Uncontrolled Search Path Element Vulnerability in Intel(R) Enpirion(R) Digital Power Configurator GUI Software Auto-hyperlink URLs WordPress Plugin Tab Nabbing Vulnerability Remote Code Execution Vulnerability in InHand Networks InRouter302 V3.5.4 BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors InHand Networks InRouter302 V3.5.4 - OS Command Injection Vulnerability in Console Factory Functionality Stack-based Buffer Overflow in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 Buffer Overflow in grub_font_construct_glyph() Allows Circumvention of Secure Boot Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Improper Access Control in Intel(R) DSA Software: Potential Privilege Escalation via Adjacent Access Arbitrary Command Execution via Improper Access Control in pfSense CE and pfSense Plus Vulnerability: UAF in io_uring with Unix SCM Garbage Collection InHand Networks InRouter302 V3.5.4 Router Configuration Export Information Disclosure Vulnerability Out-of-Bounds Write Vulnerability in Omron CX-Position (versions 2.5.3 and prior) Debug Code Vulnerability in InHand Networks InRouter302 V3.5.45 Console Verify Functionality Improper Access Control in Intel NUC HDMI Firmware Update Tool: Privilege Escalation Vulnerability Denial of Service Vulnerability in Open Automation Software OAS Platform V16.00.0112 Uncontrolled Search Path Vulnerability in Intel(R) VTune(TM) Profiler Software Remote Code Execution Vulnerability in Google Chrome Omnibox Uncontrolled Search Path Element Vulnerability in Intel(R) Distribution for Python Authentication Bypass Vulnerability in AD Server Communication Protocol Remote Code Execution Vulnerability in Google Chrome's Safe Browsing Directory Traversal Vulnerability in RCCMD 4.26 and Earlier OS Command Injection Vulnerability in InHand Networks InRouter302 V3.5.4 External Config Control Vulnerability in Open Automation Software OAS Platform V16.00.0112: Unauthorized Creation of Custom Security Group Buffer Overflow Vulnerability in Intel(R) XMM(TM) 7560 Modem Software Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi, and Killer(TM) WiFi Products Arbitrary File Write Vulnerability in com.diffplug.gradle:goomph (CVE-XXXX-XXXX) Heap Corruption Vulnerability in Dawn in Google Chrome Operation Restriction Bypass Vulnerability in Cybozu Garoon 4.0.0 to 5.5.1: Unauthorized Data Alteration Uncontrolled Search Path Element Vulnerability in Intel(R) MPI Library Link Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.5.1 Arbitrary File Creation and Write Vulnerability in Mint WorkBench Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Use After Free Vulnerability in Managed Devices API in Google Chrome Heap-based Buffer Overflow in libhdf5's gif2h5 Functionality Uncontrolled Search Path Element Vulnerability in Intel(R) Trace Analyzer and Collector Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Arbitrary File Read Vulnerability in Open Automation Software OAS Platform V16.00.0112 Directory Traversal Vulnerability in pistacheio/pistache (before 0.0.3.20220425) Allows Arbitrary File Retrieval Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Use After Free Vulnerability in Google Chrome Tab Strip on Chrome OS Pre-Authentication Cookie Mismatch Vulnerability in Splunk Enterprise (Versions before 8.1.0) Vulnerability: Off-Path Remote UDP Port Scanning Bypass in F5 BIG-IP Denial of Service Vulnerability in Anker Eufy Homebase 2 2.1.8.5h Incomplete Cleanup Vulnerability in Intel(R) SPS Firmware Subsystem OS Command Injection Vulnerability in InHand Networks InRouter302 V3.5.37 Uncontrolled Search Path Element Vulnerability in Intel(R) oneAPI Deep Neural Network (oneDNN) Cleartext Transmission Vulnerability in Open Automation Software OAS Platform V16.00.0112 Gallagher Controller 6000 Denial of Service Vulnerability via Conflicting ARP Packets Privilege Escalation Vulnerability in Intel(R) XMM(TM) 7560 Modem Software Use After Free Vulnerability in Google Chrome's Overview Mode on Chrome OS Insufficiently Random Values Vulnerability in ABB Pulsar Plus System Controller NE843_S and ABB Infinity DC Power Plant Insecure Loading of shcore.dll in WPS Office Version 10.8.0.5745 Installer Allows Arbitrary Code Execution Remote Code Execution Vulnerability in Open Automation Software OAS Platform V16.00.0112 OS Command Injection Vulnerability in InHand Networks InRouter302 V3.5.4 Uncontrolled Search Path Element Vulnerability in PresentMon Software HTML Injection Vulnerability in BMC Remedy Email-Based Incident Forwarding Use After Free Vulnerability in Nearby Share in Google Chrome on Chrome OS Improper Access Control Vulnerability in SamsungContacts: Unauthorized Access to Contact Information Bypassing Knox Manage Access Control via Hardware Keyboard Function Key Arbitrary Code Execution Vulnerability in Quram Agif Library Prior to SMR Apr-2022 Release 1 Out-of-Bounds Write Vulnerability in libsimba's parser_irot Function Out-of-Bounds Write Vulnerability in libsimba's parser_auxC Function Out-of-Bounds Write Vulnerability in libsimba's parser_colr Function Out-of-Bounds Write Vulnerability in libsimba's parser_ispe Function Out-of-Bounds Write Vulnerability in libsimba's parser_unknown_property Function Heap-based Buffer Overflow Vulnerability in libsimba's sheifd_create Function Null Pointer Dereference Vulnerability in parser_infe Function of libsimba Library Cross-Origin Data Leakage in Background Fetch in Google Chrome SAPCAR Archive Input Validation Vulnerability Fiori Launchpad XSS Vulnerability in Versions 754, 755, 756 Missing Authorization Check in SAP NetWeaver Application Server for ABAP Allows Unauthorized Access to Transaction Start Screens SAP NetWeaver (Real Time Messaging Framework) Information Disclosure Vulnerability Unauthenticated User Can Modify SAP Financial Consolidation Maintenance System Message Unauthenticated Script Execution Vulnerability in SAP NetWeaver Enterprise Portal Denial of Service Vulnerability in SAP 3D Visual Enterprise Viewer 9.0 Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer 9.0 Denial of Service Vulnerability in SAP 3D Visual Enterprise Viewer 9.0 PDFView.x3d File Manipulation Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9.0 Omnibox Spoofing Vulnerability in Google Chrome on Android Impersonation Vulnerability in HTCondor Remote Code Execution Vulnerability in BeanShell Components of IRISNext Vulnerability in Apache Pinot's Groovy Function Support Arbitrary File Write Vulnerability in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 Cross-Site Scripting (XSS) Vulnerability in FortiMail Webmail [CWE-79] Insufficient Computational Effort Vulnerability in FortiSandbox [CWE-916]: Efficient Bulk Password Guessing SQL Injection vulnerability in FortiNAC versions 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below Empty Password Vulnerability in FortiNAC [CWE-258] Privilege Escalation Vulnerability in FortiManager and FortiAnalyzer Hardcoded Password Vulnerability in Fortinet FortiSIEM Allows Unauthorized Access Keyboard Input Information Leakage in Google Chrome SQL Injection Vulnerabilities in FortiADC Management Interface Unauthenticated Access to Report Template Images Vulnerability Base64 MIME Attachment Manipulation Vulnerability in FortiClient, FortiMail, and FortiOS AV Engines Buffer Overflow Vulnerability in Intel NUC BIOS Firmware Buffer Overflow Vulnerability in FRRouting through 8.1.0: Incorrect Input Packet Length Checks in isisd/isis_tlvs.c Buffer Overflow Vulnerability in FRRouting through 8.1.0: Non-zero-terminated Binary String in isis_nb_notifications.c Buffer Overflow Vulnerability in FRRouting through 8.1.0: Missing Input Packet Length Check in babel_packet_examin Function Buffer Overflow Vulnerability in FRRouting through 8.1.0: Incorrect Input Packet Length Check in babel_packet_examin Function Buffer Overflow Vulnerabilities in FRRouting 8.1.0: Incorrect Subtlv Length Checks in babeld/message.c Use After Free Vulnerability in Google Chrome on Chrome OS Active mode-enabled FTP profile vulnerability in F5 BIG-IP versions prior to 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 RF Vulnerability in Power Line Communications PLC4TRUCKS J2497 Trailer Receivers Arbitrary Code Execution via Java Deserialization in Atlassian Bitbucket Data Center OGNL Injection Vulnerability in Confluence Server and Data Center Server-side Request Forgery (SSRF) Vulnerability in Mobile Plugin for Jira Data Center and Server Vulnerability: Bypass of Servlet Filters in Multiple Atlassian Products CORS Bypass Vulnerability in Multiple Atlassian Products Hardcoded Password Vulnerability in Atlassian Questions For Confluence App Use After Free Vulnerability in Google Chrome Sign-In Flow TP-240 Component Remote Information Disclosure and Denial of Service Vulnerability Arbitrary Code Execution via Plugin Name XSS in MantisBT Stored XSS Vulnerability in Tricentis qTest Before 10.4 Command Injection Vulnerability in Quectel RG502Q-EA Modem (Pre-2022-02-23) Zabbix Password Disclosure Vulnerability in Grafana Integration Arbitrary Code Execution Vulnerability in MODX Revolution through 2.8.3-pl Cross-Origin Data Leakage via Insufficient Cookie Policy Enforcement in Google Chrome Command Injection Vulnerability in Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 Cross-Site Scripting (XSS) Vulnerability in Cherwell Service Management (CSM) 10.2.3 Form-Action Hijacking Vulnerability in Cherwell Service Management (CSM) 10.2.3 Insecure Session Cookie in Cherwell Service Management (CSM) 10.2.3 Arbitrary Domain Injection Vulnerability in Cherwell Service Management (CSM) 10.2.3 Information Disclosure Vulnerability in Ametys CMS Auto-Completion Plugin Omnibox Spoofing Vulnerability in Google Chrome Extensions API SQL Injection Vulnerability in Air Cargo Management System v1.0 via ref_code Parameter Use After Free Vulnerability in Google Chrome Extensions API SQL Injection Vulnerability in Simple Mobile Comparison Website v1.0 SQL Injection Vulnerability in Bank Management System v1.0 via Email Parameter JForum v2.8.0 Cross-Site Request Forgery (CSRF) Vulnerability Allows Arbitrary Admin Account Addition Remote Code Execution (RCE) Vulnerability in Beekeeper Studio v3.2.0: Crafted Payload Injection in Display Fields Bypassing Download Restrictions via Malicious File in Google Chrome Cross-Site Request Forgery (CSRF) Vulnerability in qdPM 9.2 via index.php/myAccount/update URI Heap-buffer-overflow vulnerability in Dropbox Lepton v1.2.1-185-g2a08b77: aligned_dealloc() function in src/lepton/bitops.cc:108 Untrusted Search Path Vulnerability in PNPM v6.15.1 and Below on Windows OS Untrusted Search Path Vulnerability in Poetry v1.1.9 and Below on Windows OS Command Injection Vulnerability in TOTOLINK N600R V4.3.0cu.7570_B20200620 via exportOvpn Interface at cstecgi.cgi Command Injection Vulnerability in TOTOLINK N600R V4.3.0cu.7570_B20200620 via pingCheck Function Command Injection Vulnerability in TOTOLINK N600R V4.3.0cu.7570_B20200620 via /setting/NTPSyncWithHost Command Injection Vulnerability in TOTOLINK N600R V4.3.0cu.7570_B20200620 via langType Parameter Privilege Escalation via Malicious Extension Installation in Google Chrome Cross-Site Scripting (XSS) Vulnerability in Joget DX 7 Datalist Table Arbitrary Code Execution Vulnerability in Notable v1.8.4 via Title Text Field Use After Free Vulnerability in Google Chrome WebUI on Chrome OS SQL Injection Vulnerability in Victor CMS v1.0 Remote Code Execution (RCE) Vulnerability in Marky Commit 3686565726c65756e via Display Text Fields Command Injection Vulnerability in Totolink Routers Command Injection Vulnerability in Totolink Routers Command Injection Vulnerability in Totolink Routers Command Injection Vulnerability in Totolink Routers Use After Free Vulnerability in Google Chrome Extensions Command Injection Vulnerability in Totolink Routers Command Injection Vulnerability in Totolink Routers Command Injection Vulnerability in Totolink Routers Command Injection Vulnerability in Totolink X5000R Firmware v9.1.0u.6118_B20201102 via setNtpCfg Function Command Injection Vulnerability in Totolink Routers Bypassing Download Restrictions in Safe Browsing in Google Chrome on Windows Use After Free Vulnerability in Google Chrome for Android Directory Traversal Vulnerability in Barco Control Room Management Suite 2.9 Build 0275 Privilege Escalation Vulnerability in Remisol Advance v2.0.12.1 and below for Normand Message Server Privilege Escalation and Arbitrary Code Execution in Beckman Coulter Remisol Advance v2.0.12.1 and Prior Privilege Escalation and Arbitrary Code Execution Vulnerability in Beckman Coulter Remisol Advance v2.0.12.1 and Prior Privilege Escalation and Arbitrary Code Execution Vulnerability in Beckman Coulter Remisol Advance v2.0.12.1 and Prior Privilege Escalation and Arbitrary Code Execution in Beckman Coulter Remisol Advance v2.0.12.1 and prior Heap Buffer Overflow in PDF File Parsing in Google Chrome Privilege Escalation and Arbitrary Code Execution in Beckman Coulter Remisol Advance v2.0.12.1 and prior Buffer Overflow Vulnerability in Tenda AC10-1200 v15.03.06.23_EN's setSmartPowerManagement Function Stored XSS Vulnerability in Hospital Patient Record Management System v1.0 via Crafted Payload Injection in Special Field SQL Injection Vulnerability in Falcon-plus v0.3 via grpName Parameter in /config/service/host.go Cross-Site Scripting (XSS) Vulnerability in TMS v2.28.0's /TMS/admin/setting/mail/createorupdate Component Insecure Permissions Vulnerability in TMS v2.28.0 Allows Unauthorized Modification of Administrator Account CSV Injection Vulnerability in Survey King v0.3.0 Arbitrary Code Execution Vulnerability in PostgreSQL Weak File Permissions in Synaman v5.1 and Below: Privilege Escalation Vulnerability Arbitrary Code Execution and Privilege Escalation in Synaman v5.1 and Below Directory Traversal Vulnerability in aaPanel v6.8.21 Allows Unauthorized Access to Root User SSH Key Arbitrary Group ID Name Change Vulnerability in WoWonder v4.0.0 Arbitrary Code Execution Vulnerability in Clash for Windows v0.19.8 Remote Command Execution Vulnerability in D-Link DIR-820L 1.05B03 via HTTP POST Denial of Service (DoS) Vulnerability in Xiongmai DVR Devices: Exploiting Crafted RSTP Requests Privilege Escalation in GitHub repository hestiacp/hestiacp prior to 1.6.6 Prototype Pollution Vulnerability in Simple-Plist v1.3.0 via .parse() DOM-based Cross-Site Scripting (XSS) Vulnerability in Yonyou U8 v13.0 via /u8sl/WebHelp Component Remote Command Execution (RCE) Vulnerability in Contao Managed Edition v1.5.0 via php_cli Parameter Piwigo v12.2.0 SQL Injection Vulnerability in pwg.users.php Piwigo v12.2.0 Information Leak via action Parameter in /admin/maintenance_actions.php SQL Injection Vulnerability in Xiaohuanxiong v1.0 via id parameter in /app/controller/Books.php Vulnerability: Message Tampering via Spoofed CAN Messages in Suzuki Connect v1.0.15 Reflected Cross-Site Scripting in Newspaper WordPress Theme Arbitrary File Read Vulnerability in 74cmsSE v3.4.1 Ionize v1.0.8.1 Remote Code Execution (RCE) Vulnerability via Crafted String in config.php Payment Logic Vulnerabilities in EyouCMS v1.5.4 Directory Traversal Vulnerability in OneNav v0.9.14 index.php Stack Overflow Vulnerability in Tenda AC9 v15.03.2.21_cn PowerSaveSet Function Unrestricted Access Control in EyouCMS v1.5.5 Component /data/sqldata Stored Cross-Site Scripting Vulnerability in DSGVO All in one for WP WordPress Plugin Out-of-Bounds Read Vulnerability in Libarchive v3.6.0 via zipx_lzma_alone_init Incorrect Access Control Issue in BigAnt Server v5.6.06 SQL Injection Vulnerability in Simple Subscription Website v1.0 Allows Database Dump via view_plan Endpoint SQL Injection Vulnerability in Simple Client Management System v1.0 Allows Database Dump SQL Injection Vulnerability in Simple Subscription Website v1.0 Allows Database Dump via Crafted HTTP Requests Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/exeCommand Component Stored Cross-Site Scripting Vulnerability in Top Bar WordPress Plugin Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/WriteFacMac Component Multiple Concurrency Use-After-Free Vulnerability in lrzip v0.641 SQL Injection Vulnerability in Online Project Time Management System v1.0 Stored XSS Vulnerability in Online Project Time Management System v1.0 Side-Channel Analysis Vulnerability in Berkeley Out-of-Order RISC-V Processor (Commit d77c2c3) Improper Access Control in GitLab CE/EE: Confidential Information Disclosure via Incident Timeline Events Heap-Buffer-Overflow Vulnerability in EOS v2.1.0 via txn_test_gen_plugin SQL Injection Vulnerability in TuziCMS v2.0.6 via ZhuantiController.class.php Heap-based Buffer Overflow in V-SFT Graphic Editor Simulator Module External Config Control Vulnerability in Open Automation Software OAS Platform V16.00.0112: Unauthorized Creation of User Account Improper Certificate Validation in LibreOffice Macro Execution Weak Initialization Vector in LibreOffice Web Connection Password Storage Insecure Master Key Encoding in LibreOffice: Password Vulnerability Improper Access Control in Pandora FMS v7.0NG.760 and Below: Unauthorized Key Manipulation in Configuration (Credential Store) Cross-Site Request Forgery in Pandora FMS v7.0NG.759: Privilege Elevation Vulnerability GitHub Repository Tooljet Prior to v1.19.0: Improper Access Control Vulnerability Improper Authorization in Pandora FMS v7.0NG.760 and Below: Vertical Privilege Escalation in User Management Unredacted Secrets Exposure in Couchbase Operator 2.2.x before 2.2.3 Arbitrary User Account Hijacking Vulnerability in Mendix Forgot Password Appstore Module Insecure Password Generation in Mendix Forgot Password Appstore Module Directory Traversal Vulnerability in qrcp through 0.8.4 in Receive Mode Arbitrary Microflow Execution Call Information Disclosure Vulnerability Unauthenticated Code Execution Vulnerability in WatchGuard Firebox and XTM Appliances (FBX-22786) Installer Search Patch Element Vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0, and 2.0 Fermat's Factorization Method: Breaking RSA Keys in Rambus SafeZone Basic Crypto Module NetIQ Access Manager 5.0.2 and Earlier: Reflected XSS Vulnerability Open Redirection Vulnerability in NetIQ Access Manager Prior to 5.0.2 File Existence Disclosure Vulnerability in NetIQ Identity Manager Plugin Arbitrary File Downloads and Blind SSRF Vulnerability in All-in-One Video Gallery Plugin for WordPress Remote Code Execution and Information Disclosure Vulnerabilities in Micro Focus ArcSight Logger Remote Code Execution and Information Disclosure Vulnerabilities in Micro Focus ArcSight Logger Stored XSS Vulnerability in Cipi 3.1.15 via /api/servers Name Field Unauthenticated Remote Crash Vulnerability in SCALANCE X-Series Devices Unauthenticated Remote HTTP GET Request Crash Vulnerability in SCALANCE X300 Series Out of Memory Exception Vulnerability in poi-scratchpad 5.2.0 and earlier Uncontrolled Search Path Element Vulnerability in Trend Micro Password Manager (Consumer) Installer Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Unrestricted Device Access and Permissions Vulnerability Vulnerability: Unauthorized Access to Certificate and Key Files via SCP Protocol on F5 BIG-IP and BIG-IQ Vulnerability: Insufficient Credential Protection in Intel Software Buffer Overflow Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14 BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors Default Permissions Vulnerability in Intel(R) SEAPI Installation Binaries Uncontrolled Search Path Element Vulnerability in Intel(R) oneAPI Toolkit OpenMP Denial of Service Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: ucloud_del_node Functionality SQL Injection Vulnerability in Command Centre Server via Windows Registry Settings Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Stored Cross-Site Scripting Vulnerability in Autoptimize WordPress Plugin Unsanitized Filename Upload Vulnerability in dotCMS Memory Leakage Vulnerability in QEMU virtio-net Device (CVE-2021-XXXX) Memory Leakage and Invalid Element Detachment Vulnerability in QEMU's vhost-vsock Device Improper Storage of Private Key in Citrix Federated Authentication Service (FAS) 7.17 - 10.6 Race condition in XEN_DMOP_track_dirty_vram leading to memory leak Race Condition Vulnerability in VT-d Domain ID Cleanup IOMMU: RMRR and Unity Map Handling Vulnerability IOMMU: RMRR and Unity Map Handling Vulnerability Code Injection Vulnerability in GitHub Repository hestiacp/hestiacp prior to 1.6.6 IOMMU: RMRR and Unity Map Handling Vulnerability IOMMU: RMRR and Unity Map Handling Vulnerability Race condition in typeref acquisition: A vulnerability in Xen's x86 pv architecture Cache Non-Coherency Vulnerability in x86 PV Guests Cache Non-Coherency Vulnerability in x86 PV Guests Linux Disk/NIC Frontends Data Leakage Vulnerabilities CSRF Vulnerability in AdRotate Banner Manager Plugin <= 5.9 on WordPress Escalation of Privilege Vulnerability in Intel(R) XMM(TM) 7560 Modem Software Cabinet of Cybozu Garoon 4.0.0 to 5.5.1: Remote Authenticated Data Alteration and Retrieval Vulnerability Escalation of Privilege Vulnerability in Intel XMM 7560 Modem Software Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter Undisclosed Request Vulnerability in F5 BIG-IP Memory Resource Utilization Vulnerability in F5 BIG-IP DNS Listener Vulnerability: Non-transparent Sharing of Return Predictor Targets in Intel Processors Uncontrolled Search Path Vulnerability in Intel(R) SEAPI Installation Binaries Stored XSS Vulnerability in Mammothology AB Press Optimizer Plugin <= 1.1.1 on WordPress Memory Corruption Vulnerability in Asuswrt and Asuswrt-Merlin: Exploiting the HTTPD Unescape Functionality HTTP Request Smuggling Vulnerability in Apache HTTP Server 2.4.53 and Earlier Versions Arbitrary File Deletion Vulnerability in Export All URLs WordPress Plugin Vulnerability: SNMP Key Validation Bypass in SCALANCE X-Series Devices Use-After-Free Vulnerability in SVG Text Reflow Leading to Potential Exploitable Crash in Firefox and Thunderbird Font-based Side-channel Attack on Autofill Tooltip in Firefox < 98 Popup Resizing Bypasses Fullscreen Notification in Firefox and Thunderbird Sandbox Bypass Vulnerability in Firefox and Thunderbird Use-after-free Vulnerability in Firefox < 98 Allows for Potentially Exploitable Crashes Vulnerability: Insecure Temporary File Download Location in Firefox for macOS and Linux Add-on Signature Bypass Vulnerability in Firefox and Thunderbird Integer Coercion Vulnerability in openvswitch Kernel Module Unencrypted Storage of Network Credentials and PHI in Baxter Spectrum Wireless Battery Module Format String Vulnerability in Baxter Spectrum WBM Allows Unauthorized Memory Access Format String Vulnerability in Baxter Spectrum WBM: Exploiting Application Messaging for Memory Access and DoS Attacks Vulnerability: Lack of Mutual Authentication in Baxter Spectrum WBM Weak XOR Encryption Vulnerability in Horner Automation's RCC 972 Firmware v15.40 Static Encryption Key Vulnerability in Horner Automation’s RCC 972 Firmware Version 15.40 Command Injection Vulnerability in Zyxel VMG3312-T20A Firmware 5.30(ABFX.5)C0 Buffer Overflow Vulnerability in Zyxel VMG3312-T20A Firmware Version 5.30(ABFX.5)C0 Bypassing Appliance Mode Restrictions in F5 BIG-IP Use After Free Memory Vulnerability in Omron CX-Position (Versions 2.5.3 and Prior) Stack-based Buffer Overflow in Omron CX-Position (versions 2.5.3 and prior) Global Variable Exposure in Horner Automation's RCC 972 Firmware Version 15.40 InHand Networks InRouter302 V3.5.37 - OS Command Injection Remote Code Execution Vulnerability Uncontrolled Search Path Element Vulnerability in Intel(R) oneAPI DPC++/C++ Compiler Runtime Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server Uncontrolled Search Path Element Vulnerability in Intel(R) oneAPI Collective Communications Library (oneCCL) Out of Bounds Write Vulnerability in Camera ISP Out of Bounds Write Vulnerability in Camera ISP Race condition vulnerability in video codec allows for local privilege escalation Missing Permission Check Allows Unauthorized Writing of Permission Usage Records Critical SQL Injection Vulnerability in SourceCodester Online Admission System (VDB-205564) Type Confusion Vulnerability in Mailbox: Local Privilege Escalation without User Interaction Possible Out of Bounds Write Vulnerability in Mailbox Possible Out of Bounds Write Vulnerability in Mailbox Possible Out of Bounds Write Vulnerability in Mailbox Possible Out of Bounds Write Vulnerability in Mailbox Type Confusion Vulnerability in Mailbox: Local Privilege Escalation without User Interaction Out of Bounds Read Vulnerability in EMI MPU Uninitialized Data Out-of-Bounds Write Vulnerability in HttpClient Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Privilege Escalation Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Privilege Escalation Critical SQL Injection Vulnerability in SourceCodester Online Admission System (VDB-205565) Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Local Privilege Escalation Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Local Privilege Escalation Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Local Privilege Escalation Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Local Privilege Escalation Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Local Privilege Escalation Critical Out-of-Bounds Write Vulnerability in WiFi Driver Allows Local Privilege Escalation Remote Denial of Service Vulnerability in Modem 4G RRC Critical Out-of-Bounds Write Vulnerability in BT Firmware Allows Remote Code Execution Possible Out of Bounds Write Vulnerability in apusys Possible Out of Bounds Write Vulnerability in apusys Cross-Site Scripting (XSS) Vulnerability in SourceCodester Garage Management System (CVE-2021-205573) Race condition vulnerability in apusys allows for local privilege escalation Possible Use After Free Vulnerability in ged with Improper Locking Possible Use After Free Vulnerability in ISP with Improper Locking Possible Memory Corruption Vulnerability in teei: Local Privilege Escalation without User Interaction Integer Overflow Vulnerability in teei: Local Privilege Escalation without User Interaction Memory Corruption Vulnerability in gz with Incorrect Error Handling Symbolic Link Following Vulnerability in Vow: Local Information Disclosure Possible Out of Bounds Write Vulnerability in Vow Possible Out of Bounds Write Vulnerability in Vow Integer Overflow Vulnerability in Vow: Local Information Disclosure Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Admission System (VDB-205572) Out of Bounds Write Vulnerability in Vow (Patch ID: ALPS07032590; Issue ID: ALPS07032590) API Misuse Vulnerability Allows for Local Privilege Escalation without User Interaction Possible Out of Bounds Read Vulnerability in Vow Possible Out of Bounds Read Vulnerability in Vow Out of Bounds Write Vulnerability in Vow Audio IPI Out of Bounds Write Vulnerability Integer Overflow Vulnerability in Audio IPI Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in rpmb with Local Privilege Escalation Preloader (USB) Out of Bounds Write Vulnerability Fragment Injection Vulnerability in MtkEmail Critical Unrestricted File Upload Vulnerability in jeecg-boot (VDB-205594) Out of Bounds Write Vulnerability in aie with Local Privilege Escalation Parcel Format Mismatch Vulnerability in Telephony: Local Privilege Escalation without User Interaction IMS Parcel Format Mismatch Vulnerability Use-after-free vulnerability in vdec fmt with improper locking Out of Bounds Write Vulnerability in Sensorhub Critical Out of Bounds Write Vulnerability in WLAN Allows Local Privilege Escalation Default Credentials Vulnerability in Spectrum Power Systems Vulnerability: CPU Exhaustion via Tampering with Termination Condition in readExternal Method Unauthenticated API Execution Vulnerability in Poly EagleEye Director II Critical SQL Injection Vulnerability in SourceCodester Multi Language Hotel Management Software (VDB-205595) Command Injection in Poly Studio's Create Certificate Signing Request (CSR) Action Command Injection Vulnerability in Poly EagleEye Director II Reflected Cross-Site Scripting (XSS) Vulnerability in Veritas InfoScale Operations Manager (VIOM) Directory Traversal Vulnerability in Veritas InfoScale Operations Manager XSLT Parameter Use-After-Free Vulnerability in Firefox, Thunderbird, and Focus WebGPU IPC Framework Use-After-Free Vulnerability Insecure Search Path Vulnerability in Python on Windows Buffer Overflow Vulnerability in st21nfca_connectivity_event_received Remote Code Execution via DNS Spoofing in Pidgin Authentication and Authorization Bypass Vulnerability in miniOrange Drupal SAML SP Modules XSS Vulnerability in PrimeKey SignServer Admin Web Interface Integer Overflow and Heap-Based Buffer Overflow in nbd-server Stack-based Buffer Overflow in nbd-server in nbd before 3.24 XSS Vulnerability in BigBlueButton Greenlight 2.11.1 Allows Execution of JavaScript Payload Resource Exhaustion Vulnerability in Asterisk through 19.x when using STIR/SHAKEN SSRF Vulnerability in Asterisk through 19.x Allows Arbitrary Requests via Identity Header Excessive Authentication Attempts Vulnerability in GitHub Repository wger-project/wger prior to 2.2 Arbitrary Code Execution via Path Name Limitation Vulnerability in Veeam Backup & Replication Inadequate Access Control in Veeam Backup & Replication 10.x and 11.x Arbitrary Code Execution via Deserialization in Veeam Agent for Windows Arbitrary Code Execution Vulnerability in Veeam Backup & Replication Component for SCVMM Remote Media Exfiltration Vulnerability in ReadyMedia (formerly MiniDLNA) before 1.3.1 Heap-based Buffer Overflow in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7 Allows Remote Code Execution (CVE-2021-XXXXX) Authentication Bypass Vulnerability in Intel(R) SDP Tool Intel(R) SGX SDK Software Vulnerability: Privileged User Information Disclosure via Local Access GitHub Repository Bookwyrm-Social/Bookwyrm Prior to 0.4.5 Authentication Bypass Vulnerability InRouter302 V3.5.37 Firmware Update Vulnerability Insecure DLL Loading Vulnerability in WPS Presentation 11.8.0.5745 Uncontrolled Search Path Element Vulnerability in Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit Escalation of Privilege Vulnerability in Intel XMM 7560 Modem Software Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Web User Interface Vulnerability: Unauthorized Installation of Malicious Package Files Undisclosed Requests Vulnerability in F5 BIG-IP OS Command Injection Vulnerability in InHand Networks InRouter302 V3.5.37 Unrestricted Authentication Attempts Vulnerability in Hills ComNav Version 3002-19 Interface Format String Vulnerability in Card Label Can Lead to Kernel Stack Memory Leak and DoS Arbitrary File Write Vulnerability in pgjdbc Driver Arbitrary Code Execution Vulnerability in Abantecart 1.3.2 Privilege Escalation via World-Writable Directory in Anaconda and Miniconda Buffer Overflow Vulnerability in Realtek Linux/Android Bluetooth Mesh SDK Buffer Overflow Vulnerability in Realtek Linux/Android Bluetooth Mesh SDK Buffer Overflow Vulnerability in Realtek Linux/Android Bluetooth Mesh SDK Critical File Disclosure Vulnerability: Exploiting Sensitive File Access Unlocked Access Vulnerability in Swaylock Before 1.6 Multiple Buffer Overflow Vulnerabilities in Zyxel Networking Devices Argument Injection Vulnerability in Zyxel Network Devices Cross-Site Scripting (XSS) Vulnerability in Alist v2.1.0 and Below via /i/:data/ipa.plist Excessive Viewchange Vulnerability in FISCO-BCOS release-3.0.0-rc2 Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/setFixTools Component Reflected Cross-Site Scripting in Classima WordPress Theme and Required Plugins Authorization Bypass Vulnerability in Hospital Management System v1.0 Reflected Cross-Site Scripting in Classified Listing Pro WordPress Plugin Stored XSS Vulnerability in Eova v1.6.0 Add a Button Function Critical SQL Injection Vulnerability in SourceCodester Multi Language Hotel Management Software Authentication Bypass Vulnerability in Kopano Core and Zarafa Collaboration Platform Privilege Escalation Vulnerability in Tildeslash Monit before 5.31.0 Cross-Site Scripting (XSS) Vulnerability in HotelDruid Hotel Management Software v3.0.3 Totaljs XSS Vulnerability in Page Name Field Lack of Authorization and CSRF in Multivendor Marketplace Solution for WooCommerce WordPress Plugin Access Control Vulnerability in Xerox ColorQube 8580 Allows Unauthorized Printing and Data Exposure Multiple Reflected XSS Vulnerabilities in Maccms v10 /admin.php/admin/art/data.html Root Privilege Escalation Vulnerability in PAX A930 with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 Stored Cross-Site Scripting Vulnerability in WP Spell Check WordPress Plugin Command Injection Vulnerability in PAX A930 Device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 Privilege Escalation Vulnerability in PAX A930 with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 Command Injection Vulnerability in PAX A930 PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 SQL Injection Vulnerability in Mingsoft MCMS v5.2.7 via /cms/content/list CSRF Vulnerability in IceHrm 31.0.0.OS Allows Account Takeover and User Deletion CSRF Vulnerability in Pluck CMS v4.7.15 Allows Arbitrary Page Deletion Arbitrary File Download Vulnerability in FANTEC GmbH MWiD25-DS Firmware v2.000.030 Stack Overflow vulnerability in libsass 3.6.5: Exploiting CompoundSelector::has_real_parent_ref function Arbitrary Script Injection in Liferay Portal's Asset Categories Selector Multiple Cross-Site Scripting (XSS) Vulnerabilities in Liferay Portal and Liferay DXP Improper User Permission Check in Liferay Portal and Liferay DXP Arbitrary Script Injection in Liferay Portal's Journal Module Arbitrary Web Script Injection in Liferay Portal's Open Graph Integration Hard-coded Cryptographic Key Vulnerability in Delta Industrial Automation DIALink Versions 1.4.0.0 and Prior Authenticated Arbitrary File Upload Vulnerability in eZiosuite v2.0.7 Baigo CMS v3.0-alpha-2 Remote Code Execution Vulnerability Improper Authorization Vulnerability in Sequi PortBloque S Allows Unauthorized Administrative Access Vulnerability: Arbitrary File Extraction via Symlink in Apache Hadoop SQL Injection Vulnerability in PHP-CMS v1.0 via categorymenu.php Cross-Site Scripting (XSS) Vulnerability in College Website CMS v1.0 Allows Arbitrary Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in PKP Vendor Open Journal System v2.4.8 to v3.3.8 Arbitrary File Upload Vulnerability in Halo Blog CMS v1.4.17 Improper Authentication Vulnerability in Sequi PortBloque S Cross-Site Scripting (XSS) Vulnerability in Bootstrap v3.1.11 and v3.3.7 via Title Parameter in /vendor/views/add_product.php Arbitrary File Write Vulnerability in Online Project Time Management System v1.0 Matrimony v1.0 SQL Injection Vulnerability in Password Parameter Access Control Vulnerability in SoroushPlus+ Messenger 1.0.30: Bypassing Lock Screen Security Vulnerability: Bypassing Firewall with nf_conntrack_irc in Linux Kernel Arbitrary File Upload Vulnerability in Jellycms v3.8.1 and Below Time-Based Blind SQL Injection Vulnerability in Automatic Question Paper Generator v1.0 via id GET Parameter Blind SQL Injection Vulnerability in Multi-Vendor Online Groceries Management System v1.0 SQL Injection Vulnerability in Simple Student Quarterly Result/Grade System v1.0 Unquoted Service Path Privilege Escalation in HMA VPN v5.3.5913.0 CLRF Injection Vulnerability in PHP-Memcached v2.2.0 and below Buffer Overflow Vulnerability in TP-LINK TL-WR840N(ES)_V6.20 via DNSServers Parameter Critical Vulnerability in Private Cloud Management Platform: Remote Authentication Bypass via Improper Handling of POST Requests (VDB-205614) Buffer Overflow Vulnerability in TP-LINK TL-WR840N(ES)_V6.20 via minAddress Parameter Buffer Overflow Vulnerability in TP-LINK TL-WR840N(ES)_V6.20 via httpRemotePort Parameter Buffer Overflow Vulnerability in TP-LINK TL-WR840N(ES)_V6.20 via X_TP_ClonedMACAddress Parameter User Enumeration Vulnerability in EasyIO CPT Graphics v0.8 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Online Banking System Protect v1.0 Remote Code Execution Vulnerability in Online Banking System Protect v1.0 via Upload Image Function Critical LFI Vulnerability Found in Online Banking System Protect v1.0 Insecure Session Management in SCALANCE X-Series Network Devices Unauthenticated Remote Crash Vulnerability in SCALANCE X-Series Devices Unauthenticated Remote HTTP GET Request Crash Vulnerability in SCALANCE Devices Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System (CVE-2021-205615) Apache ShenYu RegexPredicateJudge.java Resource Exhaustion Vulnerability Inadequate Escaping Functionality in Asterisk's func_odbc Module Leads to SQL Injection Vulnerability Directory Traversal Vulnerability in NATS and NATS Streaming Server Information Disclosure Vulnerability in Zoho ManageEngine Remote Access Plus Remote Code Execution Vulnerability in Pexip Infinity before 27.3 via HTTP Improper Input Validation in Pexip Infinity 27.x before 27.3 Allows Remote Software Abort via Teams Gateway Call Remote Code Execution and User Enumeration Vulnerability in Pexip Infinity Remote Code Execution Vulnerability in Pexip Infinity before 27.3 via One Touch Join Privilege Escalation Vulnerability in Docker Desktop Installer on Windows Critical SQL Injection Vulnerability in SourceCodester Loan Management System (VDB-205618) Universal and Recoverable Encryption Key Vulnerability in RunAsSpc 4.0 XML External Entity (XXE) Vulnerability in Tryton Application Platform XML Entity Expansion (XEE) vulnerability in Tryton Application Platform allows resource consumption Insecure Direct Object Reference Vulnerability in Tyler Odyssey Portal Platform Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) ASUS Control Center API Broken Access Control Vulnerability SQL Injection Vulnerability in ASUS Control Center Critical SQL Injection Vulnerability in SourceCodester Loan Management System (VDB-205619) Command Injection Vulnerability in D-Link DIR-878 Allows Unauthenticated LAN Attackers to Execute Arbitrary Commands Hard-coded Credential Vulnerability in Taiwan Secom Dr.ID Access Control System Hardcoded API Token in ASUS WebStorage Allows Unauthorized Access to User Accounts Insufficient Filtering in ASUS RT-AX88U HTTP Header Parameter Allows for Stored XSS Attacks Title: ASUS RT-AX88U Format String Vulnerability Enables Remote Code Execution and System Disruption Inadequate URL Filtering in aEnrich a+HRD Allows for Path Traversal Attacks Inadequate Privilege Restrictions in aEnrich a+HRD: Remote Code Execution Vulnerability Arbitrary JavaScript Upload Vulnerability in Keycloak SAML Protocol Mapper Vulnerability: Symlink Handling Vulnerability Allows Unauthorized Modification of System Files Reflected Cross-Site Scripting in WP Taxonomy Import WordPress Plugin Title: Race Condition Vulnerability Allows Unauthorized File System Modification in macOS Monterey 12.3 Privilege Escalation Vulnerability Patched in macOS Updates Vulnerability Patched: Privilege Escalation Exploit in macOS Monterey 12.4 Vulnerability Patched: Privilege Escalation Exploit in macOS Monterey 12.4 Sandbox Bypass Vulnerability in macOS Monterey 12.4 AppleScript Binary Out-of-Bounds Read Vulnerability AppleScript Binary Out-of-Bounds Read Vulnerability Denial-of-Service Vulnerability in macOS Ventura 13 Endpoint Security Clients Memory Corruption Vulnerability in Apple Devices Race Condition Vulnerability Patched in tvOS 15.5, macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5 Kernel Privilege Escalation via Use After Free Vulnerability Lock Screen Photo Access Vulnerability Symlink Validation Vulnerability Allows Privilege Escalation in macOS Monterey 12.4 Sandbox Circumvention Vulnerability Patched in Apple Operating Systems Improper Validation of Environment Variables Allows Unauthorized Access to Sensitive User Information Vulnerability: Application Termination and Arbitrary Code Execution in macOS Monterey 12.4 Arbitrary Code Execution Vulnerability in Apple Devices Critical SQL Injection Vulnerability in SourceCodester Garage Management System (VDB-205655) Use After Free Vulnerability Patched in iOS 15.5 and Other Apple Operating Systems Integer Overflow Vulnerability in Multiple Apple Products Vulnerability Patched: File System Modification Exploit in macOS Monterey 12.4 and macOS Big Sur 11.6.6 Arbitrary Code Execution Vulnerability in Apple Operating Systems Elevated Privileges Vulnerability Patched in macOS Updates Arbitrary Code Execution Vulnerability in Apple Devices Arbitrary Code Execution Vulnerability Fixed in Multiple Apple Products Elevated Privileges Vulnerability in macOS Monterey 12.4 and macOS Big Sur 11.6.6 Arbitrary Code Execution Vulnerability in Apple Devices Critical SQL Injection Vulnerability in SourceCodester Garage Management System (VDB-205656) Kernel Privilege Escalation via Out-of-Bounds Write Vulnerability Memory Initialization Vulnerability in macOS Memory Initialization Vulnerability in macOS Samba Network Share Mounting Vulnerability in macOS Monterey 12.4 and macOS Big Sur 11.6.6 tvOS 15.5 Patch: Local User Authentication Bypass for Enabling iCloud Photos Persistent Photo Location Information Vulnerability in macOS Monterey 12.4 Screen Capture Vulnerability Patched in Latest Updates Vulnerability: File System Modification by Malicious Application Improved Entitlements Patch: Mitigating Unauthorized File Access Vulnerability Critical SQL Injection Vulnerability in Rigatur Online Booking and Hotel Management System (aff6409) Memory Corruption Vulnerability in ICC Profile Processing Improved State Management Fixes Safari Private Browsing Tracking Vulnerability Arbitrary Code Execution Vulnerability with Kernel Privileges Arbitrary Code Execution Vulnerability with Kernel Privileges Arbitrary Code Execution Vulnerability with Kernel Privileges Arbitrary Code Execution Vulnerability with Kernel Privileges Critical SQL Injection Vulnerability in SourceCodester Best Fee Management System (CVE-2021-205658) Arbitrary Code Execution Vulnerability with Kernel Privileges Buffer Overflow Vulnerability in macOS Monterey 12.4 Allows Arbitrary Code Execution with Kernel Privileges Buffer Overflow Vulnerability in macOS Monterey 12.4 Allows Arbitrary Code Execution with Kernel Privileges Kernel Privilege Escalation Vulnerability in macOS Recovery Memory Corruption Vulnerability in iOS 15.5 and iPadOS 15.5 Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Big Sur 11.6.6 Allows Disclosure of Restricted Memory Privacy Preferences Bypass Vulnerability Patched in macOS Updates Elevated Privileges Vulnerability Patched in Xcode 13.4 Arbitrary Code Execution Vulnerability in macOS Buffer Overflow Vulnerability in macOS Monterey 12.4 Allows Arbitrary Code Execution with Kernel Privileges Title: Unauthenticated Power Down Vulnerability in Unitree Go 1 Robotics Platform Buffer Overflow Vulnerability in macOS Monterey 12.4 Allows Arbitrary Code Execution with Kernel Privileges Arbitrary Code Execution Vulnerability in iTunes and Apple Operating Systems Buffer Overflow Vulnerability in macOS Monterey 12.4 Allows Arbitrary Code Execution with Kernel Privileges Buffer Overflow Vulnerability in macOS Monterey 12.4 Allows Arbitrary Code Execution with Kernel Privileges macOS Monterey 12.4 Patch: Critical Buffer Overflow Vulnerability Allows Arbitrary Code Execution Vulnerability Patched: Sandbox Escape Exploit in macOS Kernel Privilege Escalation Vulnerability in macOS Arbitrary Code Execution Vulnerability in Apple Devices Critical SQL Injection Vulnerability in SourceCodester Electronic Medical Records System (VDB-205664) Privilege Escalation Vulnerability in iOS 15.5 and iPadOS 15.5 Memory Corruption Vulnerability in macOS Memory Corruption Vulnerability in macOS Monterey 12.4, iOS 15.5, and iPadOS 15.5 Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Apple Operating Systems Kernel Memory Bypass Vulnerability Patched in Apple Devices Pointer Authentication Bypass Vulnerability Patched in Apple Devices Certificate Parsing Vulnerability Allows Signature Validation Bypass Privacy Preferences Bypass Vulnerability Patched in macOS Monterey 12.4 and macOS Big Sur 11.6.6 Arbitrary Code Execution Vulnerability in macOS Monterey, watchOS, tvOS, and macOS Big Sur Memory Corruption Vulnerability in macOS Critical SQL Injection Vulnerability in SourceCodester Apartment Visitor Management System 1.0 (VDB-205665) Kernel Privilege Escalation via Out-of-Bounds Read Vulnerability Memory Corruption Vulnerability in watchOS, tvOS, iOS, and iPadOS (Fixed in 8.6, 15.5) Memory Corruption Vulnerability in macOS Monterey 12.4 Allows Arbitrary Code Execution with Kernel Privileges iTunes 12.12.4 for Windows: File Deletion Vulnerability Privilege Escalation Vulnerability in iTunes 12.12.4 for Windows Integer Overflow Vulnerability Patched in macOS Update 2022-004: Potential Application Termination and Code Execution Improper Input Validation Leading to Application Termination and Code Execution Guest Users Can Access License Details in Zoho ManageEngine Remote Access Plus Vulnerability: Unauthorized Access to Network File System in Veritas System Recovery (VSR) 18 and 21 Insecure Random Number Generation in Apache CloudStack for Project Invitation Tokens Unrestricted Upload Vulnerability in SourceCodester Alphaware Simple E-Commerce System Remote Code Execution Vulnerabilities in InHand Networks InRouter302 V3.5.4 Remote Code Execution Vulnerabilities in InHand Networks InRouter302 V3.5.4 Remote Code Execution Vulnerabilities in InHand Networks InRouter302 V3.5.4 Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability: Disrupting Cluster Shared Volumes on Windows Systems Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows PowerShell Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Critical SQL Injection Vulnerability in SourceCodester Interview Management System 1.0 (CVE-2021-205667) Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Critical SQL Injection Vulnerability in SourceCodester Church Management System 1.0 (CVE-2021-205668) Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Print Spooler Privilege Escalation Vulnerability in Windows Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Windows Work Folder Service Privilege Escalation Vulnerability Windows File Explorer Privilege Escalation Vulnerability RPC Runtime RCE Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Student Admission System Windows File Server Resource Management Service Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Windows DNS Server Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Cross-Site Scripting (XSS) Vulnerability in SourceCodester Alphaware Simple E-Commerce System (CVE-2021-205670) Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Critical Remote Code Execution Vulnerability in Windows DNS Server Windows File Server Resource Management Service Privilege Escalation Vulnerability BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Windows DNS Server Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Food Ordering System 1.0 DiskUsage.exe Remote Code Execution Vulnerability: A Critical Security Flaw Windows LDAP Denial of Service Vulnerability .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion Improper Authentication Vulnerability in Open Automation Software OAS Platform V16.00.0121 REST API Improper Access Control Vulnerability in Rakuten Casa: Unauthorized Remote Information Disclosure Directory Traversal Vulnerabilities in F5 BIG-IP Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors Path Traversal Vulnerability in Cybozu Remote Service 3.1.2: Remote DoS Attack Incorrect Default Permission Vulnerability in Delta Electronics DIAEnergie Application (Versions prior to 1.8.02.004) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Apartment Visitor Management System 1.0 Privilege Escalation Vulnerability in Intel(R) Quartus Prime Software Intel(R) SGX SDK Software for Linux: Insufficient Control Flow Management Vulnerability Reflected XSS Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Homoglyphs Vulnerability in Intel(R) oneAPI DPC++/C++ Compiler Insecure Credential Protection in Intel(R) SEAPI Installation Binaries: Potential Privilege Escalation Vulnerability Firmware Vulnerability: Unauthenticated Privilege Escalation in Intel(R) AMT Arbitrary Code Execution Vulnerability in SPIP Versions Before 3.2.14 and 4.x Before 4.0.5 Unauthenticated Access to Editorial Object Information in SPIP Cross-Site Scripting (XSS) Vulnerability in SourceCodester Interview Management System 1.0 Apache NiFi Login Identity Providers Configuration Vulnerability Predictable File Name Vulnerability in Dell PowerScale OneFS: A Potential Threat to Data Loss Predictable Seed in Dell PowerScale OneFS Pseudo-Random Number Generator Leads to Account Compromise Risky Cryptographic Algorithms in Dell PowerScale OneFS: Remote System Access Vulnerability Default Permissions Vulnerability in Dell PowerScale OneFS (Versions 8.2.x-9.3.0.x) Leading to Denial of Service Dell EMC Repository Manager 3.4.0 Plain-Text Password Storage Vulnerability Dell OpenManage Enterprise Unauthorized Access Vulnerability Improper Authentication Vulnerability in Dell BIOS Allows Bypass of Security Controls Race Condition Vulnerability in Dell BIOS Allows Local Attackers to Bypass SMM Security Checks via SMI Cross-Site Scripting (XSS) Vulnerability in oretnom23 Fast Food Ordering System Dell BIOS Stack-Based Buffer Overflow Vulnerability Allows Arbitrary Code Execution in SMM Dell BIOS Insecure Automated Optimization Vulnerability Allows Arbitrary Code Execution Dell BIOS Input Validation Vulnerability: Bypassing SMM Security Controls Dell BIOS Input Validation Vulnerability: Bypassing SMM Security Controls Dell BIOS Input Validation Vulnerability: Bypassing SMM Security Controls Dell Support Assist OS Recovery Authentication Bypass Vulnerability Stored Cross-Site Scripting Vulnerability in Dell PowerStore Versions before v2.1.1.0 Formula Injection Vulnerability in PowerStore SW v2.1.1.0 Command Injection Vulnerability in Dell EMC PowerStore Dell PowerStore Open Port Vulnerability Critical SQL Injection Vulnerability in SourceCodester Gym Management System (VDB-205734) Dell PowerStore 2.1.0.x Authentication Bypass Vulnerability Arbitrary File Upload Vulnerability in Trend Micro Apex Central: Remote Code Execution Risk AMI Megarac API Vulnerability: Password Reset Interception Vulnerability: Arbitrary Code Execution and Memory Manipulation in AMI Aptio 5.x XSS Vulnerability in Horde Mime_Viewer Allows Account Takeover Local File Exfiltration Vulnerability in Asana Desktop App Memory Leak in virtio_bt.c Bluetooth Driver in Linux Kernel Critical SQL Injection Vulnerability in SourceCodester Expense Management System Apache DolphinScheduler: File Read Vulnerability Potential Database Password Disclosure Vulnerability Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Cross-Site Scripting Vulnerability in Intel(R) Quartus Prime Software: Potential Information Disclosure via Local Access Path Traversal Vulnerability in Splunk Enterprise versions before 8.1.2 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Wedding Hall Booking System Vulnerability: Remote Code Execution in F5 BIG-IP Advanced WAF, ASM, and APM Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Azure Site Recovery Information Leakage Vulnerability Azure Site Recovery Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Azure Site Recovery Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Wedding Hall Booking System Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Exploiting the Windows Graphics Component for Remote Code Execution Windows User Profile Service Privilege Escalation Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Azure SDK for .NET Information Leakage Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Edge Chromium Elevation of Privilege Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Wedding Hall Booking System Skype for Business and Lync Spoofing Vulnerability: Impersonation Threats Skype for Business Data Exposure Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Windows Authentication Information Leakage Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Secure Channel DoS Vulnerability Windows Fax Compose Form RCE Vulnerability Windows Fax Compose Form RCE Vulnerability Windows Fax Compose Form RCE Vulnerability Windows LDAP Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Wedding Hall Booking System Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Code Execution Vulnerability in Visual Studio Code Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services YARP DoS Vulnerability: Exploiting the YARP Framework for Denial of Service Attacks Windows LSA Spoofing: A Critical Security Vulnerability Address Book Remote Code Execution Vulnerability in Windows Exploiting the Windows Graphics Component for Remote Code Execution Windows Photo Import API Privilege Escalation Vulnerability .NET Framework Remote Code Execution Vulnerability: A Critical Security Threat Critical SQL Injection Vulnerability in SourceCodester Electronic Medical Records System (VDB-205816) Windows Remote Access Connection Manager Information Disclosure Vulnerability Kerberos Privilege Escalation Vulnerability in Windows Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Windows NTFS File System Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows WLAN AutoConfig Service Information Disclosure Vulnerability Exposes Sensitive Data Windows Server Service Information Leakage Vulnerability Windows Network File System RCE Vulnerability Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Critical Unrestricted Upload Vulnerability in SourceCodester Company Website CMS (VDB-205817) Exposed Remote Desktop Protocol Client Information Vulnerability Root Privilege Escalation via Format String Vulnerability in Motorola MTM5000 Series Firmware Vulnerability: Pointer Validation Issue in Motorola MTM5000 Series TEE Modules Vulnerability Title: Insufficient Entropy Generation in Motorola MTM5000 Series Firmware (CVE-2022-24400) Command Line Information Leakage in Percona XtraBackup 2.4.20 Protocol Switching and Configuration Bypass Vulnerability in go-getter up to 1.5.11 and 2.0.2 Reflected XSS Vulnerability in Archer 6.x through 6.9 SP3 (6.9.3.0) Archer RSS Feed Integration Insecure Credential Storage Vulnerability Improper Access Control Vulnerability in Archer 6.x through 6.9 SP2 P1 (6.9.2.1) Stored Cross-Site Scripting Vulnerability in Beaver Builder WordPress Page Builder Archer 6.x through 6.9 P2 (6.9.0.2) Open Redirect Vulnerability Reflected XSS Vulnerability in Archer 6.x through 6.10 (6.10.0.0) Buffer Overflow Vulnerability in Digi Passport Firmware through 1.5.1,1 Buffer Overflow Vulnerability in Digi Passport Firmware through 1.5.1,1 Open Redirect Vulnerabilities in NopCommerce 4.10 through 4.50.1: Phishing Attacks via returnUrl Parameter Blind/Time-based SQL Injection Vulnerabilities in Northstar Club Management Version 6.3 Application Authorization Bypass and Privilege Escalation in Restaurant Menu WordPress Plugin Path Traversal Vulnerability in std42 elFinder Insecure Password Derivation in Devolutions Remote Desktop Manager (before 2022.1) Enables Information Disclosure Remote Code Execution Vulnerability in Pluck 4.7.16 via Theme Upload Functionality Heap Memory Information Disclosure in Linux Kernel Heap-Based Buffer Overflow in gf_base64_encode: Exploiting GPAC 2.0 via MP4Box Default CORS settings in Directus before 9.7.0 allow for potential Cross-Origin Resource Sharing (CORS) vulnerability. Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System (CVE-2021-205818) Unauthenticated License File Upload Vulnerability in Barco Control Room Management Suite Web Application Reflected XSS Vulnerability in Barco Control Room Management Suite Web Application Exposure of Internal Directory Path Details in Barco Control Room Management Suite Web Application Reflected XSS Vulnerability in Barco Control Room Management Suite Web Application Unauthenticated Access to Log Files in Barco Control Room Management Suite Web Application Reflected XSS Vulnerability in Barco Control Room Management Suite Web Application Stored XSS Vulnerability in Barco Control Room Management Suite Web Application Reflected XSS Vulnerability in Barco Control Room Management Suite Web Application NULL Pointer Dereference in Foxit PDF Reader and PDF Editor Allows for Collab.addStateModel Exploit Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System (VDB-205819) Reflected XSS Vulnerability in Teampass 2.1.26 via index.php PATH_INFO Buffer Overflow in Liblouis: compilePassOpcode in compileTranslationTable.c Arbitrary Code Execution Vulnerability in SimpleMachinesForum 2.1.1 and Earlier SQL Injection Vulnerability in ImpressCMS 1.4.3 and Earlier: Remote Code Injection and Database Compromise Stack Overflow Vulnerability in MmtAtePrase Function Enables Remote Code Execution in TP-Link TL-WDR7660, Mercury D196G, and Fast FAC1900R Routers Stack Overflow Vulnerability in TP-Link TL-WDR7660, Mercury D196G, and Fast FAC1900R Routers: Remote Code Execution Critical SQL Injection Vulnerability in SourceCodester Simple E-Learning System (VDB-205820) Command Injection Vulnerability in Arris Routers SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P Command Injection Vulnerability in Arris Routers SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P via TimeZone Parameter Command Injection Vulnerability in Arris Routers SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P Command Injection Vulnerability in Arris Routers SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P Command Injection Vulnerability in Arris Routers SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P Command Injection Vulnerability in Arris TR3300 v1.0.13 PPTP Function Command Injection Vulnerability in Arris TR3300 v1.0.13 PPPoE Function Command Injection Vulnerability in Arris TR3300 v1.0.13 via upnp_ttl Parameter Command Injection Vulnerability in Arris TR3300 v1.0.13 via wps_enrolee_pin Parameter Command Injection Vulnerability in Arris TR3300 v1.0.13 Static IP Settings Function Critical SQL Injection Vulnerability in SourceCodester Gym Management System (VDB-205821) Command Injection Vulnerability in Arris TR3300 v1.0.13: Exploiting Time and Time Zone Function Command Injection Vulnerability in Arris TR3300 v1.0.13 DHCP Function via Hostname Parameter Command Injection Vulnerability in Arris TR3300 v1.0.13 DDNS Function Command Injection Vulnerability in Totolink Routers' Tunnel 6rd Function Command Injection Vulnerability in Totolink Routers' Tunnel 6in4 Function Command Injection Vulnerability in Totolink Routers (X5000R and A7000R) via setWanCfg Function Use-after-free Vulnerability in nginx njs 0.7.2 Buffer Overflow Vulnerability in nginx njs 0.7.2 due to Type Confusion in Array.prototype.concat() Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple E-Learning System (VDB-205822) Stack Overflow Vulnerability in Tenda AC9 15.03.2.21_cn's SetStaticRouteCfg() Function Critical Access Control Vulnerability in SourceCodester Company Website CMS Stack Overflow Vulnerability in Tenda AC9 V15.03.2.21_cn's SetSysTimeCfg() Function Allows for Stable Root Shell Critical SQL Injection Vulnerability in SourceCodester Gym Management System Information Disclosure Vulnerability in SourceCodester Simple E-Learning System (VDB-205828) SQL Injection Vulnerability in OpenSIS Classic 8.0 /modules/eligibility/Student.php Directory Traversal Vulnerability in Yearning Versions 2.3.1-2.3.2 Interstellar GA and 2.3.4-2.3.6 Neptune Buffer Overflow in libsixel/src/quant.c:876 in libsixel 1.8.6 Heap Use After Free Vulnerability in libsixel/src/dither.c:388 Arbitrary File Upload Vulnerability in mogu_blog_cms 5.2 Man-in-the-Middle (MITM) Attack Vulnerability in Moxa MGate Devices Arbitrary Log File Movement Vulnerability in Raidrive (before v2021.12.35) SQL Injection Vulnerability in SourceCodester Simple Student Information System Unquoted Service Path Privilege Escalation Vulnerability in BitComet Service Unquoted Service Path Vulnerability in FreeFtpd Version 1.0.13 and Below Information Leakage in ecjia-daojia 1.38.1-20210202629 via Helper.php Critical SQL Injection Vulnerability in SourceCodester Online Class and Exam Scheduling System 1.0 (VDB-205830) Arbitrary File Upload Vulnerability in AeroCMS v0.0.1 Stored XSS Vulnerability in AeroCMS v0.0.1 via add_post.php Stored XSS Vulnerability in AeroCMS v0.0.1 via view_all_comments.php Arbitrary File Upload Vulnerability in Musical World v1 via uploaded_songs.php Critical SQL Injection Vulnerability in SourceCodester Online Class and Exam Scheduling System 1.0 (CVE-2021-205831) Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/delAd Component Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /cgi-bin/uploadWeiXinPic Component Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/setAdInfoDetail Component Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/setPicListItem Component Critical SQL Injection Vulnerability in SourceCodester Gym Management System (login.php) - VDB-205833 Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/setWorkmode Component Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/SetLanInfo Component Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /goform/SetInternetLanInfo Component Command Injection Vulnerability in Tenda M3 1.10 V1.0.0.12(4856) via /cgi-bin/uploadAccessCodePic Component Unquoted Service Path Vulnerability in Ivanti DSM Remote <= 6.3.1.1862 Unquoted Service Path Privilege Escalation in Fujitsu PlugFree Network <= 7.3.0.3 Stored Cross-Site Scripting Vulnerability in Float to Top Button WordPress Plugin Redirection Vulnerability in Cscms Music Portal System v4.2 Unquoted Service Path Privilege Escalation in Sony PlayMemories Home v6.0 Unquoted Service Path Privilege Escalation in BattlEye v0.9 Stored Cross-Site Scripting Vulnerability in Scroll To Top WordPress Plugin Cross Site Scripting (XSS) Vulnerability in element-plus 2.0.5 via el-table-column Unauthenticated Time-Based Blind SQL Injection Vulnerability in Forma LMS v.1.4.3 and Earlier Cross Site Scripting (XSS) Vulnerability in InMailX Outlook Plugin < 3.22.0101 Stored XSS Vulnerability in OrangeHRM 4.10 Share Video Feature Insecure Direct Object Reference (IDOR) Vulnerability in OrangeHRM 4.10: Unauthorized Timesheet Creation Referer Header Injection Redirect Vulnerability in OrangeHRM 4.10 Path Traversal Vulnerability in Import any XML or CSV File to WordPress Plugin Host Header Injection Redirect in OrangeHRM 4.10 via viewPersonalDetails Endpoint Jfinal_CMS 5.1.0 Feedback Function XSS Vulnerability Integer Overflow Vulnerability in htmldoc 1.9.16's image_load_jpeg Function Remote Code Execution Vulnerability in Studio-42 elFinder 2.1.60 through File Name Bypass Relative Path Traversal Vulnerability in Eclipse GlassFish Versions 5.1.0 to 6.2.5 SQL Injection Vulnerability in Employee Performance Evaluation v1.0 via Email Parameter SQL Injection Vulnerability in Insurance Management System 1.0 via Username Parameter Stored Cross-Site Scripting (XSS) Vulnerability in zbzcms v1.0 via neirong parameter at /php/ajax.php SQL Injection Vulnerability in zbzcms v1.0 via art parameter at /include/make.php SQL Injection Vulnerability in zbzcms v1.0 via id parameter at /php/ajax.php Arbitrary Administrator Account Addition Vulnerability in zbzcms v1.0 Arbitrary File Upload Vulnerability in zbzcms v1.0 Insufficient Session Expiration in GitHub Repository Cockpit-HQ/Cockpit Prior to 2.2.0 Arbitrary Code Execution via File Upload in zbzcms v1.0 Arbitrary File Deletion Vulnerability in zbzcms v1.0 via /include/up.php Access-control vulnerability in EOSIO batdappboomx v327c04cf smart contract allows remote attackers to win cryptocurrency without paying ticket fee via `transfer` function. Heap Buffer Overflow in xpdf 4.03's readXRefTable Function in XRef.cc Arbitrary File Upload Vulnerability in Ghost v4.39.0 Allows Execution of Code via Crafted SVG File Length Parameter Inconsistency Vulnerability in francoisjacquet/rosariosis prior to 10.0 Arbitrary File Upload Vulnerability in express-fileupload 1.3.1 Allows Remote Code Execution Stack-Overflow Vulnerability in GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master Heap-Buffer-Overflow Vulnerability in GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd's gf_isom_apple_enum_tag Function Use-After-Free Vulnerability in GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master's gf_node_get_attribute_by_tag Function Integer Overflow Vulnerability in GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master Critical SQL Injection Vulnerability in SourceCodester Employee Management System (CVE-2021-205834) Arbitrary File Modification Vulnerability in Roku Devices with Realtek WiFi Chip HTML Injection Vulnerability in Daylight Studio Fuel CMS 1.5.1 Weak Password Recovery Mechanism in pearweb < 1.32 via include/users/passwordmanage.php Deserialization of Untrusted Data in pearweb < 1.32 Stored Cross-Site Scripting Vulnerability in Beaver Builder WordPress Page Builder SQL Injection Vulnerability in Csz Cms 1.2.2: cszcms_admin_Members_viewUsers CSZ CMS 1.2.2 SQL Injection Vulnerability in cszcms_admin_Members_editUser CSZ CMS 1.2.2 SQL Injection Vulnerability in cszcms_admin_Users_editUser CSZ CMS 1.2.2 SQL Injection Vulnerability in cszcms_admin_Users_viewUsers CSZ CMS 1.2.2 SQL Injection Vulnerability in cszcms_admin_Plugin_manager_setstatus XSS Vulnerability in Apache JSPWiki 2.11.2: Exploiting XHRHtml2Markup.jsp for JavaScript Execution and Sensitive Data Leakage Privilege Escalation Vulnerability in ESET Windows Products Allows Arbitrary File Deletion Cross-Site Scripting Vulnerability in LiteCart Prior to 2.4.2 Information Disclosure Vulnerability in Open Automation Software OAS Platform V16.00.0112 SQL Injection Vulnerability in JoomSport – for Sports: Team & League, Football, Hockey & more WordPress Plugin (Versions up to 5.2.5) Escalation of Privilege Vulnerability in Intel(R) Media SDK Software Hard-coded Password Vulnerability in InHand Networks InRouter302 V3.5.37 CSRF Vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and Earlier Allows Unauthorized Deletion of Blog Articles and Categories Blind SQL Injection Vulnerability in Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) Unsanitized File Execution Vulnerability in RevoWorks SCVX, RevoWorks Browser, and RevoWorks Desktop ConsoleMe: Critical Format String Vulnerability Allows Information Disclosure and Remote Code Execution (CVE-2021-XXXX) Denial of Service Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: Confctl_set_wan_cfg Functionality Exported Configuration File Vulnerability: Credential Exposure and Potential Resource Compromise SQL Injection Vulnerability in JoomSport – for Sports: Team & League, Football, Hockey & more WordPress Plugin (Versions up to 5.2.5) Uncontrolled Search Path Vulnerability in Intel(R) MacCPUID Software Undisclosed Requests Resource Utilization Vulnerability in F5 BIG-IP APM Memory Resource Utilization Vulnerability in F5 BIG-IP Versions Prior to 16.1.2.2, 15.1.5.1, and 14.1.4.6 Reflected XSS Vulnerability in Splunk Enterprise Monitoring Console App Out-of-Bounds Write Vulnerability Allows Arbitrary Code Execution Denial of Service Vulnerability in TCL LinkHub Mesh Wifi MS1G_00_01.00_14 Uncontrolled Search Path Element Vulnerability in Intel(R) Quartus Prime Standard Edition Software OS Command Injection Vulnerability in CENTUM VP and B/M9000 VP Undisclosed Traffic Increases TMM Memory Resource Utilization in F5 BIG-IP NULL Image List Denial of Service Vulnerability in ImageMagick Server Crash Vulnerability in golang.org/x/crypto/ssh Package Unauthenticated File Download Vulnerability in Aseco Lietuva DVS Avilys XML External Entities (XXE) vulnerability in CVRF-CSAF-Converter before 1.0.0-rc2 allows arbitrary file inclusion and information disclosure Denial-of-Service Vulnerability in SIMATIC PCS neo, SINETPLAN, and TIA Portal Sensitive Information Exposure in Jenkins Parameterized Trigger Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Favorite Plugin 2.4.0 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Dashboard View Plugin CSRF Vulnerability in Jenkins CloudBees AWS Credentials Plugin Allows Unauthorized AWS Service Access Vulnerability: Unauthorized AWS Service Access in Jenkins CloudBees AWS Credentials Plugin Partial Sensitive Value Masking Vulnerability in Octopus Server Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Folder-based Authorization Strategy Plugin Unrestricted Execution and Path Parsing Vulnerability in Jenkins Semantic Versioning Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Extended Choice Parameter Plugin Arbitrary File Read Vulnerability in Jenkins Extended Choice Parameter Plugin Cross-Site Request Forgery Vulnerability in Jenkins Extended Choice Parameter Plugin Unauthenticated Remote Code Execution in Jenkins Extended Choice Parameter Plugin Unencrypted Storage of GitLab Client Secret in Jenkins GitLab Authentication Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins global-build-stats Plugin 1.5 and Earlier Arbitrary File Read Vulnerability in Jenkins Kubernetes Continuous Deploy Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier Sensitive Values Exposed in Octopus Server Log Files Jenkins Kubernetes Continuous Deploy Plugin CSRF Vulnerability Allows Unauthorized SSH Server Connections Vulnerability: Unauthorized SSH Server Connection in Jenkins Kubernetes Continuous Deploy Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins List Git Branches Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Environment Dashboard Plugin CSRF Vulnerability in Jenkins Release Helper Plugin 1.3.3 and Earlier Unauthenticated Remote Code Execution in Jenkins Release Helper Plugin Unencrypted Storage of JDBC Connection Passwords in Jenkins dbCharts Plugin Unencrypted Password Storage in Jenkins Vmware vRealize CodeStream Plugin Unencrypted Token Storage in Jenkins incapptic connect uploader Plugin Missing HTTP Security Headers in SINEMA Remote Connect Server (All versions < V3.0 SP2) Expose Servers to Client-Based Attacks Critical SQL Injection Vulnerability in SourceCodester Simple Student Information System (VDB-205835) Missing HTTP Security Headers in SINEMA Remote Connect Server (All versions < V3.0 SP2) Exposes Servers to Client-Based Attacks Vulnerability in SINEMA Remote Connect Server (All versions < V3.1) Allows for BREACH Attack Out-of-Array Access Vulnerability in Linux Kernel's UDC-Xilinx Driver Command Injection Vulnerability in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 Cleartext Data Transmission Vulnerability in Gradle Enterprise with Keycloak CSRF Vulnerability in iRZ Mobile Routers Allows Remote Code Execution Incomplete Zone Transfer Handling as Successful Transfers Vulnerability Arbitrary Code Execution Vulnerability in Bitrix Site Manager's Vote Module Path Traversal Vulnerability in Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI Firmware Update Tool Software Critical SQL Injection Vulnerability in SourceCodester Employee Management System (CVE-2021-205836) Reflected Cross-Site Scripting (XSS) Vulnerability in F5 BIG-IP Guided Configuration Cross-Site Scripting Vulnerability in WP Statistics Plugin XML Injection Vulnerability in Quartus Prime Programmer CVAT Software Server-Side Request Forgery Vulnerability Multiple Broken Access Control Vulnerabilities in Social Share Buttons Plugin Cross-Site Scripting (XSS) Vulnerability in NI Web Server Component Stored Cross-Site Scripting (XSS) Vulnerability in BigBlueButton 2.4.7 and Earlier Versions Stack-based Buffer Overflow in mount.cifs ip= Command-Line Argument Parsing Critical SQL Injection Vulnerability in SourceCodester Employee Management System (CVE-2021-205837) Buffer Overflow in Glewlwyd SSO Server 2.x: WebAuthn Assertion Vulnerability Confidential Information Exposure in Mendix Applications Buffer Overflow Vulnerability in OpenV2G (V0.9.4) EXI Parsing Feature Local File Inclusion Vulnerability in MISP before 2.4.156 Stored XSS Vulnerability in MISP Custom Auth Name Unrestricted generateServerSettings in MISP before 2.4.156 allows SSRF SVG Org Logo Allows JavaScript Execution in MISP GastKont Insecure Direct Object Reference in cdSoft Onlinetools-Smart Winhotel.MX 2021: Exposing Customer's Sensitive Information Directory Traversal Vulnerability in IdeaRE RefTree Allows Arbitrary File Download Unrestricted File Upload Vulnerability in IdeaRE RefTree (2021.09.17) Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in SourceCodester Company Website CMS (VDB-205838) UNISOC Chipset Remote Control Vulnerability: Exploiting Mobile Phones for Unauthorized Access and Data Manipulation Vulnerability Title: Replay Attack Vulnerability in Honda Civic 2018 Remote Keyless System Stack-based Buffer Overflow in Realtek eCos RSDK and MSDK SIP ALG Function Redbasic Theme for Hubzilla: PHP Local File Inclusion Vulnerability via Schema Parameter PHP Local File Inclusion Vulnerability in Redbasic Theme for Hubzilla (Before Version 7.2) Arbitrary Web Script Injection via rpath Parameter in Hubzilla 7.0.3 and Earlier Critical SQL Injection Vulnerability in SEMCMS (VDB-205839) Arbitrary Code Execution via SVG File Upload Vulnerability in ButterCMS v1.2.8 Express-FileUpload v1.3.1 Arbitrary File Write Vulnerability Arbitrary Code Execution Vulnerability in Skipper v0.9.1 File Upload Module Arbitrary Code Execution via File Upload in Strapi v4.1.5 Remote Code Execution Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Remote Code Execution (RCE) Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Critical SQL Injection Vulnerability in SourceCodester Gym Management System (VDB-205855) Remote Code Execution (RCE) Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Remote Code Execution (RCE) Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Remote Code Execution Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Remote Code Execution Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Remote Code Execution Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Remote Code Execution Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Remote Code Execution (RCE) Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Arbitrary File Deletion Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Arbitrary File Read Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Critical SQL Injection Vulnerability in SourceCodester Gym Management System Stored Cross-Site Scripting (XSS) Vulnerability in InHand Networks InRouter 900 Industrial 4G Router Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Denial of Service via formSetWanNonLogin Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Denial of Service via formSetWanPPPoE Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Exploiting formSetWanPPTP for Denial of Service (DoS) Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Denial of Service via formSetWanL2TP Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0.1 Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Denial of Service via formSetWanDhcpplus Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Denial of Service via formdumpeasysetup Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Exploiting formLanguageChange Function for Denial of Service (DoS) Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Exploiting formWlanSetup Function for Denial of Service (DoS) Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Exploiting formWlanWizardSetup Function for Denial of Service (DoS) Stack Overflow Vulnerability in D-Link DIR-619 Ax v1.00: Exploiting formAdvanceSetup Function for Denial of Service (DoS) SQL Injection Vulnerability in Hospital Management System v1.0 via room.php Component GitHub Repository Authorization Bypass Vulnerability in openemr/openemr prior to 7.0.0.1 SQL Injection Vulnerability in Student Grading System v1.0 Session Fixation Vulnerability in Gibbon v23 Stored XSS Vulnerability in PHProjekt PhpSimplyGest v1.3.0 via Project Title Reflected Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0.1 Server-Side Request Forgery (SSRF) Vulnerability in Gibbon v3.4.4 and Below Gitea v1.16.3 Arbitrary File Deletion Vulnerability Missing Authorization in GitHub Repository OpenEMR Prior to 7.0.0.1 Reflected Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0.1 Arbitrary Code Execution via Cross-Site Scripting (XSS) in E-Commerce Website v1.0 Zammad v5.0.3 Access Control Vulnerability: Unauthorized Broadcast of Administrative Configuration Changes Unauthenticated Write Access Vulnerability in Zammad v5.0.3 Arbitrary Deletion of install.lock File in idcCMS v1.10 Seacms v11.6 Remote Code Execution (RCE) Vulnerability in /admin/weixin.php Component Denial of Service (DoS) Vulnerability in Poppler v22.03.0 Hints::Hints Function UI Layer or Frame Restriction Vulnerability in openemr/openemr prior to 7.0.0.1 Cross-Site Request Forgery (CSRF) Vulnerability in MCMS v5.2.7 SQL Injection Vulnerability in JFinalCMS v2.0 Article Management Function SQL Injection Vulnerability in Link-Admin v0.0.1 via DictRest.ResponseResult() Arbitrary File Upload Vulnerability in Ecommerce-Website v1.1.0 Stored Cross-Site Scripting (XSS) Vulnerability in Social Codia SMS v1 via add_post.php Arbitrary File Upload Vulnerability in Social Codia SMS v1 via addteacher.php Privilege Escalation via Incorrect Permissions on PCS Unix Socket Arbitrary File Upload Vulnerability in Zoo Management System v1.0 Arbitrary File Upload Vulnerability in Simple House Rental System v1 Arbitrary File Upload Vulnerability in Ecommerce-Website v1 via /customer_register.php NULL Pointer Dereference Vulnerability in Foxit PDF Reader and PDF Editor (Versions before 12.0.1) Critical Unrestricted Upload Vulnerability in SourceCodester Company Website CMS SQL Injection Vulnerability in SpringBlade v3.2.0 and Below via customSqlSegment Component SQL Injection Vulnerability in CSCMS Music Portal System v4.2 via dance_Dance.php_del Component Blind SQL Injection Vulnerability in Cscms Music Portal System v4.2 SQL Injection Vulnerability in Cscms Music Portal System v4.2 via dance_Topic.php_del Component SQL Injection Vulnerability in Cscms Music Portal System v4.2 via dance_Lists.php_zhuan SQL Injection Vulnerability in Cscms Music Portal System v4.2 via news_News.php_hy Component Stored Cross-Site Scripting Vulnerability in WP STAGING WordPress Plugin Remote Command Execution Vulnerability in Shanghai Feixun Data Communication Technology Co., Ltd Router Fir302b A2 Tenda AX12 V22.03.01.21_CN CSRF Vulnerability in SysToolReboot Function Tenda AX12 V22.03.01.21_CN CSRF Vulnerability in WifiExtraSet Function Use-After-Free Vulnerability in MariaDB Server v10.6.5 and Below: Exploiting Item_args::walk_arg via Crafted SQL Statements Use-After-Free Vulnerability in MariaDB Server v10.6.3 and Below Denial of Service Vulnerability in MariaDB Server v10.7 and Below Denial of Service Vulnerability in Arg_comparator::compare_real_fixed Component of MariaDB Server v10.6.2 and Below Vulnerability: Incorrect Version of Podman in Red Hat Enterprise Linux 7 Extras Advisory (CVE-2020-8945) Denial of Service (DoS) Vulnerability in MariaDB Server v10.6.3 and Below Denial of Service (DoS) Vulnerability in MariaDB Server v10.6 and Below Segmentation Fault Vulnerability in MariaDB Server v10.7 and Below Use-After-Free Vulnerability in MariaDB Server v10.6 and Below: Exploitation via Crafted SQL Statements Denial of Service Vulnerability in MariaDB Server v10.6 and Below Denial of Service Vulnerability in MariaDB Server v10.7 and Below Segmentation Fault Vulnerability in MariaDB Server v10.7 and Below Global Buffer Overflow in MariaDB Server v10.7 and Below: Exploiting the decimal_bin_size Component Vulnerability: Incomplete Fix for CVE-2020-14370 in Red Hat Enterprise Linux 7 Extras Podman Critical Unrestricted Upload Vulnerability in SourceCodester Company Website CMS Heap Buffer Overflow in FreeType's sfnt_init_face Function Segmentation Violation Vulnerability in FreeType's FNT_Size_Request Function Segmentation Violation Vulnerability in FreeType's FT_Request_Size Function Denial-of-Service Vulnerability Exploitable via Manipulated CAN Frames Command Injection Vulnerability in TOTOLINK N600R v5.3c.5507_B20171031 SQL Injection Vulnerability in Explore CMS v1.0 via /page.php?id= Request SQL Injection Vulnerability in Hospital Management System v1.0 via adminname parameter in admin.php Double-Free Vulnerability in Tcpreplay v4.4.1 via __interceptor_free Heap-Based Buffer Overflow in Tcpreplay v4.4.1's do_checksum_math Function Stack Overflow Vulnerability in rtl_433 21.12: Denial of Service via Crafted File Use After Free Vulnerability in Exosphere in Google Chrome on Chrome OS and Lacros SQL Injection Vulnerability in Hospital Management System v1.0: Exploiting patient_contact parameter in patientsearch.php User Modification Form Validation Bypass in Chamilo LMS v1.11.13 Reflected Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS v1.11.13 SQL Injection Vulnerability in Chamilo LMS v1.11.13 via blog_id Parameter Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS v1.11.13 via /blog/blog.php Component Chamilo LMS v1.11.13 SSRF Vulnerability Allows Network Enumeration and Command Execution via Crafted Phar File Stored XSS Vulnerability in GalleryCMS v2.0 Allows Arbitrary Code Execution via album_name Parameter Jizhicms v1.9.5 SSRF Vulnerability in /admin.php/Plugins/update.html Integer Overflow Vulnerability in Google Chrome Window Manager SQL Injection Vulnerability in Wuzhicms v4.1.0 via groupid Parameter CSRF Vulnerability in Pluck CMS v4.7.15 Allows Account Takeover via Password Change SQL Injection Vulnerability in UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 via ProfileName Parameter Unrestricted File Upload Vulnerability in Ecommerce-Website v1.1.0 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Ecommerce-Website v1.1.0 Remote Code Execution Vulnerability in Advanced Installer's Update Check Function Unrestricted File Upload Vulnerability in SourceCodester Gym Management System Stored XSS Vulnerability in TPCMS v3.2 via Crafted Payload in Phone Text Box ThinkPHP v3.2 Log Directory Disclosure Vulnerability Segmentation Fault Vulnerability in MariaDB Server v10.9 and Below Segmentation Fault Vulnerability in MariaDB Server v10.9 and Below Segmentation Fault Vulnerability in MariaDB Server v10.9 and Below Use-After-Free Vulnerability in MariaDB Server v10.9 and Below via Binary_string::free_buffer() Assertion failure in MariaDB Server v10.9 and below: 'node->pcur->rel_pos == BTR_PCUR_ON' vulnerability in /row/row0mysql.cc Segmentation Fault Vulnerability in MariaDB Server v10.9 and Below Critical SQL Injection Vulnerability in SourceCodester Gym Management System (VDB-206013) Segmentation Fault Vulnerability in MariaDB Server v10.9 and Below Segmentation Fault Vulnerability in MariaDB Server v10.9 and Below Use-After-Free Vulnerability in MariaDB Server v10.6.3 and Below Use-After-Free Vulnerability in MariaDB Server v10.6.3 and Below: VDec::VDec Component Use-After-Free Vulnerability in MariaDB Server v10.6.3 and Below Use-After-Free Vulnerability in MariaDB Server v10.6.3 and Below Critical Unrestricted Upload Vulnerability in SourceCodester Simple Online Book Store System (VDB-206014) Open Redirect Vulnerability in nopCommerce 4.50.1 Cross Site Scripting (XSS) Vulnerability in WWBN AVideo through 11.6 via yptDevice Parameter Open Redirect Vulnerability in WWBN AVideo Login Page SQL Injection Vulnerability in MCMS v5.2.27: orderBy Parameter at /dict/list.do Arbitrary File Upload Vulnerability in Monstaftp v2.10.3 Monstaftp v2.10.3 SSRF Vulnerability Critical SQL Injection Vulnerability in SourceCodester Simple Online Book Store (VDB-206015) Arbitrary Memory Write Vulnerability in SDL_ttf v2.0.18 and Below SQL Injection Vulnerability in Roothub 2.6.0 Topics Counting Feature SQL Injection Vulnerability in Topics Searching Feature of Roothub 2.6.0 Remote Code Execution Vulnerability in SuiteCRM v7.11.23 via Crafted FirstName Payload XSS Vulnerability in tramyardg hotel-mgmt-system Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in Newbee-Mall v1.0.0 at /admin/goods/update Arbitrary File Upload Vulnerability in Newbee-Mall v1.0.0 Remote Code Execution Vulnerability in Victor v1.0 via admin/profile.php?section=admin SQL Injection Vulnerability in Apache Superset (<=1.4.2) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Online Book Store System Unauthenticated File Access Vulnerability in SICAM A8000 CP-8031 and CP-8050 (Versions < V4.80) Race condition vulnerability in SCALANCE W1788-1 M12, SCALANCE W1788-2 EEC M12, SCALANCE W1788-2 M12, and SCALANCE W1788-2IA M12 devices Fortinet FortiADC OS Command Injection Vulnerability OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer Unverified Password Change Bypass in Fortinet FortiADC Arbitrary File Retrieval via SQL Injection in Fortinet FortiSandbox Improper Privilege Management in Fortinet FortiSandbox and FortiDeceptor Cross-Site Request Forgery (CSRF) Vulnerability in Multiple Fortinet Products OS Command Injection Vulnerability in Fortinet FortiExtender Critical Unrestricted Upload Vulnerability in SourceCodester Gym Management System (VDB-206017) Unauthorized Access to Sensitive Information in Fortinet Products Improper Verification of Source in Fortinet FortiOS Allows Remote Flooding WhatsApp Integer Underflow Vulnerability Privilege Escalation Vulnerability in Intel(R) NUC Laptop Kits Firmware Unauthenticated Access to Hashed User Credentials in Aethon TUG Home Base Server Exposure of NGINX Service Mesh Control Plane Endpoints in Versions 1.3.x Arbitrary Script Injection Vulnerability in Zero-channel BBS Plus v0.7.4 and Earlier Denial of Service Vulnerability in Intel(R) AMT Firmware Directory Traversal Vulnerability in Lansweeper TicketTemplateActions.aspx GetTemplateAttachment Functionality Intel(R) SGX SDK Software Vulnerability: Premature Resource Release Enables Local Information Disclosure Unrestricted Upload Vulnerability in SourceCodester Company Website CMS Default Permissions Vulnerability in Intel(R) Support Android Application Local Privilege Escalation in RealVNC VNC Server for Windows Citrix StoreFront XSS Vulnerability in Versions 1912 and 3.12 Reflected Cross Site Scripting (XSS) Vulnerability Critical Vulnerability: Hard-coded Credentials Enable Unauthorized Shell Access via SD-WAN CLI Authenticated Denial of Service: Exploiting User Credentials to Overwhelm Systems Unauthenticated Denial of Service Vulnerability Unauthenticated Redirection Vulnerability Critical Unrestricted Upload Vulnerability in SourceCodester Company Website CMS Gateway User Privilege Escalation Vulnerability Remote Unauthenticated User Exploits System Corruption Vulnerability Temporary Disruption of Citrix ADM License Service: Implications for License Issuance and Renewal Phishing Attack Exploiting Remote Desktop Vulnerability Vulnerability: Brute Force Bypass in User Login Protection Unauthenticated Remote Code Execution Vulnerability Local User Impersonation Vulnerability in Secomea GateManager Buffer Over-read Vulnerability in Autodesk TrueView 2022: Sensitive Information Exposure and Potential Code Execution Out-of-Bounds Read Vulnerability in Autodesk TrueView 2022: Potential Information Exposure and Code Execution Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe via Malicious TGA File Memory Corruption Vulnerability in Autodesk Navisworks 2022 and 2020 Allows Code Execution via Malicious DLL Files Code Execution Vulnerability in Autodesk Navisworks 2022 via Malicious DWFX and SKP Files Buffer Overflow Vulnerability in Autodesk AutoCAD 2022, 2021, 2020, 2019 Unsanitized User Inputs in Ketchup Restaurant Reservations WordPress Plugin Allows Cross-Site Scripting Attacks Buffer Overflow Vulnerability in Autodesk AutoCAD Boundary Read Vulnerability in Autodesk 3ds Max 2022 and 2021 Buffer Overflow Vulnerability in Autodesk 3ds Max 2022 and 2021 TIF File Parsing Arbitrary Code Execution Vulnerability in Kaspersky Anti-Virus Products Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection for Windows Panic-inducing Vulnerability in Certificate Verification in Go 1.18.x Critical BIOS Vulnerabilities Discovered in HP PC Products: Code Execution, Privilege Escalation, DoS, and Information Disclosure HP PC BIOS TOCTOU Vulnerability: Mitigation Updates Released HP BIOS TOCTOU Vulnerabilities SQL Injection Vulnerability in Ketchup Restaurant Reservations WordPress Plugin HP BIOS TOCTOU Vulnerabilities Clear Text Exposure of SMTP Credentials in BigFix Web Reports HTML Injection Vulnerability in BigFix Web Reports Email Administrative Configuration Page Reflected Cross-site Scripting (XSS) Vulnerability in HCL iNotes HCL iNotes Link Spoofing Vulnerability Clear Text Storage of User Credentials in HCL Launch Plain Text Storage of Recurring Activity Data in HCL Launch Improper Security Checking in HCL Launch Allows Unauthorized Access to Sensitive Information Weak Password Policy Enforcement in HCL iNotes SSRF Vulnerability in GitHub Repository kareadita/kavita prior to 0.5.4.1 HCL VersionVault Express Vulnerability: Exposed Administrator Credentials Reflected Cross-Site Scripting Vulnerability in HCL Traveler Web Admin Denial of Service Vulnerability in HCL VersionVault Express Out-of-Bounds Write Vulnerability in libsimba's parser_hvcC Function Heap-based Buffer Overflow in libsimba's parser_iloc Function Heap-based Buffer Overflow Vulnerability in libsimba's parser_infe Function Unauthenticated Access-Control Vulnerability in Kingspan TMS300 CS Heap-based Buffer Overflow in libsimba library allows remote code execution Heap-based Buffer Overflow in libsimba's sheifd_get_info_image Function Heap-based Buffer Overflow in libsimba's parser_ipma Function: Remote Code Execution Vulnerability Out-of-Bounds Write Vulnerability in libsimba Library Out-of-Bounds Write Vulnerability in libsimba Library One UI Home Information Exposure Vulnerability Samsung DeX Home Information Exposure Vulnerability: Unauthorized Access to Foreground App Information Predictable TCP Initial Sequence Number Vulnerability in SICK MSC800 Privilege Escalation Vulnerability in SICK OEE Installation Directory Deserialization Vulnerability in Flexi Soft Designer Allows Arbitrary Code Execution Inadequate Encryption of Passwords in LS Electric XG5000 Software and LS Electric PLCs Deserialization Vulnerability in Safety Designer Allows Arbitrary Code Execution Vulnerability: Weak Cipher Suite Usage in SICK RFU61x Firmware Password Recovery Vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 Remote Configuration Interface Vulnerability in Flexi-Compact FLX3-CPUC1/CPUC2 Password Recovery Vulnerability in SICK SIM2000ST Partnumber 1080579: Unauthorized Privilege Escalation Password Recovery Vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 Password Recovery Vulnerability in SICK SIM1004 Partnumber 1098148 Firmware <2.0.0 QVR Vulnerability Patched in QVR 5.1.6 and Later Versions Improper Restrictions in Delta Robot Automation Studio (DRAS) Allow Unauthorized Document Access External Resource Reference Vulnerability in QNAP NAS Photo Station Remote Code Injection Vulnerability in QNAP QuTS hero and QTS Out-of-Bounds Read Vulnerability in QNAP Operating Systems Allows Remote Administrators to Access Secret Values Out-of-Bounds Read Vulnerability in QNAP Operating Systems Allows Remote Administrators to Access Secret Values Log File Information Disclosure Vulnerability Information Disclosure Vulnerability in Octopus Deploy: Unauthorized Space ID Exposure Heap-based Buffer Over-read in Bento4 1.6.0-639's AP4_HvccAtom Class Registry Key Tampering Vulnerability in Forcepoint One Endpoint Insufficient Anti-Tampering Protection in Forcepoint One Endpoint on Windows GitLab CE/EE Information Disclosure Vulnerability: Exploiting GFM References in Jira to Disclose Restricted Resource Names Arbitrary File Deletion Vulnerability in Synology DiskStation Manager (DSM) WebAPI Path Traversal Vulnerability in Synology Audio Station Allows Arbitrary File Deletion Classic Buffer Overflow Vulnerability in Synology Audio Station (CVE-2021-XXXX) SQL Injection Vulnerability in Synology CardDAV Server Unauthenticated Remote Information Disclosure Vulnerability in Synology Media Server Path Traversal Vulnerability in Synology DNS Server Allows Remote File Deletion OS Command Injection Vulnerability in Synology DiskStation Manager (DSM) WebAPI Component Path Traversal Vulnerability in Synology Calendar Allows Arbitrary File Download Path Traversal Vulnerability in Synology Storage Analyzer Allows Remote File Deletion Cleartext Transmission of Sensitive Information Vulnerability in Synology Note Station Client CSRF Vulnerability in AdminPad WordPress Plugin Allows Unauthorized Note Updates Path Traversal Vulnerability in Synology SSO Server Allows Unauthorized File Access Path Traversal Vulnerability in Synology USB Copy Component Synology DiskStation Manager (DSM) SSRF Vulnerability in Package Center Functionality iSCSI Management Functionality in Synology DiskStation Manager (DSM) Prior to 7.1-42661: Missing Authentication Vulnerability Memory Buffer Overflow Vulnerability in Out-of-Band (OOB) Management Allows Remote Command Execution Buffer Overflow Vulnerability in Out-of-Band Management Allows Remote Command Execution Race Condition Vulnerability in Out-of-Band Management Session Processing Functionality Cross-Site Scripting (XSS) Vulnerability in Cybozu Garoon 4.10.2 to 5.5.1: Remote Code Execution on User's Browser CSRF Vulnerability in AA-Team WZone - Lite Version Plugin 3.1 CSRF Vulnerability in MicroPayments Plugin Allows Unauthorized Operations Stored Cross-Site Scripting Vulnerability in WP Socializer WordPress Plugin Information Disclosure Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: Exploiting confctl_get_master_wlan Functionality Memory Corruption Vulnerability in DD-WRT HTTPD Unescape Functionality CSRF Vulnerability in Rebooter, PoE Rebooter, Scheduler, and Contact Converter Information Disclosure Vulnerability in TCL LinkHub Mesh Wifi MS1G_00_01.00_14: Exploiting confctl_get_guest_wlan Functionality Privilege Escalation and Remote Code Execution in BIG-IP APM Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software Sensitive APM Session Information Leakage in F5 BIG-IP APM and Clients Reflected Cross-Site Scripting Vulnerability in PukiWiki Versions 1.5.1 to 1.5.3 Uncontrolled Search Path Element Vulnerability in Intel Advanced Link Analyzer Pro and Standard Edition Software Privilege Escalation Vulnerability in Intel XMM 7560 Modem Software Undertow Server Vulnerability: Denial of Service via EJB Invocation Excessive ARP Broadcast Request Vulnerability in SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA Arbitrary Code Execution Vulnerability in NETGEAR R6700v3 1.0.4.120_10.0.91 Routers Authentication Bypass Vulnerability in NETGEAR R6700v3 1.0.4.120_10.0.91 Routers Unauthenticated Remote Code Execution in NETGEAR R6700v3 1.0.4.120_10.0.91 Routers via SOAP Request Handling Vulnerability Unauthenticated Remote Code Execution via Insecure HTTPS Certificate Validation in NETGEAR R6700v3 1.0.4.120_10.0.91 Routers Unauthenticated Remote Code Execution in NETGEAR R6700v3 Routers via readycloud_control.cgi Authentication Bypass and Code Execution Vulnerability in NETGEAR R6700v3 1.0.4.120_10.0.91 Routers NETGEAR R6700v3 Router Authentication Bypass and Remote Code Execution Vulnerability (ZDI-CAN-15874) Arbitrary Code Execution via KOYO Screen Creator 0.1.1.1 SCA2 File Parsing Vulnerability Privilege Escalation Vulnerability in Podman and Moby Critical Remote Authentication Bypass Vulnerability in SourceCodester Company Website CMS 1.0 Vulnerability: Privilege Escalation in crun and Moby (Docker Engine) Container Vulnerability: Privilege Escalation via Non-Empty Default Permissions and Inheritable Linux Process Capabilities Vulnerability: Privilege Escalation in cri-o and Moby (Docker Engine) Out of Bounds Write Vulnerability in Simcenter Femap (All versions < V2022.2) Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer 9.0 when Opening Manipulated Photoshop Documents Universal 3D File Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9.0 Cross-Site Scripting (XSS) Vulnerability in SAP Web Dispatcher and ICM Web Administration UI Path Traversal Vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0) - Version 1.0 Information Disclosure Vulnerability in SAP Innovation Management 2.0 Authenticated User Dashboard Modification and Deletion Vulnerability in F5 BIG-IP Critical SQL Injection Vulnerability in SourceCodester Loan Management System (VDB-206162) Denial of Service Vulnerability in TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14: confctl_set_guest_wlan Functionality Workflow Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.5.1 Stored Cross-Site Template Injection Vulnerability in F5 Traffix SDC Configuration Utility HTTP/2 Connection Hang Denial of Service Vulnerability Reflected XSS and Client-Side Template Injection in Progress Ipswitch WS_FTP Server 8.6.0 Heap Buffer Overflow Vulnerability in IPsec ESP Transformation Code Information Disclosure Vulnerability in SAP BusinessObjects Business Intelligence Platform, Client Management Console (CMC) - Version 430 Unauthenticated Remote Command Execution in SAP NetWeaver and ABAP Platform XML Data Archiving Service Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Admission System SAP SQL Anywhere 17.0 Indirect Identifier Crash Vulnerability CSRF Token Leakage Vulnerability SMT Vulnerability: Speculative Execution Information Disclosure in AMD Processors Information Disclosure Vulnerability in AMD Link Android App Insufficient Validation in AMD μProf IOCTL Input/Output Buffer: Potential Windows Kernel Crash and Denial of Service Vulnerability Privilege Escalation and Code Execution Vulnerability in AMD Ryzen™ Master Installation Cross-Site Scripting (XSS) Vulnerability in SourceCodester Library Management System (VDB-206164) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Company Website CMS Critical SQL Injection Vulnerability in SourceCodester Simple Online Book Store System (VDB-206166) Critical SQL Injection Vulnerability in SourceCodester Simple Online Book Store System (VDB-206167) Critical SQL Injection Vulnerability in SourceCodester Apartment Visitor Management System (VDB-206168) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Apartment Visitor Management System (VDB-206169) Critical SQL Injection Vulnerability in SourceCodester Library Management System (VDB-206170) Stored Cross-Site Scripting Vulnerability in Fast Flow WordPress Plugin Remote Denial of Service Vulnerability in SourceCodester Gym Management System Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3.1 Vulnerability: Temporary Directory Hijacking in Spring Boot (Versions Prior to v2.2.11.RELEASE) Privilege Escalation Vulnerability in Ivanti EPM (LANDesk Management Suite) Credential Leakage via HTTP(S) Redirects in curl 4.9 to 7.82.0 IPv6 Zone ID Information Disclosure Vulnerability in curl 7.65.0 to 7.82.0 Curl 7.83.0 Patch: Vulnerability in HTTP Redirects Leaking Authentication and Cookie Header Data Cross-Site Scripting (XSS) Vulnerability in Action View Tag Helpers >= 5.2.0 and < 5.2.0 Incorrect File Removal Vulnerability Vulnerability: Improper Cookie Handling in libcurl with Trailing Dot Hostnames Null Byte Bypass: Login Rate Limiting Vulnerability in Octopus Deploy Curl URL Parser Vulnerability: Incorrect Handling of Percent-Encoded URL Separators Denial-of-Service Vulnerability in libcurl's CURLOPT_CERTINFO Option Vulnerability: Insecure Connection Reuse in libcurl Stack Overflow Vulnerability in Adobe After Effects: Arbitrary Code Execution via Crafted File Stack Overflow Vulnerability in Adobe After Effects: Arbitrary Code Execution via Crafted File Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 22.001.20085 and Earlier Out-of-Bounds Write Vulnerability in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Unrestricted File Upload Vulnerability in SourceCodester Gas Agency Management System Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Stack-based Buffer Overflow Vulnerability in Acrobat Reader DC Out-of-Bounds Write Vulnerability in Acrobat Reader DC Out-of-Bounds Write Vulnerability in Acrobat Reader DC Uninitialized Variable Vulnerability in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Octopus Server Vulnerability: NTLM Relay Attack via Git Connectivity Test Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Data Manipulation Vulnerability in Cybozu Garoon 4.0.0 to 5.5.1 OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z GHOME Control Authentication Bypass Vulnerability in Abode iota All-In-One Security Kit Command Injection Vulnerabilities in F5 BIG-IP Guided Configuration Category Disabling Vulnerability in Cybozu Garoon 4.0.0 to 5.5.1 Privilege Escalation Vulnerability in Intel Ethernet Controller Administrative Tools Drivers Critical Vulnerability: Encryption Weakness in Octopus Server Exposes Session Cookies and Variables Infinite Recursion Vulnerability in Hermes JavaScript Engine OS Command Injection in GNOME OCRFeeder 0.8.4 and earlier versions SNS Firewall Denial of Service Vulnerability Memory Protection Vulnerability in Motorola MTM5000 Series Firmwares Arbitrary File-Existence Test Vulnerability in SWHKD 1.1.5 Potential Information Leak and Denial of Service Vulnerability in SWHKD 1.1.5 Insecure Usage of /tmp/swhks.pid Pathname in SWHKD 1.1.5: Potential Data Loss or Denial of Service Vulnerability Keyboard Event Consumption Vulnerability in SWHKD 1.1.5 Vulnerability: Information Leak and Denial of Service in SWHKD 1.1.5 Unsafe Parsing and Denial of Service Vulnerability in SWHKD 1.1.5 Improper Validation of Session Tokens in Octopus Server Allows Indefinite Validity Insecure TLS Certificate Chain Verification in OWASP ZAP (w2022-03-21) Quram Agif Library Denial of Service Vulnerability Access to EF_RUIMID Value Without Permission: Information Exposure Vulnerability Out of Bounds Read Vulnerability in libsapeextractor Library Out of Bounds Read Vulnerability in sapefd_parse_meta_DESCRIPTION Function of libsapeextractor Library Out of Bounds Read Vulnerability in libsapeextractor Library Activity Launch Vulnerability in SemSuspendDialogInfo MediaMonitorDimension Improper Validation Vulnerability MediaMonitorEvent Improper Validation Vulnerability VerifyCredentialResponse Improper Validation Vulnerability Session Cookie Vulnerability Allows CSRF Token Exploitation in Octopus Server SemBlurInfo: Improper Validation Vulnerability in SMR Apr-2022 Release 1 Out-of-Bounds Memory Read Vulnerability in libsflvextractor prior to SMR Apr-2022 Release 1 Boundary Check Vulnerability in media.extractor Library Out-of-Bounds Write Vulnerability in DSP Driver Prior to SMR Apr-2022 Release 1 Use After Free Vulnerability in DSP Driver Allows for Malicious Actions Arbitrary Memory Write Vulnerability in UWB Firmware Prior to SMR Apr-2022 Release 1 Improper Access Control and Path Traversal Vulnerability in Storage Manager and Storage Manager Service System Privilege File Access Vulnerability via PendingIntent in Android Accessibility FactoryCamera: Improper Access Control Vulnerability Allows Unauthorized System File Access SecretMode Authentication Bypass Vulnerability in Samsung Internet Improper Access Control Vulnerability in SamsungRecovery Allows Local Attackers to Delete Arbitrary Files Samsung Pass Vulnerability: Unauthorized Screen Viewing without Authentication DLL Hijacking Vulnerability in Smart Switch PC Prior to Version 4.2.22022_4: Arbitrary Code Execution Kies DLL Hijacking Vulnerability: Arbitrary Code Execution Arbitrary File Read Vulnerability in WPvivid Team Migration, Backup, Staging Plugin (<= 0.9.70) Stored Cross-Site Scripting (XSS) Vulnerability in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2 Yooslider Yoo Slider <= 2.0.0 WordPress Plugin CSRF Vulnerability Yooslider Yoo Slider <= 2.0.0 WordPress Plugin CSRF Vulnerability: Unauthorized Template Import Stored Cross-Site Scripting (XSS) Vulnerability in Modern Events Calendar Lite (WordPress Plugin) <= 6.5.1 Vulnerability: Sensitive Information Disclosure in Simple Ajax Chat (WordPress plugin) Arbitrary Memory Read Vulnerability in Linux Kernel BPF CSRF Vulnerability in Simple Ajax Chat Plugin Allows Unauthorized Chat Log Clearing and Message Deletion CSRF Vulnerability in Use Any Font WordPress Plugin Allows API Key Deactivation Multiple Unauthenticated Stored XSS Vulnerabilities in KB Support WordPress Plugin Contest Gallery Plugin <= 13.1.0.9 Authenticated Stored XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Psychological Tests & Quizzes Plugin for WordPress CSRF Vulnerability in Fatcat Apps Analytics Cat Plugin Allows Unauthorized Plugin Settings Change Atlas Gondal Export All URLs Plugin <= 4.1 - Stored XSS Vulnerability CSV Injection Vulnerability in Activity Log Team Activity Log Plugin Nicdark d.o.o. Travel Management Plugin <= 2.0 Authenticated Stored XSS Vulnerabilities CSRF to XSS Vulnerability in Shea Bunge's Footer Text Plugin <= 2.0.3 Unauthenticated Open Redirect Vulnerability in Arscode Ninja Popups Plugin Arbitrary File Upload Vulnerability in VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.3 on WordPress Sensitive Information Exposure via Predictable Booking IDs in VikBooking Hotel Booking Engine & PMS Plugin Double Free Vulnerability in DesignReview.exe Allows Remote Code Execution Buffer Overflow Vulnerability in DesignReview.exe when Parsing TGA and PCX Files Boundary Read Vulnerability in DesignReview.exe when Parsing Malicious TIFF File Use-After-Free Vulnerability in Autodesk AutoCAD 2022, 2021, 2020, 2019 via Maliciously Crafted JT File Use-After-Free Vulnerability in Autodesk AutoCAD 2023 CAT File Parsing Arbitrary Code Execution Vulnerability in Autodesk AutoCAD 2023 via Malicious TIFF File Denial of Service Vulnerability in Schroot Before 1.6.13 Buffer Overflow Vulnerability in Autodesk AutoCAD 2023 TGA File Parsing Buffer Overflow Vulnerability in Autodesk AutoCAD, Revit, Design Review, and Navisworks Releases using PDFTron Autodesk Navisworks 2022 PDF Parsing Vulnerability Arbitrary HTTP Request and IP Disclosure Vulnerability in Autodesk Fusion 360's SVG Parser Privilege Escalation Vulnerability in Intel(R) XMM(TM) 7560 Modem Software Task Hijacking Vulnerability in F5 Access for Android 3.x versions prior to 3.0.8 Stored Cross-Site Scripting (XSS) Vulnerability in F5 BIG-IP Configuration Utility Buffer Overflow Vulnerability in Intel(R) Processor BIOS Firmware Emerson Electric's Proficy Machine Edition Version 9.80 and prior: Path Traversal Vulnerability Enables Malicious Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in F5 Traffix SDC Configuration Utility Buffer Overflow Vulnerability in slaacd in OpenBSD 6.9 and 7.0 Integer Signedness Error and Heap-Based Buffer Overflow in slaacd of OpenBSD 6.9 and 7.0 Symlink Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac 11.5 Reflected Cross-Site Scripting (XSS) Vulnerability in Maccms v10 /admin/plog/index.html Multiple Reflected XSS Vulnerabilities in Maccms v10 /admin.php/admin/website/data.html Reflected Cross-Site Scripting (XSS) Vulnerability in Maccms v10 /admin.php/admin/ulog/index.html Reflected Cross-Site Scripting (XSS) Vulnerability in Maccms v10 Sensitive Information Exposure in Foundry Issues Service Versions 2.244.0 to 2.249.0 Denial of Service Vulnerability in Palantir Foundry Multipass Insufficient Verification of Data Authenticity in Emerson Electric's Proficy Machine Edition Version 9.00 and prior TLS Certificate Hostname Verification Bypass in sls-logging Unauthenticated Endpoint Exposes Active Usernames in Palantir Gotham Unauthenticated Endpoint Vulnerability in Palantir Gotham Versions Prior to 3.22.11.2 Authentication Request Logging Vulnerability in osisoft-pi-web-connector Plugin Foundry Blobster Service XSS Vulnerability Resolved in Version 3.228.0 Foundry Log File Information Exposure Vulnerability Foundry Code-Workbooks Information Exposure Through Log Files Vulnerability Unauthenticated Endpoint in Palantir Gotham Prior to 3.22.11.2 Allows Memory Exhaustion Vulnerability: Improper Verification of Cryptographic Signature in Emerson Electric's Proficy Machine Edition Version 9.00 and Prior OS Command Injection Vulnerability in Eve-NG Configuration Parser Time-of-Check/Time-of-Use (TOCTOU) Race-Condition Vulnerability in Automox Agent for macOS Unquoted Path Privilege Escalation in ControlUp Real-Time Agent Directory Traversal Vulnerability in Mendelson OFTP2 SSRF Vulnerability in Sonatype Nexus Repository Manager 3.x before 3.38.0 Authenticated SQL Injection Vulnerability in Zoho ManageEngine OpManager Inventory Reports Module Information Disclosure Vulnerability in Joomla component 'jDownloads 3.9.8.2 Stable' Unrestricted Upload of Dangerous Files in Emerson Electric's Proficy Machine Edition Version 9.00 and Prior Reflected Cross-Site Scripting (XSS) Vulnerability in Joomla Component 'Joomlatools - DOCman' Image Upload Function Multiple Full Path Disclosures in Joomla! 4.2.0 due to missing '_JEXEC or die check' caused by PSR12 changes Joomla! 4.0.0 - 4.2.3 Debug Mode Data Exposure Vulnerability Reflected XSS Vulnerabilities in Joomla! 4.2.0 through 4.2.3 Reflected XSS Vulnerabilities in Joomla! 4.0.0 through 4.2.4 Unauthenticated Remote Code Execution in Gradle Enterprise (before 2022.1) Improper Access Control in Emerson Electric's Proficy Machine Edition Version 9.00 and Prior Cross-Site Scripting (XSS) Vulnerability in libkiwix 10.0.0 and 10.0.1 Arbitrary Memcache Command Injection in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 Arbitrary File Upload and Directory Traversal in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration 9.0 SQL Injection Vulnerability in Microfinance Management System 1.0 with MySQL Database Remote Code Execution Vulnerability in Pexip Infinity 27.x Remote Triggered Software Abort Vulnerability in Pexip Infinity 27.x Vulnerability: Missing Integrity Check and Lack of Authentication/Authorization in Emerson Electric's Proficy Machine Edition Version 9.00 and Prior for SRTP Protocol Remote Triggering of Software Abort via Single-Sign-On in Pexip Infinity 27.x Remote Code Execution Vulnerability in Pexip Infinity Software Remote Code Execution Vulnerability in Pexip Infinity before 27.3 via One Touch Join Remote Code Execution Vulnerability in Pexip Infinity before 27.3 via One Touch Join Remote Code Execution Vulnerability in Pexip Infinity before 27.3 via HTTP Remote Code Execution Vulnerability in Pexip Infinity 27.3 via Epic Telehealth Remote Code Execution Vulnerability in Pexip Infinity before 27.3 via H.323 Excessive Resource Consumption Vulnerability in Pexip Infinity before 27.3 Reachable Assertion in stb_image.h: Exploitable Vulnerability in stbi__create_png_image_raw Reachable Assertion in Tcpreplay 4.4.1's Tcprewrite Denial of Service Vulnerability in HP PageWide Pro Printers Heap-Based Buffer Over-Read in Tcpreplay 4.4.1's Tcprewrite Heap-Based Buffer Over-Read Vulnerability in Tcpreplay 4.4.1 Heap-Based Buffer Over-Read in parse_mpls in Tcpreplay 4.4.1 Stack Consumption Vulnerability in GNU GCC 11.2's rust-demangle.c NULL Pointer Dereference Vulnerability in Foxit PDF Reader and PDF Editor (Versions before 12.0.1) Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158 Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158 Devices Arbitrary Command Execution Vulnerability in NETGEAR R8500 1.0.2.158 Devices Vulnerability: Unauthorized Charging Port Access via RF Signal Unmasked Secrets Exposure in Apache Airflow's UI Denial of Service (DoS) Vulnerability in DNS Resolver Memory Leak in hid-elo.c HID Parser in Linux Kernel Arbitrary Code Execution via Crafted SVG File Upload in PayloadCMS v0.15.0 Arbitrary User Profile Modification Vulnerability in FEBS-Security v1.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.4 User Information Exposure and Modification Vulnerability in OFCMS v1.1.4 OFCMS v1.1.4 Cross-Site Scripting (XSS) Vulnerability at /ofcms/company-c-47 Critical SQL Injection Vulnerability in BlueCMS 1.6 at Cookie Binary Hijack Vulnerability in Xftp 7.0.0088p and Below: Arbitrary Code Execution via Crafted .exe File Binary Hijack Vulnerability in Xmanager v7.0.0096 and Below: Arbitrary Code Execution via Crafted .exe File Binary Hijack Vulnerability in Xlpd v7.0.0094 and Below: Arbitrary Code Execution via Crafted .exe File Binary Hijack Vulnerability in Xshell v7.0.0099 and Below: Arbitrary Code Execution via Crafted .exe File Cynet 360 Web Portal Exposed Exclusion Profiles via GET Request Vulnerability Cynet 360 Web Portal v4.5 and Earlier - Unauthorized Access to Monitored Files and Profiles Cynet 360 Web Portal User List Disclosure Vulnerability Critical SQL Injection Vulnerability in SourceCodester Student Information System (VDB-206245) Arbitrary Password Reset Vulnerability in Tooljet v1.6 Cross-Site Scripting (XSS) Vulnerability in ToolJet v1.6.0 Comment Body Component CSV Injection Vulnerability in Affiliates Manager WordPress Plugin Remote Code Execution (RCE) Vulnerability in RG-NBR2100G-E Enterprise Gateway Arbitrary File Read Vulnerability in RG-NBR2100G-E Enterprise Gateway SQL Injection Vulnerability in CuppaCMS v1.0 via menu_filter Parameter SQL Injection Vulnerability in CuppaCMS v1.0 via /administrator/alerts/alertLightbox.php Cross-Site Scripting Vulnerability in Affiliates Manager WordPress Plugin Multiple SQL Injection Vulnerabilities in Online Banking System v1 SQL Injection Vulnerability in Zoo Management System v1.0 Clickjacking Vulnerability in SourceCodester Gym Management System (VDB-206246) SQL Injection Vulnerability in Car Rental System v1.0 at /Car_Rental/booking.php (id parameter) SQL Injection Vulnerability in Movie Seat Reservation v1 Unauthenticated File Disclosure Vulnerability in Movie Seat Reservation v1 Arbitrary File Access and Remote Code Execution in 3CX Phone System Management Console SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\employee_delete.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\cashadvance_delete.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\attendance_delete.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\attendance_delete.php Critical SQL Injection Vulnerability in SourceCodester Automated Beer Parlour Billing System SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\overtime_delete.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\schedule_delete.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\position_delete.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\schedule_employee_edit.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\attendance_edit.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\cashadvance_edit.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\deduction_edit.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\overtime_edit.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\schedule_edit.php SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\employee_edit.php Critical SQL Injection Vulnerability in SourceCodester Gas Agency Management System (VDB-206248) SQL Injection Vulnerability in Attendance and Payroll System v1.0 via \admin\position_edit.php Remote Code Execution (RCE) Vulnerability in Purchase Order Management System v1.0 via /purchase_order/admin/?page=user SQL Injection Vulnerability in Purchase Order Management System v1.0 SQL Injection Vulnerability in Purchase Order Management System v1.0 SQL Injection Vulnerability in Student Grading System v1.0 SQL Injection Vulnerability in Student Grading System v1.0 via /student-grading-system/rms.php?page=school_year SQL Injection Vulnerability in Student Grading System v1.0 SQL Injection Vulnerability in Simple Real Estate Portal System v1.0 SQL Injection Vulnerability in Simple Real Estate Portal System v1.0 Critical SQL Injection Vulnerability in SourceCodester Zoo Management System (VDB-206249) SQL Injection Vulnerability in Simple Real Estate Portal System v1.0 SQL Injection Vulnerability in AtomCMS 2.0 via Atom.CMS_admin_ajax_pages.php SQL Injection Vulnerability in Atom.CMS_admin_uploads.php SQL Injection Vulnerability in AtomCMS 2.0 via Atom.CMS_admin_ajax_list-sort.php SQL Injection Vulnerability in Atom.CMS 2.0 via Atom.CMS_admin_ajax_blur-save.php SQL Injection Vulnerability in AtomCMS 2.0 via Atom.CMS_admin_ajax_navigation.php Unrestricted File Upload Vulnerability in SourceCodester Zoo Management System (VDB-206250) Integer Overflow Vulnerability in stb_image.h v2.27: stbi__jpeg_decode_block_prog_dc Function Heap-Based Use-After-Free Vulnerability in stb_image.h v2.27 via stbi__jpeg_huff_decode Heap Memory Corruption Vulnerability in Irzip v0.640 via lrzip.c:initialise_control Integer Shift Vulnerability in STB v2.27's stbi__jpeg_decode_block_prog_ac Component NULL Pointer Dereference Vulnerability in NGINX NJS 0.7.2 ovirt-engine Vulnerability: Plaintext Password Logging in Log File Stored XSS Vulnerability in Add Category Functionality of SeedDMS Version 6.0.18 and 5.1.25 Arbitrary File Upload and Remote Code Execution Vulnerability in Roothub 2.6.0 Arbitrary File Upload Vulnerability in Typemill v1.5.3 Arbitrary Code Execution Vulnerability in VanDyke Software VShell for Windows v4.6.2 Command Injection Vulnerability in FusionPBX v4.4 and Below: Download Email Logs Function ShopXO v2.2.5 and below - System Re-install Vulnerability via Add Function in app/install/controller/Index.php Arbitrary File Deletion Vulnerability in Verydows v2.0 Arbitrary File Deletion Vulnerability in Verydows v2.0 Vulnerability: Unfiltered Collection of RHV Admin Password in ovirt-log-collector/sosreport SQL Injection Vulnerability in Victor CMS v1.0 via user_name Parameter in /includes/login.php Arbitrary File Upload Vulnerability in Car Rental System v1.0 File Disclosure Vulnerability in Simple Bakery Shop Management System v1.0 via /bsms/?page=products Sandboxie Classic v5.55.13 Denial of Service (DoS) Vulnerability Critical Heap Buffer Overflow in r_sleb128 Function in Radare2 5.4.2 and 5.4.0 Critical Heap Buffer Overflow Vulnerability in radare2 5.4.2 and 5.4.0: vax_opfunction SQL Injection Vulnerability in Algan Software Prens Student Information System (Version 2.1.11 and below) Null Pointer Dereference in __core_anal_fcn Function in Radare2 5.4.2 and 5.4.0 Use After Free Vulnerability in r_reg_get_name_idx Function in radare2 5.4.2 and 5.4.0 Heap Buffer Overflow in r_read_le32 Function in Radare2 5.4.2 and 5.4.0 Use After Free Vulnerability in r_reg_set_value Function in radare2 5.4.2 and 5.4.0 Stored XSS Vulnerability in Halo-1.5.0 via \admin\index.html#/system/tools Seacms v11.6 Remote Command Execution (RCE) Vulnerability via Mail Server Settings Reflected Cross-Site Scripting (XSS) Vulnerability in Home Owners Collection Management v1 Admin Panel Reflected Cross-Site Scripting (XSS) Vulnerability in Home Owners Collection Management v1 Admin Panel SQL Injection Vulnerability in College Management System v1.0 via course_code Parameter User-Controlled Key Authorization Bypass Vulnerability in Algan Software Prens Student Information System SQL Injection Vulnerability in Royal Event Management System v1.0 via todate Parameter ArPHP v3.6.0 Query.php Reflected XSS Vulnerability Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21_CN via /goform/SetNetControlList Endpoint Heap Buffer Overflow in htmldoc Commit 31f7804: Arbitrary Code Execution and DoS Vulnerability Denial of Service Vulnerability in OpenBMC's bmcweb Multipart Parser Server-Side Request Forgery (SSRF) Vulnerability in Jspxcms v10.2.0 Local File Inclusion Vulnerability in SCBS Online Sports Venue Reservation System v1.0 Cross-Site Scripting (XSS) Vulnerability in SCBS Online Sports Venue Reservation System v1.0 Remote Code Execution Vulnerability in Skycaiji v2.4 via /SkycaijiApp/admin/controller/Develop.php SQL Injection Vulnerability in Poultry Farm Management System v1.0 HTML Injection Vulnerability in Turtlapp Turtle Note v0.7.2.6 Cross-Site Scripting (XSS) Vulnerability in PHP MySQL Admin Panel Generator v1 Arbitrary File Upload Vulnerability in Foxit PDF Editor v11.3.1 Blind SQL Injection Vulnerability in Online Sports Complex Booking System v1.0 Account Takeover Vulnerability in Online Sports Complex Booking System v1.0 CSRF Vulnerability in Selenium Server (Grid) before Version 4 Arbitrary Code Execution via DNS Rebinding in Selenium Grid/Standalone Server Cross-Site Scripting (XSS) Vulnerability in SourceCodester Guest Management System (CVE-2021-206397) SQL Injection Vulnerability in Hotel Management System v1.0: Exploitable Username Parameter at Login Page Time-blind SQL Injection Vulnerability in MyBatis PageHelper Unauthenticated File Write and Password Reset Vulnerability in FANTEC MWiD25-DS Firmware v2.000.030 Arbitrary File Deletion Vulnerability in DSCMS v3.0 via /controller/Adv.php SQL Injection Vulnerability in Online Sports Complex Booking v1.0 SQL Injection Vulnerability in Online Banking System v1.0 via id Parameter Server-Side Request Forgery (SSRF) Vulnerability in Navigate CMS v2.9.4 Arbitrary Code Execution Vulnerability in SiteServer CMS v7.x via Crafted Plug-in Critical SQL Injection Vulnerability in SourceCodester Guest Management System (VDB-206398) File Upload Vulnerability in Beijing Runnier Network Technology Co., Ltd Open Virtual Simulation Experiment Teaching Management Platform Software 2.0 Privilege Escalation Vulnerability in Intel(R) XMM(TM) 7560 Modem Software Arbitrary File Deletion Vulnerability in Robustel R1510 3.3.0 Web Server Untrusted Search Path Vulnerability in AttacheCase ver. 3.6.1.0 and Earlier HTTP/1.1 Header Parsing Vulnerability in Apache Traffic Server Cleartext Password Storage Vulnerability in SourceCodester Guest Management System (VDB-206400) Stack Exhaustion Vulnerability in encoding/xml Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Bitbucket Server Integration Plugin Unauthenticated Access Control Vulnerability in Jenkins Bitbucket Server Integration Plugin Unencrypted Storage of Group Chat Passwords in Jenkins Instant-Messaging Plugin CSRF Vulnerability in Jenkins JiraTestResultReporter Plugin Allows Unauthorized URL Access Jenkins JiraTestResultReporter Plugin Missing Permission Check Vulnerability CSRF Vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and Earlier Unauthenticated Remote Code Execution in Jenkins RocketChat Notifier Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple and Nice Shopping Cart Script XML External Entity (XXE) Vulnerability in Jenkins Flaky Test Handler Plugin 1.2.1 and Earlier Unencrypted Storage of Proxmox Datacenter Password in Jenkins Proxmox Plugin Jenkins Proxmox Plugin 0.6.0 and earlier: Global SSL/TLS Certificate Validation Bypass Jenkins Proxmox Plugin 0.7.0 CSRF Vulnerability Allows Unauthorized Connection and SSL/TLS Validation Bypass Unauthenticated Remote Code Execution in Jenkins Proxmox Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Toad Edge Plugin Arbitrary File Read Vulnerability in Jenkins Toad Edge Plugin File Path Disclosure Vulnerability in Jenkins Continuous Integration with Toad Edge Plugin Path Traversal Vulnerability in Jenkins CI with Toad Edge Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Job and Node Ownership Plugin 0.13.0 and Earlier GitHub Repository Vulnerability: Insecure Storage of Sensitive Information in publify/publify (prior to 9.2.10) CSRF Vulnerability in Jenkins Job and Node Ownership Plugin Allows Unauthorized Ownership Changes Vulnerability: Unauthorized Ownership and Permission Manipulation in Jenkins Job and Node Ownership Plugin Jenkins Job and Node Ownership Plugin CSRF Vulnerability: Unauthorized Job Ownership Restoration Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins SiteMonitor Plugin 0.6 and Earlier XML External Entity (XXE) vulnerability in Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier XML External Entity (XXE) Vulnerability Arbitrary File Copy Vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin Arbitrary File Upload Vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Pipeline: Phoenix AutoTest Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Tests Selector Plugin 1.3.3 and Earlier Critical Out-of-bounds Read Vulnerability in vim/vim Repository Arbitrary File Read Vulnerability in Jenkins Tests Selector Plugin Information Exposure through Log File Vulnerability in Brocade SANNav Insecure Logging of Authentication Token in Brocade SANnav SQL Injection Vulnerability in Brocade SANnav Zone Management Blowfish Encryption Vulnerability in Brocade SANnav RBAC Bypass Vulnerability in Brocade SANNav Static Key Ciphers Vulnerability in Brocade SANnav Brocade SANnav and SANanv Plain Text Password Logging Vulnerability Base64 Encoding Vulnerability in Brocade SANnav Brocade Webtools Privilege Escalation Vulnerability GitHub Repository vim/vim: Use After Free Vulnerability (prior to 9.0.0213) Insecure Password Storage in Brocade Fabric OS Web Application Services Insufficient Input Validation in Hikvision Hybrid SAN/Cluster Storage Web Module Insufficient Input Validation in Hikvision Hybrid SAN/Cluster Storage Web Module Allows XSS Attack Access Control Vulnerability in Hikvision Wireless Bridge Products Allows Unauthorized Admin Access Sensitive Information Exposure in GitHub Repository Cockpit-HQ/Cockpit Prior to Version 2.2.2 Critical Vulnerability in NVIDIA GPU Display Driver Allows for Remote Code Execution and Privilege Escalation Critical Vulnerability in NVIDIA GPU Display Driver for Windows: Out-of-Bounds Write Exploit via DirectX11 Shader Out-of-Bounds Read Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver Vulnerability: Privileged Register Access in DxgkDdiEscape Handler Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Windows and Linux NVIDIA GPU Display Driver for Windows Kernel Mode Layer Vulnerability Denial of Service Vulnerability in NVIDIA GPU Display Driver for Windows NVIDIA GPU Display Driver for Windows Kernel Mode Layer Denial of Service Vulnerability NVIDIA GPU Display Driver for Windows: NULL Pointer Dereference Vulnerability Heap-based Buffer Overflow in Vim prior to 9.0.0211 Denial of Service Vulnerability in NVIDIA GPU Display Driver for Windows Uncontrolled Resource Consumption Vulnerability in NVIDIA vGPU Software Use-After-Free Vulnerability in NVIDIA vGPU Software: Potential Denial of Service Exploit Memory Buffer Overflow Vulnerability in NVIDIA Jetson Linux Driver Package Vulnerability in NVIDIA Jetson Linux Driver Package: Memory Buffer Overflow in tegrabl_cbo.c Vulnerability in NVIDIA Jetson Linux Driver Package: Integer Overflow in Cboot ext4_read_file Function Memory Buffer Overflow Vulnerability in NVIDIA Jetson Linux Driver Package Integer Overflow Vulnerability in NVIDIA Jetson Linux Driver Package OpenSSL Configuration Vulnerability in NVIDIA Omniverse Nucleus and Cache: Physical Access Exploit Vulnerability in NVIDIA's MLNX_DPDK Network Stack: Remote DoS and Data Integrity/Confidentiality Impact Session Fixation Vulnerability in GitHub Repository namelessmc/nameless prior to v2.0.2 Vulnerability in NVIDIA DGX A100 SBIOS BiosCfgTool Allows Unauthorized Code Execution and Privilege Escalation Infinite Recursion Vulnerability in MediaWiki Unescaped Property XSS Vulnerability in MediaWiki Denial-of-Service Vulnerability in MediaWiki: Special:NewFiles Long Running Query Denial-of-Service Vulnerability in MediaWiki 1.37.x CentralAuth Extension TTL Issue for Future Expiring Groups Improper Access Control in MediaWiki FileImporter Extension Incorrect Check for Override-Antispoof Permission in Mediawiki AntiSpoof Extension Authentication Bypass Vulnerability in namelessmc/nameless prior to v2.0.2 XML External Entity (XXE) Injection Vulnerability in SAP BusinessObjects Business Intelligence Platform SAP BusinessObjects Enterprise CMS Information Disclosure Vulnerability Insufficient URL Validation in SAP NetWeaver ABAP Server and ABAP Platform: A Potential Threat to User Privacy Cross-Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) Version 420 XML External Entity (XXE) Vulnerability in SAP NetWeaver (EP Web Page Composer) Allows for SSRF Attacks and System Crash Local Access to Secret Keys in CipherMail Webmail Messenger Unauthenticated XXE Attack in Zoho ManageEngine ADAudit Plus before 7060: Remote Code Execution Vulnerability Critical Account Takeover Vulnerability: Brute Force Attack Allows Unauthorized Access Buffering Attack Vulnerability in Apache James Reflected Cross-Site Scripting (XSS) vulnerability in CleanTalk AntiSpam plugin for WordPress Reflected Cross-Site Scripting (XSS) Vulnerability in CleanTalk AntiSpam Plugin for WordPress Privilege Escalation Vulnerability in Tekon KIO Devices via Malicious Lua Plugin Upload Route Hijacking Vulnerability in Calico and Calico Enterprise Yandex Browser for Windows Local Privilege Escalation Vulnerability Yandex Browser for Windows Local Privilege Escalation Vulnerability YDB Server Out-of-Bounds Read Vulnerability Denial of Service Vulnerability in uServer via Crafted HTTP Request Involving Collisions Stored Cross-Site Scripting Vulnerability in MetaSlider WordPress Plugin Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Heap-Based Buffer Overflow Vulnerability in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Acrobat Reader DC Versions 22.001.20085 and Earlier Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Acrobat Reader DC GitHub Repository Authorization Bypass Vulnerability in openemr/openemr prior to 7.0.0.1 Use-After-Free Vulnerability in Acrobat Reader DC and Earlier Versions Out-of-Bounds Read Vulnerability in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC and Earlier Versions Out-of-Bounds Read Vulnerability in Acrobat Reader DC Arbitrary Request Bypass in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Uncontrolled Search Path Vulnerability in Acrobat Reader DC and Earlier Versions Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Arbitrary Code Execution Vulnerability in Kepware KEPServerEX 6.11.718.0 Use-After-Free Vulnerability in Acrobat Reader DC Versions 22.001.2011x and Earlier Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Use-after-free vulnerability in Acrobat Reader DC versions 22.001.2011x, 20.005.3033x, and 17.012.3022x allows for disclosure of sensitive memory Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Remote Code Execution Vulnerability in GitLab Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Use-After-Free Vulnerability in Acrobat Reader DC: Memory Leak via Annotation Processing AMI MegaRAC User Enumeration Vulnerability Exposes System Usernames Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution via Malicious SVG File Use-After-Free Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution via Malicious PDF Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Photoshop Allows Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution via Malicious PDF Out-of-Bounds Write Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Octopus Server API Insecure Direct Object Reference (IDOR) Vulnerability Exposes Team Information WebAuthN Extension Out of Bounds Write Vulnerability Use-after-free vulnerability in Thunderbird, Firefox, and Firefox ESR through rel=localization Unsecured sourceMapURL Feature in Firefox < 99 Allows Unauthorized File Access SVG's <code>&lt;use&gt;</code> Element Script Execution Vulnerability in Firefox Incorrect AliasSet Usage in MLoadTypedArrayElementHole Allows Out-of-Bounds Memory Read in Thunderbird and Firefox Iframe Content Rendering Vulnerability Text Selection Caching Vulnerability in Firefox < 99 Memory Corruption Vulnerabilities in Firefox 98 Memory Corruption Vulnerabilities in Thunderbird 91.7 and Firefox Versions Stored Cross-site Scripting (XSS) Vulnerability in YetiForce CRM prior to version 6.4.0 WordPress Country Selector Plugin Version 1.6.5 Reflective Cross-Site Scripting Vulnerability Cleartext Retrieval of Stored Nessus Policy Credentials Deserialization of Untrusted Data Vulnerability in Bitdefender GravityZone Console Remote Code Execution Vulnerability in Bentley MicroStation 10.16.02.034 CONNECT Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 via Malicious IFC Files Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 via Malicious IFC Files Arbitrary Code Execution via SKP File Parsing in Bentley View 10.16.02.022 Arbitrary Code Execution via OBJ File Parsing in Bentley MicroStation CONNECT 10.16.02.034 Arbitrary Code Execution via OBJ File Parsing in Bentley MicroStation CONNECT 10.16.02.034 Arbitrary Code Execution via OBJ File Parsing in Bentley MicroStation CONNECT 10.16.02.034 Arbitrary Code Execution via DXF File Parsing in Bentley View 10.16.02.022 Remote Code Execution Vulnerability in Bentley View 10.16.02.022 via Malicious 3DS File Parsing Remote Code Execution Vulnerability in Bentley View 10.16.02.022 via Malicious 3DS File Parsing Integer Overflow Vulnerability in Blender 3.3.0's blendthumb_extract.cc Arbitrary Code Execution via SKP File Parsing in Bentley MicroStation CONNECT 10.16.02.034 Arbitrary Code Execution via DXF File Parsing in Bentley MicroStation CONNECT 10.16.02.034 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.034 via 3DS File Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.034 via 3DS File Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 via Malicious IFC Files Arbitrary Code Execution via IFC File Parsing in Bentley MicroStation CONNECT 10.16.02.34 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 via Malicious IFC Files Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 via Malicious IFC Files Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 via Malicious IFC Files Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.034 Null Pointer Dereference Vulnerability in Blender 3.3.0 Arbitrary Code Execution via 3DM File Parsing in Bentley View 10.16.02.022 Authentication Bypass Vulnerability in Linux-PAM Package for openSUSE Tumbleweed Vulnerability: Information Leakage in MediaWiki SecurePoll Extension Panic Vulnerability in Go's crypto/elliptic Library Denial of Service Vulnerability in SCALANCE W1788-1 M12 and SCALANCE W1788-2 Series Denial of Service Vulnerability in SCALANCE W1788-1 M12 and SCALANCE W1788-2 Series Blender Thumbnailing Vulnerability: Endless Infinite Loop Due to Logical Bugs Apache HTTP Server 2.4.53 and earlier on Windows mod_isapi Module Request Processing Vulnerability Integer Overflow Vulnerability in apr_socket_sendv() Sensitive Information Exposure in Helpful WordPress Plugin (<=4.5.26) Signal App for iOS Vulnerability: URI Spoofing via RTLO Injection SQL Injection in QuerySet Methods via Crafted Dictionary SQL Injection in Django QuerySet.explain() Method Use-After-Free Vulnerability in Arm Mali GPU Kernel Driver Use-After-Free Vulnerability in Arm Mali GPU Kernel Driver CoreDNS Vulnerability: Internal Service Rerouting via FQDN Arm Mali GPU Kernel Driver Use-After-Free Vulnerability TLS Certificate Spoofing Vulnerability in WeeChat 3.2 to 3.4 before 3.4.1 XSS Vulnerability in External Redirect Warning Plugin 1.3 for MyBB XSS Vulnerability in Active Threads Plugin 1.3.0 for MyBB Predictable randomUUID generation in Scala.js before 1.10.0 Refcount Leak Vulnerability in Linux Kernel's af_llc.c Directory Traversal Vulnerability in NATS nats-server 2.2.0 through 2.7.4 Reprise License Manager 14.2 Reflected XSS Vulnerability in /goform/login_process Username Parameter Reflected Cross-Site Scripting (XSS) Vulnerability in Reprise License Manager 14.2 Information Disclosure Vulnerability in Reprise License Manager 14.2 via GET Request to /goforms/rlminfo Excessive Heap Memory Consumption Vulnerability in Neko-related HTML Parsers XSS Vulnerability in OWASP AntiSamy: HTML Tag Smuggling in STYLE Content Remote Code Execution via @font-face CSS Statement in Dompdf 1.2.1 Remote Code Execution via Unvalidated User-Provided URL in Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 CoreDNS Vulnerability: Traffic Redirection to Malicious Pods via TLD Spoofing Firmware Modification Vulnerability on Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 Devices Static Certificate Vulnerability in Verizon 5G Home LVSKIHP InDoorUnit (IDU) and OutDoorUnit (ODU) Devices Arbitrary File Upload Vulnerability in Verizon 5G Home LVSKIHP InDoorUnit (IDU) and OutDoorUnit (ODU) Devices Remote Code Execution Vulnerability in Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 Remote Code Execution Vulnerability in Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 Remote Code Execution Vulnerability in Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 Verizon 5G Home LVSKIHP CPE Admin Website Access Vulnerability Static Account Credentials Vulnerability in Verizon 5G Home LVSKIHP InDoorUnit (IDU) and OutDoorUnit (ODU) Devices XSS Vulnerability in Craft CMS before 3.7.29 XSS Vulnerability in jc21.com Nginx Proxy Manager before 2.9.17 Arbitrary File Access Vulnerability in Eclipse Sphinx™ before version 0.13.1 Directory Traversal Vulnerability in rc-httpd Component of 9front (Plan 9 fork) Stack-based Buffer Overflow in ALLMediaServer 1.6's Mediaserver.exe Allows Remote Code Execution Vulnerability: Insecure Encryption Mode in Verbatim Drives Firmware Validation Vulnerability in Verbatim Drives Offline Brute-Force Vulnerability in Verbatim Drives Vulnerability: Manipulation of Emulated CD-ROM Drive Content in Verbatim Drives Vulnerability: Lockout Bypass in Verbatim Drives Insecure Design Allows Unauthorized Access to Verbatim Drives Double Free Vulnerability in usb_8dev_start_xmit in Linux Kernel Double Free Vulnerability in mcba_usb_start_xmit in Linux Kernel Unauthenticated Access and Cross-Site Scripting Vulnerabilities in Zephyr Project Manager WordPress Plugin Double Free Vulnerability in ems_usb_start_xmit in Linux Kernel Arbitrary Code Execution and Terminal Manipulation Vulnerability in BusyBox Insecure DLL Loading Vulnerability in Trend Micro Password Manager (Consumer) Versions 3.7.0.1223 and Below Arbitrary File Upload Vulnerability in Ghost CMS v4.42.0 SQL Injection Vulnerability in Zephyr Project Manager WordPress Plugin Uninstallation Handler Authorization Bypass Vulnerability in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806 SQL Injection Vulnerability in Simple Real Estate Portal System v1.0 SQL Injection Vulnerability in Simple Real Estate Portal System v1.0 SQL Injection Vulnerability in Car Driving School Management System v1.0 SQL Injection Vulnerability in Car Driving School Management System v1.0 SQL Injection Vulnerability in Home Owners Collection Management System v1.0 SQL Injection Vulnerability in Home Owners Collection Management System v1.0 SQL Injection Vulnerability in Home Owners Collection Management System v1.0 SQL Injection Vulnerability in Home Owners Collection Management System v1.0 Critical SQL Injection Vulnerability in SourceCodester Gym Management System (VDB-206451) SQL Injection Vulnerability in Baby Care System v1.0 SQL Injection Vulnerability in Baby Care System v1.0 via /admin.php?id=posts&action=display&value=1&postid= SQL Injection Vulnerability in Baby Care System v1.0 via /admin/posts.php&action=edit SQL Injection Vulnerability in Baby Care System v1.0 via /admin/posts.php&action=delete SQL Injection Vulnerability in Baby Care System v1.0 via /admin/posts.php&find= SQL Injection Vulnerability in Baby Care System v1.0 via /admin/pagerole.php&action=display&value=1&roleid= SQL Injection Vulnerability in Baby Care System v1.0 via /admin/pagerole.php&action=edit&roleid= SQL Injection Vulnerability in Baby Care System v1.0 via /admin/inbox.php&action=read&msgid= SQL Injection Vulnerability in Baby Care System v1.0 via /admin/inbox.php&action=delete&msgid= Cross-Site Scripting (XSS) Vulnerability in MotoPress Timetable and Event Schedule (VDB-206486) SQL Injection Vulnerability in Baby Care System v1.0 via /admin/siteoptions.php&social=remove&sid=2 SQL Injection Vulnerability in Baby Care System v1.0 via /admin.php?id=siteoptions&social=display&value=0&sid=2 SQL Injection Vulnerability in Baby Care System v1.0 via /admin/users.php&action=display&value=Show&userid= SQL Injection Vulnerability in Baby Care System v1.0 via /admin.php?id=siteoptions&social=edit&sid=2 SQL Injection Vulnerability in Baby Care System v1.0 via /admin/siteoptions.php&action=displaygoal&value=1&roleid=1 SQL Injection Vulnerability in Baby Care System v1.0 via /admin/uesrs.php&action=display&value=Hide&userid= SQL Injection Vulnerability in Baby Care System v1.0 via /admin/uesrs.php&action=type&userrole=Admin&userid=3 SQL Injection Vulnerability in Baby Care System v1.0 via /admin/uesrs.php&action=type&userrole=User&userid= SQL Injection Vulnerability in Baby Care System v1.0 via /admin/users.php&action=delete&userid=4 Cross-Site Scripting (XSS) Vulnerability in MotoPress Timetable and Event Schedule up to 1.4.06 Arbitrary File Upload Vulnerability in UCMS v1.6 Allows Remote Code Execution Arbitrary File Deletion Vulnerability in UCMS v1.6 Arbitrary File Read Vulnerability in UCMS v1.6 Arbitrary File Read Vulnerability in KiteCMS v1.1.1 via Background Management Module Cross Site Scripting (XSS) Vulnerability in nopCommerce 4.50.1 Cross-Site Scripting (XSS) and Arbitrary File Upload Vulnerability in nopCommerce 4.50.1 Improper Validation of Specified Quantity Input in GitHub Repository vim/vim (CVE-2021-3770) Cross Site Scripting (XSS) Vulnerability in nopCommerce 4.50.1 Directory Traversal Vulnerability in nopCommerce 4.50.1 Maintenance Feature SQL Injection Vulnerability in Red Planet Laundry Management System 1.0 Cross Site Scripting (XSS) Vulnerability in Limbas 4.3.36.1319 Unauthenticated Arbitrary Event Creation and Cross-Site Scripting (XSS) Vulnerability in Calendar Event Multi View WordPress Plugin SQL Injection Vulnerability in mingyuefusu Library Management System Arbitrary File Reading Vulnerability in Novel-Plus 3.6.0 Buffer Overflow Vulnerability in ImageMagick 7.1.0-27 Apifox through 2.1.6 Cross Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Online Student Admission v1.0 via txtapplicationID Parameter SQL Injection Vulnerability in Payroll Management System v1.0: Exploiting the Username Parameter Critical SQL Injection Vulnerability in SourceCodester Guest Management System (VDB-206489) Code-Execution Backdoor in Marcador Package (PyPI 0.1-0.13) Integer Overflow Vulnerability in ffjpeg's bmp_load() Function Leading to Heap Overflow in jfif_encode() Cross Site Scripting (XSS) Vulnerability in WBCE CMS 1.5.2 Directory Traversal Vulnerability in SeedDMS Log Files Management Stored XSS Vulnerability in SeedDMS: Exploiting Admin Privileges for Payload Injection Arbitrary Code Execution Vulnerability in Kepware KEPServerEX 6.11.718.0 Buffer Overflow Vulnerability in ALLMediaServer 1.6 via MediaServer.exe CSV-Safe gem < 3.0.0 allows CSV Injection due to lack of special character filtering. Memory Leakage Vulnerability in Tcpreplay Version 4.4.1: Threat to Data Confidentiality Uninitialized Variable Vulnerability in wav_format_write function of libwav.c Heap-based Buffer Overflow in Vim Prior to 9.0.0220 Command Injection Vulnerability in TOTOLink Outdoor CPE CP900 V6.3c.566_B20171026 Remote Login Bypass Vulnerability in TOTOLINK Technology CPE Firmware V6.3c.566 Remote Telnet Service Activation Vulnerability in TOTOLINK CP900 V6.3c.566 Command Injection Vulnerability in TOTOLink Outdoor CPE CP900 V6.3c.566_B20171026 Command Injection Vulnerability in TOTOLink Outdoor CPE CP900 V6.3c.566_B20171026 Command Injection Vulnerability in TOTOLink Outdoor CPE CP900 V6.3c.566_B20171026 Command Injection Vulnerability in TOTOLink Outdoor CPE CP900 V6.3c.566_B20171026 NULL Pointer Dereference Vulnerability in 389-ds-base with Content Synchronization Plugin SQL Injection Vulnerability in Jfinal_cms 5.1.0 via com.jflyfox.system.log.LogController.java Heap Buffer Overflow in GIFLIB 5.2.1: DumpScreen2RGB() Function Vulnerability Cross Site Scripting (XSS) Vulnerability in Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 Unescaped Output XSS Vulnerability in MantisBT before 2.25.2 SQL Injection Vulnerability in Sourcecodester Fantastic Blog CMS 1.0 Heap Corruption Vulnerability in Google Chrome's FedCM Prior to 104.0.5112.101 ZCMS v20170206 File Inclusion Vulnerability via index.php?m=home&c=home&a=sp_set_config Stored XSS Vulnerability in ZCMS v20170206 via index.php?m=home&c=message&a=add Arbitrary File Deletion Vulnerability in HongCMS 3.0.0 SQL Injection Vulnerability in ED01-CMS v20180505 via post.php Component Arbitrary File Upload Vulnerability in ED01-CMS v20180505 Arbitrary Folder Deletion Vulnerability in dhcms v20170919 Arbitrary File Upload Vulnerability in bloofoxCMS v0.5.2.1 Heap Buffer Overflow in Google Chrome Downloads on Android SQL Injection Vulnerability in Sourcecodester Covid-19 Directory on Vaccination System 1.0 via cmdcategory SQL Injection Vulnerability in Sourcecodester Covid-19 Directory on Vaccination System 1.0 SQL Injection Vulnerability in Sourcecodester Medical Hub Directory Site 1.0 Remote Code Execution Vulnerability in SwiftShader in Google Chrome Uncontrolled Search Path Element Vulnerability in Samsung Update Privilege Escalation in Galaxy Store: Improper Sanitization of Incoming Intent Path Traversal Vulnerability in Samsung Flow Prior to Version 4.8.07.4: Arbitrary File Read Path Traversal Vulnerability in Galaxy Store's Unzip Method Stored XSS Vulnerability in FUDforum 3.1.1 ANGLE Use After Free Vulnerability in Google Chrome Stack Buffer Overflow in jhead 3.06 via shellescape() in jhead.c SQL Injection Vulnerability in CSCMS 4.1 Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin Stack Overflow Vulnerability Command Injection Vulnerability in Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin Arbitrary Website Browsing Vulnerability in Google Chrome on Android Stack Overflow Vulnerability in Tenda AC9 Router's httpd Service Stack Overflow Vulnerability in Tenda AX12 22.03.01.21_cn Router's /goform/setMacFilterCfg Function Remote Command Execution via Image Upload in Sourcecodester Doctor's Appointment System 1.0 Remote Code Execution Vulnerability in Google Chrome: Use After Free in Blink Command Injection Vulnerability in D-Link 882 DIR882A1_FW130B06 Command Injection Vulnerability in Tenda AX1806 v1.0.0.1's SetIPv6Status Function Command Injection Vulnerability in D-Link DIR-823-Pro v1.0.2 Command Injection Vulnerability in TOTOlink A7100RU Router Command Injection Vulnerability in TOTOlink A7100RU Router Command Injection Vulnerability in TOTOlink A7100RU Router Command Injection Vulnerability in TOTOlink A7100RU Router Use After Free Vulnerability in Google Chrome Sign-In Flow Command Injection Vulnerability in TOTOlink A7100RU Router Command Injection Vulnerability in TOTOlink A7100RU Router Command Injection Vulnerability in TOTOlink A7100RU Router Command Injection Vulnerability in TOTOlink A7100RU Router's setWiFiWpsCfg Interface Command Injection Vulnerability in TOTOlink A7100RU Router SQL Injection Vulnerability in EmpireCMS 7.5 AdClass.php XSS Vulnerability in Hoosk 1.8.0 Edit Page Allows Execution of JavaScript Code Stored Cross-Site Scripting (XSS) Vulnerability in SpringBootMovie <=1.2 Stored XSS Vulnerability in Pixelimity 1.0 via Title Field in admin/pages.php?action=add_new Use After Free Vulnerability in Chrome OS Shell in Google Chrome Pixelimity 1.0 Remote Code Execution (RCE) Vulnerability via admin-ajax.php?action=install_theme Cross-Site Scripting (XSS) Vulnerability in Frappe ERPNext 12.29.0 Stored Cross-Site Scripting (XSS) Vulnerability in FUEL-CMS 1.5.1 via Malicious PDF Upload Cookie Prefix Bypass Vulnerability in Google Chrome Simple 2FA Plugin for Moodle Remote Phone Number Overwrite Vulnerability Remote Code Execution via Hardcoded Admin Token in SoundBar Apps in Linkplay SDK 1.00 Arbitrary File Upload Vulnerability in BossCMS 1.0 Sensitive Information Disclosure in asith-eranga ISIC Tour Booking Arbitrary Script Injection Vulnerability in Google Chrome Extensions API Escalation of Privilege Vulnerability in Intel(R) XMM(TM) 7560 Modem Software Multiple Authenticated Stored Cross-Site Scripting (XSS) Vulnerabilities in Muneeb's Custom Popup Builder Plugin <= 1.3.1 for WordPress HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware Reboot Vulnerability Memory Reading Vulnerability in Apache HTTP Server 2.4.53 and Earlier Vulnerability: Apache HTTP Server 2.4.53 and Earlier - Read Beyond Bounds in ap_strcmp_match() HPE OneView Remote Server-Side Request Forgery (SSRF) Vulnerability Remote Bypass Security Restrictions Vulnerability in HPE OneView Prior to 7.0 Command Injection Vulnerability in HPE Nimble Storage Arrays Local Privilege Escalation Vulnerability in HPE Version Control Repository Manager Installer Critical Use After Free Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Remote Authentication Bypass Vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers Remote Disclosure of Sensitive Information Vulnerability in HPE NonStop DSM/SCM T6031H03^ADP Critical Vulnerability in HPE StoreOnce Software: Weak SSH Key Exchange Allows Remote Unauthorized Access Remote SQL Injection and Unauthorized Data Injection in HPE IceWall SSO 10.0 certd Remote Cross Site Scripting (XSS) Vulnerability in HPE FlexNetwork and FlexFabric Switch Products Local Disclosure of Sensitive Information Vulnerability in HPE OneView Critical Local Arbitrary Code Execution Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Critical Local Arbitrary Code Execution Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Critical Local Arbitrary Code Execution Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Local Arbitrary Code Execution Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Unsanitized Parameter Vulnerability in Migration, Backup, Staging WordPress Plugin Local Arbitrary Code Execution Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Arbitrary Code Execution and DoS Vulnerability in HPE iLO 5 Firmware Arbitrary Code Execution and DoS Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Local Disclosure and Unauthorized Data Modification Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Critical Local Arbitrary Code Execution Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Local Arbitrary Code Execution and Denial of Service Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Local Arbitrary Code Execution and Denial of Service Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Firmware Critical Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Version 2.71: Local DoS and Arbitrary Code Execution Critical Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Version 2.71: Confidentiality, Integrity, and Availability at Risk Critical Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Version 2.71: Remote DoS and Arbitrary Code Execution Vulnerability: Cross-Site Request Forgery in Demon Image Annotation Plugin for WordPress Critical Security Vulnerability in HPE Integrated Lights-Out 5 (iLO 5) Version 2.71: Local Adjacent Arbitrary Code Execution Arbitrary Code Execution via IFC File Parsing in Bentley MicroStation CONNECT 10.16.02.34 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.02.34 via DGN File Parsing Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.2.034 via Malicious IFC Files Remote Code Execution Vulnerability in Bentley MicroStation CONNECT 10.16.2.034 via Malicious IFC Files HTML Code Injection Vulnerability in JetBrains YouTrack Cross-Site Scripting (XSS) Vulnerability in JetBrains YouTrack before 2022.1.43563 Stored XSS Vulnerability in GitLab CE/EE Versions 15.1.6 to 15.2.4 and 15.3.2 JavaScript Injection Vulnerability in YouTrack Classic UI Password Extraction Vulnerability in JetBrains IntelliJ IDEA (before 2021.3.3) Arbitrary Code Execution Vulnerability in FATEK FvDesigner Version 1.5.103 and Prior Unauthenticated Access Vulnerability in Grafana Enterprise Logs Out of Bounds Read Vulnerability in Simcenter Femap (ZDI-CAN-15114) Out of Bounds Write Vulnerability in Simcenter Femap (ZDI-CAN-15307) Out of Bounds Write Vulnerability in Simcenter Femap (ZDI-CAN-15592) FreshTomato 2022.1 HTTPD Unescape Memory Corruption Vulnerability FreshTomato 2022.1 HTTPD Unescape Memory Corruption Vulnerability Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to unauthorized &yikes-the-content-toggle option update. Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Software Arbitrary Code Execution via J2K File Parsing in Sante DICOM Viewer Pro 11.9.2 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 (ZDI-CAN-16420) libtiff's tiffcrop utility vulnerability: uint32_t underflow leading to out of bounds read and write Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 via AcroForms Processing Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution via Annotation Handling in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution via Annotation Handling in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution via Annotation Handling in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution via Annotation Handling in Foxit PDF Reader 11.2.1.53537 Improper Input Validation in libtiff's tiffcrop Utility Leading to Out of Bounds Read and Crash Arbitrary Code Execution via Annotation Handling in Foxit PDF Reader 11.2.1.53537 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 (ZDI-CAN-16778) Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution Vulnerability in DevExpress SafeBinaryFormatter Library (ZDI-CAN-16710) Remote Code Execution Vulnerability in AVEVA Edge 2020 SP2 Patch 0 Arbitrary Code Execution via Unsecured Library Loading in AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000) Arbitrary Code Execution via Unsecured Library Loading in AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000) Arbitrary Code Execution via Unsecured Library Loading in AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000) InHand Networks InRouter302 V3.5.45 - Debug Code Vulnerability Allows Arbitrary Command Execution libtiff's tiffcrop Tool Underflow Vulnerability Uninitialized Pointer Out-of-Bounds Write Vulnerability Undisclosed Traffic Resource Utilization Vulnerability in F5 BIG-IP Remote Code Execution Vulnerability in Cybozu Garoon Scheduler Arbitrary Command Execution via File Upload in F5 BIG-IP AFM Configuration Utility Uncontrolled Search Path Vulnerability in Intel(R) Distribution for Python Unauthenticated Privilege Escalation via Physical Access in Intel(R) AMT and Intel(R) Standard Manageability Firmware Privilege Escalation Vulnerability in Intel(R) NUC BIOS Firmware Remote Code Execution Vulnerability in Laravel 5.1 Authenticated Arbitrary File Creation via Export Function Vulnerability in GiveWP Plugin Memory Resource Utilization Vulnerability in F5 BIG-IP 16.1.x versions prior to 16.1.2.2 ABB e-Design Incorrect Default Permissions Vulnerability Stored Cross-Site Scripting Vulnerability in Lansweeper 10.1.1.0's HdConfigActions.aspx AlterTextLanguages Functionality Remote Root Privilege Escalation Vulnerability in Rakuten Casa F5 BIG-IP ePVA FastL4 Profile Termination Vulnerability F5 BIG-IP DNS Resolver Termination Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in F5 BIG-IP Configuration Utility F5 BIG-IP DNS Resolver Vulnerability Improper Access Control in Intel(R) E810 Ethernet Controllers Firmware: Potential Denial of Service Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in notrinos/notrinoserp prior to version 0.7 Information Disclosure Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364: Arbitrary File Read Memory Corruption Vulnerability in ArduPilot APWeb Master Branch Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Unauthenticated Access to Facility Information in Cybozu Garoon Scheduler DLL Hijacking vulnerability in F5 BIG-IP APM and APM Clients Arbitrary Script Injection Vulnerability in Cybozu Office 10.0.0 to 10.8.5 DOM-based Cross-Site Scripting (XSS) Vulnerability in BIG-IP AFM, CGNAT, and PEM Configuration Utility Arbitrary script injection vulnerability in Rebooter, PoE Rebooter, Scheduler, and Contact Converter Bulletin Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 5.5.1 Remote Code Execution via Unauthenticated Configuration File Upload in AssetView Unrestricted File Upload Vulnerability in OctoPrint Prior to 1.8.3 Remote Code Execution Vulnerability in HP Print Products Buffer Overflow Vulnerability in HP Print Products Linux Kernel iSMT SMBus Host Controller Driver Local Denial of Service Vulnerability Incomplete Patch in Apache JSPWiki (CVE-2021-40369) Allows XSS Attack via AJAXPreview.jsp CSRF Vulnerability in Apache JSPWiki Allows Email Modification and Password Reset XSS Vulnerability in Apache JSPWiki Allows Remote Code Execution Integer Underflow Vulnerability in grub_net_recv_ip4_packets Out-of-bounds Write Vulnerability in GRUB2 HTTP Code Vulnerability: Shim_lock verifier allows unverified code loading in GRUB2 on secure boot systems Use-After-Free Vulnerability in grub_cmd_chainloader() Function Potential Out-of-Bound Write Vulnerability in handle_image() Function Double Free Vulnerability in Ruby Regexp Compiler Buffer Over-read Vulnerability in Ruby's String-to-Float Conversion NULL Pointer Dereference Vulnerability in vim/vim Critical Vulnerability: Unauthorized Access to Sensitive Information in aEnrich eHRD Learning Management System Local File Inclusion (LFI) Vulnerability in aEnrich a+HRD 5.x Learning Management Key Performance Indicator System Improper Access Control in aEnrich eHRD Learning Management Key Performance Indicator System 5+ TOCTOU Race Condition Vulnerability in Foscam R2C IP Camera: Remote Code Execution and Full System Access Remote Code Execution via Key Reuse in GoSecure Titan Inbox Detection & Response (IDR) Unauthenticated Meeting Join Vulnerability in Zoom On-Premise Meeting Connector Zoom On-Premise Meeting Connector Zone Controller (ZC) STUN Error Code Parsing Vulnerability Privilege Escalation Vulnerability in Zoom Client for MacOS Local Privilege Escalation Vulnerability in Zoom Rooms for Windows Versions Before 5.11.0 Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 - Improper Access Control Vulnerability Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 - Improper Access Control Vulnerability Zoom Client for Meetings Vulnerability: Remote Code Execution via Malicious URL Privilege Escalation Vulnerability in Zoom Client for macOS Privilege Escalation Vulnerability in Zoom Client for macOS (Versions 5.7.3 to 5.11.6) Improper Access Control Vulnerability in Zoom On-Premise Meeting Connector MMR (before version 4.8.20220815.130) Improper Access Control Vulnerability in Zoom On-Premise Meeting Connector MMR (before version 4.8.20220815.130) Critical SQL Injection Vulnerability in SourceCodester Student Management System (VDB-206634) Improper Access Control Vulnerability in Zoom On-Premise Meeting Connector MMR (before version 4.8.20220815.130) Improper Access Control Vulnerability in Zoom On-Premise Meeting Connector MMR (before version 4.8.20220916.131) Debugging Port Misconfiguration in Zoom Client for macOS Allows Unauthorized Control of Zoom Apps Zoom Client for Meetings Vulnerability: URL Parsing Exploit Local Information Exposure Vulnerability in Zoom Client for Meetings DLL Injection Vulnerability in Zoom Client for Meetings and Zoom Rooms Local Privilege Escalation Vulnerability in Zoom Client for macOS Installer Origin IP Address Spoofing Vulnerability in Titan Anti-spam & Security WordPress Plugin Unauthenticated Script Injection Vulnerability in SAPUI5 Library (vbm) Unauthenticated Remote Code Execution in SAP Business One License Service API - Version 10.0 Stack Overwrite Vulnerability in SAP Web Dispatcher and Internet Communication Manager Uncontrolled Recursion Vulnerability in SAP Web Dispatcher and SAP Internet Communication Manager SAP Host Agent Logfile Information Disclosure Vulnerability Improper Access Control Vulnerability in Samsung Flow: Unauthorized File Write Unauthenticated Application Installation Vulnerability in Galaxy Store Improper Access Control Vulnerability in Samsung Members: Unauthorized Call Function Execution Arbitrary Folder Access Control Vulnerability in Samsung Security Supporter Uncontrolled Search Path Element Vulnerability in Samsung Android USB Driver Windows Installer Program Improper Access Control Vulnerability in Weather App Allows Unauthorized Access to Location Information Arbitrary Activity Launch Vulnerability in Settings Prior to SMR-May-2022 Release 1 Improper Access Control Vulnerability in Contents To Window Unauthenticated Arbitrary Package Uninstallation Vulnerability in Galaxy Themes Galaxy Themes Path Traversal Vulnerability in SMR May-2022 Release 1 Buffer Overflow Vulnerability in aviextractor Library (SMR May-2022 Release 1) Buffer Overflow Vulnerability in aviextractor Library (SMR May-2022 Release 1) Out of Bounds Read Vulnerability in wmfextractor Library Buffer Overflow Vulnerability in aviextractor Library (SMR May-2022 Release 1) Unprotected Activities in Voice Note Prior to Version 21.3.51.11 Allow Unauthorized Voice Recording Unbounded Memory Allocation Vulnerability in Reader.Read Authentication Bypass Vulnerability in Link to Windows Service (Version 2.3.04.1 and earlier) Allows Device Lock Improper Input Validation Vulnerability in InstallAgent Allows File Overwrite Gear IconX PC Manager DLL Hijacking Vulnerability Compromised TEE Exploitation: Android ROT Manipulation in StrongBox Low-Battery Dumpstate Log Vulnerability: Local Attackers Exploit to Access SIM Card Information Automatic Password Filling Vulnerability in Avira Password Manager Browser Extensions Use-after-free vulnerability in jbd2_journal_wait_updates in Linux kernel before 5.17.1 Arbitrary Website Loading Vulnerability in TikTok Android App Allows Account Takeover Query Parameter Smuggling in Go ReverseProxy Intra-Account Privilege Escalation Vulnerability in Code by Zapier Stored XSS Vulnerability in SilverStripe Framework via XMLHttpRequest (XHR) Heap-based Buffer Over-read in Lua's lparser.c Vulnerability: Privilege Escalation and Arbitrary Code Execution in Fujitsu LIEFBOOK BIOS Out-of-Bounds Read Vulnerability in Open Design Alliance Drawings SDK Out-of-Bounds Read Vulnerability in Open Design Alliance Drawings SDK Out-of-Bounds Read Vulnerability in Open Design Alliance Drawings SDK Buffer Overflow Vulnerability Arbitrary OS Command Execution and Command Injection in Zoho ManageEngine ADSelfService Plus Arbitrary OS Command Execution Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Hard-coded Credentials Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server SQL Injection Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server Relative Path Traversal Vulnerability in Carlo Gavazzi UWP3.0 and CPY Car Park Server SQL Injection Vulnerability in Sentilo Proxy Server Reflected XSS Vulnerability in Sentilo Proxy of Carlo Gavazzi UWP3.0 and CPY Car Park Server Reflected Cross-Site Scripting (XSS) Vulnerability in ColdFusion Versions CF2021U3 and Earlier, and CF2018U13 Out-of-Bounds Write Vulnerability in Adobe Character Animator Allows Arbitrary Code Execution GitLab CE/EE Vulnerability: GitHub Integration Access Token Exfiltration Reflected Cross-site Scripting (XSS) Vulnerability in ACS Commons 5.1.x (and earlier) Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Use-after-free Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Use-after-free Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Framemaker Allows Arbitrary Code Execution Zipbomb File Upload Vulnerability in Octopus Deploy Leads to Denial of Service Out-of-Bounds Read Vulnerability in Adobe Framemaker Allows Memory Disclosure Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InCopy: Arbitrary Code Execution Use-After-Free Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InCopy: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Pro DC Versions 22.001.2011x and Earlier Use-After-Free Vulnerability in Acrobat Pro DC Versions 22.001.2011x and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Remote Code Execution Vulnerability in GitLab CE/EE via Import from GitHub API Endpoint Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Stored Cross-site Scripting (XSS) Vulnerability in YetiForce CRM prior to version 6.4.0 Adobe Bridge Version 12.0.1 Out-of-Bounds Read Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Buffer Overflow Vulnerability in Intel(R) NUC Laptop Kits Firmware Exposure of Net HSM Partition Password in F5 BIG-IP Versions Prior to 15.1.5.1 and 14.1.4.6 Critical Remote Code Execution Vulnerability in Laravel 5.1 (VDB-206688) Authentication Downgrade Vulnerability in Citilog 8.0 Server Allows Unauthorized HTTP Access to Axis M1125 Camera Citilog 8.0 Server Vulnerability: Cleartext FTP Credentials Exposure via Man-in-the-Middle Attack SQL Injection Vulnerabilities in Archibus Web Central (pre-26.2) Arbitrary File Upload Vulnerability in Nokia NetAct 22 Arbitrary Code Execution via TemplateName Parameter in Nokia NetAct Administration of Measurements Arbitrary Code Execution through Filename Manipulation in Nokia NetAct Site Configuration Tool Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00 Multiple Improper Access Control Vulnerabilities Cross-Site Scripting (XSS) Vulnerability in Nokia NetAct 22 Administration of Measurements Website Address Bar Spoofing Vulnerability in Safe Browser for Android Address Bar Spoofing Vulnerability in F-Secure SAFE Browser Unfiltered HTML Capability Bypass in WP Server Health Stats WordPress Plugin Address Bar Spoofing Vulnerability in F-Secure SAFE Browser F-Secure Atlant Denial-of-Service (DoS) Vulnerability Address Bar Spoofing Vulnerability in F-Secure SAFE Browser Address Bar Spoofing Vulnerability in F-Secure SAFE Browser Remote Denial-of-Service Vulnerabilities in F-Secure Atlant and WithSecure Products Remote Denial-of-Service (DoS) Vulnerability in F-Secure Atlant and WithSecure Products Remote Denial-of-Service (DoS) Vulnerability in F-Secure Atlant and WithSecure Products Arbitrary File Deletion and Privilege Escalation Vulnerability in F-Secure & WithSecure Windows Endpoint Products Denial-of-Service Vulnerability in F-Secure Atlant and WithSecure Products: Scanning Engine Crash via Fuzzed APK File Denial-of-Service (DoS) Vulnerability in F-Secure Atlant and WithSecure Products: Scanning Engine Crash via aepack.dll Session Cookie Hijacking Vulnerability Remote Denial-of-Service Vulnerability in F-Secure Atlant and WithSecure Products F-Secure Atlant aerdl.dll Denial-of-Service (DoS) Vulnerability Remote DoS Vulnerability in F-Secure & WithSecure Products: Infinite Loop in aegen.dll Remote Denial-of-Service (DoS) Vulnerability in F-Secure & WithSecure Products Denial-of-Service Vulnerability in F-Secure and WithSecure Products: Infinite Loop in aerdl.dll Denial-of-Service Vulnerability in WithSecure's fsicapd Component Denial-of-Service Vulnerability in F-Secure and WithSecure Products: Infinite Loop in aerdl.so/aerdl.dll during PE File Unpacking Denial-of-Service (DoS) Vulnerability in F-Secure & WithSecure Products: aerdl.dll Unpacker Handler Function Crash Remote Command Execution Vulnerability in Spryker Commerce OS 1.4.2 Clickjacking Vulnerability in Apache Druid 0.22.1 and Earlier Critical Use After Free Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Apache Jena RDF/XML Parser External DTD Retrieval Vulnerability CSRF Vulnerability in Mahara: Easily Guessable Randomly Generated Tokens Vulnerability: Insecure State Management in SUNRPC Subsystem Command Injection Vulnerability in D-Link DIR882 Router Allows Privilege Escalation Command Injection Vulnerability in D-Link DIR882 DIR882A1_FW130B06 Component Stored Cross-site Scripting (XSS) Vulnerability in YetiForceCRM GitHub Repository Command Injection Vulnerability in D-Link DIR882 DIR882A1_FW130B06 Component Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 via devicemac Parameter Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 via langtype Parameter Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 via hosttime Function Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 Time-based Attack Vulnerability in WP 2FA WordPress Plugin Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 via devicename parameter in /setting/setDeviceName Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 Command Injection Vulnerability in TOTOLink N600R V5.3c.7159_B20190425 Command Injection Vulnerability in D-Link DIR-816 A2_v1.10CNB04 Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21_cn via lanIp Parameter in /goform/AdvSetLanIp Arbitrary File Deletion Vulnerability in GreenCMS v2.3.0603 Cross-Site Scripting (XSS) Vulnerability in HTMLCreator release_stable_2020-07-29 via _generateFilename Function Unmaintained ActiveX Control Allows Out-of-Bounds Write in Measuresoft ScadaPro Server Cross-Site Scripting (XSS) Vulnerability in Tieba-Cloud-Sign v4.9 via strip_tags Function Unauthenticated File Read Vulnerability in BlogEngine.Net v3.3.8.0 Open Redirection Vulnerability in Caddy v2.4.6: Phishing Website Redirection via Crafted URLs UniverSIS-Students v1.5.0 Information Disclosure Vulnerability Subconverter v0.7.2 Remote Code Execution (RCE) Vulnerability SQL Injection Vulnerability in Hospital Management System v1.0 via delid parameter at viewtreatmentrecord.php Path Traversal Vulnerability in RONDS EPM version 1.19.5 SQL Injection Vulnerability in ERP-Pro v3.7.5 via /base/SysEveMenuAuthPointMapper.xml Component Insecure Permissions Vulnerability Found in D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 Command Injection Vulnerability in Totolink Routers Integer Overflow Vulnerability in FISCO-BCOS release-3.0.0-rc2 Allows DoS Attacks via Large Viewchange Message Packet FISCO-BCOS release-3.0.0-rc2 Vulnerability: Malicious Node Disruption Unmaintained ActiveX Controls in Measuresoft ScadaPro Server: Multiple Untrusted Pointer Deference Vulnerabilities Unauthenticated Access and Denial of Service (DoS) Vulnerability in H3C MagicR100 <=V100R005 Remote Code Execution Vulnerability in EMCO Software Update Process Directory Traversal Vulnerability in Webbank WeCube v3.2.2 via Crafted ZIP File Denial of Service (DoS) Vulnerability in Open Policy Agent v0.39.0's ast/parser.go Component Crash Vulnerability in Go-Yaml v3 Unmarshal Function Stack-based Buffer Overflow Vulnerability in Measuresoft ScadaPro Server (All Versions) Unauthenticated Access Control Vulnerability in D-Link DIR816L_FW206b01 Remote Code Execution Vulnerability in D-Link DIR816L_FW206b01's getcfg.php Component Multiple Cross-Site Scripting (XSS) Vulnerabilities in Spip Web Framework v3.1.13 and Below Use After Free Vulnerability in Measuresoft ScadaPro Server (All Versions) Arbitrary PHP Code Execution Vulnerability in Spip before v3.2.8 Multiple SQL Injection Vulnerabilities in Spip Web Framework v3.1.13 and Below at /ecrire SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 Arbitrary File Write Vulnerability in Avast Premium Security Allows DoS via Crafted DLL File DLL Hijacking Vulnerabilities in Avast Premium Security before v21.11.2500 via instup.exe and wsc_proxy.exe Heap-Based Buffer Overflow in Wasm3 0.5.0: NewCodePage Vulnerability Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: ShareSpeed Parameter DoS Privilege Escalation Vulnerability in Measuresoft ScadaPro Server and Client Heap Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting the GetParentControlInfo Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: DoS via fromSetIpMacBind Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: timeZone Parameter in form_fast_setting_wifi_set Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1: Exploiting wanMTU Parameter for DoS Attacks Stored XSS Vulnerability in Infoblox NIOS v8.5.2-409296 via VLAN View Name Field Circumvention of HtmlUtil.escapeRedirect in Liferay Portal and Liferay DXP Stored Cross-Site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP User Membership Administration Page Cross-Site Scripting (XSS) Vulnerability in Liferay Portal's Custom Facet Widget Link Resolution Vulnerability in Measuresoft ScadaPro Server and Client (All Versions) Arbitrary Script Execution via Cross-Site Scripting (XSS) in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA Path Traversal Vulnerability in Liferay Portal 7.4.0 through 7.4.2 REST APIs Module Arbitrary Code Execution via Crafted Payload in Liferay Portal and Liferay DXP Stored XSS Vulnerability in OrangeHRM v4.10.1's addNewPost Component Insecure Direct Object References (IDOR) Vulnerability in LMS Doctor Simple 2 Factor Authentication Plugin for Moodle Username Enumeration Vulnerability in Zoho ManageEngine ADSelfService Plus Heap Overflow Vulnerability in WASM3 v0.5.0 via /wabt/bin/poc.wasm Component Information Disclosure Vulnerability in Multi Store Inventory Management System v1.0 CSRF Vulnerability in Online Banquet Booking System v1.0 Allows Unauthorized Admin Credential Modification Account Takeover Vulnerability in Multi Store Inventory Management System v1.0 Remote Buffer Overflow Vulnerability in Small HTTP Server Version 3.06 via Long GET Request RCE Vulnerability in Rengine v1.0.2 via YAML Configuration Function CSZCMS v1.3.0 SSRF Vulnerability in File Manager Connector Stack-Based Buffer Overflow in Xlight FTP v3.9.3.2: Exploiting Sensitive Information Leakage Insecure Permissions in Dev-CPP v4.9.9.2: Arbitrary Code Execution Vulnerability SSRF Vulnerability in GitHub Repository ionicabizau/parse-url prior to 8.1.0 Arbitrary File Upload Vulnerability in SpringBootMovie <=1.2 Arbitrary Administrator Account Creation Vulnerability in XXL-Job v2.3.0 Cross-Site Scripting (XSS) Vulnerability in Diary Management System v1.0 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Online Birth Certificate System v1.2 Authentication Bypass via SQL Injection in Directory Management System v1.0 Authentication Bypass via SQL Injection in Dairy Farm Shop Management System v1.0 Insecure Direct Object Reference (IDOR) Vulnerability in Bus Pass Management System v1.0 Allows Unauthorized Access to Sensitive Information SQL Injection Vulnerabilities in Cyber Cafe Management System Project v1.0 Admin Panel: Bypassing Authentication GitHub Repository Chatwoot Prior to 2.8 Improper Authorization Vulnerability Command Injection Vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 Razer Sila Gaming Router v2.0.441_api-2.0.418 Local File Inclusion Vulnerability Segmentation Fault Vulnerability in Bento4 v1.6.0.0 via strlen-avx2.S ForestBlog User Avatar XSS Vulnerability Buffer Overflow Vulnerability in OpenRazer's razerkbd Driver Allows DoS and Privilege Escalation Buffer Overflow Vulnerability in OpenRazer's razeraccessory Driver Allows DoS and Privilege Escalation Buffer Overflow Vulnerability in OpenRazer's razermouse Driver Allows DoS and Privilege Escalation Infinite Loop Denial of Service Vulnerability in JT2Go and Teamcenter Visualization Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Unserializing Vulnerability in Ninja Forms Contact Form WordPress Plugin Integer Overflow Vulnerability in JT2Go and Teamcenter Visualization Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Double Free Vulnerability in JT2Go and Teamcenter Visualization Uninitialized Pointer Free Vulnerability in JT2Go and Teamcenter Visualization Reflected Cross-Site Scripting (XSS) Vulnerability in SINEMA Remote Connect Server (All versions < V3.1) Insecure Nonce Generation in JetBrains Ktor Native Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Credentials Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins CVS Plugin 2.19 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Extended Choice Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Gerrit Trigger Plugin Stored XSS Vulnerability in GitLab CE/EE Versions 15.2 - 15.4.1 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Git Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Jira Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Job Generator Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Mask Passwords Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Node and Label Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Promoted Builds Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Subversion Plugin Jenkins Pipeline: Shared Groovy Libraries Plugin Remote Code Execution Vulnerability Jenkins Subversion Plugin CSRF Vulnerability Allows Unauthorized URL Connections Unvalidated Promotion Names in Jenkins Promoted Builds Plugin Linux Kernel BPF Subsystem Out-of-Bounds Memory Read Vulnerability Jenkins Publish Over FTP Plugin 1.16 CSRF Vulnerability: Unauthorized FTP Server Access Unauthenticated FTP Server Access in Jenkins Publish Over FTP Plugin Unencrypted Storage of Private Keys in Jenkins Google Compute Engine Plugin Keytab File Encryption Vulnerability in FortiOS Versions 7.2.0 and Below Cryptographic Weakness in Fortinet FortiOS: Key Deciphering Vulnerability Uninitialized Pointer Vulnerability in Fortinet FortiOS and FortiProxy Excessive Authentication Attempts Vulnerability in Fortinet FortiMail Reflected Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiEDR Command Injection Vulnerability in FortiAP and FortiAP-S/W2/U Memory Exhaustion Vulnerability in Named Service Vulnerability: Hard-coded Cryptographic Key Allows Unauthorized JWT Token Signing Command Injection Vulnerability in Fortinet FortiSOAR before 7.2.1 Fortinet FortiSOAR Path Traversal Vulnerabilities Remote Code Execution Vulnerability in Apache OFBiz Solr Plugin Unauthorised User Access to Repository Content via Crafted Link in GitLab CE/EE Vulnerability: Password Leakage in Arista CloudVision Portal (CVP) Heap Overflow Vulnerability in 7-Zip Allows Command Execution via Drag-and-Drop Heap-Based Buffer Overflow in rippled: Remote Code Execution and XRPL Mainnet Compromise Server-side Template Injection in ejs Package 3.1.6 for Node.js Gitlab CE/EE DoS Vulnerability: High CPU Usage via Crafted Commit Message Command Injection in npm-dependency-versions Package Access-Control Bypass Vulnerability in Zoho ManageEngine Products Dell EMC NetWorker Remote Certificate Spoofing Vulnerability Dell BIOS Improper Authentication Vulnerability Allows Unauthorized System Access Unrestricted Authentication Attempts in Dell Unity: Brute-Force Password Vulnerability Plain-text Password Storage Vulnerability in Dell Unity Storage Systems Information Disclosure Vulnerability in Dell Networking OS10 with Smart Fabric Services Unrestricted Upload Vulnerability in SourceCodester Simple and Nice Shopping Cart Script Sensitive Data Exposure in Dell Wyse Management Suite 3.6.1 and below: Credential Theft Vulnerability Reflected Cross-Site Scripting Vulnerability in Dell Unity Unisphere GUI Privilege Escalation Vulnerability in Dell SupportAssist Client Arbitrary File Deletion Vulnerability in Dell SupportAssist Client Arbitrary File Deletion/Overwrite Vulnerability in Dell SupportAssist Client Cross-Site Scripting Vulnerability in Dell SupportAssist Client Versions 3.10.4 and Prior Reflected Cross-Site Scripting Vulnerability in Dell Wyse Management Suite 3.6.1 and Below Path Traversal Vulnerability in Dell WMS 3.6.1 and Below Device API Weak Password Requirement Vulnerability in Dell PowerScale OneFS Versions 8.2.0.x through 9.3.0.x Windows Failover Cluster Information Leakage Vulnerability Windows Remote Access Connection Manager Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Media Foundation Remote Code Execution Vulnerability Hyper-V Shared Virtual Disk Privilege Escalation Vulnerability Office Security Feature Bypass Vulnerability: A Potential Breach in Microsoft Office SharePoint Server Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows Digital Media Receiver Privilege Escalation Vulnerability Windows Print Spooler Information Disclosure Vulnerability Exposes Sensitive Data Critical Remote Code Execution Vulnerability in Windows Fax Service Windows Kernel Information Leakage Vulnerability .NET and Visual Studio DoS Vulnerability: Exploiting Software Resource Exhaustion Critical Remote Code Execution Vulnerability in HEVC Video Extensions Unprotected Nonce Checks in Craw Data WordPress Plugin Allow SSRF Attacks Windows Clustered Shared Volume Information Disclosure Vulnerability Windows WLAN AutoConfig Service DoS Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Push Notifications Apps Privilege Escalation Vulnerability Windows Tablet UI Application Core Privilege Escalation Vulnerability BitLocker Security Feature Bypass Vulnerability: A Critical Flaw in Data Encryption Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability IP Address Spoofing Vulnerability in Login No Captcha reCAPTCHA WordPress Plugin Windows LDAP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Kernel Privilege Escalation Vulnerability Windows Clustered Shared Volume Information Disclosure Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Clustered Shared Volume Privilege Escalation Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Print Spooler Information Disclosure Vulnerability Exposes Sensitive Data Windows LDAP Remote Code Execution Vulnerability Windows Kernel Privilege Escalation Vulnerability SQL Server Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft's Database Management System Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) .NET and Visual Studio DoS Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks Exploiting Visual Studio Remote Code Execution Vulnerability Azure OMI Privilege Escalation Vulnerability Heap-based Buffer Overflow Vulnerability in SonicWall SMA100 Appliance Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability XSS Vulnerability in Ericom PowerTerm WebConnect 6.0 Login Portal Server Side Request Forgery in HashiCorp Consul and Consul Enterprise Arbitrary File Overwrite Vulnerability in rsync SQL Injection Vulnerability in OpenLDAP's Experimental Back-SQL Backend Double Free Vulnerability in Linux Kernel's RTRS-CLT Driver Apache OFBiz 18.12.05 Regular Expression Denial of Service (ReDoS) Vulnerability Authenticated User Privilege Escalation in Nextcloud Deck Sensitive Information Leakage in Nextcloud Android Prior to Version 3.19.0 XWiki Crypto API Vulnerability: Weak SHA1 with RSA Certificate Signatures Vulnerability: Privilege Escalation via runc exec --cap Unprotected Link Creation Vulnerability in Nextcloud Server Arbitrary Code Execution via HTML Artifact in Argo Workflows Critical Vulnerability in Argo CD Allows Unauthenticated Users to Impersonate Any User or Role IRC Command Execution Vulnerability in matrix-appservice-irc Regular Expression DoS Vulnerability in Hawk's parseHost() Function Arbitrary Code Execution via Insufficient Escaping in Wire Messaging Application Regular Expression Denial of Service (ReDoS) Vulnerability in BigBlueButton Grafana Enterprise Request Security Bypass Vulnerability Remote Code Execution in Sourcegraph's gitserver service HTML Injection in Auth0 Additional Signup Fields Vulnerability: Rollback Attack in go-tuf Password Reset Token Guessing Vulnerability in Countly Server Vulnerability: Unauthorized Gem Replacement in RubyGems.org Crash Vulnerability in Go Ethereum Prior to Version 1.10.17 Incorrect Default Permissions Vulnerability in Cilium Privilege Escalation via Cilium's Kubernetes Service Account HTTP Request Forgery Vulnerability in Charm Data Directory Manipulation Memory Access Vulnerability in Nokogiri XML and HTML Library (CVE-2021-41098) DOM-based Cross-Site Scripting Vulnerability in GoCD Versions 19.11.0 - 21.4.0 Reflected Cross-Site Scripting Vulnerability in GoCD Pipeline Comparison Function Remote Code Execution via Command Injection in GoCD Insecure Token Comparison in totp-rs Library (CVE-2021-XXXX) Pre-generated SSH Key Pair Exposes Unauthorized Access in Rundeck Docker Instances Privilege Escalation Vulnerability in Git Bypassing Deny List in Smokescreen HTTP Proxy Unbounded Buffer Vulnerability in Pion DTLS Prior to Version 2.1.4 Denial of Service Vulnerability in Pion DTLS (Versions prior to 2.1.4) Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.GetSessionTensor` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.QuantizeAndDequantizeV4Grad` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.TensorSummaryV2` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.DeleteSessionTensor` Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.StagePeek` Denial of Service Vulnerability in TensorFlow's Conv3DBackpropFilterV2 Implementation UnsortedSegmentJoin Denial of Service Vulnerability in TensorFlow Denial of Service Vulnerability in TensorFlow's SparseTensorToCSRSparseMatrix Implementation Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.LoadAndRemapMatrix` Denial of Service Vulnerability in TensorFlow's LSTMBlockCell Implementation Null pointer dereference vulnerability in TensorFlow's `tf.raw_ops.QuantizedConv2D` implementation Denial of Service Vulnerability in TensorFlow's tf.ragged.constant Implementation Integer Overflow Vulnerability in TensorFlow's `tf.raw_ops.SpaceToBatchND` Implementation Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.UnsortedSegmentJoin` Potential Segfault / Denial of Service Vulnerability in TensorFlow Null Pointer Dereference in TensorFlow's `tf.raw_ops.SparseTensorDenseAdd` Invalid Resource Handle Vulnerability in TensorFlow Eager Mode Incomplete Validation in TensorFlow's `tf.raw_ops.EditDistance` Allows Segmentation Fault Denial of Service Incorrect Logic in TensorFlow Assertion Macros for Comparing `size_t` and `int` Values GitHub Repository Privilege Escalation Vulnerability in notrinos/notrinoserp v0.7 and Earlier Vulnerability in TensorFlow 2.8.0: Poor Hash Function and ASAN Failures Vulnerability: Crash in TensorFlow's `tf.histogram_fixed_width` with `NaN` Values TFLite Model Converter Crash Vulnerability Vulnerability in TensorFlow's `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` Functions Open Redirect Vulnerability in NextAuth.js (next-auth) OAuth 1 Provider Implementation YAML Injection Vulnerability in RegionProtect Plugin Code Injection Vulnerability in TensorFlow's `saved_model_cli` Tool Vulnerability: Unrestricted Algorithm Selection in PyJWT Vulnerability: CDN Cache Replacement in RubyGems Allows for Malicious Package Upload Consensus Split Vulnerability in Lodestar Relative Path Traversal Vulnerability in dnnsoftware/dnn.platform prior to 9.11.0 Lack of GPG Key Verification in github-action-merge-dependabot Smarty Template Engine Remote Code Execution Vulnerability Insecure Certificate Handling in Pion DTLS Buffer Overflow in Azure RTOS USBX Host Stack Segmentation Fault Vulnerability in Envoy's GrpcHealthCheckerImpl Zip Bomb Vulnerability in Envoy Proxy Vulnerability: Insecure Access Token Validation in Envoy Proxy Use-after-free vulnerability in Envoy allows for remote code execution Vulnerability in Envoy Proxy: Memory Corruption via OAuth Filter Insecure Storage of Cryptographic Keys in CaSS Library NULL Pointer Dereference Vulnerability in vim/vim Arbitrary Script Execution in Hydrogen Storefronts Circumvention of Access Controls in BigBlueButton Allows Unauthorized Access to Public Chat Messages Circumvention of Access Controls in BigBlueButton Breakout Rooms Vulnerability: Unauthorized Chat Messages in BigBlueButton Information Disclosure Vulnerability in BigBlueButton Circumvention of Access Restrictions for Drawing on BigBlueButton Whiteboard Unauthorized File Import Vulnerability in Opencast Unintended Access to Hidden Files in Jupyter Notebook Server Stored Cross-site Scripting (XSS) Vulnerability in YetiForceCRM GitHub Repository Vulnerability: Scylla Database Uninitialized Memory Disclosure and Authentication Bypass Access Token Leakage in Jupyter Server Prior to Version 1.17.1 Buffer Overflow Vulnerability in GOST Engine with TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC Ciphersuite Improper Input-Size Validation in Nextcloud Server Allows Performance Impact Vulnerability: Ignored .gitignore and .npmignore Files in npm pack Command within Workspaces Insecure Private Key Generation in SSH.NET Library Buffer Overflow Vulnerability in Azure RTOS USBX DFU UPLOAD Functionality Vulnerability in Electron allows unauthorized access to `ipcRenderer` Vulnerability: Cookie Domain Mismatch in Guzzle HTTP Client Force Decryption Vulnerability in JavaEZ 1.6 Allows Unauthorized Access to Locked Text Stored Cross-site Scripting (XSS) vulnerability in GitHub repository appwrite/appwrite prior to 1.0.0-RC1 SQL Injection Vulnerability in GLPI Search Pages Cross-Site Scripting (XSS) Vulnerability in XWiki Platform Flamingo Theme UI Cross-Site Scripting (XSS) Vulnerability in XWiki Platform Wiki UI Main Wiki Arbitrary File Access Vulnerability in XWiki Platform Premature Completion of Payments Vulnerability in silverstripe-omnipay Double Evaluation Vulnerability in Vyper Smart Contract Language Arbitrary Command Injection Vulnerability in sharp (versions prior to 0.30.5) Malicious Code Injection through Electron Update Packages Cross-Site Scripting (XSS) Vulnerability in XWiki Platform Filter UI Arbitrary File and Folder Listing Vulnerability in Download Manager WordPress Plugin Buffer Overflow Vulnerability in Intel(R) Server Board BIOS Firmware Insecure Temporary File Handling in F5 BIG-IP APM and Clients Arbitrary Code Execution Vulnerability in coreboot 4.13-4.16 XML External Entity (XXE) Vulnerability in Apache NiFi Sensitive Information Leakage in APache APISIX jwt-auth Plugin HTML Injection Vulnerability in Nagios XI Schedule Report Function Insecure Password Requirements in notrinos/notrinoserp Repository Unauthenticated User Email Address Change Vulnerability in Nagios XI Arbitrary Downtime Scheduling Vulnerability in Nagios XI Open Redirect Vulnerability in Nagios XI Login Function Cross-Site Scripting (XSS) Vulnerability in pfSense CE and pfSense Plus WebGUI via URL Table Alias URL Parameters Untrusted Input Vulnerability in UsbCoreDxe Allows Memory Tampering Untrusted Input Vulnerability in SMI Functions of AhciBusDxe Leading to SMRAM Corruption Arbitrary RAM Modification Vulnerability in FwBlockServiceSmm Driver Vulnerability: Incorrect Pointer Checks in NvmExpressDxe Driver Allow Tampering with SMRAM and OS Memory Untrusted Pointer Vulnerability in SdHostDriver and SdMmcDevice Allows Tampering with SMRAM and OS Memory Unbounded Reference Count Overflow in ISC DHCP Server Vulnerability: Improper Validation of File URI Scheme Allows Execution of Arbitrary Programs Pexip Infinity 27 before 28.0 Vulnerability: Excessive Resource Consumption and Termination due to Registrar Resource Mishandling Insecure Direct Object Reference vulnerability in Kentico CMS allows unauthorized user data export Denial of Service Vulnerability in ISC DHCP Server Reflected XSS Vulnerability in Avantune Genialcloud ProJ - 10 Login Portal Directory Traversal Vulnerability in SolarView Compact ver.6.00 Unverified Password Change Vulnerability in OctoPrint Repository Local File Disclosure Vulnerability in SolarView Compact ver.6.00 via /html/Solar_Ftp.php Command Injection Vulnerability in SolarView Compact ver.6.00 via conf_mail.php SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 Blind SQL Injection Vulnerability in imgurl v2.31 via /upload/localhost SQL Injection Vulnerability in IonizeCMS v1.0.8.1 via id_page Parameter Command Injection Vulnerability in IonizeCMS v1.0.8.1 via copy_lang_content Function Server-Side Request Forgery Vulnerability Detected in mysiteforme v2.2.1 GitLab CE/EE Vulnerability: Denial of Service (DoS) via Malformed Issue Description CSV Injection Vulnerability in Invicti Acunetix SQL Injection Vulnerability in Complete Online Job Search System v1.0 via /eris/index.php?q=result&searchfor=advancesearch SQL Injection Vulnerabilities in Simple Bus Ticket Booking System v1.0 Arbitrary File Upload Vulnerability in Car Rental Management System v1.0 New Entry Module Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository bustle/mobiledoc-kit prior to 0.14.2 Unquoted Service Path Privilege Escalation in MiniTool Partition Wizard v12.0 Stack Overflow Vulnerability in D-Link DIR-816 A2_v1.10CNB04 via lanip Parameter Stack Overflow Vulnerability in D-Link DIR-816 A2_v1.10CNB04 Router Stack Overflow Vulnerability in D-Link DIR-816 A2_v1.10CNB04 via MAC Parameter in /goform/editassignment Stack Overflow Vulnerability in D-Link DIR-816 A2_v1.10CNB04 via /goform/form2IPQoSTcAdd Stack Overflow Vulnerability in D-Link DIR-816 A2_v1.10CNB04 via addurlfilter Parameter Stack Overflow Vulnerability in D-Link DIR-816 A2_v1.10CNB04 Router Stack Overflow Vulnerability in D-Link DIR-816 A2_v1.10CNB04 via urladd Parameter Stack Overflow Vulnerability in D-Link DAP-1330_OSS-firmware_1.00b21 via checkvalidupgrade Function Heap Overflow Vulnerability in D-Link DAP-1330_OSS-firmware_1.00b21 via devicename Parameter Cross-Site Request Forgery Vulnerability in 0mk Shortener WordPress Plugin Unrestricted Access to PJSIP and SIP Extension Credentials and Voicemail Files in Telesoft VitalPBX Directory Traversal Vulnerability in D-LINK DIR-825 AC1200 R2 Router Privilege Escalation Vulnerability in CyberLink Power Director v14 Session Replay Vulnerability in H v1.0 Allows Authentication Bypass Command Injection Vulnerability in C-DATA FD702XW-X-R430 v2.1.13_X001 Denial of Service Vulnerability in GPAC 2.1-DEV-rev87-g053aae8-master Stored Cross-Site Scripting Vulnerability in Beaver Builder WordPress Page Builder Null Pointer Dereference Vulnerability in gf_isom_parse_movie_boxes_internal Arbitrary File Upload Vulnerability in Web@rchiv 1.0 Allows Remote Command Execution Cross-Site Scripting (XSS) Vulnerability in kkFileView v4.0.0 via url Parameter Stored Cross-Site Scripting Vulnerability in Image Hover Effects Ultimate Plugin for WordPress Arbitrary Code Execution via Crafted SVG File Upload in Tiddlywiki5 v5.2.2 Arbitrary Code Execution via Crafted Filename in Graphql-upload v13.0.0 Arbitrary Code Execution via File Upload in Keystone v4.2.1 Integer Overflow in epub2txt2 v2.04 via _parse_special_tag Function in sxmlc.c Stored XSS Vulnerability in School Club Application System v0.1 Stored Cross-Site Scripting Vulnerability in Image Hover Effects Ultimate Plugin for WordPress XSS Vulnerability in RainLoop Email Viewer HTTP Request Smuggling Vulnerability in Pallets Werkzeug v2.1.0 and Below ZKEACMS v3.5.2 Cross-Site Scripting (XSS) Vulnerability in /navigation/create?ParentID=%23 Deserialization Vulnerability in Phpok v6.1 Allows Arbitrary File Writing Out-of-Bounds Read Vulnerability in fxUint8Getter Function in xsDataView.c Segmentation Violation Vulnerability in Nginx NJS v0.7.2 Stored Cross-Site Scripting Vulnerability in Image Hover Effects Ultimate Plugin for WordPress Insecure Permissions in Xampp for Windows v8.1.4 and Below: Arbitrary Code Execution Vulnerability Stack Overflow Vulnerability in Totolink A3600R V4.1.2cu.5182_B20201102's fread Function at infostat.cgi Stack Overflow Vulnerability in Nginx NJS v0.7.3 Linux Kernel Pressure Stall Information Vulnerability Stored XSS Vulnerability in Academy-LMS v4.3 SEO Panel SQL Injection Vulnerability in NETGEAR ProSafe SSL VPN Firmware Vulnerability Title: User Enumeration Vulnerability in WP Cerber Security Plugin Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via Comment Parameter in FUN_004200c8 Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via Comment Parameter in FUN_00418c24 Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via Comment Parameter in FUN_004192cc Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via macAddress Parameter in FUN_0041b448 Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via apcliKey Parameter in FUN_0041bac4 Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via Comment Parameter in FUN_00418f10 Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via Comment Parameter in FUN_004196c8 Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via File Parameter in FUN_0041309c Stack Overflow Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 via URL Parameter in FUN_00415bf0 Insecure UART Console Protection in TP-Link TL-WR840N EU v6.20 Unbounded Input Size Denial of Service Vulnerability in Apache HTTP Server 2.4.53 and Earlier User Password Reset Vulnerability in Apache Archiva 2.2.7 and earlier Stored Cross-Site Scripting (XSS) Vulnerabilities in DynamicWebLab's WordPress Team Manager Plugin <= 1.6.9 Persistent Cross-Site Scripting (XSS) Vulnerability in Vsourz Digital's Advanced Contact Form 7 DB Plugin <= 1.8.7 for WordPress Stored Cross-Site Scripting Vulnerabilities in WP-UserOnline Plugin for WordPress Authenticated SQL Injection Vulnerability in Mufeng's Hermit 音乐播放器 Plugin <= 3.1.6 on WordPress SQL Injection Vulnerability in Mufeng's Hermit 音乐播放器 Plugin <= 3.1.6 on WordPress CSRF Vulnerabilities in Hermit 音乐播放器 Plugin Allow Unauthorized Actions CSRF and Stored XSS Vulnerability in Mufeng's Hermit 音乐播放器 Plugin <= 3.1.6 on WordPress via &title Parameter Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in WPKube's Subscribe To Comments Reloaded Plugin on WordPress Unauthenticated Reflected XSS Vulnerability in Ravpage Plugin for WordPress Unauthenticated Reflected XSS Vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 ShortPixel Adaptive Images Plugin <= 3.3.1 WordPress Vulnerability: Unauthorized Plugin Settings Modification Authenticated Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode Plugin <= 1.0.0 on WordPress Critical SQL Injection Vulnerability in Don Crowther's 3xSocializer Plugin for WordPress Authenticated Stored XSS in Adam Skaat's Countdown & Clock Plugin <= 2.3.2 at WordPress Reflected XSS Vulnerability in Adam Skaat's Countdown & Clock Plugin on WordPress via &ycd_type Parameter Persistent Cross-Site Scripting (XSS) Vulnerabilities in Adam Skaat's Countdown & Clock Plugin <= 2.3.2 at WordPress Pro Features Lock Bypass Vulnerability in Countdown & Clock Plugin <= 2.3.2 for WordPress Authenticated Reflected XSS Vulnerability in Image Hover Effects Ultimate Plugin <= 9.7.1 for WordPress WP Wham's Checkout Files Upload for WooCommerce Plugin XSS Vulnerability Authenticated Reflected XSS Vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J Plugin <= 1.3.54 for WordPress CSRF Vulnerability in Disable Right Click For WP Plugin <= 1.1.6 Muneeb's WP Slider Plugin <= 1.4.5 Cross-Site Scripting (XSS) Vulnerability Title: Cross-Site Request Forgery (CSRF) Leads to Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Extended Plugin <= 1.4.7 on WordPress Arbitrary File Reading Vulnerability in WordPress Infinite Scroll – Ajax Load More Plugin Cross-Site Scripting (XSS) Vulnerability in KubiQ's PNG to JPG Plugin <= 4.0 at WordPress CSRF Vulnerability in KubiQ CPT Base Plugin Allows Deletion of CPT Base Persistent Cross-Site Scripting (XSS) Vulnerabilities in TMS-Plugins wpDataTables Plugin <= 2.1.27 on WordPress Authenticated Cross-Site Scripting (XSS) Vulnerability in Donations Plugin <= 1.8 on WordPress IDOR Vulnerability in Spiffy Calendar Plugin Allows Unauthorized Event Manipulation CSRF Vulnerability in Code Snippets Extended Plugin Allows Unauthorized Snippet Manipulation Persistent Cross-Site Scripting (XSS) Vulnerability in Code Snippets Extended Plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Image Slider by NextCode Plugin <= 1.1.2 for WordPress Authenticated Persistent XSS Vulnerability in Image Slider by NextCode Plugin <= 1.1.2 for WordPress CSRF Vulnerability in Image Slider by NextCode Plugin Allows Unauthorized Slide Deletion Promotion Slider Plugin <= 3.3.4 Authenticated Stored XSS Vulnerabilities CSRF Vulnerability in Private Messages For WordPress Plugin Allows Unauthorized Message Sending Stored Cross-Site Scripting (XSS) Vulnerability in Messages For WordPress Plugin Nicdark's Hotel Booking Plugin <= 3.0 WordPress Multiple Authenticated Stored XSS Vulnerabilities Cross-Site Scripting (XSS) Vulnerability in Cloudways Breeze Plugin <= 2.0.2 Allows Unauthorized Settings Modification Wow-Company's Popup Box Plugin <= 2.1.2 Authenticated Local File Inclusion (LFI) Vulnerability Wow-Company's Counter Box Plugin <= 1.1.1 Authenticated Local File Inclusion (LFI) Vulnerability Title: Authenticated Local File Inclusion (LFI) Vulnerability in Wow-Company's Hover Effects Plugin <= 2.1 for WordPress Title: Authenticated Local File Inclusion (LFI) Vulnerability in Wow-Company's Herd Effects Plugin <= 5.2 for WordPress Opal Hotel Room Booking Plugin <= 1.2.7 Authenticated Stored XSS Vulnerability Directory Traversal Vulnerability in WordPress Infinite Scroll – Ajax Load More Plugin Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Admin Management Xtended Plugin <= 2.4.4 for WordPress Arbitrary File Upload Vulnerability in Rara One Click Demo Import Plugin Allows CSRF Attack Title: Authenticated Stored XSS Vulnerability in Export All URLs Plugin <= 4.1 for WordPress CSRF Vulnerability in Google Maps Plugin Allows Unauthorized API Key Update CSRF Vulnerability in WordPlus Better Messages Plugin Allows File Upload Elementor Website Builder Plugin <= 3.5.5: DOM-based Reflected XSS Vulnerability NTLM Hash Disclosure Vulnerability in Zoho ManageEngine Suite Out-of-Bounds Read and Segmentation Violation in ncurses 6.3 Critical Use After Free Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Unrestricted File Upload Vulnerability in WSO2 Products Accusoft ImageGear 20.0 PSD Header Out-of-Bounds Write Vulnerability Denial of Service Vulnerability in Intel(R) SPS Firmware Cybozu Garoon Address Information Disclosure Vulnerability CSRF Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Allows Privilege Escalation Memory Corruption Vulnerability in Altair HyperView Player versions 2021.1.0.27 and prior Improper Access Control in Intel® DTT Software Allows Privilege Escalation Bulletin of Cybozu Garoon - Remote Authenticated Data Leakage Vulnerability OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z Undisclosed Response Vulnerability in F5 BIG-IP Directory Traversal Vulnerability in F5 BIG-IP iControl SOAP XFINDER Functionality Information Disclosure Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z Unauthenticated Stored XSS Vulnerability in 8 Degree Themes Notification Bar Plugin for WordPress Authentication Bypass Vulnerability in Abode Systems iota All-In-One Security Kit IPv6 Self IP Address Vulnerability Heap-Based Buffer Overflow Vulnerability in GE CIMPICITY Versions 2022 and Prior CPU Resource Utilization Vulnerability in F5 BIG-IP Versions Prior to 13.1.5 InHand Networks InRouter302 V3.5.45 Debug Code Vulnerability Improper Server Certificate Verification in 'Mobaoku-Auction&Flea Market' iOS App (Versions prior to 5.5.16) ABB e-Design Incorrect Default Permissions Vulnerability Space Data Deletion Vulnerability in Cybozu Garoon 4.0.0 to 5.9.0 Arbitrary Script Injection Vulnerability in SHIRASAGI v1.0.0 to v1.14.2 and v1.15.0 Hyperscan Library Buffer Restriction Vulnerability Arbitrary Script Injection Vulnerability in Cybozu Office 10.0.0 to 10.8.5 Uninitialized Pointer Out-of-Bounds Read Vulnerability CSRF Vulnerability in Sucuri Security Plugin Allows Unauthorized Event Log Entry Creation Uninitialized Memory Vulnerability in Altair HyperView Player Improper Authorization Vulnerability in Hitachi Energy MicroSCADA X SYS600 F5 BIG-IP LTM, Advanced WAF, ASM, or APM Virtual Server Termination Vulnerability Denial-of-Service Vulnerability in Hitachi Energy MicroSCADA X SYS600 and MicroSCADA Pro SYS600 Uncaught Exception Vulnerability in Intel Integrated BMC Webserver Denial of Service Vulnerability in OpenBMC Firmware for Intel Platforms CSRF Vulnerability in Sygnoos Popup Builder Plugin Allows Unauthorized Settings Update Stack-based Buffer Overflow in BlynkConsole.h runCommand Functionality Blazer before 2.6.0 SQL Injection Vulnerability Remote Code Execution Vulnerability in Mitel MiVoice Connect Service Appliance Component Uninitialized Memory Vulnerability in Altair HyperView Player Incorrect Access Control in SchedMD Slurm 21.08.x through 20.11.x: Information Disclosure Vulnerability Escalation of Privileges and Code Execution in SchedMD Slurm 21.08.x through 20.11.x Escalation of Privileges in SchedMD Slurm 21.08.x through 20.11.x due to Incorrect Access Control Memory Corruption Vulnerability in libpthread Linuxthreads Functionality of uClibC and uClibC-ng DLL Injection Vulnerability in LINE for Windows before 7.8 Out-of-bounds Read Vulnerability in V-SFT Graphic Editor Credential Exposure in Intel(R) Team Blue Mobile Application Null Pointer Dereference Vulnerability in Intel(R) VROC Software Arbitrary File Viewing Vulnerability in T&D Data Server and THERMO RECORDER DATA SERVER Improper Validation of Array Index Vulnerability in Altair HyperView Player Buffer Overflow Vulnerability in Intel(R) Server Board M10JNP2SB BIOS Firmware Directory Traversal Vulnerability in Lansweeper 10.1.1.0: Arbitrary File Read via KnowledgebasePageActions.aspx ImportArticles Functionality Unauthorized Access to Sensitive Information in Cybozu Garoon Applications Arbitrary Script Execution Vulnerability in Cybozu Garoon Scheduler Improper Access Control in Intel(R) SUR Software: Potential Privilege Escalation via Network Access Denial of Service Vulnerability in Intel(R) SPS Firmware Arbitrary OS Command Execution Vulnerability in FUJITSU Network IPCOM Series Web Console Arbitrary File Upload Vulnerability in Lansweeper HelpdeskActions.aspx Edittemplate Functionality Authentication Bypass Vulnerability in Screen Creator Advance2, HMI GC-A2 Series, and Real Time Remote Monitoring and Control Tool Cleartext Transmission of Sensitive Information Vulnerability in STARDOM FCN and FCJ Controllers Arbitrary Code Execution Vulnerability in GE CIMPICITY Versions 2022 and Prior OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9Z V-SFT Graphic Editor 'Simulator Module' Use After Free Vulnerability Denial of Service Vulnerability in Intel Open CAS Software Out-of-Bounds Write Vulnerability in V-Server and V-Server Lite: Arbitrary Code Execution via Crafted Image File Hard-coded Credential Vulnerability in Rakuten Casa Version AP_F_V1_4_1 and AP_F_V2_0_0 Incorrect Privilege Assignment in Faccessat Function Privilege Escalation via World-Writable Sudoers File in Amazon AWS amazon-ssm-agent PHAR Deserialization Vulnerability in MISP Stored XSS via LinOTP Login Field in MISP Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0 Stored XSS Vulnerability in MISP Galaxy Clusters Stored XSS in MISP Event Graph via Tag Name Cross-Site Scripting (XSS) Vulnerability in MISP 2.4.158 Cross-Site Scripting (XSS) Vulnerability in MISP OrganisationsController.php Bypassing Password Confirmation in MISP UsersController.php via Accept: application/json Header SQL Injection Vulnerability in Zoho ManageEngine OPManager through 125588 via Default Reports Buffer Overflow Vulnerability in GNOME Epiphany Heap-Based Buffer Over-Read Vulnerability in GPAC 2.0.0 Improper Access Control in RESI Gemini-Net Web 4.2 Allows Unauthenticated Access to Critical Resources OS Command Injection in RESI Gemini-Net 4.2 Multiple XSS Vulnerabilities in RESI Gemini-Net 4.2 Denial of Service Vulnerability in HtmlUnit NekoHtml Parser (Versions before 2.61.0) Unauthorised User Edit Vulnerability in CreateRedirect Extension for MediaWiki Reflected XSS vulnerability in WSO2 Management Console Privilege Escalation Vulnerability in Qualys Cloud Agent 4.8.0-49 Potential Credential Exposure in Qualys Cloud Agent 4.8.0-49 Cross-Origin Websocket Hijacking in Northern.tech Mender Enterprise before 3.2.2 SSRF Vulnerability in Northern.tech Mender Enterprise 1.0.0 CSRF Vulnerability in LexisNexis Firco Compliance Link 3.7 Command Injection Vulnerability in Realtek rtl819x-SDK before v3.6.1 Cross-Site Scripting (XSS) Vulnerability in ConsoleTVs Noxen Command Injection Vulnerability in RUGGEDCOM ROX Series (All versions < 2.15.1) Title: Cross-Site Request Forgery Vulnerability in RUGGEDCOM ROX and RX Series Devices (Versions < V2.16.0) Title: Unauthenticated Remote Attackers Can Cause Controlled Function Failures in RUGGEDCOM ROX and RX Series (All versions < V2.16.0) Jamf Private Access Incorrect Access Control Vulnerability (WND-44801) The Frozen Heart: A Vulnerability in Bulletproofs' Fiat-Shamir Generation Information Disclosure Vulnerability in Vaadin TreeGrid Component Critical SQL Injection Vulnerability in SourceCodester Simple and Nice Shopping Cart Script (VDB-207001) XSS Vulnerability via HTML Tag Smuggling in OWASP AntiSamy (CVE-2022-28367) Information Disclosure Vulnerability in Meridian Cooperative Utility Software Versions 22.02 and 22.03 SQL Injection Vulnerability in BadgeOS WordPress Plugin Path Traversal Vulnerability in Android Google Search App Improper Update of Reference Count Vulnerability in Linux Kernel's net/sched Allows Privilege Escalation to Root Race condition vulnerability in io_uring timeouts in Linux kernel before 5.17.3 Potential vulnerability in service_windows.go: Omission of Quoting for Windows Service Executable Stored XSS Vulnerability in Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 with Embedly CSS Class Isolated Institutions Vulnerability: Group Results List Exposure Sandbox Escape Vulnerability in Konica Minolta bizhub MFP Devices Root-level access vulnerability in Konica Minolta bizhub MFP devices' internal Chromium browser Clear-text Password Storage Vulnerability in Konica Minolta bizhub MFP Devices Cross-Site Scripting (XSS) Vulnerability in Crypt Server before 3.3.0 Race Condition in Linux Kernel's Watch Queue: Privilege Escalation Vulnerability Critical Buffer Overflow Vulnerability in Tenda TX9 Pro 22.03.02.10 Devices: SetNetControlList OS Command Injection Vulnerability in Tenda TX9 Pro 22.03.02.10 Devices Unauthenticated HTTP Post Replay Vulnerability in Dingtian DT-R002 2CH Relay Devices Weak File Permissions in eG Agent 7.2 Allow Privilege Escalation to SYSTEM Authentication Bypass Vulnerability in MicroStrategy Enterprise Manager 2022 Local File Inclusion (LFI) Vulnerability in Solutions Atlantic Regulatory Reporting System (RRS) v500 Reflected Cross-Site Scripting (XSS) Vulnerability in Solutions Atlantic Regulatory Reporting System (RRS) v500 Shell Injection Vulnerability in Apache Maven maven-shared-utils (CVE-2021-26291) SQL Injection Vulnerability in TYPO3 oelib Extension SQL Injection Vulnerability in TYPO3 Seminar Manager Extension Cross-Site Scripting (XSS) Vulnerability in gridelements TYPO3 Extension SQL Injection Vulnerability in UniverSIS UniverSIS-API through 1.2.1 via $select Parameter Case Sensitivity Vulnerability in ONOS 2.5.1 Misleading Handling of IPv6 Capability in ONOS 2.5.1 Misleading CORRUPT State in ONOS 2.5.1 due to Improper Handling of Large Port Numbers Misleading State Handling in ONOS 2.5.1 for Same Source and Destination Intent Network Loop Vulnerability in ONOS 2.5.1 Misleading State Handling in ONOS 2.5.1 for Same Source-Destination Intents Race condition vulnerability in Linux kernel's PLP Rose functionality allows local privilege escalation Stored Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Application Server ABAP Privilege Escalation Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform SAP NetWeaver, ABAP Platform, and SAP Host Agent Information Disclosure Vulnerability Insufficient Input Validation in SAP Employee Self Service Allows Unauthorized Access to Personal Information SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform, and HANA Database Privilege Escalation Vulnerability Vulnerability: Log4j version 1.x in SAP NetWeaver Developer Studio (NWDS) 7.50 Memory Corruption Vulnerability in SAP Host Agent, SAP NetWeaver, and ABAP Platform Improper Error Handling in CLA Assistant Allows Authenticated Users to Crash Instance Insufficient Input Validation in SAP NetWeaver Development Infrastructure Allows Script Injection and Code Execution Privilege Escalation Vulnerability in SAP BusinessObjects Business Intelligence Platform 4.x Tulip Device Emulation DMA Reentrancy Vulnerability FileZilla v3.59.0: Cleartext Password Exposure via Memory Dump Arbitrary File Upload Vulnerability in Formidable v3.1.4 Arbitrary Code Execution via Crafted PDF File Upload in Connect-Multiparty v2.2.0 Arbitrary Code Execution via File Upload in TPCMS v3.2 IDOR Vulnerability in Online Market Place Site v1.0 Enables Unauthorized Product Modification Cross-Site Scripting (XSS) Vulnerability in Online Market Place Site v1.0 Memory Leak Bug in Jasper's cmdopts_parse Function: Potential Crash or Segmentation Fault Vulnerability CLRF Injection Vulnerabilities in Jodd HTTP v6.0.9: Enabling Server-Side Request Forgery (SSRF) Arbitrary Code Execution via File Upload in Roncoo Education v9.0.0 Linglong v1.0 Access Control Vulnerability Arbitrary Command Execution via Crafted Zip File Upload in Mindoc v2.1-beta.5 Stack Overflow Vulnerability in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 via setIpQosRules Comment Parameter Command Injection Vulnerability in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 Vulnerability in Linux Kernel's ASIX AX88179_178A-based USB Ethernet Driver: Out-of-Bounds Read and Write Flaws Stack Overflow Vulnerability in TOTOLINK A3100R Router: Denial of Service via Crafted POST Request Stack Overflow Vulnerability in TOTOLINK A3100R Router (Versions V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129) via setParentalRules Function Stack Overflow Vulnerability in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 via setUrlFilterRules Function Stack Overflow Vulnerability in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 via macAddress Parameter in setMacQos Function Hard Coded Telnet Password Vulnerability in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 Hard Coded Root Password Vulnerability in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 Access Control Bypass Vulnerability in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 CSRF Vulnerability in MCMS 5.2.7 Allows Unauthorized Administrator Account Creation XSS Vulnerability in Jfinal CMS v5.1.0 via Crafted X-Forwarded-For Request Cross-Site Scripting (XSS) Vulnerability in Qsmart Next v4.1.2 GitHub Repository notrinos/notrinoserp Prior to 0.7: Improper Restriction of Rendered UI Layers or Frames Vulnerability SQL Injection Vulnerability in Online Food Ordering System v1.0 Arbitrary File Upload Vulnerability in Online Food Ordering System v1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 Cross-Site Scripting (XSS) Vulnerability in OFCMS v1.1.4 via /admin/comn/service/update.json Buffer Overflow Vulnerability in quote_for_pmake in asm/nasm.c in NASM before 2.15.05: Denial of Service Exploit Arbitrary File Upload Vulnerability in Wedding Management System v1.0's Upload Photos Module SQL Injection Vulnerability in Wedding Management System v1.0 SQL Injection Vulnerability in Responsive Online Blog v1.0 via id Parameter at single.php Critical Out-of-bounds Read Vulnerability in Delta Electronics DOPSoft SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 SQL Injection Vulnerability in CSCMS Music Portal System v4.2 SQL Injection Vulnerability in CSCMS Music Portal System v4.2 SQL Injection Vulnerability in CSCMS Music Portal System v4.2 SQL Injection Vulnerability in CSCMS Music Portal System v4.2 SQL Injection Vulnerability in CSCMS Music Portal System v4.2 SQL Injection Vulnerability in CSCMS Music Portal System v4.2 via /admin.php/pic/admin/pic/hy SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Insecure Credential Protection in Prosys OPC UA Simulation Server and UA Modbus Server SQL Injection Vulnerability in CSCMS Music Portal System v4.2 SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Blind SQL Injection Vulnerability in CSCMS Music Portal System v4.2 Path Traversal Vulnerability in Delta Industrial Automation DIALink Use-After-Free Vulnerability in Unicorn Engine v1.0.3 via Hook Function Memory Leak Vulnerability in Unicorn Engine v2.0.0-rc7 and below NULL Pointer Dereference Vulnerability in Unicorn Engine v2.0.0-rc7 and below via qemu_ram_free Memory Leaks in Unicorn Engine v2.0.0-rc7 Due to Incomplete Initialization Unsanitized Input in libIEC61850 Allows Remote Code Execution Zammad v5.1.0 Password Length DoS Vulnerability Denial of Service (DoS) Vulnerability in Zammad v5.1.0 'Forgot Password' Feature BrowsBox CMS v4.0 SQL Injection Vulnerability Multiple SQL Injection Vulnerabilities in CommuniLink Internet Limited CLink Office v2.0 Incompatible Type Vulnerability in libIEC61850 Allows Server Crash Cross-Site Scripting (XSS) Vulnerability in LimeSurvey v5.3.9 and Below via Crafted Plugin in uploadConfirm.php Cross-Site Scripting (XSS) Vulnerability in LibreNMS v22.3.0 via /Table/GraylogController.php Multiple Command Injection Vulnerabilities in LibreNMS v22.3.0 Caddy v2.4 Open Redirect Vulnerability Stack-Based Buffer Overflow in MZ Automation's libIEC61850 Arbitrary File Read Vulnerability in 74cmsSE v3.5.1 via \index\controller\Download.php SQL Injection Vulnerability in 74cmsSE v3.5.1 via Keyword Parameter at /home/jobfairol/resumelist Arbitrary Code Execution through Image Upload in wityCMS v0.6.2 Stored XSS Vulnerability in Survey Sparrow Enterprise Survey Software 2022 Reflected Cross-Site Scripting (XSS) Vulnerability in Survey Sparrow Enterprise Survey Software 2022 Weak Default Admin Password Generation Algorithm in Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 NULL Pointer Dereference Vulnerability in libIEC61850 Hard-coded Credentials in USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 Access Control Vulnerability in ICT Protege GX/WX 2.08: Leakage of SHA1 Password Hashes Cross-Site Scripting (XSS) Vulnerability in Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 via Username Parameter Cleartext Transmission and Storage of Sensitive Information in Delta Controls enteliTOUCH Cross-Site Scripting (XSS) Vulnerability in ICT Protege GX/WX v2.08 via Crafted Name Parameter Arbitrary Command Execution Vulnerability in Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 SQL Injection Vulnerability in Money Transfer Management System 1.0 SQL Injection Vulnerability in Money Transfer Management System 1.0 SQL Injection Vulnerability in Money Transfer Management System 1.0 via delete_fee Function SQL Injection Vulnerability in Money Transfer Management System 1.0 via delete_transaction Function SQL Injection Vulnerability in Money Transfer Management System 1.0 via /mtms/classes/Users.php?f=delete SQL Injection Vulnerability in Simple Client Management System 1.0 via /cms/admin/?page=invoice/manage_invoice&id= SQL Injection Vulnerability in Simple Client Management System 1.0 SQL Injection Vulnerability in Simple Client Management System 1.0 via /cms/classes/Master.php?f=delete_invoice Avaya Aura Application Enablement Services Web Application Weak Permissions Vulnerability SQL Injection Vulnerability in Simple Client Management System 1.0 SQL Injection Vulnerability in Simple Client Management System 1.0 Denial of Service (DoS) Vulnerability in adbyby v2.7 via Port 8118 Use-after-free vulnerability in Linux kernel implementation of proxied virtualized TPM devices Stored Cross-Site Scripting (XSS) Vulnerability in XXL-Job v2.3.0 via /xxl-job-admin/jobinfo Arbitrary Scope Access Vulnerability in AlekSIS-Core v2.8.1 and below Remote Command Execution Vulnerability in iSpy v7.2.2.0 via Path Traversal Authentication Bypass Vulnerability in iSpyConnect iSpy v7.2.2.0 Stack Overflow Vulnerability in Onlyoffice Document Server and Core Components Heap Overflow Vulnerability in Onlyoffice Document Server and Core Components Arbitrary Code Execution Vulnerability in D-Link DIR-890L 1.20b01 Segmentation Violation Vulnerability in Nginx NJS v0.7.2 Use-after-free vulnerability in Linux kernel NILFS file system allows local privilege escalation Segmentation Violation Vulnerability in Nginx NJS v0.7.2 Information Leak in PublicCMS V4.0.202204.a and below via SysConfigDataDirective.java NULL Pointer Dereference Vulnerability in libmobi v0.10: Denial of Service via Crafted mobi File HiAIserver Vulnerability: Exploiting Model Property Verification for AI Service Disruption Memory Reference Leak Vulnerability Vulnerability in Graphics Acceleration Service Allows for Database Access and Service Exceptions Vulnerability in HiAIserver's Weight Verification Poses Risk to AI Services Vulnerability in Chip Component Exposes CPU Serial Numbers, Posing Data Confidentiality Risk Activation Lock Configuration Defect: A Threat to Application Availability Critical Use After Free (UAF) Vulnerability in Frame Scheduling Module Null Pointer Dereference Vulnerability in Frame Scheduling Module Affects Kernel Availability Vulnerability in Weight Verification of HiAIserver Impacts AI Services CV81-WDM FW 01.70.49.29.46 Buffer Overflow Vulnerability: Privilege Escalation Risk CV81-WDM FW Denial of Service Vulnerability Directory Traversal Vulnerability in networkd-dispatcher NULL Pointer Dereference Vulnerability in vim/vim TOCTOU Race Condition Vulnerability in networkd-dispatcher Allows Script Replacement XML External Entity Injection (XXE) Vulnerability in Teamcenter V12.4 and V13.0 Directory Traversal Vulnerability in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows Java Deserialization Vulnerability in Fishbowl Server: Remote Code Execution via Crafted XML Payload Remote Code Execution in ZoneMinder before 1.36.13 via Invalid Language and Arbitrary Debug Log Pathname Remote Code Execution Vulnerability in Quest KACE Systems Management Appliance (SMA) through 12.0 via download_agent_installer.php Predictable Token Generation Vulnerability in Quest KACE Systems Management Appliance (SMA) through 12.0 Arbitrary File Download Vulnerability in Download Monitor WordPress Plugin Insecure URL Query Parameter Handling in Hashicorp go-getter Library Stored XSS Vulnerability in JetBrains Hub via Project Icon Insufficient Notification Mechanisms for Unicode Directionality Formatting Characters in JetBrains IntelliJ IDEA Local Code Execution Vulnerability in JetBrains IntelliJ IDEA via Custom Pandoc Path Local Code Execution Vulnerability in JetBrains IntelliJ IDEA via HTML Descriptions in Custom JSON Schemas Local Code Execution via Workspace Settings in JetBrains IntelliJ IDEA (Before 2022.1) HTML Injection Vulnerability in JetBrains IntelliJ IDEA (before 2022.1) Reflected XSS Vulnerability in JetBrains IntelliJ IDEA's Internal Web Server (pre-2022.1) Flawed Origin Checks in JetBrains IntelliJ IDEA's Internal Web Server Local Code Execution via Links in Quick Documentation in JetBrains IntelliJ IDEA GitHub Repository vim/vim: Use After Free Vulnerability Debugger Port Exposure Vulnerability in JetBrains PyCharm (pre-2022.1) Local Code Execution via Links in ReSharper Quick Documentation in JetBrains Rider (before 2022.1) Feathers.js Library SQL Injection Vulnerability Insecure Recursive Logic in Feather-Sequalize cleanQuery Method Leads to Remote Code Execution Integer Overflow Vulnerability in libxml2 and libxslt Hard-coded Password Vulnerability in Mitsubishi Electric GX Works3 and GT Designer3: Unauthorized Access and Information Disclosure Cleartext Storage of Sensitive Information Vulnerability in Mitsubishi Electric GX Works3 and Motion Control Setting Software Hard-coded Cryptographic Key Vulnerability in Mitsubishi Electric GX Works3: Unauthorized Access and Information Disclosure Hard-coded Cryptographic Key Vulnerability in Mitsubishi Electric GX Works3: Unauthorized Access and Information Disclosure Hard-coded Cryptographic Key Vulnerability in Mitsubishi Electric Software Cross-Site Scripting (XSS) Vulnerability in Salat Times WordPress Plugin Hard-coded Cryptographic Key Vulnerability in Mitsubishi Electric GX Works3 and Motion Control Setting Software Hard-coded Password Vulnerability in Mitsubishi Electric Corporation GX Works3: Unauthorized Access to MELSEC Safety CPU Project Files Cleartext Storage of Sensitive Information in Memory Vulnerability in Mitsubishi Electric Corporation Software Unauthenticated Access to MELSEC Safety CPU Modules in Mitsubishi Electric Corporation GX Works3 Path Traversal Vulnerability in ICONICS GENESIS64 Allows Unauthorized File Access Insecure SHA-1 Hashing Algorithm Used in WD Discovery Software Path Traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi Devices Path Traversal Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi Allows Code Execution Insecure Direct Access Vulnerability in Western Digital My Cloud Devices Insecure Credential Storage Vulnerability in Western Digital My Cloud Remote Backups Application JPG Driver Out of Bounds Write Vulnerability: Local Denial of Service in Kernel Addressed SSRF Vulnerability in Western Digital My Cloud OS 5 Devices Command Injection Vulnerability in Western Digital My Cloud OS 5 Devices Command Injection Vulnerability in Western Digital My Cloud OS 5 Devices Root-level command injection vulnerability in Western Digital My Cloud OS 5 devices Arbitrary File Read and Write Vulnerability in Western Digital My Cloud OS 5 Devices Local File Disclosure Vulnerability in Ipswitch WhatsUp Gold Unauthenticated Information Disclosure Vulnerability in Ipswitch WhatsUp Gold Unauthenticated API Relay Vulnerability in Ipswitch WhatsUp Gold Authenticated User API Transaction Vulnerability in Ipswitch WhatsUp Gold Privilege Escalation Vulnerability in Insecure SUID Binaries of Progress OpenEdge Application Music Service Vulnerability: Elevation of Privilege in Contacts Service Persistent Compromise Vulnerability in Lexmark Products OS Command Injection in OX App Suite through 7.10.6 via Disguised EPS to PDF Conversion Cross-Site Scripting (XSS) Vulnerability in OX App Suite 8.2 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 8.2 Root Access Vulnerability in Mitel 6900 Series IP Phones Mitel SIP Phone Unauthorized Root Access Vulnerability Hardcoded Cryptographic Key Vulnerability in Automation360 22 Improper Access Control in Silverstripe Silverstripe/Assets (<=1.10): Unauthorized Publication of Protected Images DHCP Packet Data Structure Mishandling Vulnerability in ambiot amb1_sdk CSRF Risk in Enabling and Disabling Installed H5P Libraries Infinite Loop Vulnerability in OPC UA .NET Standard Stack 1.04.368 Remote Denial of Service (DoS) Vulnerability in OPC UA .NET Standard Stack 1.04.368 Uncontrolled Resource Consumption Vulnerability in OPC UA .NET Standard Stack 1.04.368 Bypassing Application Authentication Check in OPC UA .NET Standard Stack Uncontrolled Resource Consumption in OPC UA .NET Standard Stack 1.04.368 Process Validation Bypass Vulnerability in 1Password for Mac Information Leak in cifs-utils through 6.14 with Verbose Logging Unauthenticated Remote Code Execution in Ldap WP Login / Active Directory Integration WordPress Plugin Vulnerability: Privilege Escalation in Intel(R) CSME Software Installer Multiple Vulnerabilities in SICAM P850 and P855 Devices Multiple Vulnerabilities in SICAM P850 and P855 Devices Unencrypted Cleartext Communication Vulnerability in SICAM P850 and P855 (All versions < V3.00) Arbitrary Deserialization Vulnerability in Medical Imaging Systems Multiple Reflected XSS Vulnerabilities in SICAM P850 and SICAM P855 (All versions < V3.00) Unauthenticated Access to Web Interface Configuration Area in SICAM P850 and P855 (All versions < V3.00) Vulnerability: Unencrypted Challenge-Response Communication in SICAM P850 and SICAM P855 Unprotected Internal Developer Views in SICAM P850 and P855 Web Interface Out-of-bounds Write Vulnerability in SoMachine HVAC and EcoStruxure Machine Expert – HVAC Persistent XSS Vulnerability in SICAM P850 and P855 Configuration Interface Unauthenticated Extraction of Internal Configuration Details in SICAM P850 and P855 Multiple XSS Vulnerabilities in SICAM P850 and SICAM P855 (All versions < V3.00) Unauthenticated Access to Web Interface Allows Log File Deletion Denial of Service Vulnerability in CP-8000 and CP-8020 Master Modules Misleading Documentation Regarding EncryptInterceptor in Apache Tomcat Integer Overflow Vulnerability in ESTsoft Alyac 2.5.8.544 OLE File Parsing Potential Privilege Escalation via Cross-Site Scripting (XSS) in Intel(R) Manageability Commander Software Arbitrary File Deletion Vulnerability in InHand Networks InRouter302 V3.5.45 Hard-coded Root Password Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9Z Supplementary Group Privilege Escalation Vulnerability in Podman Container Engine Customizable Help Sidebar in Octopus Server Allows Cross-Site Scripting (XSS) Attack via Support Link Custom Ap of Cybozu Office 10.0.0 to 10.8.5 Browse Restriction Bypass Vulnerability Denial-of-Service (DoS) Vulnerability in Cybozu Garoon 4.0.0 to 5.5.1 Firmware Vulnerability: Privilege Escalation via Network Access in Intel(R) AMT Stored Cross-Site Scripting Vulnerability in Strapi v3.x.x and Earlier Versions Arbitrary Code Execution with Root Privileges on PHOENIX CONTACT RAD-ISM-900-EN-* Devices Arbitrary Code Execution with Root Privileges on PHOENIX CONTACT RAD-ISM-900-EN-* Devices Supplementary Group Privilege Escalation Vulnerability in Buildah Container Engine Speculative Return Instruction Vulnerability New Spectre Variant Exploits Retpoline Mitigation in Intel Microprocessor Generations 6-8 CSRF Vulnerability in MediaWiki Private Domains Extension SQL Injection Vulnerability in SemanticDrilldown Extension for MediaWiki Special:UserBoxes CSRF Vulnerability in FanBoxes Extension for MediaWiki Unauthenticated Access to Admin API in QuizGame Extension for MediaWiki XSS Vulnerability in Nimbus Skin for MediaWiki Local Privilege Escalation in Fabasoft Cloud Enterprise Client 22.4.0043 Inheritance of Top-Level Permissions in Cross-Origin Browsing Contexts Heap-based Buffer Overflow in Linux Kernel's LightNVM Subsystem Insecure HSTS Settings Persistence in Firefox for Android Improper Implementation of iframe Sandbox Keyword Allows Script Execution Without allow-scripts SameSite Attribute Bypass in Thunderbird and Firefox Versions < 100 Unvalidated Speech Synthesis Feature in Thunderbird < 91.9 Full Screen Notification UI Browser Spoofing Vulnerability in Thunderbird and Firefox Cross-Origin Resource Redirect Disclosure in Firefox < 100 CSS Variable History Probing Vulnerability Memory Corruption Vulnerabilities in Firefox and Thunderbird Memory Corruption Vulnerabilities in Firefox < 100 Vulnerability: Use After Free in Intel(R) VROC Software Remote Code Execution Vulnerability in GitLab CE/EE via Import from GitHub API Endpoint Denial-of-Service Vulnerability in Hitachi Energy MicroSCADA X SYS600 and MicroSCADA Pro SYS600 Reflected XSS Vulnerability in Quick Restaurant Reservations WordPress Plugin Uninitialized Pointer Vulnerability in V-SFT Graphic Editor Allows Information Disclosure and Arbitrary Code Execution Reflected XSS Vulnerability in JetBrains TeamCity Build Chain Status Page Security Vulnerability: Leakage of Secrets in JetBrains TeamCity Agent Logs Potential XSS Vulnerability in JetBrains TeamCity before 2022.04 via Referrer Header Vulnerability: Incorrect Rejection of Current Keys in smp_check_keys Function Vulnerability: Same Value Returned by SHA1 Implementation in JetBrains Ktor Native 2.0.0 Reflected XSS Vulnerability in Raytion Custom Security Manager (Raytion CSM) Version 7.2.0 Sensitive Data Exposure in PRIMEUR SPAZIO 2.5.1.954 HTTP Server Craft CMS Password Reset Vulnerability Polkit Authentication Bypass in USU Oracle Optimization before 5.17.5 Quantum Credential Exposure in USU Oracle Optimization before 5.17.5 Remote Code Execution Vulnerability in USU Oracle Optimization 5.17 Authenticated DataCollection Users Can Achieve Agent Root Access in USU Oracle Optimization before 5.17.5 SQL Injection Vulnerability in LibreHealth EHR 2.0.0 via payment_id Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in LibreHealth EHR 2.0.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in LibreHealth EHR 2.0.0 SSRF Vulnerability in Talend Administration Center Talend Administration Center XXE Vulnerability Incorrect Path Comparison Vulnerability in ONOS 2.5.1 Unencrypted Location Broadcasting Vulnerability in DJI Drone Devices XSS Vulnerability in Woodpecker before 0.15.1 via Build Logs Authentication Bypass Vulnerability in Lepin EP-KP001 Flash Drive Supplementary Group Privilege Escalation in CRI-O Container Engine Experian Hunter Vulnerability: Unauthorized Modification of Immutable Elements Authentication Bypass Vulnerability in JTEKT TOYOPUC PLCs Authentication Bypass in Bently Nevada Condition Monitoring Equipment Undocumented Hardcoded Credentials in Bently Nevada 3700 Series: Critical Vulnerability Emerson DeltaV Distributed Control System (DCS) Authentication Bypass Vulnerability Unauthenticated Code Execution on JTEKT TOYOPUC PLCs Insecure Credential Storage in Emerson OpenBSI Insecure Certificate Verification in python-scciclient Allows for MITM Attacks Weak Cryptography in Emerson OpenBSI: DES with Hardcoded Keys Vulnerability: Misuse of Passwords in Emerson DeltaV Distributed Control System (DCS) Controllers and IO Cards Vulnerability: Misuse of Passwords in Emerson DeltaV DCS Controllers and IO Cards Vulnerability: Misuse of Passwords in Emerson DeltaV Distributed Control System (DCS) Controllers and IO Cards Insecure Password Generation in Emerson DeltaV DCS Controllers and IO Cards Directory Traversal Vulnerability in Glewlwyd through 2.6.2 Uninitialized private data vulnerability in io_rw_init_file function in Linux kernel XSS Vulnerability in MediaWiki RSS Extension (CVE-2022-XXXX) Session Fixation Vulnerability in Snipe-IT GitHub Repository (prior to 6.0.10) Path Validation Bypass in Sinatra before 2.2.0 Argument Injection Vulnerability in Magnitude Simba Amazon Athena ODBC Driver Argument Injection Vulnerability in Magnitude Simba Amazon Redshift ODBC Driver Allows Arbitrary Code Execution ExFAT 1.3.0 Local Information Disclosure Vulnerability MDaemon 22.0.0 Vulnerability: Authenticated Reflected Cross-site Scripting at CC Parameter MDaemon 22.0.0 Vulnerability: Authenticated Reflected XSS at BCC Parameter Denial-of-Service Vulnerability in libsixel img2sixel 1.8.6 via Crafted JPEG File Denial-of-Service Vulnerability in libsixel img2sixel 1.8.6 via Crafted JPEG File SQL Injection Vulnerability in Simple Client Management System 1.0 via /cms/classes/Master.php?f=delete_designation Use After Free Vulnerability in Google Chrome Browser Creation SQL Injection Vulnerability in Simple Client Management System 1.0 SQL Injection Vulnerability in Simple Client Management System 1.0 SQL Injection Vulnerability in Simple Client Management System 1.0 SQL Injection Vulnerability in Simple Client Management System 1.0 SQL Injection Vulnerability in Simple Client Management System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Online Sports Complex Booking System 1.0 SQL Injection Vulnerability in Insurance Management System 1.0 via /insurance/clientStatus.php?client_id= SQL Injection Vulnerability in Insurance Management System 1.0 via /insurance/editClient.php?client_id= Stored Cross-site Scripting (XSS) Vulnerability in YetiForce CRM prior to version 6.4.0 SQL Injection Vulnerability in Insurance Management System 1.0 via /insurance/editPayment.php?recipt_no= SQL Injection Vulnerability in Insurance Management System 1.0 via /insurance/editAgent.php?agent_id= SQL Injection Vulnerability in Insurance Management System 1.0 via /insurance/editNominee.php?nominee_id= Cross Site Scripting (XSS) Vulnerability in Sourcecodester Online Market Place Site 1.0 Unauthenticated Blind SQL Injection Vulnerability in Sourcecodester Online Market Place Site v1.0 GXCMS V1.5 Template Management File Upload Vulnerability Milesight Video Management Systems (VMS) Denial of Service Vulnerability SQL Injection Vulnerability in HMS 1.0 Appointment.php Endpoint Multiple SQL Injection Vulnerabilities in HMS v.0 Appointment.php Page Stored XSS Vulnerability in TotalJS CMS 3.4.5 Upload Function CSRF Vulnerability in Lumidek Associates Simple Food Website 1.0 Allows Account Takeover Stored Cross Site Scripting Vulnerability in Simple Food Website 1.0 Incorrect Access Control Vulnerability in Rescue Dispatch Management System 1.0 Stored XSS Vulnerability in Rescue Dispatch Management System 1.0 Allows Admin Account Takeover via Cookie Stealing Mobotix Control Center (MxCC) Vulnerability: Insufficiently Protected Credentials and Password Storage Stored Cross-site Scripting (XSS) Vulnerability in YetiForce CRM prior to version 6.4.0 Command Injection Vulnerability in Tenda ONT GPON AC1200 Dual Band WiFi HG9 v1.0.1 via Ping Function Arbitrary Code Execution via Buffer Overflow in TP-Link TL-WR841N V12 HTTP Daemon SQL Injection Vulnerability in /Framewrk/Home.jsp File in tCredence Analytics iDEAL Wealth and Funds - 1.0 Account Password Reset Token Reuse Vulnerability in Dradis Professional Edition Buffer Overflow Vulnerability in Tenda TX9 Pro V22.03.02.10: Exploiting setIPv6Status() in httpd Module OAuth Authentication Bypass Vulnerability in Flower Web UI for Celery Python RPC Framework Vulnerability: Default Root Password in MA Lighting grandMA2 Light Arbitrary PHP Code Execution Vulnerability in XunRuiCMS v4.3.3 to v4.5.1 Stored Cross-site Scripting (XSS) Vulnerability in YetiForce CRM prior to version 6.4.0 Buffer Overflow Vulnerability in Tenda AX1803 v1.0.0.1_2890 Heap Out-of-Bounds Read in ezXML 0.8.6 SQL Injection Vulnerability in Mingsoft MCMS v5.2.7 via /mdiy/dict/listExcludeApp URI SQL Injection Vulnerability in Mingsoft MCMS 5.2.7 via /mdiy/dict/list URI Server-Side Request Forgery (SSRF) Vulnerability in Rebuild v2.8.3: Exposing Real IP Address and Intranet Scanning via fileurl Parameter Stored Cross-site Scripting (XSS) Vulnerability in YetiForceCRM GitHub Repository Cross Site Scripting (XSS) Vulnerability in Gnuboard 5.55 and 5.56 via bbs/member_confirm.php SQL Injection Vulnerability in Home Clean Service System 1.0 SQL Injection Vulnerability in Toll Tax Management System 1.0 SQL Injection Vulnerability in Covid 19 Travel Pass Management 1.0 Buffer Overflow Vulnerability in Prime95 30.7 build 9: Remote Code Execution Risk Stored Cross-Site Scripting (XSS) Vulnerability in Shopwind <=v3.4.2 Arbitrary File Download Vulnerability in Shopwind <=v3.4.2 Arbitrary File Delete Vulnerability in Shopwind <=v3.4.2 Arbitrary File Write Vulnerability in FTCMS <=2.1 via admin/controllers/tp.php Directory Traversal Vulnerability in FTCMS <=2.1 via tp Parameter Arbitrary File Read Vulnerability in FTCMS <=2.1 via tp.php Critical Code Execution Vulnerability Found in FTCMS <=2.1 Use-After-Free Vulnerability in Busybox 1.35-x's awk Applet: Denial of Service and Potential Code Execution in copyvar Function Buffer Overflow Vulnerability in GIMP 2.10.30 and 2.99.10 via Crafted XCF File Syska SW100 Smartwatch: Remote Firmware Update and Device Manipulation Vulnerability Cross Site Scripting (XSS) Vulnerability in WBCE CMS 1.5.2 via \admin\pages\sections_save.php namesection2 Parameter Cross Site Scripting (XSS) Vulnerability in WBCE CMS 1.5.2 via /admin/users/save.php Remote Code Execution Vulnerability in TP-Link Router AX50 Firmware 210730 and Older Unrestricted Brute Force Attack in ENTAB ERP 1.0 Allows Discovery of Users' Full Names Arbitrary Command Execution Vulnerability in NETGEAR R6200_V2 and R6300_V2 Routers Remote Command Injection Vulnerability in Netgear R6200 v2 Firmware Command Injection Vulnerability in tinygltf Library Code Injection Vulnerability in EllieGrid Android Application Version 3.4.1 Predictable SSH Credentials in Priva TopControl Suite Remote Command Injection Vulnerabilities in Belkin N300 Firmware 1.00.08 Cross-Site Scripting (XSS) Vulnerability in Jirafeau File Preview Functionality Insecure Algorithm in MCK Smartlock 1.0 Enables Replay Attacks for Unauthorized Access SQL Injection Vulnerability in Electronic Mall System 1.0_build20200203 Heap-based Buffer Overflow Vulnerability in Fastweb FASTGate MediaAccess FGA2130FWB and DGA4131FWB HSTS Bypass Vulnerability in curl Arbitrary File Delete Vulnerability in Concrete CMS XSS Vulnerability in Concrete CMS 8.5.7 and 9.0.0-9.0.2 (Old Browsers Only) XSS Vulnerability in /dashboard/reports/logs/view - Old Browsers Only Critical SQL Injection Vulnerability in oretnom23 Fast Food Ordering System XSS Vulnerability in /dashboard/blocks/stacks/view_details/ - Old Browsers Only LANDesk(R) Management Agent Service Vulnerability: Privilege Escalation via Signed Executables Rack Multipart Parsing Denial of Service Vulnerability Rack Sequence Injection Vulnerability Bypassing Local Authentication in Rocket.Chat Mobile App <4.14.1.22788 Denial of Service Vulnerability in Apache Tika's StandardsExtractingContentHandler Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Code Execution Vulnerability in Visual Studio Code Remote Access Critical SQL Injection Vulnerability in SourceCodester Simple Task Managing System .NET Framework Denial of Service Vulnerability: Exploiting System Resource Exhaustion Windows Container Isolation FS Filter Driver Privilege Escalation Vulnerability Windows Container Manager Service Privilege Escalation Vulnerability PPP Remote Code Execution Vulnerability in Windows Exposed: Microsoft Exchange Server Information Leakage Vulnerability Windows Media Center Privilege Escalation Vulnerability Windows Network File System RCE Vulnerability Elevation of Privilege Vulnerability in Service Fabric Docker Containers Print Spooler Privilege Escalation Vulnerability in Windows Windows LDAP Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Task Managing System (VDB-207424) Windows iSCSI Discovery Service Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability File History Remote Code Execution Vulnerability in Windows Windows LDAP Remote Code Execution Vulnerability BlueBleed: Windows Bluetooth Service Remote Code Execution Vulnerability EFS Remote Code Execution Vulnerability in Windows Windows LDAP Remote Code Execution Vulnerability Windows Installer Privilege Escalation Vulnerability Windows DSC Information Disclosure Vulnerability Windows LDAP Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in oretnom23 Fast Food Ordering System Windows Defender Remote Credential Guard Privilege Escalation Vulnerability Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Windows NAT DoS Vulnerability Windows LDAP Remote Code Execution Vulnerability RVSS Elevation of Privilege Vulnerability Windows Kernel DoS Vulnerability SharePoint Server Remote Code Execution Vulnerability SharePoint Server Remote Code Execution Vulnerability CVE-2022-30173: Microsoft Office Information Disclosure Vulnerability GitHub Repository vim/vim: Use After Free Vulnerability (CVE-XXXX-XXXX) Windows ALPC Elevation of Privilege Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows Kernel Information Leakage Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows Kerberos AppContainer Security Bypass Vulnerability Kerberos Privilege Escalation Vulnerability in Windows Local Security Authority Subsystem Service Privilege Escalation Vulnerability AV1 Video Extension RCE Vulnerability Exploiting the Microsoft Photos App for Remote Code Execution CSRF Vulnerability in GitHub Repository froxlor/froxlor prior to 0.10.38 Windows Credential Roaming Service Privilege Escalation Vulnerability Exposed Secrets: Microsoft Office Information Disclosure Vulnerability Exposed Secrets: Microsoft Office Information Disclosure Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Exploiting the Microsoft Office Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio GitLab CE/EE Information Disclosure Vulnerability: Unauthorized Access to DataDog Integration API Key Azure RTOS GUIX Studio Information Disclosure Vulnerability Azure Site Recovery Privilege Escalation Vulnerability .NET and Visual Studio Information Leakage Vulnerability Azure Storage Library Information Exposure Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Autopilot Device Enrollment Spoofing Vulnerability Account Takeover Vulnerability via Forgot Password Token Remote Code Execution Vulnerability in MSDT via URL Protocol Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) AV1 Video Extension Remote Code Execution Vulnerability Exploiting the Windows WebBrowser Control for Remote Code Execution Windows Secure Channel DoS Vulnerability Windows Kernel Information Leakage Vulnerability Pervasive Windows PPTP Remote Code Execution Vulnerability Windows LDAP Remote Code Execution Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Boot Manager Secure Boot Bypass Vulnerability Windows Group Policy Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows SAM Denial of Service Vulnerability Windows IIS Server Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in Slickr Flickr WordPress Plugin Windows L2TP Remote Code Execution Vulnerability Windows Connected Devices Platform Service Information Leakage Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Critical Remote Code Execution Vulnerability in Windows DNS Server ADFS Privilege Escalation Vulnerability Windows Server Service Tampering Vulnerability: A Critical Security Flaw Windows Common Log File System Driver Privilege Escalation Vulnerability Exploiting the Windows Graphics Component for Remote Code Execution ShellShock: Windows Remote Code Execution Vulnerability Windows Hyper-V Data Exposure Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Media Player Network Sharing Service Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows CORS Bypass Vulnerability in SICAM GridEdge Essential Unauthenticated Data Manipulation Vulnerability in SICAM GridEdge Essential Format String Vulnerability in GitHub Repository pingcap/tidb prior to 6.4.0, 6.1.3 Unauthenticated User Creation Vulnerability in SICAM GridEdge Essential Password Hash Disclosure Vulnerability in SICAM GridEdge Essential Remote Code Execution Vulnerability in Wiser Smart, EER21000 & EER21001 (V4.5 and prior) Title: CWE-20: Improper Input Validation Vulnerability in Wiser Smart, EER21000 & EER21001 (V4.5 and prior) Wiser Smart, EER21000 & EER21001 (V4.5 and prior) - Arbitrary Code Execution via Hard-coded Credentials Vulnerability Title: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) Vulnerability: Unauthorized Access via Brute Force Cross-Domain Attack Vulnerability in Wiser Smart, EER21000 & EER21001 (V4.5 and prior) Title: Authentication Credentials Recovery Vulnerability in Wiser Smart and EER21000/EER21001 (V4.5 and prior) Session Hijacking Vulnerability in Wiser Smart, EER21000 & EER21001 (V4.5 and prior) Local Code Execution Vulnerability in Magnitude Simba Amazon Athena JDBC Driver Vulnerability: Unauthorised AJAX Actions and Stored Cross-Site Scripting in Simple Bitcoin Faucets WordPress Plugin Argument Injection Vulnerability in Magnitude Simba Amazon Redshift JDBC Driver Cross-Site Scripting (XSS) Vulnerability in jquery.json-viewer Library Unauthenticated Remote Configuration Change Vulnerability in Honeywell Alerton Ascent Control Module (ACM) Unauthenticated Remote Programming Write Vulnerability in Honeywell Alerton Visual Logic Unauthenticated Remote Programming Write Vulnerability in Honeywell Alerton Ascent Control Module (ACM) Unauthenticated Remote Configuration Changes in Honeywell Alerton Compass Software 1.6.5 CSRF and Stored XSS Vulnerabilities in Bitcoin / Altcoin Faucet WordPress Plugin Unintended Domain Name Resolution Vulnerability in MaraDNS Deadwood Unintended Domain Name Resolution Vulnerability in Technitium DNS Server Unintended Domain Name Resolution Vulnerability in Technitium DNS Server CSV Injection Vulnerability in WP Users Exporter Plugin Insufficient Firmware Integrity Verification in Emerson DeltaV Distributed Control System (DCS) Insecure Firmware Integrity in Emerson ControlWave 'Next Generation' RTUs Insecure Filesystem Operations in Emerson ROC and FloBoss RTU Product Lines Insecure Application Integrity in Motorola ACE1000 RTUs Arbitrary File Write and Information Disclosure Vulnerability in CMS8000 Wi-Fi Access Point Configuration Default Credentials in Motorola ACE1000 RTU Hardcoded SSH Private Key Vulnerability in Motorola ACE1000 RTU Insecure Firmware Integrity Checks in Motorola ACE1000 RTU Vulnerability: Lack of Message Integrity in Motorola MDLC Protocol Insecure ECB Encryption in Motorola ACE1000 RTU Insecure Cleartext Password Storage in Motorola MOSCAD Toolbox Software Authentication Bypass Vulnerability in Motorola MOSCAD and ACE RTUs Insufficient Session Expiration Vulnerability in BD Synapsys™: Risk of Unauthorized Access and Data Manipulation Cross-Site Scripting Vulnerability in Black Duck Hub's MadCap Flare Documentation Files Null Pointer Dereference Vulnerability in Stormshield Network Security (SNS) 4.3.x Race Condition in Linux Kernel's XFRM Subsystem Allows for Out-of-Bounds Write and Kernel Heap Memory Leak Arbitrary Privilege Escalation via CSRF in Nokia NetAct 22 USB Working Buffer Tampering Vulnerability in UsbCoreDxe Remote Command Execution in python-libnmap Package Authentication Bypass Vulnerability in Quest KACE Systems Management Appliance (SMA) through 12.0 Remote Code Execution Vulnerability in PyScript Demonstrator Reflection Injection Vulnerability in Horde Groupware Webmail Edition through 5.2.22 GraphQL Fragment Cycle Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in OpenCTI Data Import Functionality Denial of Service Vulnerability in NLnet Labs Routinator 0.9.0 - 0.11.2 Broken Access Control Vulnerability in OpenCTI Profile Endpoint Heap-based Buffer Overflow in SQUIRREL 3.2 sqbaselib.cpp Heap-based Buffer Overflow in WebCore::TextureMapperLayer::setContentsLayer Predictable DNS Transaction IDs in uClibc-ng and uClibc: A Potential DNS Cache Poisoning Vulnerability Credential Exposure in Intel(R) Datacenter Group Event iOS Application Privilege Escalation via Cross-Site Scripting in Intel(R) EMA Software Privilege Escalation Vulnerability in Fortinet FortiSOAR [CWE-269] FortiWeb API Path Traversal Vulnerability Unauthorized Disclosure of Pipeline Status in GitLab CE/EE Relative Path Traversal Vulnerability in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 FortiAP-U CLI Path Traversal Vulnerability FortiDeceptor Management Interface Path Traversal Vulnerabilities OS Command Injection Vulnerability in FortiWeb Stored Cross-Site Scripting (XSS) Vulnerability in FortiAnalyzer Insufficient Logging Vulnerability in FortiSandbox and FortiDeceptor Stack-based Buffer Overflow Vulnerability in FortiWeb CA Sign Functionality RSA SSH Host Key Key Management Error Vulnerability Improper Access Control Command Injection in Festo Controller CECC-X-M1 Improper Access Control Command Injection in Festo Controller CECC-X-M1 Password Brute Force Vulnerability in GitLab CE/EE Improper Access Control Command Injection in Festo Controller CECC-X-M1 Improper Access Control Command Injection in Festo Controller CECC-X-M1 Cleartext Transmission of Credentials in Trend Controls IC Protocol Missing Authentication for Critical Functionality in Honeywell Experion PKS Safety Manager Honeywell Experion PKS Safety Manager 5.02 Hard-coded Credentials Vulnerability Insufficient Verification of Data Authenticity in Honeywell Experion PKS Safety Manager: Remote Code Execution and Denial of Service Vulnerability Honeywell Experion PKS Safety Manager 5.02 Firmware Manipulation Vulnerability Unauthenticated Firmware Manipulation and Denial of Service in Honeywell Experion LX Honeywell ControlEdge SSH Hard-coded Credentials Vulnerability Saia Burgess Controls (SBC) PCD S-Bus Authentication Bypass Vulnerability Remote Object Loading in HTML Email with <code>srcdoc</code> Attribute Vulnerability Saia Burgess Controls (SBC) PCD S-Bus Weak Credential Hashing Vulnerability Arbitrary Host Access and Command Injection Vulnerabilities in go-getter up to 1.5.11 and 2.0.2 Asymmetric Resource Exhaustion in go-getter 1.5.11 and 2.0.2 Password-Protected ZIP File Panic Vulnerability Privilege Escalation through Artifact Stanza in HashiCorp Nomad Default Pre-Shared Key Vulnerability on TRENDnet TEW-831DR 1.0 601.130.1.1356 Devices XSS Vulnerability in TRENDnet TEW-831DR 1.0 601.130.1.1356: Network Pre-Shared Key Field CSRF Vulnerability in TRENDnet TEW-831DR 1.0 601.130.1.1356 Devices Allows Unauthorized Wi-Fi Router Key Modification TRENDnet TEW-831DR 1.0 601.130.1.1356 - Unauthenticated Username and Password Change Vulnerability OS Injection Vulnerability in TRENDnet TEW-831DR 1.0 601.130.1.1356 Devices Remote Code Execution via Crafted HTML Email in Thunderbird Critical Vulnerability in KeepKey Firmware Allows Privilege Escalation and Compromise of Hardware Wallet Arbitrary Code Execution Vulnerability in TigerGraph 3.6.0's User-Defined Functions (UDF) Feature Account Enumeration Vulnerability in Talend Administration Center 7.3.1.20200219 Directory Traversal Vulnerability in RARLAB UnRAR on Linux and UNIX Vulnerability: Leakage of .onion URLs in Referer and Origin Headers in Brave Private Windows with Tor Connectivity SQL Injection Vulnerability in Bonanza Wealth Management System (BWM) 7.3.2 Login Form CSRF Vulnerability in JoomUnited WP Meta SEO Plugin Allows Unauthorized Social Settings Update Privilege Escalation Vulnerability in Intel(R) VROC Software Denial of Service Vulnerability in Intel Integrated Sensor Solution Firmware Remote Document Loading Vulnerability in Thunderbird Cross Site Scripting (XSS) Vulnerability in SiteServer SSCMS 6.15.51 Stored Cross-site Scripting (XSS) Vulnerability in Snipe-IT GitHub Repository (snipe/snipe-it) Prior to v6.0.11 Information Leakage Vulnerability in Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 Unintentional Leakage of Redacted Information in PDFZorro Online r20220428 SQL Injection Vulnerability in phpABook 0.9i Stored Cross-Site Scripting Vulnerability in Gettext Override Translations WordPress Plugin File Deletion Vulnerability in Air Cargo Management System v1.0 GitHub Repository vim/vim: Use After Free Vulnerability SQL Injection Vulnerability in Air Cargo Management System 1.0 via /acms/classes/Master.php?f=delete_cargo_type SQL Injection Vulnerability in Air Cargo Management System 1.0 SQL Injection Vulnerability in Air Cargo Management System 1.0 via /acms/classes/Master.php?f=delete_cargo SQL Injection Vulnerability in Air Cargo Management System 1.0 SQL Injection Vulnerability in Air Cargo Management System 1.0 File Deletion Vulnerability in Sourcecodester Simple Social Networking Site v1.0 SQL Injection Vulnerability in Sourcecodester Simple Social Networking Site v1.0 SQL Injection Vulnerability in Sourcecodester Simple Social Networking Site v1.0 SQL Injection Vulnerability in Sourcecodester Simple Social Networking Site v1.0 Remote Code Execution Vulnerability in Google Chrome Network Service File Deletion Vulnerability in Merchandise Online Store v1.0 SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/classes/Master.php?f=delete_inventory SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/classes/Master.php?f=delete_order SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/classes/Master.php?f=delete_featured SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/classes/Master.php?f=pay_order WebSQL Use After Free Vulnerability in Google Chrome SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/classes/Master.php?f=delete_category SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/classes/Master.php?f=delete_sub_category SQL Injection Vulnerability in Merchandise Online Store v1.0 SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/classes/Master.php?f=delete_cart SQL Injection Vulnerability in Merchandise Online Store v1.0 SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/admin/?page=orders/view_order&id= SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/admin/?page=maintenance/manage_category&id= Remote Code Execution Vulnerability in Google Chrome's Layout Engine SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/admin/orders/view_order.php?view=user&id= SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/?p=view_product&id= SQL Injection Vulnerability in Merchandise Online Store v1.0 SQL Injection Vulnerability in Merchandise Online Store v1.0 via /vloggers_merch/?p=products&c= SQL Injection Vulnerability in College Management System v1.0 via teacher_id parameter SQL Injection Vulnerability in Pharmacy Sales and Inventory System v1.0 via /pharmacy-sales-and-inventory-system/manage_user.php?id= File Deletion Vulnerability in Covid-19 Travel Pass Management System v1.0 WebSQL Use After Free Vulnerability in Google Chrome SQL Injection Vulnerability in Covid-19 Travel Pass Management System v1.0 SQL Injection Vulnerability in Covid-19 Travel Pass Management System v1.0 SQL Injection Vulnerability in Covid-19 Travel Pass Management System v1.0 SQL Injection Vulnerability in Covid-19 Travel Pass Management System v1.0 SQL Injection Vulnerability in Covid-19 Travel Pass Management System v1.0 SQL Injection Vulnerability in Covid-19 Travel Pass Management System v1.0 PhoneHub Use After Free Vulnerability in Google Chrome on Chrome OS Local Password Authentication Bypass Vulnerability in Toshiba Storage Security Software V1.2.0.7413 Remote Code Execution Vulnerability in Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 via Viewstate Parameter Arbitrary Code Execution Vulnerability in User Profile Upload Point Command Injection Vulnerability in Tenda Technology Co.,Ltd HG6 3.3.0-210926 via pingAddr and traceAddr Parameters Stack Buffer Overflow Vulnerability in UEFI DXE Driver on Acer Products Directory Traversal Vulnerability in ginadmin Arbitrary File Reading Vulnerability in ginadmin Multiple Cross-Site Scripting (XSS) Vulnerabilities in Neos CMS Allow Arbitrary Code Injection Heap Buffer Overflow in Google Chrome Screen Capture on Chrome OS Remote Code Execution via Bypassing Site Isolation in Google Chrome File Upload Vulnerability in Hospital Management System (HMS) 1.0's treatmentrecord.php SQL Injection Vulnerability in Hospital Management System (HMS) 1.0 via editid Parameter in room.php Heap Corruption Vulnerability in V8 in Google Chrome (CVE-2021-37976) Waimairen 9.1 wx.php Remote Code Execution (RCE) Vulnerability Code Execution via SQLi Vulnerability in waimairenCMS 9.1 and Earlier SQL Injection Vulnerability in ShopWind v3.4.2 Database.php RCE Vulnerability in ShopWind <= 3.4.2 Database.php SQL Injection Vulnerability in Merchandise Online Store 1.0 via /vloggers_merch/classes/Master.php?f=delete_product SQL Injection Vulnerability in Badminton Center Management System 1.0 Cross Site Scripting (XSS) Vulnerability in Badminton Center Management System 1.0 Cross Site Scripting (XSS) Vulnerability in Automotive Shop Management System v1.0 via /asms/classes/Master.php?f=save_product, name parameter. SQL Injection Vulnerability in ChatBot App with Suggestion in PHP/OOP v1.0 Use After Free Vulnerability in Google Chrome Browser Tag Cross Site Scripting (XSS) Vulnerability in Simple Social Networking Site v1.0 SQL Injection Vulnerability in Water-billing-management-system v1.0 via /wbms/classes/Master.php?f=delete_client, id Cross Site Scripting (XSS) Vulnerability in Water-billing-management-system v1.0 SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/classes/Master.php?f=delete_product Cross Site Scripting (XSS) Vulnerability in ChatBot App with Suggestion in PHP/OOP v1.0 Authentication Bypass Vulnerability in Joyebike Joy Ebike Wolf Manufacturing (2022) Denial of Service Vulnerability in Joy Ebike Wolf Manufacturing (2022) SQL Injection Vulnerability in Afian Filerun 20220202 via metadata[] POST Parameter Bypassing Downloads Policy via Malicious Extension Installation in Google Chrome Remote Code Execution Vulnerability in Afian Filerun 20220202 via Custom Jar File Stack-based Buffer Overflow Vulnerability in fromAddressNat Function of Tenda AC Series Router AC18_V15.03.05.19(6318) Stack-based Buffer Overflow Vulnerability in Tenda AC Series Router AC18_V15.03.05.19(6318) - form_fast_setting_wifi_set Function Heap Overflow Vulnerability in Tenda AC Series Router AC18_V15.03.05.19(6318) Stack-based Buffer Overflow in Tenda AC Series Router AC18_V15.03.05.19(6318) HTTPD Module Stack-based Buffer Overflow in Tenda AC Series Router AC18_V15.03.05.19(6318) HTTPD Module Stack-based Buffer Overflow in Tenda AC Series Router AC18_V15.03.05.19(6318) HTTPD Module SQL Injection Vulnerability in Fruits Bazar 1.0 Ecommerce Project Lockscreen Bypass Vulnerability in Chrome OS SQL Injection Vulnerability in Food-Order-and-Table-Reservation-System 1.0: Categorywise-Menu.php (catid parameter) Cross Site Scripting (XSS) vulnerability in Fruits Bazar 1.0 E-commerce Project Cross-Site Scripting (XSS) Vulnerability in WAVLINK WN535 G3 Login Page Use After Free Vulnerability in SplitScreen in Google Chrome on Chrome OS SQL Injection Vulnerability in Badminton Center Management System V1.0 Blind SQL Injection Vulnerability in oretnom23 Automotive Shop Management System v1.0 Stored XSS Injection Vulnerability in oretnom23 Automotive Shop Management System v1.0 IDOR Vulnerability in oretnom23 Automotive Shop Management System v1.0 Allows Vertical Privilege Escalation SQL Injection Vulnerability in IDCE MV Application v1.0 Logon Page Heap Buffer Overflow in Google Chrome WebUI on Chrome OS SQL Injection Vulnerability in Jfinal CMS 5.1.0 Segmentation Violation Vulnerability in Nginx NJS v0.7.2 Arbitrary File Upload Vulnerability in MCMS 5.2.7 Allows Remote Code Execution via Crafted ZIP File Arbitrary File Deletion Vulnerability in DedeCMS v5.7.93 upload.php Heap Buffer Overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 SQL Injection Vulnerability in School Dormitory Management System 1.0 via reports/daily_collection_report.php:59 SQL Injection Vulnerability in School Dormitory Management System 1.0 via accounts/view_details.php:4 SQL Injection Vulnerability in School Dormitory Management System 1.0: accounts/payment_history.php:31 Reflected Cross-Site Scripting (XSS) Vulnerability in School Dormitory Management System v1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in School Dormitory Management System v1.0 Unauthenticated Access to Employee Photos in ZKTeco BioTime 8.5.4 SQL Injection Vulnerability in Hospital-Management-System v1.0 Cross Site Scripting (XSS) Vulnerability in Mogu Blog 5.2 SQL Injection Vulnerability in ChatBot Application 1.0 via id Parameter at /simple_chat_bot/admin/responses/view_response.php Cross-Site Scripting (XSS) Vulnerability in Reprise Software RLM License Administration v14.2BL4 Heap Buffer Overflow in Google Chrome Window Manager on Chrome OS Stack-based Buffer Overflow Vulnerability in D-Link Wi-Fi Router Firmware DIR-890L Excessive Memory Allocation Vulnerability in Apache HTTP Server 2.4.53 with mod_sed Trend Micro Password Manager (Consumer) Link Following Privilege Escalation Vulnerability Invalid Memory Access Vulnerability in Xpdf 4.0.4 TextLine Class OS Command Injection Vulnerability in Zyxel USG FLEX and VPN Series Firmware Privilege Escalation Vulnerability in Zyxel USG FLEX and Other Series Firmware Improper Access Rights and Privilege Escalation Vulnerability in SINEC NMS (All versions < V2.0) SQL Injection Vulnerability in asith-eranga ISIC Tour Booking Arbitrary File Upload Vulnerability in asith-eranga ISIC Tour Booking Remote Navigation Restriction Vulnerability in Google Chrome on Mac Vulnerability in Intel(R) DSA Software Allows Privilege Escalation via Local Access Intel(R) Iris(R) Xe MAX Drivers for Windows: Local Privilege Escalation via Out-of-Bounds Read Lack of Artifact Change Logging in Octopus Deploy Arbitrary Script Injection Vulnerability in Modern Events Calendar Lite OS Command Injection Vulnerability in WWBN AVideo Encoder Insecure Secret Access in NGINX Ingress Controller Title: Authenticated Stored XSS Vulnerability in WP Maintenance Plugin <= 6.0.7 Out-of-bounds Write Vulnerability in V-SFT Graphic Editor BIOS Firmware Vulnerability: Use After Free Exploit for Intel(R) Processors Allows Privilege Escalation Heap Corruption Vulnerability in Google Chrome DevTools Heap-Based Buffer Overflow Vulnerability via Uninitialized Pointer XCMD setUPnP Functionality OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z Privilege Escalation Vulnerability in Intel Server Board and System Firmware InHand Networks InRouter302 V3.5.45 Console Infct Functionality Privilege Escalation Vulnerability CSRF Vulnerability in MiKa's OSM – OpenStreetMap Plugin <= 6.0.1 Anker Connect Plugin <= 1.2.6 WordPress Vulnerability: Auth. Reflected Cross-Site Scripting (XSS) Out-of-bounds Read Vulnerability in V-SFT Graphic Editor Directory Traversal Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Uncontrolled Search Path Element Vulnerability in Intel(R) Glorp Software V-Server Image File Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Google Chrome Allows Remote Code Execution via Crafted HTML Page Vulnerability: Privilege Escalation via Incorrectly Applied Settings in Dovecot Auth Component Resource Exhaustion Vulnerability in OPC UA Legacy Java Stack 2022-04-01 Exploiting the Buffer Overflow in Das U-Boot 2022.01 Apache HTTP Server 2.4.53 and Earlier Buffer Overflow Vulnerability Type Confusion Vulnerability in Foxit PDF Reader and PDF Editor Allows for Crash Due to Unsigned32 Mishandling Bypassing Content Security Policy in Google Chrome prior to 105.0.5195.52 via crafted HTML page Administrative Account Exploitation and Denial of Service Vulnerability Replay Attack Vulnerability HTTPS Function Vulnerability: Man-in-the-Middle Attack and URL Injection Replay Attack Vulnerability in ONVIF Login Unauthorized Modification of Device Timestamp in Dahua Embedded Products Cross-Origin Data Leakage in Google Chrome's iframe Sandbox Implementation Column-Based Security Vulnerability in TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO iWay Service Manager Console Directory Traversal Vulnerability in TIBCO iWay Service Manager Console Privilege Escalation Vulnerability in TIBCO FTL Server Local Privilege Escalation Vulnerability in TIBCO FTL and eFTL Components Reflected Cross Site Scripting (XSS) Vulnerabilities in TIBCO Data Science and Statistica Stored Cross Site Scripting (XSS) Vulnerability in TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial Stored Cross Site Scripting (XSS) Vulnerability in TIBCO EBX Web Server Component Stored Cross Site Scripting (XSS) Vulnerability in TIBCO EBX Add-ons 5.4.1 and below Blind Server Side Request Forgery (SSRF) Vulnerability in TIBCO Spotfire Analytics Platform and Server Use After Free Vulnerability in Google Chrome Sign-In Flow Code Injection in Cmd.Start in os/exec allows execution of arbitrary binaries in working directory Improper Access Control Vulnerability in Archer Platform 6.3 to 6.11 (6.11.0.0) SSO ADFS Functionality Archer Platform 6.x Authorization Bypass Vulnerability Incorrect Access Control in Gradle Enterprise through 2022.2.2: A Path to Code Execution Incorrect Access Control in Gradle Enterprise 2022.2.2: A Pathway to Information Disclosure Multiple Instances of SQL Injection Vulnerability with Sleep-Based Inference Denial of Service (CPU Consumption) Vulnerability in quic-go through 0.27.0 Improper Handling of MAX_TABLE_CAPACITY in LiteSpeed QUIC (LSQUIC) Seccomp Permissions Bypass in Linux Kernel (CVE-2021-33909) Heap Buffer Overflow in libImaging/TgaRleDecode.c in Pillow 9.1.0 Stored XSS Vulnerability in Moodle's Bulk Allocation of Markers Unintended Disclosure of User Field in Moodle: Hidden User Field Vulnerability Privacy Breach in Moodle: Unauthorized Disclosure of Author Information in Global Search Results SQL Injection Vulnerability in Moodle Badges Configuration Arbitrary Request Generation Vulnerability in GitLab CE/EE Error Tracking Account Lockout Bypass Vulnerability in Moodle Vulnerability: Insufficiently Protected Credentials for Intel(R) AMT and Intel(R) Standard Manageability Remote File Manipulation and Deletion Vulnerability in Cybozu Garoon 4.0.0 to 5.9.1 OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z Arbitrary Script Injection Vulnerability in Cybozu Office 10.0.0 to 10.8.5 Privilege Escalation Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Information Disclosure Vulnerability in IBM Robotic Process Automation Cross-Site Request Forgery Vulnerability in IBM InfoSphere Information Server 11.7 Linux Kernel i740 Driver: Unchecked 'pixclock' Value in ioctl() Interface Leads to Divide by Zero Vulnerability Reverse Tabnabbing Vulnerability in IBM Spectrum Copy Data Management Cross-Site Scripting (XSS) Vulnerability in IBM Spectrum Copy Data Management Local Service Disclosure Vulnerability in IBM QRadar SIEM 7.4 and 7.5 Denial of Service via Email Flooding in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Cross-Site Scripting Vulnerability in IBM InfoSphere Information Server 11.7 Privilege Escalation Vulnerability in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 Privilege Escalation and Data Leakage Vulnerability in Strapi Admin Panel Information Leakage and Privilege Escalation in Strapi Admin Panel Client-Side SQL Injection Vulnerability in Legacy Work Center Module Reflected Cross-Site Scripting in Simple File List WordPress Plugin Vulnerability: Privilege Escalation in Cellinx Camera with Guest Enabled Remote File Disclosure Vulnerability in Camera's OS Unauthenticated Access to Usernames and Passwords Cookie-Based Authentication Bypass Vulnerability Admin Password Reset Vulnerability Directory Listing Vulnerability: Exposing Sensitive Information and Resources Clear Text Password Disclosure in WiFi Access Point Configuration Critical Vulnerability: Password Extraction from Company's Products Unauthenticated Access to Download Receipts Vulnerability Ticket Age Correlation Vulnerability in Go TLS Session Resumption Stack Exhaustion Vulnerability in Glob Function in Go 1.17.12 and Go 1.18.4 Stack Exhaustion Vulnerability in compress/gzip Library Stack Exhaustion Vulnerability in Glob Function in Go 1.17.12 and Go 1.18.4 Stack Exhaustion Vulnerability in Unmarshal Function in Go's encoding/xml Package Infinite Loop Vulnerability in Read Function in crypto/rand (Windows) Stack Exhaustion Vulnerability in Decoder.Decode in encoding/gob Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution YAML Document Parsing Vulnerability Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Improper Access Control in GitHub Repository jgraph/drawio (CVE-2020-12345) Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InCopy: Remote Code Execution Out-of-Bounds Write Vulnerability in Adobe InCopy: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InCopy: Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Use-After-Free Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InCopy: Arbitrary Code Execution Use-After-Free Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Unauthorized User Issue Creation Vulnerability in GitLab Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Animate 22.0.5 and Earlier Out-of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Arbitrary Project Content Disclosure Vulnerability in GitLab CE/EE Improper Authorization Vulnerability in RoboHelp Server Allows Privilege Escalation Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Memory Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Privilege Escalation in GitHub Repository OctoPrint/OctoPrint (CVE-2021-12345) Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Violation of Secure Design Principles in Adobe Experience Manager 6.5.13.0 and earlier versions allows for Backend Encryption Bypass Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Link Following Vulnerability in Trend Micro Maximum Security 2022 Allows Arbitrary File Deletion Local Privilege Escalation in needrestart 0.8 through 3.5 before 3.6 Improper MFA Configuration and Enforcement in HashiCorp Vault and Vault Enterprise 1.10.0 to 1.10.2 Cross-Site Scripting (XSS) Vulnerability in WordLift WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Denial of Service Vulnerability in Intel(R) Support Android Application Denial of Service Vulnerability in Intel(R) SUR Software Cybozu Office 10.0.0 to 10.8.5 System Configuration Information Disclosure Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in /FormLogin Endpoint Critical Vulnerability in Acronis Snap Deploy (Windows) Allows Local Privilege Escalation DLL Hijacking Vulnerability in Acronis Snap Deploy (Windows) before build 3640 Insecure Folder Permissions in Acronis Snap Deploy (Windows) before Build 3640: Local Privilege Escalation Vulnerability Unbound DNS Resolver Vulnerable to Ghost Domain Names Attack Unbound Ghost Domain Names Attack Vulnerability Cross-Site Scripting (XSS) Vulnerability in Generate PDF WordPress Plugin DLL Loading Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Uncontrolled Search Path Element Vulnerability in Trend Micro Apex One and Apex One as a Service Out-of-Bounds Read Information Disclosure Vulnerability in Trend Micro Security 2022 and 2021 (Consumer) Exposed Dangerous Method Vulnerability in Trend Micro Security 2021 and 2022 (Consumer) Intel(R) TXT SINIT ACM Vulnerability: Privilege Escalation via Local Access CSRF Vulnerability in Pankaj Jha WordPress Ping Optimizer Plugin Open Redirect Vulnerability in Booked: Remote Phishing Attack Vulnerability: Violation of Secure Design Principles in CAMS for HIS Communication Remote Code Execution in Webmin Authentic Theme SECRIL Input Validation Logic Vulnerability Leading to Crash Use After Free Vulnerability in Tab Strip in Google Chrome on Chrome OS RemoteViews Improper Validation Vulnerability FeedsInfo Improper Validation Vulnerability KfaOptions Improper Validation Vulnerability in SMR Jun-2022 Release 1 LSOItemData Validation Vulnerability in SMR Jun-2022 Release 1 SemIWCMonitor Information Exposure Vulnerability: Unauthorized Access to MAC Address Information Improper Access Control Vulnerability in DofViewer: Control of Floating System Alert Window Unprotected Broadcast Vulnerability in DisplayToast Prior to SMR Jun-2022 Release 1 AR Emoji Vulnerability: Unauthorized Camera Access via Deeplink Improper Input Validation Check Logic Vulnerability in libsmkvextractor: Triggering Crash Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository francoisjacquet/rosariosis prior to 8.9.3 Improper Input Validation Check Logic Vulnerability in libsmkvextractor: Triggering Crash Improper Input Validation Check Logic Vulnerability in libsmkvextractor: Triggering Crash Implicit Intent Hijacking Vulnerability in Samsung Account: Bypassing User Confirmation Bluetooth MAC Address Leakage in activateVoiceRecognitionWithDevice function Bluetooth MAC Address Leakage in sendIntentSessionCompleted Function Bluetooth MAC Address Leakage in Broadcasting Intent Unprotected Component Vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence Insufficient Permissions Vulnerability in addAppPackageNameToAllowList in PersonaManagerService ScanPool Information Exposure Vulnerability: Local MAC Address Retrieval Exploiting Implicit Intent Hijacking Vulnerability in Settings: Unauthorized Access to Wi-Fi SSID and Password via Malicious QR Code Scanner JavaScript Injection Vulnerability in Quanos SCHEMA ST4 Web Templates Samsung Pass Prior to 1.0.00.33 Vulnerability: Unauthorized Access to Account List Arbitrary File Access Vulnerability in My Files Application Sensitive Information Exposure in Samsung Account (prior to version 13.2.00.6) via onActivityResult Sign-in Log Information Exposure in Samsung Account (prior to version 13.2.00.6) Sign-out Log Information Exposure in Samsung Account (prior to version 13.2.00.6) Improper Privilege Management Vulnerability in Samsung Account: Unauthorized Access Token Retrieval Samsung Account Privilege Escalation Vulnerability Samsung Account Implicit Intent Hijacking Vulnerability Address Bar Spoofing Vulnerability in Samsung Internet Browser Improper Privilege Management Vulnerability in Samsung Account: Unauthorized Access to User Email and Phone Number Cross-Site Scripting Vulnerability in Slider Hero WordPress Plugin Auto-fill Vulnerability in Samsung Internet: Guessing Stored Credit Card Numbers SimChangeAlertManger in Find My Mobile prior to 7.2.24.12: Sensitive Information Exposure Vulnerability Sim Card Information Exposure Vulnerability in Find My Mobile (FmmExtraOperation) Prior to 7.2.24.12 Samsung Account Privilege Escalation Vulnerability Arbitrary Code Execution Vulnerability in Samsung KiesWrapper Quick Share Improper Access Control Vulnerability Remote Information Disclosure Vulnerability in Smart Things (prior to version 1.7.85.12) via Missing Caller Check Smart Things Prior to 1.7.85.25: PendingIntent Hijacking Vulnerability Arbitrary Activity Launch Vulnerability in Samsung Members (prior to version 4.2.005) Arbitrary Device Addition Vulnerability in Smart Things Prior to 1.7.85.25 Sandbox Escape Vulnerability in Mojo in Google Chrome Improper Access Control Vulnerability in SemWifiApClient: Unauthorized Access to Connected WiFi AP Client MAC Address Improper Access Control Vulnerability in SemWifiApClient's sendDHCPACKBroadcast Function Improper Access Control Vulnerability in sendDHCPACKBroadcast Function of SemWifiApClient Unprotected SecSoterService Vulnerability: Unauthorized Retrieval of Device ID Implicit Intent Hijacking Vulnerability in AppLinker Bypassing Password Confirm Activity in AppLock Prior to SMR Jul-2022 Release 1 Finder Implicit Intent Hijacking Vulnerability CID Leakage Vulnerability in isemtelephony Prior to SMR Jul-2022 Release 1 Finder Implicit Intent Hijacking Vulnerability Nokia One-NDS Sudo Privilege Escalation Vulnerability Arbitrary File Upload Vulnerability in CM Download Manager WordPress Plugin Insecure Direct Object Reference (IDOR) Vulnerability in ihb eG FlexNow: Unauthorized Access to Sensitive Student Information Array Mishandling Vulnerability in Janet before 1.22.0 User Table SQL Injection in Calibre-Web before 0.6.18 Buffer Overflow in nfs_lookup_reply in Das U-Boot through 2022.04 (and through 2022.07-rc2) Stored Cross Site Scripting (XSS) Vulnerability in ZoneMinder 1.36.12 via Username Field Session Fixation Vulnerability in ZoneMinder through 1.36.12: Poisoning Session Cookies Buffer Overflow Vulnerability in Linux Kernel Intel's iSMT SMBus Host Controller Driver XSS Vulnerability in Terminalfour Versions 8.3.7 and Prior SMRAM Corruption Vulnerability in PnpSmm Initialization Function Address Manipulation Vulnerability in PnpSmm Function 0x52 Allows Malware to Overwrite SMRAM or OS Kernel Memory TOCTOU Vulnerability in IhisiSmm Driver Parameter Buffer TOCTOU Vulnerability in PnpSmm Driver Parameter Buffer Memory Allocation Vulnerability in xpdf 4.04 Cross-Site Scripting (XSS) Vulnerability in atmail 6.5.0 via index.php/admin/index/ error parameter Cross-Site Scripting (XSS) Vulnerability in Parallels H-Sphere 3.6.1713 via index_en.php Parameter Unreleased Memory Vulnerability in Linux Kernel's vidtv_s302m.c Denial of Service Vulnerability in Lighttpd 1.4.56-1.4.58 Unescaped Git Fetch Remote Vulnerability in Gitea before 1.16.7 Insecure Random Number Generation in Openmoney API Vulnerability: Intercepting of libfuse-lite Protocol Traffic in NTFS-3G through 2021.8.22 Heap Exhaustion Vulnerability in NTFS-3G: Crafted NTFS Image Exploitation Arbitrary Memory Read and Write Vulnerability in NTFS-3G through 2021.8.22 with libfuse-lite Heap-based Buffer Overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22 Arbitrary Memory Read Vulnerability in NTFS-3G through 2021.8.22 via fuse_lib_readdir Integer Underflow Heap-based Buffer Overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22 via Crafted NTFS Image Heap-Based Buffer Overflow in NTFS-3G: Crafted NTFS Image Vulnerability Unauthenticated Remote Access Vulnerability in Festo Control Block CPX-CEC-C1 and CPX-CMXX U-Boot 2022.01 Buffer Overflow Vulnerability Uncontrolled Resource Consumption Vulnerability in CmpBlkDrvTcp of CODESYS V3 Uncontrolled Resource Consumption Vulnerability in CmpChannelServer of CODESYS V3 SQL Injection Vulnerability in Online Ordering System v1.0 by oretnom23: admin/editproductdetails.php SQL Injection Vulnerability in Online Ordering System v1.0: admin/editproductimage.php SQL Injection Vulnerability in Online Ordering System 1.0 by oretnom23 SQL Injection Vulnerability in Online Ordering System v1.0 by oretnom23 via admin/viewreport.php SQL Injection Vulnerability in Online Ordering System v1.0 by oretnom23 Denial of Service Vulnerability in named Resolver Vulnerability: Arbitrary File Deletion in eliteCMS v1.01 Arbitrary Code Execution Vulnerability in EliteCMS 1.0.1 via admin/manage_uploads.php SQL Injection Vulnerability in EliteCMS 1.01 via /admin/edit_page.php?page= SQL Injection Vulnerability in elitecms v1.01 via admin/edit_post.php SQL Injection Vulnerability in EliteCMS 1.01 via /admin/add_post.php SQL Injection Vulnerability in elitecms v1.01 via /admin/add_sidebar.php SQL Injection Vulnerability in EliteCMS 1.01 via admin/edit_sidebar.php?page=2&sidebar= SQL Injection Vulnerability in elitecms 1.01 via /admin/edit_sidebar.php SQL Injection Vulnerability in Simple Bus Ticket Booking System 1.0 SQL Injection Vulnerability in Wedding Management System v1.0 Arbitrary File Upload Vulnerability in Wedding Management System v1.0 Lack of Authorization and CSRF in miniOrange Discord Integration WordPress Plugin Allows Unauthorized Access Arbitrary File Upload Vulnerability in Wedding Management v1.0 Arbitrary File Upload Vulnerability in Wedding Management System v1.0 Arbitrary File Upload Vulnerability in Wedding Management System v1.0 SQL Injection Vulnerability in Wedding Management System v1.0 via \admin\blog_events_edit.php SQL Injection Vulnerability in Wedding Management System v1.0 via \admin\client_edit.php SQL Injection Vulnerability in Wedding Management System v1.0 via admin\client_assign.php SQL Injection Vulnerability in Wedding Management System v1.0 via \admin\package_edit.php SQL Injection Vulnerability in Wedding Management System v1.0 via \admin\photos_edit.php SQL Injection Vulnerability in Wedding Management System v1.0 via \admin\users_edit.php Vulnerability: CWE-784: Reliance on Cookies Without Validation and Integrity in Landis+Gyr E850 (ZMQ200) SQL Injection Vulnerability in Wedding Management System v1.0 via \admin\feature_edit.php SQL Injection Vulnerability in Wedding Management System v1.0 via wedding_details.php SQL Injection Vulnerability in Wedding Management System v1.0 via client_assign.php SQL Injection Vulnerability in Wedding Management System v1.0 via client_edit.php SQL Injection Vulnerability in Wedding Management System v1.0 SQL Injection Vulnerability in Wedding Management System v1.0 via booking_id parameter in budget.php SQL Injection Vulnerability in Wedding Management System v1.0 via select.php Cross Site Scripting (XSS) vulnerability in Toll-tax-management-system v1.0 via /ttms/classes/Master.php?f=save_recipient, vehicle_name parameter. SQL Injection Vulnerability in Covid-19 Travel Pass Management System v1.0 Cross Site Scripting (XSS) Vulnerability in Room-rent-portal-site v1.0 via save_category, vehicle_name parameter in Master.php Arbitrary Code Execution Vulnerability in GE CIMPICITY Versions 2022 and Prior Cross Site Scripting (XSS) vulnerability in Covid-19 Travel Pass Management System v1.0 via /ctpms/classes/Users.php?f=save, firstname parameter. SQL Injection Vulnerability in Room-rent-portal-site v1.0 via delete_category, id parameter in Master.php Stack-Based Buffer Overflow in Fuji Electric Tellus Lite V-Simulator 4.0.12.0 and Prior Versions Insecure Direct Object Reference (IDOR) Vulnerability Found in Known v1.3.1 SEGV Vulnerability in ngiflib 0.4: SDL_LoadAnimatedGif with SDLaffgif Cradlepoint IBR600 NCOS Local Shell Escape Vulnerability Remote Code Execution Vulnerability in FUDforum 3.1.2 through Upload File Feature Stored XSS Vulnerability in FUDforum 3.1.2 via Forum Name Field in Forum Manager Feature Cross Site Scripting (XSS) Vulnerability in FUDForum 3.1.2 via Page Manager in Admin Control Panel Out-of-Bounds Write Vulnerability in Fuji Electric Tellus Lite V-Simulator Stored Cross Site Scripting (XSS) Vulnerability in NukeViet CMS before 4.5.02 Dolibarr 12.0.5 XSS Vulnerability via SQL Error Page Code-Execution Backdoor Found in PyPI-Distributed Keep for Python (Version 1.2) Privilege Escalation Vulnerability in Moxa's ARM-based Computers Remote Code Execution Backdoor in pyanxdns Package (Version 0.2) Code-Execution Backdoor Found in Pyesasky for Python on PyPI SQL Injection Vulnerability in School Dormitory Management System v1.0 Remote Code Execution Vulnerability in Pharmacy Management System v1.0 via /php_action/editProductImage.php Cleartext Credential Storage Vulnerability in Echelon SmartServer 2.2 with i.LON Vision 2.2 CSRF Vulnerability in Cscms Music Portal System v4.2 Allows Unauthorized Administrator Account Modification Cross Site Scripting Vulnerability in PartKeepr 1.4.0 via 'name' Field in /api/part_categories Path Traversal Vulnerability in Red Lion Controls Crimson Software Cross-Site Scripting (XSS) Vulnerability in Nokia G-2425G-A Bharti Airtel Routers Buffer Overflow Vulnerability in Bestechnic Bluetooth Mesh SDK (BES2300) V1.0 during Provisioning Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via CMD Parameter at /goform/aspForm Unauthenticated User Credential Leakage and OS Command Execution Vulnerability in RONDS EPM Version 1.19.5 Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via GO Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via UpdateWanParams Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via ipqos_set_bandwidth Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via UpdateMacClone Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via UpdateSnat Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via Asp_SetTelnetDebug Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via AddWlanMacList Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via Asp_SetTelnet Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via Edit_BasicSSID_5G Parameter Out-of-Bounds Write Vulnerability in GE CIMPICITY Versions 2022 and Prior Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via Edit_BasicSSID Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via SetMobileAPInfoById Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via EditWlanMacList Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via Asp_SetTimingtimeWifiAndLed Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via SetAPWifiorLedInfoById Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via AddMacList Parameter Stack Overflow Vulnerability in H3C Magic R100 R100V100R005 via EditMacList Parameter SQL Injection Vulnerability in Simple Task Scheduling System 1.0 with MySQL Database Insecure Permissions Vulnerability in Mini-Tmall v1.0 via tomcat-embed-jasper Tesla Vehicles Vulnerable to Unauthorized Code Execution via ice_updater Update Mechanism CSRF Vulnerability in Tourism Management System Version: V 3.2 ELMS v2.1 Vulnerability: Cross-Site Request Forgery (CSRF) in /myprofile.php Authorization Bypass and Password Reset Token Prediction Vulnerability in b2evolution Memory Corruption Vulnerability in EN100 Ethernet Modules Memory Corruption Vulnerability in EN100 Ethernet Modules Dynamic DNS Update Flood Vulnerability in BIND Bulletin Data Leakage Vulnerability in Cybozu Garoon 4.0.0 to 5.9.1 Intel(R) AMT and Intel(R) Standard Manageability Vulnerability: Potential Information Disclosure via Insufficiently Protected Credentials Arbitrary Code Execution in Jenkins Pipeline: Groovy Plugin Jenkins Script Security Plugin CSRF Vulnerability Jenkins Git Plugin Local Path SCM URL Information Disclosure Vulnerability Jenkins Mercurial Plugin Local Path Disclosure Vulnerability Jenkins REPO Plugin Local Path SCM Information Disclosure Vulnerability Backslash Parsing Vulnerability in Dart URI Class and Flutter Buffer Overflow Vulnerability in Jenkins WMI Windows Agents Plugin 1.8 and Earlier Unrestricted Process Execution in Jenkins WMI Windows Agents Plugin Jenkins Pipeline SCM API for Blue Ocean Plugin: Unauthorized Access to User Credentials Jenkins Blue Ocean Plugin CSRF Vulnerability Allows Unauthorized Server Connections Jenkins Blue Ocean Plugin: Unauthenticated HTTP Connection Vulnerability Jenkins GitLab Plugin HTTP Endpoint Permission Check Bypass Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Rundeck Plugin Credential Enumeration Vulnerability in Jenkins SSH Plugin 2.6.1 and Earlier Jenkins SSH Plugin 2.6.1 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Allows Unauthorized SSH Server Connections Vulnerability: Unauthorized SSH Server Connection in Jenkins SSH Plugin Vulnerability: Stored Cross-Site Scripting in WP Total Hacks WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Application Detector Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Autocomplete Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Global Variable String Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins JDK Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Multiselect Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Promoted Builds (Simple) Plugin 1.9 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Random String Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Selection Tasks Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins vboxwrapper Plugin 1.3 and Earlier Arbitrary Code Execution Vulnerability in Jenkins Autocomplete Parameter Plugin CSRF Vulnerability in Plugin LBstopattack WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Autocomplete Parameter Plugin Jenkins Storable Configs Plugin XML External Entity (XXE) Vulnerability Jenkins Storable Configs Plugin CSRF Vulnerability Allows Extraction of Secrets Denial of Service Vulnerability in Apache Tika's StandardsExtractingContentHandler Unlimited Recursion Vulnerability in Artifex MuJS through 1.2.0 NULL Pointer Dereference in Artifex MuJS through 1.2.0: Vulnerability in jsP_dumpsyntax Heap-Based Buffer Over-Read in GPAC 2.0.0 via Misuse of gf_utf8_wcslen Function CSRF Vulnerability in Login Block IPs WordPress Plugin Arbitrary Code Execution via Deserialization in Gentics CMS Stored XSS in Profile Description and Username Root Privilege Escalation via Buffer Overflow in Rubrik Backup Service (RBS) Agent for Linux/Unix Critical Use After Free Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Insecure Folder Permissions Lead to Sensitive Information Disclosure in Acronis Cyber Protect 15 and Acronis Agent (Linux) HTML Injection Vulnerability in Acronis Cyber Protect 15 (Linux, Windows) before build 29240 via Report Name Open Redirect Vulnerability in Acronis Cyber Protect 15 (Linux, Windows) before build 29240 Cleartext Transmission of Sensitive Information in Acronis Cyber Protect 15 (Linux, Windows) Cleartext Transmission of Sensitive Information in Acronis Cyber Protect 15 (Windows) before build 29240 Improper Authentication Leads to Sensitive Information Disclosure in Acronis Cyber Protect and Acronis Cyber Backup STARDOM FCN and FCJ Controller Hard-Coded Credentials Vulnerability Authenticated SQL Injection Vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce Plugin <= 1.1 Arbitrary JavaScript Execution through SVG File Upload in FoF Upload Extension Access Policy Bypass Vulnerability in OpenStack-Barbican API Cross-Site Request Forgery (CSRF) Vulnerability in Solidus Backend Out-of-Bound Access Vulnerability in Sofia-SIP Library Sofia-SIP FreeSWITCH Crash Vulnerability Out-of-Bounds Write Vulnerability in Sofia-SIP Library Potential Information Disclosure Vulnerability in CVEProject/cve-services Integer Overflow Vulnerability in Vapor's FileMiddleware Denial of Service Attack on Indy-Node's Client Connections eLabFTW Prior to Version 4.3.0 Privilege Escalation Vulnerability Predictable Secret Encryption Key Vulnerability in RabbitMQ Shovel and Federation Plugins Invalid Accent Colors in Wire iOS Client Can Cause Multiple Crashes Insecure Default Configuration in tripleo-ansible Allows Information Disclosure Title: TiDB 5.3.0 Authentication Bypass Vulnerability Allows Privilege Escalation and Unauthorized Access Vulnerability: Unauthorized Binary Execution during Git for Windows Installation Authentication Bypass Vulnerability in Chat Server Versions 2.3.2 - 2.6.0 SMTP Command Injection Vulnerability in Nextcloud Server Early Termination Vulnerability in Waitress Web Server Gateway Interface Server Uncontrolled Memory Consumption Vulnerability in Argo CD Vulnerability: Logic Error in Zulip Server 2.1.0 - 5.2 Allows Unauthorized Access to Private Stream History Denial of Service Vulnerability in Play Framework's Forms Library Unbounded Stack Growth Vulnerability in Vapor Server Remote Code Execution Vulnerability in Indy-Node's pool-upgrade Request Handler Unpublished Key Correctness Proof Vulnerability in Ursa and AnonCreds Implementations Vulnerability: Unauthorized Filesystem Access in Bleve HTTP Handlers Information Disclosure Vulnerability in Play Framework Remote Office Collaboration Vulnerability in richdocuments User invitation bypass vulnerability in Discourse Uninitialized Variable Vulnerability in Trilogy Client Library Inadequate Verification of Identity Provider in CILogonOAuthenticator Unending go-routine buildup vulnerability in MinIO Cross-Site Scripting (XSS) Vulnerability in AdminLTE for Pi-hole Dashboard IO_uring Module Vulnerability: Off-by-One Error Memory Consumption Vulnerability in containerd's CRI Implementation Stack Buffer Overflow Vulnerability in PJSIP STUN Implementation Improper Authorization Verification in Tuleap Template Projects Authorization Header Leakage in Mechanize Library Insufficiently Random Values in Argo CD SSO Login Flows Vulnerability Cross-Site Scripting (XSS) Vulnerability in Argo CD Allows Injection of Malicious JavaScript Symlink Following Vulnerability in Argo CD Allows Leakage of Sensitive YAML Files Cross-site Scripting Vulnerability in OroCommerce Shipping Rule Edit Page XSS Vulnerability in Gogs Prior to 0.12.9 Unauthorized Access to Room Settings in Greenlight Null Pointer Dereference in lkdtm_ARRAY_BOUNDS Open Forms Cookie Consent Page Open Redirect Vulnerability Insufficient File Extension Validation in Open Forms Application Sensitive Information Leakage in Guzzle HTTP Client Sensitive Authorization Header Leakage in Guzzle Plaintext Credential Storage Vulnerability in Rundeck 4.2.0 and 4.2.1 Memory Access Vulnerability in Istio Ingress Gateway Unrestricted Database Table Export Vulnerability in TYPO3 Plaintext Logging of System Internal Credentials in TYPO3 Cross-Site Scripting Vulnerability in TYPO3 Form Designer Backend Module Unencoded User Content in TYPO3 HTML Emails Vulnerability Vulnerability: Lack of Check in uapi_finalize in drivers/infiniband/core/uverbs_uapi.c Persistent Admin Tool Sessions in TYPO3 Backend Disclosure of Secrets in semantic-release Stack Exhaustion Vulnerability in Synapse Server's URL Preview Feature Vulnerability: Forgery of Valid Γ-Signatures in Biscuit Authentication and Authorization Tokens Denial of Service Vulnerability in Argo Events Prior to Version 1.7.1 kCTF Prior to v1.6.0 - Unrestricted IP Traffic Vulnerability SQL Injection Vulnerability in GLPI's Assistance Forms Authenticated Stored XSS Vulnerability in Shopware Administration Arbitrary SQL Query Execution in Tuleap Tracker Reports Cross-Site Scripting (XSS) Vulnerability in Discourse Calendar Plugin Unchecked Return Value in ef100_update_stats Vulnerability Exposure of Banner Topic Data on Login-Required Sites in Discourse SQL Injection Vulnerability in GLPI Login Page Plugin Vulnerability: Unauthorized File Access via Public Script Uncontrolled Code Execution in Tuleap Document Title Cross Site Scripting Vulnerability in BigBlueButton Remote Code Execution in BigBlueButton via Malicious Username Exposure of Message Bus Credentials in EdgeX Foundry Unauthenticated Information Leakage in GLPI Native Inventory Inadvertent Exposure of Authorization Headers in NestJS Proxy Null Pointer Dereference in netvsc_get_ethtool_stats() NestJS Proxy Vulnerability: Unintended Exposure of Sensitive Cookies World-writable files vulnerability in Octopoller gem version 0.2.0 World-writable files vulnerability in Octokit gem versions 4.23.0 and 4.24.0 DoS Vulnerability in KubeEdge ServiceBus Server Denial of Service (DoS) vulnerability in KubeEdge Cloud AdmissionController DoS Vulnerability in KubeEdge CloudHub Module KubeEdge CloudCore UDS Server Nil-Pointer Dereference Vulnerability KubeEdge CSI Driver Controller Server Denial of Service Vulnerability KubeEdge CloudCore Router Denial of Service Vulnerability KubeEdge Denial of Service Vulnerability Unchecked Return Value in kfd_parse_subtype_iolink Vulnerability DoS Vulnerability in KubeEdge WSClient Vulnerability in HTTP::Daemon Allows for Privileged Access and Cache Poisoning SQL Injection Vulnerability in glpi-inventory-plugin Certificate Validation Bypass in Parse Server Apple Game Center Auth Adapter Arbitrary Code Execution Vulnerability in LDAP Account Manager (LAM) Versions Prior to 8.0 Clear text storage of LDAP user credentials in session files Remote Code Execution Vulnerability in LDAP Account Manager (LAM) Prior to 8.0 LAM LDAP Account Manager Remote Code Execution Vulnerability LDAP Account Manager (LAM) User Enumeration Vulnerability Improper Handling of Invalid File Requests in Parse Server Null Pointer Dereference in vp3_decode_frame of FFmpeg Package Vulnerability: Authorization Header Leakage in Guzzle HTTP Client Sensitive Information Disclosure in Guzzle HTTP Client Improper SQL Quoting in Pimcore Listing Classes NextAuth.js Authentication Bypass via Invalid callbackUrl Parameter JavaScript Execution Vulnerability in ScratchTools Recently Viewed Projects Feature Vulnerability: Information Exposure in discourse-chat Plugin User Authentication Bypass and Unauthorized Access in Discourse Platform Stored Cross-Site Scripting Vulnerability in Grafana's Unified Alerting Feature Vulnerability in Weave GitOps Allows Unauthorized Access to Sensitive Cluster Configurations Stack Overflow Vulnerability in rulex Expression Parsing Null Pointer Dereference in _rtw_init_xmit_priv Denial of Service Vulnerability in rulex Expression Parsing SQL Injection Vulnerability in Prestashop Blockwishlist Extension Cross-Site Scripting (XSS) Vulnerability in Argo CD with SSO Enabled Denial of Service Vulnerability in lettersanitizer Vulnerability in Wasmtime's Implementation of SIMD Proposal for WebAssembly on x86_64 Improper Certificate Validation Vulnerability in Argo CD Prototype Pollution Vulnerability in underscore.deep Account Takeover Vulnerability in Grafana OAuth Login Arbitrary CSS Injection and Information Disclosure in Mermaid Potential XSS and URL poisoning vulnerability in Laminas-Diactoros Unreleased IRQ Resource in Linux Kernel's WM8350 Power Supply Driver Denial of Service Vulnerability in RSSHub Incorrect Truncation Implementation in Frontier's Ethereum Compatibility Layer Vulnerability: Exposing Protected Fields in Parse Server LiveQuery Cross-Site Scripting Vulnerability in Canarytokens History Page Unsafe Deserialization in opensearch-ruby 2.0.0 and prior versions Improper Decoding of Surrogate Characters in UltraJSON Double Free Vulnerability in UltraJSON 5.3.0 and earlier versions Brute Force Vulnerability in Nextcloud Server's Federated Sharing Nextcloud Mail Vulnerability: Passwords Logged to Disk Null Pointer Dereference in amvdec_set_canvases Incomplete Logging of Federated Share Events in Nextcloud Server Orderer Node Crash Vulnerability in Hyperledger Fabric Token Recipient Confusion Vulnerability in Wire Server Bypass in Plugin Signature Verification in Grafana OpenSSH_key_parser Vulnerability: Exposing Raw Field Values Authentication Bypass Vulnerability in Roxy-wi Remote Code Execution Vulnerability in Roxy-wi HTML Injection in NextAuth.js Signin Endpoint Unauthenticated Branch Creation Vulnerability in Tuleap Vulnerability: (Re)DoS Attacks in Moment.js Date Parsing Null Pointer Dereference in mtk_vcodec_fw_vpu_init() Function Authentication Token Leakage in Grafana Missing user account ownership checks in Nextcloud Mail app prior to 1.12.2 could expose mail attachments to incorrect system users Unrestricted Access to CSS Minifier in Nextcloud Mail Leads to SSRF Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in HumHub Zulip Server 2.1.0 and above Vulnerability: Unauthorized Access to Private Attachment Contents Denial of Service Vulnerability in Akashi Server Implementation Cross-Site Scripting Vulnerabilities in Bookwyrm Versions Prior to 0.4.1 Remote Code Execution Vulnerability in Roxy-WI (Versions prior to 6.1.1.0) Extended Privilege Vulnerability in mailcow-dockerized version 2022-06a and earlier Unrestricted Access to UnsafeAccessor Null Pointer Dereference in imx_register_uart_clocks Information Disclosure Vulnerability in Valinor Library (CVE-XXXX-XXXX) Insecure Use of crypto.timingSafeEqual in @fastify/bearer-auth Prior to Versions 7.0.2 and 8.0.1 Exposure of Private Information in GLPI Setup Heap Overflow Vulnerability in Redis XAUTOCLAIM Command (CVE-2021-29477) Token Expiration Bypass Vulnerability in FlyteAdmin Use-after-free vulnerability in Wasmtime's Cranelift code generator Regular Expression Denial of Service (ReDoS) in jQuery Validation Plugin (jquery-validation) prior to 1.19.5 Persistent XSS Vulnerability in Shopware Customer Module (Versions 5.7.0 - 5.7.13) ActivityWatch DNS Rebinding Vulnerability Null Pointer Dereference in malidp_crtc_reset() Function CRLF Injection Vulnerability in undici (versions < 5.7.1) Authorization Header Cleared on Cross-Origin Redirect, but Cookie Header Remains Uncleared Vulnerability Event Authorization Rules Vulnerability in Synapse Server Account Contracts Unusable on Live Networks Vulnerability in OpenZeppelin Contracts for Cairo v0.2.0 Authenticated User Privilege Escalation in Sourcegraph Vulnerability: Unauthorized Deletion of Saved Searches in Sourcegraph Vulnerability: Incomplete Dependency Verification in Gradle Build Tool Insufficient Cryptographic Complexity in LTI 1.3 Tool Library Nonce Generation LTI 1.3 Tool Library Nonce Claim Value Validation Vulnerability Partial-Path Traversal Vulnerability in AWS SDK for Java's downloadDirectory Method Null Pointer Dereference Vulnerability in Heimdal Software Kerberos 5 Implementation Cross-Site Scripting Vulnerability in jQuery UI Checkboxradio Widget Remote Command Execution Vulnerability in Roxy-WI OAuth Client Information Leakage in Slack Morphism Library Relative Path Traversal Vulnerability in TZInfo Ruby Library User Impersonation Vulnerability in Tovy Staff Management System (Versions prior to 0.7.51) XWiki Platform Old Core Privilege Escalation Vulnerability Vulnerability: Overwriting Rights in XWiki Platform Security Cache Incorrect Authorization Check Allows Unauthorized Privilege Escalation in Zulip Server Incorrect Division Results in Wasmtime's AArch64 Code Generator Vulnerability: Reverting Behavior in ERC165Checker Vulnerability: Reverting SignatureChecker in OpenZeppelin Contracts Uncontrolled Recursion Vulnerability in Juniper GraphQL Server Library for Rust Cross-Site Scripting Vulnerability in CKEditor 5 Packages Unauthorized File Disclosure Vulnerability in Grafana Image Renderer Plugin Information Leakage: User Enumeration in Flask-AppBuilder Unauthorized Access to Templates in eLabFTW Code Injection Vulnerability in Shescape (Versions prior to 1.5.8) Critical SQL Injection Vulnerability in Sourcecodehero ERP System Project Insufficient White Space Escaping in Shescape Package with Interpolation Option SQL Injection Vulnerability in PrestaShop Versions 1.6.0.10 - 1.7.8.7 Caching Vulnerability in Discourse's NGINX Proxy Configuration Vulnerability: Ignored Peer Certificate Verification in fs2-io on Node.js Email Activation Route Vulnerability in Discourse Allows for Mass Spam Emails Email Address Leakage Vulnerability in mprweb Hosting Platform Information Disclosure Vulnerability in NextAuth.js HTML Injection Vulnerability in GLPI's Global Search Feature Server-side Request Forgery (SSRF) Vulnerability in CVAT Versions Prior to 2.0.0 Information Disclosure Vulnerability in DSpace-JSPUI Unauthenticated Remote Code Execution in OAuth Client Single Sign On WordPress Plugin Exposure of Withdrawn Item Metadata in DSpace XMLUI XSS Vulnerability in DSpace-JSPUI Spellcheck and Autocomplete Components XSS Vulnerability in DSpace-JSPUI Request a Copy Feature Open Redirect Vulnerability in DSpace-JSPUI Controlled Vocabulary Servlet Path Traversal Vulnerability in DSpace-JSPUI Resumable Upload Implementation Path Traversal Vulnerability in DSpace ItemImportServiceImpl Server-Side Request Forgery (SSRF) Vulnerability in Databasir <= 1.06 SQL Injection Vulnerability in PostgreSQL JDBC Driver (PgJDBC) Vulnerability: Past Proposals Becoming Executable in OpenZeppelin Contracts GovernorVotesQuorumFraction Instances Netwrix Auditor User Activity Video Recording Remote Code Execution Vulnerability Critical SQL Injection Vulnerability in SourceCodester Clinics Patient Management System Cross-Site Scripting (XSS) Vulnerability in Atmail 5.62 via mail/parse.php HTML Injection Vulnerability in SoftGuard Web (SGW) before 5.1.5 Arbitrary Local File Read Vulnerability in SoftGuard Web (SGW) Export Function Cleartext Password Vulnerability in Omron PLCs Unauthenticated Password Disclosure in Omron PLCs Lack of Cryptographic Authentication in Omron SYSMAC Nx PLCs Vulnerability: Lack of Cryptographic Authentication in Omron SYSMAC Cx PLCs Arbitrary Command Execution Vulnerability in Infiray IRAY-A8Z3 1.0.957 Buffer Overflow Vulnerability in Infiray IRAY-A8Z3 Firmware Cross-Site Request Forgery Vulnerability in SourceCodester Online Employee Leave Management System 1.0 Hardcoded Credentials in Infiray IRAY-A8Z3 1.0.957 Web Application Default Blank Root Password Vulnerability in Infiray IRAY-A8Z3 1.0.957 Stack-based Buffer Over-read Vulnerability in dbus-broker Multiple NULL Pointer Dereferences in dbus-broker when Parsing Malformed XML Config File Privilege Escalation via Firejail Container Join Vulnerability Goverlan Products Vulnerability: Temporary Windows Firewall Bypass Arbitrary File Creation and Write Vulnerability in Drive Composer Arbitrary File Creation and Write Vulnerability in Drive Composer Arbitrary File Creation and Write Vulnerability in Drive Composer Arbitrary File Creation and Write Vulnerability in Drive Composer SQL Injection Vulnerability in SourceCodester Clinics Patient Management System 1.0 Unchecked Return Value Vulnerability in Dell BIOS Versions Dell BIOS Information Exposure Vulnerability: Unauthorized Access to Sensitive System Information Dell BIOS Vulnerability: Missing Release of Resource after Effective Lifetime Dell BIOS Improper Neutralization of Null Byte Vulnerability Voltage and Clock Glitches Exploit: Dell BIOS Vulnerability Allows System Behavior Manipulation Unchecked Return Value Vulnerability in Dell BIOS Versions Dell BIOS Stack-based Buffer Overflow Vulnerability Allows Arbitrary Code Execution Bruteforce Vulnerability in Dell EMC XtremIO Prior to X2 6.4.0-22 Allows Unauthorized Access to Admin Account Dell PowerScale OneFS Information Disclosure Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in splitbrain/dokuwiki prior to 2022-07-31a Vulnerability: Broken Cryptographic Algorithm in Dell PowerScale OneFS Command-Injection Vulnerability in SmartFabric Storage Software Version 1.0.0 Privilege Escalation Vulnerability in Unisphere for PowerMax Dell EMC PowerStore Manager GUI Password Brute-Force Vulnerability Improper Preservation of Permissions Vulnerability in Dell PowerScale OneFS SyncIQ Dell PowerScale OneFS CLI Information Disclosure Vulnerability Sensitive Data Disclosure in Dell PowerScale OneFS Log Files Arbitrary File Manipulation Vulnerability in Frontend File Manager Plugin for WordPress TOCTOU Attack Vulnerability in FvbServicesRuntimeDxe Driver Nokia OneNDS 17r2 Privilege Escalation Vulnerability Remote Command Injection and Privilege Escalation in mailcow (before 2022-05d) via --debug and --PIPEMESS Options in Sync Jobs File Inclusion and Denial of Service Vulnerability in Electrum Payment Request Handling Improper Authorization Vulnerability in SUSE Rancher Allows Unauthorized Project Ownership Observable Response Discrepancy Vulnerability in SUSE Manager Server's spacewalk-java OS Command Injection Vulnerability in SUSE Rancher Wrangler Arbitrary File Upload and Remote Code Execution Vulnerability in Frontend File Manager Plugin for WordPress Local Privilege Escalation Vulnerability in keylime of openSUSE Tumbleweed Privilege Escalation Vulnerability in openSUSE Factory Slurm Testsuite Packaging Incorrect Authorization Vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5 and openSUSE Leap 15.3/15.4/Leap Micro 5.2 Untrusted Search Path Vulnerability in openldap2 of openSUSE Factory Allows Local Privilege Escalation Incorrect Default Permissions Vulnerability in rmt-server-regsharing Service Improper Path Traversal Vulnerability in SUSE Manager Server Local Privilege Escalation via Improper Link Resolution in sendmail systemd Service Password Bypass Vulnerability in Mendix Applications Privilege Escalation via OMD Hook Symlink in Checkmk Bypassing Access Control in beego Route Lookup Process CSRF Vulnerability in Frontend File Manager Plugin WordPress Plugin CSV Export of Collection Metadata in Montala ResourceSpace SAML XXE Vulnerability in Morpheus GOG Galaxy 2.0.46 Local Privilege Escalation Vulnerability Bypass of E-mail Restrictions in Mastodon before 3.5.0 Integer Overflow and Panic Vulnerability in Solana solana_rbpf (<=0.2.29) via Invalid ELF Program Headers Remote Code Execution Vulnerability in Wargaming World of Warships Replay Feature Email Address Change Vulnerability in ILIAS Privilege Escalation via Control Character Injection in Gitblit 1.9.2 Path Traversal Vulnerability in Gitblit 1.9.3 Allows Unauthorized Access to Website Files Nortek Linear eMerge E3-Series Devices Vulnerability: Unauthorized Access to Building Doors Stored Cross-site Scripting (XSS) Vulnerability in jgraph/drawio GitHub Repository (prior to 20.2.8) Brute-Force Attack Vulnerability in TopIDP3000 Topsec Operating System Replay Attack Vulnerability in Xiaomi Lamp 1 v2.0.4_0066 Allows Unauthorized Control Stored Cross-Site Scripting Vulnerability in Donation Thermometer WordPress Plugin Segmentation Violation Vulnerability in Bento4 MP4Dump v1.2 Memory Allocation Vulnerability in Bento4 1.2 Allocation Size Request Error in Bento4 v1.2: /Ap4RtpAtom.cpp Vulnerability Unrestricted Upload Vulnerability in codeprojects Online Driving School Cross-Site Scripting (XSS) Vulnerability in Known v1.2.2+2020061101 Double Free Vulnerability in dlt_config_file_parser.c of dlt-daemon v2.18.8 Arbitrary User Account Creation and Modification Vulnerability in Online Discussion Forum Site 1 Arbitrary Post Deletion Vulnerability in Online Discussion Forum Site 1 Blind SQL Injection Vulnerability in Online Discussion Forum Site 1 Cross-Site Scripting Vulnerability in Haraj v3.7 Ads Comment Section Reflected Cross-Site Scripting (XSS) Vulnerability in Haraj v3.7 User Upgrade Form Critical SQL Injection Vulnerability in codeprojects Online Driving School Cross-Site Scripting Vulnerability in Haraj v3.7 DM Section Component Stored XSS Vulnerability in Haraj v3.7 Post Ads Component Stored XSS Vulnerability in Maccms8 via Server Group Text Field Stored XSS Vulnerability in Maccms10 via Server Group Text Field Segmentation Violation Vulnerability in Nginx NJS v0.7.2 Segmentation Violation Vulnerability in Nginx NJS v0.7.2 Information Disclosure Vulnerability in WAVLINK AERIAL X 1200M M79X3.V5030.191012 Router Information Disclosure Vulnerability in WAVLINK AERIAL X 1200M M79X3.V5030.180719 Router SQL Injection Vulnerability in Search Logger WordPress Plugin Arbitrary Command Execution Vulnerability in WAVLINK AERIAL X 1200M M79X3.V5030.180719 Code Execution Backdoor in api-res-py Package Cross-Site Scripting Vulnerability in Goolytics WordPress Plugin Directory Enumeration and Denial of Service (DoS) Vulnerability in Bolt 5.1.7 Privilege Escalation Vulnerability in Penta Security Systems WAPPLES v6.0 r3 4.10-hotfix1 Arbitrary File Download Vulnerability in Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 SQL Injection Vulnerability in ChurchCRM 4.4.5 via 'PersonID' Field in /churchcrm/WhyCameEditor.php SQL Injection Vulnerability in Online Ordering System By janobe 2.3.2 SQL Injection Vulnerability in Online Ordering System By janobe 2.3.2 SQL Injection Vulnerability in Online Ordering System By janobe 2.3.2 via /ordering/admin/orders/loaddata.php OS Command Injection in jgraph/drawio prior to 20.3.0 SQL Injection Vulnerability in Online Ordering System 2.3.2 SQL Injection Vulnerability in Online Ordering System 2.3.2 via /ordering/admin/stockin/loaddata.php SQL Injection Vulnerability in Online Ordering System 2.3.2 via /ordering/admin/category/index.php?view=edit&id= SQL Injection Vulnerability in Online Ordering System 2.3.2 SQL Injection Vulnerability in Simple Inventory System v1.0's /inventory/login.php Critical Use After Free Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) SQL Injection Vulnerability in Simple Inventory System v1.0 via /inventory/table_edit_ajax.php File Deletion Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 via /ocwbs/classes/Master.php?f=delete_service SQL Injection Vulnerability in Online Car Wash Booking System v1.0 via /ocwbs/classes/Master.php?f=delete_vehicle SQL Injection Vulnerability in Online Car Wash Booking System v1.0 Stored Cross-Site Scripting Vulnerability in SEO Smart Links WordPress Plugin SQL Injection Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 SQL Injection Vulnerability in Online Car Wash Booking System v1.0 via /ocwbs/classes/Master.php?f=get_vehicle_service SQL Injection Vulnerability in Online Ordering System v2.3.2 via /ordering/index.php?q=category&search= SQL Injection Vulnerability in Online Ordering System v2.3.2 SQL Injection Vulnerability in Online Ordering System v2.3.2 via /ordering/admin/inventory/index.php?view=edit&id= Reflected Cross-Site Scripting (XSS) Vulnerability in Proxmox Virtual Environment Prior to v7.2-3 Stored Cross-Site Scripting Vulnerability in Social Rocket WordPress Plugin SQL Injection Vulnerability in Docebo Community Edition v4.0.5 and Below (Unsupported Versions) Arbitrary File Upload Vulnerability in Unsupported Docebo Community Edition Versions Cypress Bluetooth Mesh SDK Buffer Overflow Vulnerability Cypress Bluetooth Mesh SDK Buffer Overflow Vulnerability Arbitrary Code Execution via Crafted UNL File in EVE-NG 2.0.3-112 Community Hidden Attribute Exposure in Strapi Admin API Responses Stored Cross-Site Scripting Vulnerability in Taskbuilder WordPress Plugin Path Traversal Vulnerability in Wiris Mathtype v7.28.0's resourceFile Parameter Cross-Site Scripting (XSS) Vulnerability in SolarView Compact v6.0 via Solar_AiConf.php Arbitrary File Upload Vulnerability in SolarView Compact 6.0 Allows Remote Code Execution Cross-site Scripting (XSS) Vulnerability in GitHub Repository jgraph/drawio prior to 20.3.0 SQL Injection Vulnerability in Directory Management System v1.0 SQL Injection Vulnerability in Directory Management System v1.0 via editid Parameter SQL Injection Vulnerability in Directory Management System v1.0 via fullname parameter in add-directory.php Arbitrary URL Injection Vulnerability in nbnbk CMS 3 getFileBinary Function Stored Cross-Site Scripting Vulnerability in We're Open! WordPress Plugin Server-Side Request Forgery (SSRF) Vulnerability in Jizhicms v2.2.5 via Update Function in app/admin/c/TemplateController.php Server-Side Request Forgery (SSRF) Vulnerability in Jizhicms v2.2.5 via Index Function in app/admin/c/PluginsController.php Uncontrolled max_header_list_size in Hyperium Hyper before 0.14.19 enables HTTP2 attacks Directory Traversal Vulnerability in Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 Cross-Site Scripting (XSS) Vulnerability in Helpdeskz v2.0.2 Allows Arbitrary Code Execution via Email Name Field Arbitrary Script Execution via LibreOffice Office URI Schemes Cross-Site Scripting (XSS) Vulnerability in Helpdeskz v2.0.2 - Arbitrary Code Execution via Email Name Field Cross-Site Scripting (XSS) Vulnerability in ITOP v3.0.1 via /itop/webservices/export-v2.php Cross-Site Scripting (XSS) Vulnerability in ITOP v3.0.1 via /itop/pages/ajax.render.php Cleartext Password Storage in MV iDigital Clinic Enterprise (iDCE) 1.0 Authenticated SQL Injection in Translate Multilingual sites WordPress Plugin Buffer Overflow Vulnerability in D-Link DIR-1960 Firmware DIR-1960_A1_1.11 via srtcat in prog.cgi SQL Injection Vulnerability in Online Fire Reporting System v1.0 SQL Injection Vulnerability in NEX-Forms WordPress Plugin Timing Attacks via Unsafe Comparator in Wildfly-Elytron Stored Cross-Site Scripting Vulnerability in Wordfence Security Plugin for WordPress (up to version 7.6.0) Remote Code Execution (RCE) Vulnerability in Tenda AC18 Router V15.03.05.19 and V15.03.05.05 via Mac Parameter at ip/goform/WriteFacMac Magicpin v3.4 XML External Entity (XXE) Injection Vulnerability via Crafted SVG File Open Redirect Vulnerability in Okta OIDC Middleware Cross-Site Scripting (XSS) Vulnerability in Yii 2 v2.0.45 via /books Endpoint Truedesk v1.2.2 XSS Vulnerability: Arbitrary Script Execution via User Chat Box Cross-Site Scripting (XSS) Vulnerability in Truedesk v1.2.2 via Crafted Team Name Parameter Directory Traversal Vulnerability in RTX TRAP v1.0 via /data/ Endpoint Host Header Poisoning Vulnerability in RTX TRAP v1.0 Vulnerability: Passcode Hash Retrieval via Bluetooth in Owl Labs Meeting Owl 5.2.0.15 Insecure Default Configuration in tripleo-ansible Allows Information Disclosure Vulnerability in Owl Labs Meeting Owl 5.2.0.15: Unauthorized Activation of Tethering Mode with Hard-coded Credentials Vulnerability: Deactivation of Passcode Protection in Owl Labs Meeting Owl 5.2.0.15 Backdoor Password Vulnerability in Owl Labs Meeting Owl 5.2.0.15 Allows Unauthorized Device Control Lack of Bluetooth Command Password Requirement in Owl Labs Meeting Owl 5.2.0.15 Privilege Escalation Vulnerability in Adaware Protect v1.2.439.4251 Improper Access Rights and Privilege Escalation Vulnerability in Xpedition Designer VX.2.x TOCTOU Privilege Escalation Vulnerability in Quick Heal Total Security DLL Hijacking Vulnerability in Quick Heal Total Security Cross-Site Scripting (XSS) Vulnerability in OX App Suite 8.2 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.6 via Deep Link JPEG Image Resource Exhaustion Vulnerability in Mattermost 7.0.x and Earlier Arbitrary JavaScript Code Execution and Mailbox Content Retrieval via XSS in Axigen Mobile WebMail XML External Entity (XXE) Vulnerability in untangle Library Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 - Remote Authenticated Data Leakage Vulnerability Directory Traversal Vulnerability in iApps Allows Bypass of Appliance Mode Restrictions Critical Directory Traversal Vulnerability in iThemes BackupBuddy Plugin (Versions 8.5.8.0 - 8.7.4.1) Authenticated Arbitrary File Read via Export Function in GiveWP Plugin Improper Access Control in Intel(R) SUR Software: Local Denial of Service Vulnerability Intel(R) NUC BIOS Firmware Vulnerability: Privileged User Information Disclosure via Local Access User Enumeration Vulnerability in UserTakeOver Plugin for ILIAS Remote Code Execution via Hostname Injection in HID Mercury Intelligent Controllers Cross-site Scripting (XSS) Vulnerability in GitHub Repository jgraph/drawio prior to 20.3.0 Arbitrary Firmware Upload Vulnerability in HID Mercury Intelligent Controllers Buffer Overflow Vulnerability in HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 Buffer Overflow Vulnerability in HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 Firmware Versions Prior to 1.29 Arbitrary File Upload and Remote Code Execution Vulnerability in HID Mercury Intelligent Controllers Unauthenticated Deletion of User via Network Packet in HID Mercury Intelligent Controllers Unauthenticated Remote Code Execution in HID Mercury Intelligent Controllers Command Execution Vulnerability in HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 SQL Injection Vulnerability in Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 Inout Blockchain AltExchanger 1.2.1 - SQL Injection in marketcurrency Parameter Inout Blockchain AltExchanger 1.2.1 - SQL Injection via inoutio_language Cookie CSRF and Stored XSS Vulnerabilities in WP Custom Cursors WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in LibreHealth EHR Base 2.0.0 via Username Field Cross-Site Scripting (XSS) Vulnerability in LibreHealth EHR Base 2.0.0's acl_admin.php Cross-Site Scripting (XSS) Vulnerability in LibreHealth EHR Base 2.0.0's gacl/admin/acl_admin.php Action Cross-Site Scripting (XSS) Vulnerability in LibreHealth EHR Base 2.0.0's gacl/admin/acl_admin.php return_page Incorrect Access Control in LibreHealth EHR Base 2.0.0: Unauthorized Access to manage_site_files.php LibreHealth EHR Base 2.0.0 - Patient XSS Vulnerability in finder_navigation.php Cross-Site Scripting (XSS) Vulnerability in LibreHealth EHR Base 2.0.0's patient_match_dialog.php Command Injection Vulnerability in Nortek Linear eMerge E3-Series Devices SQL Injection Vulnerability in WP Custom Cursors WordPress Plugin Improper Filesystem Permissions in KNIME Analytics Platform Installer Absolute Path Traversal Vulnerability in ChaoticOnyx/OnyxForum Repository Absolute Path Traversal Vulnerability in operatorequals/wormnest Repository GitHub Orchest Repository Absolute Path Traversal Vulnerability Absolute Path Traversal Vulnerability in ChangeWeDer/BaiduWenkuSpider_flaskWeb Repository Absolute Path Traversal Vulnerability in cheo0/MercadoEnLineaBack Repository Absolute Path Traversal Vulnerability in cmusatyalab/opendiamond Repository Absolute Path Traversal Vulnerability in ganga-devs/ganga Repository Absolute Path Traversal Vulnerability in idayrus/evoting Repository Absolute Path Traversal Vulnerability in iedadata/usap-dc-website Repository CSRF Vulnerability in WP Custom Cursors WordPress Plugin Absolute Path Traversal Vulnerability in sergeKashkin/Simple-RAT Repository GitHub Repository Absolute Path Traversal Vulnerability in AFDudley/equanimity Path Traversal Vulnerability in Atom02/flask-mvc Repository Absolute Path Traversal Vulnerability in BolunHan/Krypton Repository Absolute Path Traversal Vulnerability in Caoyongqi912/Fan_Platform Repository GitHub Repository Absolute Path Traversal Vulnerability in Delor4/CarceresBE Absolute Path Traversal Vulnerability in Harveyzyh/Python Repository Absolute Path Traversal Vulnerability in HolgerGraef/MSM Repository Absolute Path Traversal Vulnerability in JustAnotherSoftwareDeveloper/Python-Recipe-Database Repository Absolute Path Traversal Vulnerability in Lukasavicus/WindMill Repository Unverified Password Change Vulnerability in GitHub Repository phpfusion/phpfusion prior to 9.10.20 Path Traversal Vulnerability in Luxas98/logstash-management-api Repository Absolute Path Traversal Vulnerability in Niyaz-Mohamed/mosaic Repository Absolute Path Traversal Vulnerability in NotVinay/karaokey Repository Absolute Path Traversal Vulnerability in PaddlePaddle/Anakin Repository Absolute Path Traversal Vulnerability in PureStorage-OpenConnect/swagger Repository Absolute Path Traversal Vulnerability in SummaLabs/DLS Repository Absolute Path Traversal Vulnerability in ThundeRatz/ThunderDocs Repository Absolute Path Traversal Vulnerability in Wildog/flask-file-server Repository GitHub Repository: Absolute Path Traversal Vulnerability in bam_annotation_tool Absolute Path Traversal Vulnerability in cinemaproject/monorepo Repository NULL Pointer Dereference Vulnerability in vim/vim Absolute Path Traversal Vulnerability in csm-aut/csm Repository Absolute Path Traversal Vulnerability in dainst/cilantro Repository Absolute Path Traversal Vulnerability in dankolbman/travel_blahg Repository Absolute Path Traversal Vulnerability in Decentraminds/Umbral Repository Absolute Path Traversal Vulnerability in echoleegroup/PythonWeb Repository Absolute Path Traversal Vulnerability in freefood89/Fishtank Repository Absolute Path Traversal Vulnerability in jaygarza1982/ytdl-sync Repository Absolute Path Traversal Vulnerability in jmcginty15/Solar-system-simulator Repository Absolute Path Traversal Vulnerability in joaopedro-fg/mp-m08-interface Repository GitHub Repository Absolute Path Traversal Vulnerability in kotekan/kotekan (2021.11) CSRF Vulnerability in Woo Billingo Plus, Integration for Billingo & Gravity Forms, and Integration for Szamlazz.hu & Gravity Forms WordPress Plugins Absolute Path Traversal Vulnerability in kumardeepak/hin-eng-preprocessing Repository Absolute Path Traversal Vulnerability in lyubolp/Barry-Voice-Assistant Repository Absolute Path Traversal Vulnerability in mandoku/mdweb Repository Absolute Path Traversal Vulnerability in maxtortime/SetupBox Repository Absolute Path Traversal Vulnerability in Flask send_file Function in meerstein/rbtm Repository Path Traversal Vulnerability in ml-inory/ModelConverter Repository Absolute Path Traversal Vulnerability in nlpweb/glance Repository Absolute Path Traversal Vulnerability in noamezekiel/sphere GitHub Repository Absolute Path Traversal Vulnerability in nrlakin/homepage Repository Absolute Path Traversal Vulnerability in olmax99/helm-flask-celery Repository Unauthenticated Execution of Email Attachments in Thunderbird on macOS Absolute Path Traversal Vulnerability in olmax99/pyathenastack Repository Absolute Path Traversal Vulnerability in pleomax00/flask-mongo-skel Repository Absolute Path Traversal Vulnerability in project-anuvaad/anuvaad-corpus Repository Absolute Path Traversal Vulnerability in rainsoupah/sleep-learner Repository Absolute Path Traversal Vulnerability in rohitnayak/movie-review-sentiment-analysis Repository Absolute Path Traversal Vulnerability in Romain20100/NurseQuest Repository Absolute Path Traversal Vulnerability in rusyasoft/TrainEnergyServer Repository Absolute Path Traversal Vulnerability in seveas/golem Repository Absolute Path Traversal Vulnerability in tooxie/shiva-server Repository Absolute Path Traversal Vulnerability in tsileo/flask-yeoman Repository Remote Code Execution Vulnerability in Rockwell Automation Studio 5000 Logix Emulate Software Absolute Path Traversal Vulnerability in uncleYiba/photo_tag Repository Absolute Path Traversal Vulnerability in varijkapil13/Sphere_ImageBackend Repository Absolute Path Traversal Vulnerability in waveyan/internshipsystem Repository Absolute Path Traversal Vulnerability in whmacmac/vprj Repository Absolute Path Traversal Vulnerability in woduq1414/munhak-moa Repository Absolute Path Traversal Vulnerability in yogson/syrabond Repository Absolute Path Traversal Vulnerability in DSAB-local/DSAB Repository Absolute Path Traversal Vulnerability in DSABenchmark/DSAB Repository Absolute Path Traversal Vulnerability in Rexians/rex-web Repository Rockwell Automation Controllers: Major Non-Recoverable Fault and Denial-of-Service Vulnerability Absolute Path Traversal Vulnerability in adriankoczuruek/ceneo-web-scrapper Repository Absolute Path Traversal Vulnerability in akashtalole/python-flask-restful-api Repository Absolute Path Traversal Vulnerability in ceee-vip/cockybook Repository Absolute Path Traversal Vulnerability in chainer/chainerrl-visualizer Repository Absolute Path Traversal Vulnerability in deepaliupadhyay/RealEstate Repository Absolute Path Traversal Vulnerability in duducosmos/livro_python Repository Absolute Path Traversal Vulnerability in heidi-luong1109/shackerpanel Repository Path Traversal Vulnerability in longmaoteamtf/audio_aligner_app Repository Absolute Path Traversal Vulnerability in piaoyunsoft/bt_lnmp Repository Absolute Path Traversal Vulnerability in ralphjzhang/iasset Repository Input Validation Vulnerability in Rockwell Automation FactoryTalk VantagePoint Allows Remote Code Execution Absolute Path Traversal Vulnerability in sanojtharindu/caretakerr-api Repository Absolute Path Traversal Vulnerability in scorelab/OpenMF Repository Absolute Path Traversal Vulnerability in shaolo1/VideoServer Repository Absolute Path Traversal Vulnerability in sravaniboinepelli/AutomatedQuizEval Repository Absolute Path Traversal Vulnerability in stonethree/s3label Repository Absolute Path Traversal Vulnerability in umeshpatil-dev/Home__internet Repository GitHub Repository Absolute Path Traversal Vulnerability in unizar-30226-2019-06/ChangePop-Back Absolute Path Traversal Vulnerability in yuriyouzhou/KG-fashion-chatbot Repository GitHub Repository Path Traversal Vulnerability in zippies/testplatform Improper Authorization Check in Israeli File from SHAAM Program Allows Unauthorized Data Access Stack-Based Buffer Overflow Vulnerability in APDFL.dll SAP PowerDesigner Proxy Local Privilege Escalation Vulnerability Unquoted Path Vulnerability in SAP BusinessObjects BW Publisher Service Insufficient Authorization Checks in SAP Enterprise Extension Defense Forces & Public Security Code Injection Vulnerability in SAP Business One Client Version 10.0 SUID-root Privilege Escalation Vulnerability on Local Unix Systems Privilege Escalation Vulnerability in SAP Financial Consolidation 1010 Vulnerability: Unauthorized Access and Modification of System Data in SAP BusinessObjects Business Intelligence Platform Insufficient Authorization Checks in SAP S/4HANA Business Partner Extension for Spain/Slovakia Insufficient Input Validation in SAP Business Objects 4.2.0 Allows Unauthorized Information Access and Modification Uninitialized Pointer Vulnerability in NVIDIA DGX A100 SBIOS: Code Execution, Privilege Escalation, DoS, and Information Disclosure APDFL.dll Out-of-Bounds Write Vulnerability Vulnerability in NVIDIA DGX A100 SBIOS: Integer Overflow and Chain Exploitation Vulnerability in NVIDIA DGX A100 SBIOS: Out-of-Bounds Write and Code Execution Vulnerability in NVIDIA DGX A100 SBIOS: Out-of-Bounds Write Exploit Vulnerability in NVIDIA DGX A100 SBIOS: Improper Validation of Array Index in IpSecDxe Untrusted Data Deserialization Vulnerability in NVFLARE (versions prior to 2.1.2) Untrusted YAML Deserialization in NVFLARE (versions prior to 2.1.2) Allows Remote Code Execution and DoS NVIDIA GPU Display Driver for Windows Kernel Mode Layer Out-of-Bounds Access Vulnerability Vulnerability in NVIDIA GPU Display Driver for Linux: Local Privilege Escalation and Denial of Service Vulnerability in NVIDIA GPU Display Driver for Linux: Local User Privilege Escalation and Code Execution via D-Bus Configuration File Unauthorized Resource Allocation Vulnerability in NVIDIA vGPU Software Memory Corruption Vulnerability in APDFL.dll Parsing Specially Crafted PDF Files Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Windows Uncontrolled Search Path Vulnerability in NVIDIA GeForce Experience Installer NVIDIA GPU Display Driver for Windows: Out-of-Bounds Read Vulnerability in nvlddmkm.sys NVIDIA GPU Display Driver for Windows Null-Pointer Dereference Vulnerability Double-Free Vulnerability in NVIDIA vGPU Software: Exploiting Resource Management Flaw for DoS, Code Execution, and Info Disclosure NVIDIA GPU Display Driver for Linux: Local User Denial of Service Vulnerability NVIDIA GPU Display Driver for Windows: Out-of-Bounds Read Vulnerability in nvlddmkm.sys NVIDIA GPU Display Driver for Windows Kernel Mode Layer Out-of-Bounds Read Vulnerability Null Pointer Dereference Vulnerability in NVIDIA vGPU Software Default Hardcoded Credentials in Teamcenter Java EE Server Manager HTML Adaptor Vulnerability Unauthorized Access to Custom Resources in Shared API Group Out-of-Bounds Array Access Vulnerability in libjpeg Denial of Service Vulnerability in MariaDB Server 10.7 and Earlier Denial of Service Vulnerability in MariaDB Server 10.7 and Earlier Denial of Service Vulnerability in MariaDB Server 10.7: Deadlock Due to Incorrect Lock Release Denial of Service Vulnerability in MariaDB Server 10.7: Deadlock in log_statement_ex Method Uninitialized Data Pointer Vulnerability in PHP Postgres Database Extension Buffer Overflow Vulnerability in PHP pdo_mysql Extension with mysqlnd Driver Heap Corruption Vulnerability in PHP versions 8.1.x below 8.1.8 Recursive Uncompression Vulnerability in PHP Phar Uncompressor Insecure Cookie Handling in PHP Versions Before 7.4.31, 8.0.24, and 8.1.11 Buffer Overflow Vulnerability in imageloadfont() Function in PHP's GD Extension BIOS TOCTOU Vulnerabilities in HP PC Products: Risk of Code Execution, Privilege Escalation, DoS, and Information Disclosure BIOS TOCTOU Vulnerabilities in HP PC Products: Risk of Code Execution, Privilege Escalation, DoS, and Information Disclosure BIOS TOCTOU Vulnerabilities in HP PC Products: Risk of Code Execution, Privilege Escalation, DoS, and Information Disclosure BIOS TOCTOU Vulnerabilities in HP PC Products: Risk of Code Execution, Privilege Escalation, DoS, and Information Disclosure BIOS TOCTOU Vulnerabilities in HP PC Products: Risk of Code Execution, Privilege Escalation, DoS, and Information Disclosure Critical Vulnerabilities Found in HP PC BIOS: Code Execution, Privilege Escalation, DoS, and Information Disclosure Critical Vulnerabilities Found in HP PC BIOS: Code Execution, Privilege Escalation, DoS, and Information Disclosure Critical Vulnerabilities Found in HP PC BIOS: Code Execution, Privilege Escalation, DoS, and Information Disclosure HP PC BIOS Vulnerability: Mitigation Firmware Updates Released Critical Vulnerabilities Found in HP PC BIOS: Code Execution, Privilege Escalation, DoS, and Information Disclosure Critical Vulnerabilities Found in HP PC BIOS: Code Execution, Privilege Escalation, DoS, and Information Disclosure Critical Vulnerabilities Found in HP PC BIOS: Code Execution, Privilege Escalation, DoS, and Information Disclosure Arbitrary File Deletion Vulnerability in Docker Desktop on Windows Reflected Cross-Site Scripting (XSS) Vulnerability in Talend Administration Center SSO Login Endpoint Sensitive Information Exposure in ownCloud Core QEMU VNC Server Integer Underflow Denial of Service Vulnerability Floating-Point Exception Vulnerability in SoX 14.4.2 Assertion Failure in rate_init in libsox.a Stored Cross-Site Scripting Vulnerability in VMware vRealize Log Insight Stored Cross-Site Scripting Vulnerability in VMware vRealize Log Insight (Versions Prior to 8.8.2) Authentication Bypass Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation URL Injection Vulnerability in VMware Workspace ONE Access and Identity Manager Remote Code Execution Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager Denial-of-Service Vulnerability in Rockwell Automation Micrologix 1100 and 1400 Controllers Privilege Escalation Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Privilege Escalation Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Path Traversal Vulnerability in VMware Workspace ONE Access, Identity Manager, Connectors, and vRealize Automation Reflected Cross-Site Scripting (XSS) Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Privilege Escalation Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation Critical Remote Code Execution Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation UI Layer or Frame Restriction Vulnerability in GitHub Repository ikus060/rdiffweb (prior to 2.4.1) Privilege Escalation Vulnerability in VMware vRealize Operations VMware vRealize Operations Information Disclosure and Remote Code Execution Vulnerability Information Disclosure Vulnerability in VMware vRealize Operations Authentication Bypass Vulnerability in VMware vRealize Operations: Unauthorized Administrative User Creation Local Privilege Escalation Vulnerability in VMware Tools Insufficient Session Expiration in Pinniped Supervisor Allows Unauthorized Session Extension XML External Entity (XXE) Vulnerability in VMware Cloud Foundation (NSX-V) HTTP PATCH Vulnerability in Spring Data REST Unsafe Deserialization Vulnerability in vCenter Server's PSC Allows Arbitrary Code Execution Null-Pointer Dereference Vulnerability in VMware ESXi Allows for Denial of Service Arbitrary File Read Vulnerability in VMware Aria Operations Authorization Bypass Vulnerability in Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) Reactor Netty HTTP Server Vulnerability: Access Token Exposure via Logged Headers Authentication Bypass Vulnerability in VMware Workspace ONE Assist Broken Authentication Method Vulnerability in VMware Workspace ONE Assist Broken Access Control Vulnerability in VMware Workspace ONE Assist Reflected Cross-Site Scripting (XSS) Vulnerability in VMware Workspace ONE Assist Session Fixation Vulnerability in VMware Workspace ONE Assist Linux Kernel Denial of Service Vulnerability: NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET Consecutive Request Flaw Privilege Escalation via Authorization Server Response Manipulation Remote Code Execution Vulnerability in Spring Tools 4 for Eclipse and VSCode Extensions Authorization Rules Bypass via Forward or Include Dispatcher Types in Spring Security Denial-of-Service Vulnerability in VMware Tools for Windows DLL Hijacking in InstallBuilder Qt Installers Memory Corruption Vulnerability in VMware ESXi Allows for Sandbox Escape Plaintext Password Logging Vulnerability in vCenter Server vCenter Server Denial-of-Service Vulnerability in Content Library Service Heap-Overflow Vulnerability in VMware ESXi Allows Partial Information Disclosure Linux Kernel Sound Subsystem Out-of-Bounds Access Vulnerability Important Authenticated Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager Broken Authentication Vulnerability in VMware Workspace ONE Access and Identity Manager Command Injection Vulnerability in vRealize Network Insight (vRNI) REST API Allows Unauthorized Command Execution Directory Traversal Vulnerability in vRealize Log Insight Allows Remote Code Execution Remote Code Execution Vulnerability in vRealize Log Insight Heap Out-of-Bounds Write Vulnerability in VMware USB 2.0 Controller (EHCI) Directory Traversal Vulnerability in vRealize Log Insight Allows Remote Code Execution Important Privilege Escalation Vulnerability in vRealize Operations (vROps) Moderate Severity Broken Access Control Vulnerability in vRealize Operations (vROps) Denial of Service Vulnerability in Protobuf-Java Core and Lite Versions vRealize Log Insight Unauthenticated Deserialization Denial of Service Vulnerability VMware vRealize Log Insight Information Disclosure Vulnerability Kube-apiserver Vulnerability: Aggregated API Server Redirection and Credential Exposure Authentication Bypass in GitHub Repository Snipe-IT (prior to 6.0.10) Vulnerability: Unauthorized Access to Applications without Client Certificate in Diego Cells Reflected Cross-Site Scripting Vulnerability in Cisco Catalyst 2940 Series Switches Open Redirect Vulnerability in OpenAM Consortium Edition 14.0.0 Cross-Origin Resource Size Disclosure Vulnerability WebGL Out-of-Bounds Write Vulnerability in Thunderbird and Firefox Confusion and Spoofing Vulnerability in Fullscreen Mode Exiting Windows File Download Path Manipulation Vulnerability Insecure Handling of Sensitive Cookies in GitHub Repository ikus060/rdiffweb prior to 2.4.2 Arm64 Register Allocation Vulnerability in Thunderbird and Firefox Memory Corruption Vulnerability in Thunderbird, Firefox, and Firefox ESR Timing Attack Exploitation for Cross-Origin Account Linking in WebAuthn HTML Comment Tag Incongruity Vulnerability in Firefox < 101 CSS Injection Vulnerability in Firefox ESR, Thunderbird Garbage Collector Confusion: A Vulnerability in Firefox < 101 Referrer Header Leak in Firefox for iOS: Exposing Internal URLs Memory Corruption Vulnerabilities in Firefox and Thunderbird Memory Corruption Vulnerabilities in Firefox < 101 GitHub Repository ikus060/rdiffweb Prior to 2.4.2 Missing Custom Error Page Vulnerability Kernel Emcom Module Multi-Thread Contention Vulnerability Confidentiality Breach: Missing Authorization Vulnerability in System Components Format String Vulnerability in Voice Wakeup Module: Implications for System Availability Code Implementation Vulnerability: Impact on Feature Availability Improper Permission Preservation Vulnerability in Communication Module Fingerprint Sensor Module Design Defects: A Potential Threat to Data Confidentiality API Misuse Vulnerability in Setting Module: A Threat to Data Confidentiality Race Condition Vulnerability in Kernel Module: A Threat to Data Confidentiality Uninitialized Pointer Access Vulnerability in AppLink: Impact on System Availability Use-after-free vulnerability in io_uring poll with signalfd and binder fd Screen Lock Bypass Vulnerability in Carrier-Customized USSD Services Confidentiality Impacting Vulnerability in Secure OS Module due to Configuration Defects Input Validation Vulnerability in AMS Module Allows Privilege Escalation Kernel Module Null Pointer and Out-of-Bounds Array Vulnerabilities: Impact on System Availability Privilege Escalation through Unauthorized Password Change Functionality Denial of Service Vulnerability in RUGGEDCOM and SCALANCE Devices Remote Code Execution Vulnerability in IBM CICS TX Standard and Advanced 11.1 Title: SQL Injection Vulnerability in IBM InfoSphere Information Server 11.7 Information Disclosure Vulnerability in IBM Spectrum Copy Data Management Denial of Service Vulnerability in IBM App Connect Enterprise Certified Container 4.2 MQTT Denial of Service Vulnerability in IBM MQ 8.0 and 9.x Cross-Site Request Forgery Vulnerability in IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 Cross-Site Scripting (XSS) Vulnerability in IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 XML External Entity Injection (XXE) Vulnerability in IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 Vulnerability: Server-Side Request Forgery (SSRF) Stored Cross-Site Scripting (XSS) Vulnerability in Apache Spark 3.2.1 and Earlier, and 3.3.0 Cache Poisoning Vulnerability in Apache Traffic Server HTTP/2 Header Parsing Vulnerability in Apache Traffic Server Buffer Over-read in GitHub repository gpac/gpac HTTP/2 Frame Smuggling Vulnerability in Apache Traffic Server Regular Expression Denial of Service (ReDoS) in Apache Tapestry Content Types Heap-Based Buffer Overflow in ftbench.c in FreeType Demo Programs Out-of-Bounds Write Vulnerability in Liblouis 3.21.0's compileRule Function Buffer Overflow Vulnerability in MiVoice Business and MiVoice Business Express Reflected Cross Site Scripting (XSS) Vulnerability in IdeaLMS 2022 via IdeaLMS/Class/Assessment/ PATH_INFO SQL Injection Vulnerability in IdeaTMS 2022 via PATH_INFO SQL Injection Vulnerability in IdeaLMS 2022 ChatRoom Class Access Control Remote Code Execution Vulnerability in WatchGuard Firebox and XTM Appliances Insecure Password Policies in GitHub Repository ikus060/rdiffweb prior to 2.4.2 Unauthenticated Remote Retrieval of Sensitive Authentication Server Settings in WatchGuard Firebox and XTM Appliances Privilege Escalation Vulnerability in WatchGuard Firebox and XTM Appliances Stored XSS Vulnerability in WatchGuard Firebox and XTM Appliances Management Web Interface Arbitrary File Read Vulnerability in muhttpd Arbitrary Command Execution Vulnerability in Fujitsu ETERNUS CentricStor CS8000 Control Center Arbitrary Command Execution Vulnerability in Fujitsu ETERNUS CentricStor CS8000 Control Center Heap-Based Buffer Over-Read Vulnerability in libjpeg 1.63's HierarchicalBitmapRequester::FetchRegion XSS and Session Fixation Vulnerability in Nortek Linear eMerge E3-Series 0.32-07p Devices Early Request Binding Error Handling Vulnerability in Bottle before 0.12.20 Remote Code Execution Vulnerability in ProConOS/ProConOS eCLR Remote Code Execution Vulnerability in ProConOS/ProConOS eCLR Authentication Bypass Vulnerability in CODESYS Gateway Server V2 TCP Connection Exhaustion Vulnerability in CODESYS Gateway Server V2 Unauthenticated Memory Allocation Vulnerability in CODESYS Gateway Server V2 Unprotected Transmission of Passwords in CODESYS Development System Default Password Protection Disabled in CODESYS V2 PLCWinNT and Runtime Toolkit 32 Privilege Escalation via Telnet Command Injection in SiPass Integrated AC5102 and ACC-AP Improper Input Validation Vulnerability in Trihedral VTScada 12.0.38 and Prior Stack-based Buffer Overflow in SiPass Integrated Server Application Apache HTTP Server 2.4.53 and earlier vulnerability: Bypassing IP-based Authentication via X-Forwarded-* Headers Remote Code Execution in pfSense pfBlockerNG through 2.1.4_26 via HTTP Host Header Bypassing Application Lock in Devolutions Remote Desktop Manager 2022.2.14 and Earlier Server-Side Request Forgery (SSRF) vulnerability in MonstaFTP v2.10.3 via performFetchRequest in HTTPFetcher.php iBoot-PDU Firmware Command Injection Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Kity Minder v1.3.5 Cross Directory Risk in Beego v2.0.3 and Below: Vulnerability in leafInfo.match() Function Directory Traversal Vulnerability in Dataprobe iBoot-PDU Firmware Versions Prior to 1.42.06162022 Sensitive Router Information Disclosure Vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927 Sensitive Router Information Disclosure Vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927 Information Disclosure Vulnerability in WAVLINK WN579 X3 M79X3.V5030.180719 Router Remote Code Execution Vulnerability in MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n Sensitive Data Exposure in Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Arbitrary File Upload Vulnerability in Codoforum v5.1 via Logo Change Option SQL Injection Vulnerability in Newsletter Module v3.x via zemez_newsletter_email Parameter Remote Access Vulnerability in Dataprobe iBoot-PDU Firmware Versions Prior to 1.42.06162022 Arbitrary Code Execution Vulnerability in OpenRemote XSS Vulnerability in ThingsBoard IoT Platform (Version 3.3.4.1) via Crafted Audit Log Value Unauthenticated Access to Outlet State in Dataprobe iBoot-PDU Firmware XSS Vulnerability in Trendnet IP-110wn Camera Firmware Command Injection Vulnerability in ASUS RT-N53 3.0.0.4.376.3754's apply.cgi Interface XSS Vulnerability in Trendnet IP-110wn Camera Firmware (fw_tv-ip110wn_v2) via proname Parameter in /admin/scheprofile.cgi Vulnerability: Incorrect Access Control in Netgear WNAP320 Router Firmware (Version 2.0.3) Allows Cookie Leakage via /recreate.php Privilege Escalation Vulnerability in MSI Center v1.0.41.0 SQL Injection Vulnerability in Online Fire Reporting System 1.0 via Date Parameter Unauthenticated Access to PHP Index Pages and History File Download in Dataprobe iBoot-PDU FW Versions Prior to 1.42.06162022 Insecure Direct Object Reference (IDOR) Vulnerability in Marval MSM v14.19.0.12476: Unauthorized Access to API Keys Improper Access Control Vulnerability in Marval MSM v14.19.0.12476 Allows Unauthorized Deletion of API Keys OS Command Injection Vulnerability in Marval MSM v14.19.0.12476 CSRF Vulnerability in Marval MSM v14.19.0.12476 Allows 2FA Bypass 0-Click Account Takeover Vulnerability in Marval MSM v14.19.0.12476: Unauthorized Password Modification and Privilege Escalation Session Fixation Vulnerability in osTicket Login Function Cross Site Scripting (XSS) Vulnerability in osTicket osTicket-plugins Remote Code Execution Vulnerability in Dataprobe iBoot-PDU Firmware Versions Prior to 1.42.06162022 SQL Injection Vulnerability in osTicket osTicket-plugins via getOrder Function Cross Site Scripting (XSS) Vulnerability in SourceCodester Zoo Management System 1.0 Multiple Command Injection Vulnerabilities in gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 Denial of Service Vulnerability in Wireshark Ethernet Trailer Protocol Dissector Buffer Overflow Vulnerability in Notepad++ v8.4.3 and Earlier: Crashing Application via Crafted Files Stack Overflow Vulnerability in Notepad++ v8.4.1 via Finder::add() Component Cross-Site Scripting (XSS) Vulnerability in EGT-Kommunikationstechnik UG Mediacenter v2.0 Cross Site Scripting (XSS) Vulnerability in Online Fire Reporting System v1.0 SQL Injection Vulnerability in Student Registration and Fee Payment System v1.0 via /scms/student.php Sensitive Information Exposure via Log File in Hitachi Ops Center Analyzer Cross Site Scripting (XSS) Vulnerability in Online Tutor Portal Site v1.0 SQL Injection Vulnerability in Online Discussion Forum Site v1.0 via /odfs/classes/Master.php?f=delete_team SQL Injection Vulnerability in Online Tutor Portal Site v1.0 via /otps/classes/Master.php?f=delete_team Cross Site Scripting (XSS) Vulnerability in Online Discussion Forum Site v1.0 via save_category, name parameter in Master.php Zoo Management System v1.0 XSS Vulnerability in save_animal Endpoint Client-Server Protocol Manipulation Vulnerability in ABB AC500 V2 PM5xx HTML Injection/XSS Vulnerability in ovirt-engine: Unsanitized error_description Parameter on Windows Service Accounts Home Pages Stack Overflow Vulnerability in Netgear N300 Wireless Router WNR2000v4-V1.0.0.70 via strcpy in uhttpd Arbitrary JavaScript Injection in Dokan WordPress Plugin Allows Stored XSS Attacks SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 Arbitrary File Upload Vulnerability in MCMS v5.2.8 Vulnerability: File Deletion via /rdms/classes/Master.php?f=delete_img SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 via /rdms/classes/Master.php?f=delete_team SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 via /rdms/classes/Master.php?f=delete_report Out of Bounds Write Vulnerability in Google Chrome SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 via /rdms/classes/Master.php?f=delete_respondent_type SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 via /rdms/classes/Master.php?f=delete_incident SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 Heap Corruption Exploit via Crafted PDF in Google Chrome SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 SQL Injection Vulnerability in Rescue Dispatch Management System v1.0 File Deletion Vulnerability in ChatBot App with Suggestion v1.0 SQL Injection Vulnerability in ChatBot App with Suggestion v1.0 High Severity Use After Free Vulnerability in Google Chrome PDF Handling SQL Injection Vulnerability in ChatBot App with Suggestion v1.0 SQL Injection Vulnerability in ChatBot App with Suggestion v1.0 Vulnerability: File Deletion Exploit in Online Fire Reporting System v1.0 SQL Injection Vulnerability in Online Fire Reporting System v1.0 SQL Injection Vulnerability in Online Fire Reporting System v1.0 SQL Injection Vulnerability in Online Fire Reporting System v1.0 via /ofrs/classes/Master.php?f=delete_request SQL Injection Vulnerability in Online Fire Reporting System v1.0 via /ofrs/classes/Master.php?f=delete_team SQL Injection Vulnerability in Online Fire Reporting System v1.0 via /ofrs/classes/Master.php?f=delete_inquiry Heap Corruption Vulnerability in Google Chrome PDF Reader SQL Injection Vulnerability in Online Fire Reporting System v1.0 via /ofrs/admin/?page=teams/manage_team&id= SQL Injection Vulnerability in Online Fire Reporting System v1.0 via /ofrs/admin/?page=teams/view_team&id= SQL Injection Vulnerability in Online Fire Reporting System v1.0 SQL Injection Vulnerability in Online Fire Reporting System v1.0 SQL Injection Vulnerability in Online Fire Reporting System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 Use After Free Vulnerability in Google Chrome Frames SQL Injection Vulnerability in Badminton Center Management System v1.0 via delete_product function in Master.php SQL Injection Vulnerability in Badminton Center Management System v1.0 via delete_court function in Master.php SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 via /bcms/classes/Master.php?f=delete_service SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 Heap Buffer Overflow in Google Chrome: Remote Code Execution via Crafted HTML Page SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Badminton Center Management System v1.0 SQL Injection Vulnerability in Complete Online Job Search System v1.0 SQL Injection Vulnerability in Complete Online Job Search System v1.0 Bypassing Navigation Restrictions via Crafted HTML Page in Google Chrome DevTools (CVE-2021-30563) SQL Injection Vulnerability in Complete Online Job Search System v1.0 SQL Injection Vulnerability in Complete Online Job Search System v1.0 SQL Injection Vulnerability in Complete Online Job Search System v1.0 SQL Injection Vulnerability in Complete Online Job Search System v1.0 SQL Injection Vulnerability in Complete Online Job Search System v1.0 via /eris/index.php?q=result&searchfor=byfunction SQL Injection Vulnerability in Complete Online Job Search System v1.0 via /eris/index.php?q=category&search= SQL Injection Vulnerability in Complete Online Job Search System v1.0 via /eris/index.php?q=result&searchfor=bycompany SQL Injection Vulnerability in Complete Online Job Search System v1.0 via /eris/index.php?q=result&searchfor=bytitle SQL Injection Vulnerability in Complete Online Job Search System v1.0 Arbitrary Code Execution Vulnerability in Car Rental Management System v1.0 NULL Pointer Dereference Vulnerability in JFS File System in Linux Kernel Arbitrary Code Execution Vulnerability in Car Rental Management System v1.0 SQL Injection Vulnerability in Car Rental Management System v1.0 via /car-rental-management-system/admin/manage_movement.php?id= SQL Injection Vulnerability in Car Rental Management System v1.0 via /ip/car-rental-management-system/admin/ajax.php?action=login SQL Injection Vulnerability in Car Rental Management System v1.0 via car-rental-management-system/booking.php?car_id= SQL Injection Vulnerability in Car Rental Management System v1.0 via /car-rental-management-system/admin/view_car.php?id= SQL Injection Vulnerability in Car Rental Management System v1.0 via /car-rental-management-system/admin/manage_booking.php?id= SQL Injection Vulnerability in Car Rental Management System v1.0 SQL Injection Vulnerability in Car Rental Management System v1.0 via /car-rental-management-system/admin/manage_user.php?id= Default Telnet Server with Hardcoded Credentials on ORing net IAP-420(+) Firmware 2.0m Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1 via formSetQosBand's list Parameter Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1 via fromSetRouteStatic Function Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1 via formAddMacfilterRule Stack Overflow Vulnerability in Tenda AX1806 v1.0.0.1 via formSetVirtualSer Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12 via formdelMasteraclist's items Parameter Stack Overflow Vulnerability in Tenda M3 V1.0.0.12 via formMasterMng Function Multiple Stack Overflow Vulnerabilities in Tenda M3 V1.0.0.12 via ssidList, storeName, and trademark Parameters Stack Overflow Vulnerability in Tenda M3 V1.0.0.12 via formSetAPCfg Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12 via listN Parameter NRDelegation Attack: Exploiting Non-Responsive Nameservers for DNS Denial of Service Stack Overflow Vulnerability in Tenda M3 V1.0.0.12 via formSetCfm Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12 via formGetPassengerAnalyseData Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12 via formSetAccessCodeInfo Function Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via Password Parameter in FUN_00413f80 Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via desc Parameter in FUN_00413be4 Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via desc Parameter in FUN_0041880c Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via desc Parameter in FUN_00412ef4 Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via Command Parameter in FUN_0041cc88 Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via url Parameter in FUN_00418540 XSS Vulnerability in Red Hat Ansible Automation Platform 1.2 and 2.0: Project Name Injection Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via cloneMac Parameter Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 Firmware Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via desc Parameter in FUN_004137a4 Stack Overflow Vulnerability in TOTOLINK T6 V4.1.9cu.5179_B20201015 via cloneMac Parameter in FUN_0041621c Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 LAN IP Remote Code Execution Vulnerability SQL Injection Vulnerability in Inout Homestay v2.2 via guests Parameter SQL Injection Vulnerability in Online Accreditation Management v1.0 via USERNAME Parameter at process.php Denial of Service (DoS) Vulnerability in TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 Insecure Password Storage in Passster WordPress Plugin Arbitrary Code Execution via File Upload in Snipe-IT v6.0.2 Arbitrary Code Execution Vulnerability in Snipe-IT v6.0.2's Select User Function Arbitrary File Upload Vulnerability in RuoYi v4.7.3 and Below Stored Cross-Site Scripting Vulnerability in Simple File List WordPress Plugin Integer Overflow Vulnerability in WolfSSH v1.4.7 via wolfSSH_SFTP_RecvRMDIR Stored XSS Vulnerability in osTicket-plugins - Storage-FS Component CSRF Vulnerability in Simple File List WordPress Plugin Use-After-Poison Vulnerability in MariaDB's prepare_inplace_add_virtual Function Assertion Failure in MariaDB v10.5 to v10.7: dict0dict.cc Table Reference Count Vulnerability Segmentation Fault Vulnerability in MariaDB v10.2 to v10.6.1: Item_subselect::init_expr_cache_tracker Segmentation Fault Vulnerability in MariaDB v10.2 to v10.7 via sub_select Component Segmentation Fault Vulnerability in MariaDB v10.2 to v10.7 via Item_func_in::cleanup/Item::cleanup_processor Segmentation Fault Vulnerability in MariaDB v10.4 to v10.8: Item_field::fix_outer_field Component Segmentation Fault Vulnerability in MariaDB v10.2 to v10.7 via Item_args::walk_args Component Segmentation Fault Vulnerability in MariaDB v10.2 to v10.7 Segmentation Fault Vulnerability in MariaDB v10.5 to v10.7: st_select_lex_unit::exclude_level Reflected Cross-Site Scripting (XSS) vulnerability in soledad WordPress theme before 8.2.5 Use-After-Poison Vulnerability in MariaDB v10.7's __interceptor_memset Command Injection Vulnerability in D-Link DIR-645 v1.03 via QUERY_STRING Parameter at __ajax_explorer.sgi SQL Injection Vulnerability in Hospital Management System v1.0 via loginid parameter at adminlogin.php SQL Injection Vulnerability in Hospital Management System v1.0: Exploiting the Loginid Parameter at doctorlogin.php SQL Injection Vulnerability in Hospital Management System v1.0 via editid Parameter at orders.php Buffer Overflow Vulnerability in Rhonabwy (v1.1.5) via r_jwe_aesgcm_key_unwrap Component Arbitrary Command Execution Vulnerability in D-Link DIR-2150 4.0.1 Routers SQL Injection Vulnerability in kkcms v1.3.7 via cid parameter at /template/wapian/vlist.php Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository pimcore/pimcore prior to 10.5.6 Unrestricted File Upload Vulnerability in Strapi 4.1.12 Allows XSS Attacks via Crafted PDF Files Arbitrary Code Execution Vulnerability in Known v1.2.2+2020061101's isSVG() Function Stack Buffer Overflow in Jerryscript v2.4.0 via jerryx_print_unhandled_exception in /util/print.c Cross-Site Scripting (XSS) Vulnerability in Arox School ERP Pro v1.0 Multiple Arbitrary File Upload Vulnerabilities in Arox School ERP Pro v1.0 Unbounded Request Body Size Vulnerability Reflective Cross-Site Scripting (XSS) Vulnerability in 74cmsSE v3.5.1 Reflective Cross-Site Scripting (XSS) Vulnerability in 74cmsSE v3.5.1 via /job Path Reflective XSS Vulnerability in 74cmsSE v3.5.1 via /company Path Reflective XSS Vulnerability in 74cmsSE v3.5.1 via /company/view_be_browsed/total Reflective XSS Vulnerability in 74cmsSE v3.5.1 via /company/service/increment/add/im Path Reflective Cross-Site Scripting (XSS) Vulnerability in 74cmsSE v3.5.1 Heap Buffer Overflow Vulnerability in ImageMagick TIFF Processing Reflective XSS Vulnerability in 74cmsSE v3.5.1 via /company/down_resume/total/nature Path Reflective Cross-Site Scripting (XSS) Vulnerability in 74cmsSE v3.5.1 via /index/notice/show Path Uninitialized Pointer Read Access Vulnerability in Multiple CODESYS Products Heap-based Buffer Overflow Vulnerability in Multiple CODESYS Products Remote Code Execution Vulnerability in Multiple CODESYS Products Out-of-Bounds Read Vulnerability in Multiple CODESYS Products Delta Industrial Automation's DIAEnergy 1.9.03.009 and earlier versions are vulnerable to CWE-798, Use of Hard-coded Credentials, allowing remote code execution. Buffer Overflow Vulnerability in Multiple CODESYS Products Buffer Over-read Vulnerability in Multiple CODESYS Products Out-of-Bounds Read/Write Vulnerability in Multiple CODESYS Products Unauthenticated File Access and Manipulation in CODESYS Products Reflected Cross-Site Scripting (XSS) Vulnerability in Teamcenter Active Workspace Improper Exposure of Client IP Addresses in Go's net/http Package Accept-Language Header Denial of Service Vulnerability HTTP Response Injection Vulnerability in NIOHTTP1 Insecure Certificate Validation in Splunk Enterprise and Splunk Cloud Platform Lack of TLS Certificate Validation in Splunk Enterprise and Splunk Cloud Platform Lack of TLS Certificate Validation in Splunk Enterprise and Splunk Cloud Platform Cross-Origin Request Vulnerability in Splunk Enterprise Dashboards Default Remote Management Services in Universal Forwarder Versions Before 9.0 Unvalidated TLS Certificates in Splunk CLI Unauthenticated Downloading of Forwarder Bundles in Splunk Enterprise Deployment Servers Arbitrary Code Execution Vulnerability in Splunk Enterprise Deployment Servers Stored XSS Vulnerability in OpenLibrary Versions Deploy-2016-07-0 through Deploy-2021-12-22 Critical Remote Memory Corruption Vulnerability in Nintendo Game Boy Color's Mobile Adapter GB (VDB-208606) Heap Buffer Over-read Vulnerability in ovs Flow.c Stored Cross-Site Scripting (XSS) Vulnerability in Cloudreve File Upload Functionality DLL Hijacking Vulnerability in Notepad++ Versions 8.4.1 and Earlier Unrestricted Access to Admin Issues in Bytebase Application VBASE Runtime Project Login Credentials Exposed via Web-Remote XOR Obfuscation Vulnerability Unauthorized Access to Admin Projects in Bytebase Application Stored Cross-Site Scripting Vulnerability in Zinc v0.1.9 - v0.3.1 Stored Cross-Site Scripting Vulnerability in Zinc v0.1.9 - v0.3.1 Persistent HTML Injection Vulnerability in OrchardCore v1.2.2 Stored Cross-Site Scripting (XSS) Vulnerability in Gogs Versions v0.6.5 - v0.12.10 Leading to Account Takeover AdGuardHome CSRF Vulnerability in Custom Filtering Rules Unrestricted File Upload and Account Takeover Vulnerability in Gin-Vue-Admin Unrestricted File Upload Vulnerability in Gin-Vue-Admin v2.5.1 - v2.5.3beta: Account Takeover via Execution of JavaScript Code WiFi Mouse (Mouse Server) Vulnerability: Trivial Bypass of Client-Side Authentication Leading to Remote Code Execution Denial of Service Vulnerability in Float.GobDecode and Rat GobDecode in Go Denial of Service Vulnerability in GnuPG via Crafted Public Key Signatures Inconsistent Handling of ../ Path Elements in JoinPath and URL.JoinPath Sensitive Information Exposure in Couchbase Server 5.x through 7.x Unauthenticated Access to Sensitive Information in Couchbase Server Cross-Site Scripting (XSS) Vulnerability in Open edX Platform (pre-2022-06-06) via next Parameter in Logout URL Arbitrary File Deletion Vulnerability in ScriptCase db_convert.php Cross-Site Scripting (XSS) Vulnerability in Advanced Comment Form WordPress Plugin Heap-Based Buffer Over-Read Vulnerability in libdwarf 0.4.0 NULL Pointer Dereference in Component::SubXOf in libjpeg 1.63 NULL Pointer Dereference in LineBuffer::FetchRegion in libjpeg 1.63 Excessive `Set-Cookie:` Headers Denial of Service Vulnerability Unbounded Decompression Chain Vulnerability in curl < 7.84.0 Insecure Permissions in Curl's Cookie, Alt-Svc, and HSTS File Handling Insecure Message Verification Handling in curl FTP Transfers with krb5 Possible XSS Vulnerability in Rails::Html::Sanitizer CSRF Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.3 Insecure HTTPS Traffic and Proxy Server Vulnerability SQL Injection Vulnerability in Rocket.Chat Versions <v3.18.6, <v4.4.4, and <v4.7.3: Retrieval of Reset Password Token and 2FA Secret OS Command Injection Vulnerability in Node.js Versions <14.20.0, <16.20.0, <18.5.0: Insufficient IsAllowedHost Check and Bypassable IsIPAddress Validation HTTP Request Smuggling (HRS) Vulnerability in Node.js HTTP Module HTTP Request Smuggling (HRS) Vulnerability in Node.js HTTP Module HTTP Request Smuggling (HRS) Vulnerability in llhttp Parser in Node.js Cleartext Storage of OAuth Tokens in Rocket.Chat Logs Message ID Enumeration Vulnerability in Rocket.Chat Information Disclosure Vulnerability in Rocket.Chat <v4.7.5 Uncontrolled Recursion Vulnerability in gpac/gpac Prior to 2.1.0-DEV Information Disclosure Vulnerability in Rocket.Chat <v5: getUserMentionsByChannel Method Vulnerability: Inconsistent Use of Read Callback in libcurl Cryptographic Vulnerability in Node.js on Linux: Default openssl.cnf Path Accessible to Non-Admin Users Node.js Vulnerability: DLL Hijacking on Windows Platforms YAML Serialized Columns Escalation to Remote Code Execution (RCE) Vulnerability Reflected DOM-Based XSS Vulnerability in Veeam Management Pack for Microsoft System Center 8.0 Help Directory Improper Access Control Vulnerability in Rocket.Chat Cleartext Transmission of Sensitive OAuth Tokens in Rocket.Chat Rocket.Chat Information Disclosure Vulnerability: Arbitrary Message ID Enumeration MongoDB Injection Vulnerability in Rockert.Chat <v5 Stored Cross-site Scripting (XSS) Vulnerability in jgraph/drawio GitHub Repository (prior to 20.3.1) Null Pointer Dereference Vulnerability in Microsoft Windows SMBv3 (Pre-April 2022 Patch) BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors Out of Bounds Write Vulnerability in Hermes Allows Arbitrary Code Execution AutoCAD File Vulnerability in SAP 3D Visual Enterprise Viewer SAP 3D Visual Enterprise Viewer Crash Vulnerability Denial of Service Vulnerability in SAP 3D Visual Enterprise Viewer SAP 3D Visual Enterprise Viewer Denial of Service Vulnerability JPEG 2000 File Crash Vulnerability in SAP 3D Visual Enterprise Viewer Input Misinterpretation Vulnerability in GitHub Repository ionicabizau/parse-url (prior to 8.1.0) Crash and Unavailability Vulnerability in SAP 3D Visual Enterprise Viewer when Opening Manipulated .jt Files SAP 3D Visual Enterprise Viewer Crash Vulnerability Radiance Picture File Crash Vulnerability in SAP 3D Visual Enterprise Viewer SAP 3D Visual Enterprise Viewer Denial of Service Vulnerability Privileged CMS Administrator Can Access and Modify BOE Commentary Database, Impacting Application Integrity Unauthenticated Information Disclosure in SAP BusinessObjects Business Intelligence Platform SAP Business Objects Business Intelligence Platform: SQL Injection Vulnerability Unauthenticated Script Execution Vulnerability in SAP NetWeaver Enterprise Portal Input Validation Bypass in SAP S/4HANA's Manage Checkbooks Component SAP HANA Cockpit Data Volume Exploitation Vulnerability Code Execution Vulnerability in GitHub Repository budibase/budibase prior to 1.3.20 Use-after-free vulnerability in nf_tables API allows privilege escalation Missing Authentication Verification in SINEMA Remote Connect Server (All versions < V3.1) Allows Unauthorized User Role Manipulation Unvalidated Update Package Vulnerability in SINEMA Remote Connect Server (All versions < V3.1) Improper Input Validation in SINEMA Remote Connect Server (All versions < V3.1) Allows Password Disclosure SINEMA Remote Connect Server (All versions < V3.1) Log File Exposure Vulnerability Unauthenticated Access Control Vulnerability in SINEMA Remote Connect Server (All versions < V3.1) Improper Access Control in SINEMA Remote Connect Server (All versions < V3.1) Allows Unauthorized Access to Privileged Information CVE-2022-32257 Information Disclosure Vulnerability in SINEMA Remote Connect Server (All versions < V3.1) Sensitive Information Exposure in SINEMA Remote Connect Server (All versions < V3.1) OS Command Injection Vulnerability in Sophos Firewall SSL VPN Configuration Uploads Authentication Bypass Vulnerability in SINEMA Remote Connect Server (All versions < V3.1) Misconfiguration in APT Update Allows Addition of Insecure Packages in SINEMA Remote Connect Server (All versions < V3.1) Command Injection Vulnerability in SINEMA Remote Connect Server (All versions < V3.1) Allows Arbitrary Code Execution Remote Code Execution Vulnerability in Pexip Infinity before 28.1 via G.719 Denial-of-Service Vulnerability in FreeBSD TCP Timer Handling of TSopt Unvalidated URL Decoding in qDecoder before 12.1.0 Vulnerability: DMA Attacks on Parameter Buffer in PcdSmmDxe Driver SMRAM Corruption Vulnerability in SmmResourceCheckDxe Software SMI Handler Remote Code Execution Vulnerability in StarWind SAN and NAS v0.2 build 1914 via Unchecked Hostname Parameter Arbitrary Code Execution Vulnerability in Real Player 20.0.8.310 G2 Control Arbitrary File Download and Remote Code Execution Vulnerability in Real Player 20.0.7.309 and 20.0.8.310 DCP:// URI Remote Arbitrary Code Execution Vulnerability in Real Player 20.0.8.310 Privilege Escalation Vulnerability in OPSWAT MetaDefender Products OPSWAT MetaDefender Core (MDCore) 5.1.2 Filename Enumeration Vulnerability Stored XSS Vulnerability in Transition Scheduler Add-on 6.5.0 for Atlassian Jira Grafana 8.4.3 File Reading Vulnerability Unauthenticated Access Vulnerability in Grafana 8.4.3 Insecure Direct Object Reference Vulnerability in Squiz Matrix CMS 6.20 Arbitrary Code Execution Vulnerability in XFCE 4.16 via xdg-open and Attacker-Controlled FTP Server Stack-based Buffer Overflow in Host Engineering H0-ECOM100 Communications Module Firmware v5.0.155 and Prior XSS Vulnerability in Xakuro's XO Slider Plugin <= 3.3.2 for WordPress Improper Password Check in WWBN AVideo 11.6 and Dev Master Commit 3f7c0364 Allows Unauthorized Account Access Cabinet of Cybozu Office 10.0.0 to 10.8.5 Browse Restriction Bypass Vulnerability Insufficiently Random Values Vulnerability in YOKOGAWA WAC Router AW810D's Vnet/IP Communication Module (VI461) XML External Entity (XXE) Vulnerability in Mendix SAML Module Insufficient Error Message Sanitation in Mendix SAML Module Allows for Cross Site Scripting (XSS) Attacks Relative Path Traversal Vulnerability in Apache UIMA's FileUtil Class CSRF Vulnerability in Sygnoos Popup Builder Plugin Allows Unauthorized Popup Status Change Unauthenticated Remote Code Execution in Unified Remote Solution Incorrect Access Control in Northern.tech Mender Client: Unrestricted Network Interface Listening Arbitrary Code Execution Vulnerability in Real Player through 20.1.0.312 Heap-based Buffer Overflow in ConnMan's gweb Component Allows Remote Code Execution WISPR HTTP Query Use-After-Free Vulnerability in ConnMan Clear-text Password Exposure in Zimbra Collaboration Open Source 8.8.15 Insecure Access to SPI-NOR on Ampere Altra and AltraMax Devices TCP Source Port Identification Vulnerability SQL Injection Vulnerability in Piwigo v12.2.0 Search Function NULL Pointer Dereference Vulnerability in Toybox v0.8.7's httpd.c Component Leading to Denial of Service (DoS) SQL Injection Vulnerability in YoudianCMS v9.5.0 via id parameter in SiteAction.class.php SQL Injection Vulnerability in YoudianCMS v9.5.0 via MailSendID Parameter SQL Injection Vulnerability in YoudianCMS v9.5.0 via IdList Parameter SQL Injection Vulnerability in Theme Park Ticketing System v1.0 uBlock Origin Extension XSS Vulnerability in MessageSender.url Stored Cross-site Scripting (XSS) Vulnerability in LibreNMS GitHub Repository Access Control Vulnerability in Ingredient Stock Management System v1.0 Allows Account Takeover via Crafted POST Request SQL Injection Vulnerability in Ingredient Stock Management System v1.0 Heap Use-After-Free Vulnerability in MPlayer Project v1.5 Persistent XSS Vulnerability in Fast Food Ordering System v1.0 via /ffos/classes/Master.php?f=save_category CSRF Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.5 File Reading Vulnerability in Ferdi and Ferdium Heap Overflow Vulnerability in AutoTrace v0.40.0 via ReadImage function at input-bmp.c:660 Heap Buffer Overflow in PDFAlto v0.4 via /pdfalto/src/pdfalto.cc Segmentation Violation Vulnerability in JPEGOPTIM v1.4.7 File Deletion Vulnerability in Fast Food Ordering System v1.0 CSRF Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.6 SQL Injection Vulnerability in Fast Food Ordering System v1.0 via /ffos/classes/Master.php?f=delete_menu SQL Injection Vulnerability in Fast Food Ordering System v1.0 via /ffos/admin/categories/view_category.php?id= SQL Injection Vulnerability in Fast Food Ordering System v1.0 via delete_category function in Master.php SQL Injection Vulnerability in Fast Food Ordering System v1.0 via /ffos/admin/sales/receipt.php?id= SQL Injection Vulnerability in Fast Food Ordering System v1.0 via /ffos/admin/categories/manage_category.php?id= SQL Injection Vulnerability in Fast Food Ordering System v1.0 via /ffos/admin/menus/manage_menu.php?id= SQL Injection Vulnerability in Fast Food Ordering System v1.0 via /ffos/admin/menus/view_menu.php?id= SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 Heap-based Buffer Overflow in Vim prior to 9.0.0483 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 via /hprms/classes/Master.php?f=delete_patient SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 via /hprms/classes/Master.php?f=delete_room SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 via /hprms/classes/Master.php?f=delete_doctor SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 Critical Use After Free Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 via /hprms/classes/Master.php?f=delete_room_type SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 via /hprms/classes/Master.php?f=delete_message SQL Injection Vulnerability in Hospital's Patient Records Management System v1.0 via /hprms/classes/Master.php?f=delete_patient_admission SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/categories/manage_field_order.php?id= SQL Injection Vulnerability in Product Show Room Site v1.0 via User Management SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/?page=products/view_product&id= SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/classes/Master.php?f=delete_inquiry SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/classes/Master.php?f=delete_category Remote Code Execution Vulnerability in Sophos Firewall v19.0 MR1 and Older SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/categories/manage_category.php?id= SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/categories/view_category.php?id= SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/?page=products/manage_product&id= SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/fields/manage_field.php?id= SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/fields/view_field.php?id= SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/admin/?page=inquiries/view_inquiry&id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_grade.php?id= Cross-Site Scripting (XSS) Vulnerability in WP Contact Slider WordPress Plugin SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_classroom.php?id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_teacher.php?id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_subject.php?id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_exam.php?id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_subject_routing.php?id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_timetable.php?id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_events.php?event_id= SQL Injection Vulnerability in Advanced School Management System v1.0 via /school/model/get_exam_timetable.php?id= SQL Injection Vulnerability in Advanced School Management System v1.0 via get_teacher_profile.php SQL Injection Vulnerability in Advanced School Management System v1.0 via get_parents_profile.php Double-Free Vulnerability in Linux Kernel's NTFS3 Subsystem Allows Privilege Escalation SQL Injection Vulnerability in Advanced School Management System v1.0 via get_student_subject.php SQL Injection Vulnerability in Advanced School Management System v1.0 via get_admin_profile.php Stack Overflow Vulnerability in Tenda AC23 v16.03.07.44: AdvSetMacMtuWan Function Stack Overflow Vulnerability in Tenda AC23 v16.03.07.44 via security_5g Parameter Critical Remote Code Execution Vulnerability in Tenda AC23 v16.03.07.44 Buffer Overflow Vulnerability in Tenda AC23 v16.03.07.44 via fromAdvSetMacMtuWan Denial of Service Vulnerability in Kentico GetResource Handler (Versions before 13.0.66) Hard-coded Credentials in Isode SWIFT v4.0.2 Registry Editor: A Gateway to Sensitive Information Use After Free Vulnerability in Linux Kernel Video4Linux Driver for Empia 28xx TV Cards SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 Cross-Site Request Forgery Vulnerability in Follow Me Plugin for WordPress SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 SQL Injection Vulnerability in Prison Management System v1.0 Buffer Overflow Vulnerability in GtkRadiant v1.6.6 via q3map2 Component Cross-Site Scripting (XSS) Vulnerability in Softr v2.0's Create A New Account Module Arbitrary PHP Code Execution via LFI in Portal do Software Publico Brasileiro i3geo v7.0.5 SQL Injection Vulnerability in Build App Online WordPress Plugin HongCMS v3.0 Language Configuration File Vulnerability HongCMS v3.0 /template/edit Component Remote Code Execution Vulnerability Arbitrary Code Execution via File Upload in Dice v4.2.0 Segmentation Violation Vulnerability in Nginx NJS v0.7.2 SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/?p=products/view_product&id= SQL Injection Vulnerability in Product Show Room Site v1.0 via /psrs/classes/Master.php?f=delete_product Remote Code Execution (RCE) Vulnerability in PbootCMS v3.1.2 via parserIfLabel Function Code Injection Vulnerability in Microweber Prior to 1.3.2 Remote Code Execution Vulnerability in College Management System v1.0 via /College/admin/teacher.php Username Enumeration Vulnerability in Mealie v1.0.0beta-2 Login Function Directory Traversal Vulnerability in PrinterLogic Windows Client Authentication Bypass Vulnerability in Mega System Technologies Inc MSNSwitch MNT.2408 SQL Injection Vulnerability in Import all XML, CSV & TXT WordPress Plugin (<=6.5.8) Access Control Issue in Lin CMS Spring Boot v0.2.1: Unauthorized Backend Access Arbitrary Code Execution Vulnerability in itsourcecode Advanced School Management System v1.0 Stack Overflow Vulnerability in EIPStackGroup OpENer v2.3.0 via /bin/posix/src/ports/POSIX/OpENer+0x56073d Unauthenticated Access to Import all XML, CSV & TXT WordPress Plugin Features Memory Corruption Vulnerability in Hex Rays Ida Pro v6.6 Allows DoS via Crafted File Cross Site Scripting (XSS) Vulnerability in u5cms Version 8.3.5 URL Redirection Vulnerability in u5cms 8.3.5 via /loginsave.php Command Injection Vulnerability in TOTOLINK EX300_V2 V4.0.3c.7484 via langType Parameter in setLanguageCfg Function Title: HTML Injection Attack: Exploiting Insufficient Input Validation to Deface Web Pages Local Privilege Escalation in AnyDesk 7.0.9 via Symbolic Link Vulnerability Cybozu Office 10.0.0 to 10.8.5 HTTP Header Injection Vulnerability Stack-based Buffer Overflow Vulnerability in Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z BIG-IP Client SSL Profile Termination Vulnerability Insufficient Validation in Digiwin BPM Allows Remote SQL Injection Inadequate URL Filtering in Digiwin BPM Allows for Blind SSRF Attack Digiwin BPM XML External Entity Injection (XXE) Vulnerability SQL Injection Vulnerability in Blog2Social WordPress Plugin TOCTOU Race-Condition Vulnerability in InsydeH2O Kernel 5.0-5.5 Vulnerability: SSRF Attacks in Blog2Social WordPress Plugin TOCTOU Race-Condition Vulnerability in InsydeH2O Firmware Block Service IhisiSmm Command Buffer Manipulation Vulnerability DMA Attacks on HddPassword Shared Buffer in Insyde InsydeH2O with Kernel 5.0-5.5 InsydeH2O Kernel DMA Attack Vulnerability TOCTOU Race-Condition Vulnerability in InsydeH2O Kernel 5.0-5.5 InsydeH2O Kernel DMA Attack Vulnerability TOCTOU Race-Condition Vulnerability in InsydeH2O Kernel 5.0-5.5 InsydeH2O Kernel DMA Attack Vulnerability OpenShift API Vulnerability: Bypassing custom-host Permissions Insecure Default Initialization of Resource in Dell PowerScale OneFS Privilege Escalation Vulnerability in Dell PowerProtect Cyber Recovery Dell BIOS Improper Input Validation Vulnerability Dell BIOS Improper Input Validation Vulnerability Allows Unauthorized UEFI Variable Modification Dell BIOS Improper Input Validation Vulnerability Allows Unauthorized UEFI Variable Modification Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution SQL Injection Vulnerability in WP CSV Exporter WordPress Plugin Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell Client BIOS Buffer Overflow Vulnerability: Exploiting Arbitrary Write in SMM Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Dell BIOS Stack-Based Buffer Overflow Vulnerability Allows Arbitrary Code Execution DLL Hijacking Vulnerability in Dell EMC PowerStore PSTCLI Insecure Handling of Sensitive Cookies in GitHub Repository ikus060/rdiffweb prior to 2.4.6 Insecure Handling of Sensitive Cookies in GitHub Repository ikus060/minarca prior to 4.2.2 Improper Usage of JSON.load in jmespath.rb (aka JMESPath for Ruby) before 1.6.1 Remote Code Execution Vulnerability in CanBRASS (Versions prior to V7.5.1) CWE-521: Weak Password Requirements Vulnerability in C-Bus Network Automation Controllers CWE-287: Improper Authentication Vulnerability in C-Bus Network Automation Controllers Unrestricted Authentication Attempts Vulnerability in Conext™ ComBox (All Versions) CSRF Vulnerability in Conext™ ComBox (All Versions) Could Lead to System Configuration Override and Reboot Loop Frame Injection Vulnerability in Conext™ ComBox (All Versions) Title: Unprotected Credentials in Data Center Expert (Versions prior to V7.9.0) Allow Unauthorized Network Access (CWE-522) Insecure Password Storage in Data Center Expert (Versions prior to V7.9.0) Improper Detection of Complete HTTP Body Decompression Vulnerability in SwiftNIO Extras Title: Unprotected Credentials in Data Center Expert (Versions prior to V7.9.0) Allow Unauthorized Network Access (CWE-522) Remote Code Execution Vulnerability in Data Center Expert (Versions prior to V7.9.0) Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22170) Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22170) Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22170) Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22170) Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22170) Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22170) Title: CWE-306: Missing Authentication for Critical Function in IGSS Data Server (Versions prior to V15.0.0.22170) Stack-based Buffer Overflow in IGSS Data Server (Versions prior to V15.0.0.22170) Misleading User Interface Vulnerability in Geo SCADA Mobile (Build 222 and prior) Vulnerability: Insecure TLS Hostname Verification in Apache Bookkeeper Java Client Authorization Bypass Vulnerability in Apache Shiro Unfiltered User Input Vulnerability in Apache Jetspeed-2 Command Injection Vulnerability in Bosch Ethernet Switch PRA-ES8P2S (Software Version 1.01.05 and Earlier) Root Privilege Escalation Vulnerability in Bosch Ethernet Switch PRA-ES8P2S (CVE-2022-23534) Insufficient User Access Rights Validation in Bosch Ethernet Switch PRA-ES8P2S Software v1.01.05 Wireless Proximity Exploit in Medtronic Pump Pairing Protocol SQL Injection Vulnerability in WordPress Classifieds Plugin UDP Encryption Information Disclosure Vulnerability in BVMS 10.1.1, 11.0, 11.1.0, and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 Integer Overflow Vulnerability in ESTsoft Alyac 2.5.8.544 OLE File Parsing Operation Restriction Bypass Vulnerability in Cybozu Office 10.0.0 to 10.8.5: Remote Data Alteration Unsigned Char Vulnerability in ImageMagick's PSD Decoder Unsigned Long Integer Overflow Vulnerability in ImageMagick Misaligned Address Vulnerability in ImageMagick's MagickCore/property.c Buffer Overflow Vulnerability in DrayTek Vigor Routers Log Injection Vulnerability in Apache Sling Commons Log and Apache Sling API Remote Code Execution in Browser-Based Script Execution 1Password Vulnerability: Malicious Server Impersonation Path Traversal Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP Privilege Escalation via Python Environment Variable Manipulation in Pure Storage FlashArray and FlashBlade Products Privilege Escalation via Environment Variable Manipulation in Pure Storage FlashArray and FlashBlade Products Vulnerability: Exposed Credentials in Pure Storage FlashArray and FlashBlade Products Cross-Site Request Forgery Vulnerability in Unisys Data Exchange Management Studio Private Key Leakage in Couchbase Server Crash Logs Unauthenticated Access to Couchbase Server Index Service Password Leakage during Sample Bucket Loading Failure Couchbase Server 7.0.4 Vulnerability: Leaked Metrics via Random HTTP Requests Critical Use After Free Vulnerability in vim/vim Repository (prior to 9.0.0530) XDCR Role Checking Vulnerability in Couchbase Server Insufficient Mitigations for Diagnostic Endpoint Access in Couchbase Server Stale RBAC Permission Vulnerability in Couchbase Server Privilege Escalation via X.509 Client-Certificate Authentication in Couchbase Sync Gateway Couchbase Server 7.0.4: Cluster Manager Cookie Leakage in couchbase-cli Information Leakage in Couchbase Server Backup Service Logs Cross-Site Scripting (XSS) Vulnerability in Appfire Jira Misc Custom Fields (JMCF) App 2.4.6 Buffer Overflow Vulnerability in Intel(R) NUC M15 Laptop Kits BIOS Firmware Server-side Denial of Service Vulnerability in Mattermost 7.1.x and Earlier Authentication Bypass Vulnerability in Intel(R) Quartus Prime Software OS Command Injection Vulnerability in WWBN AVideo Encoder Directory Traversal Vulnerability in Lansweeper 10.1.1.0 Allows Arbitrary File Upload Double-Free Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z Escalation of Privilege Vulnerability in Intel(R) Trace Analyzer and Collector Software Uncontrolled Search Path Vulnerability in Intel(R) Unite(R) Plugin SDK Vulnerability: Improper Input Validation in Intel(R) NUC BIOS Firmware (pre-PY0081) Enables Information Disclosure and Denial of Service Improper Access Control in Intel(R) NUC Pro Software Suite: Local Privilege Escalation Vulnerability Firmware Vulnerability in Intel(R) NUC Laptop Kits: Privilege Escalation via Physical Access Critical Resource Authentication Abuse Vulnerability in HYPR Workforce Access on Windows Firmware Access Control Vulnerability in Intel NUC Boards and Kits Scheduler Data Alteration Vulnerability in Cybozu Office 10.0.0 to 10.8.5 Command Execution Vulnerability in Robustel R1510 3.3.0's clish art2 Functionality OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z CSRF Vulnerability in CodeAndMore WP Page Widget Plugin Allows Unauthorized Settings Change Accusoft ImageGear 20.0 PICT Parsing Out-of-Bounds Write Vulnerability Wi-Fi Driver Resource Release Vulnerability Lack of HTTP Strict Transport Security (HSTS) in Openshift 4.9 enables potential Man-in-the-Middle (MITM) attacks. Possible Use After Free Vulnerability in WLAN with Incorrect Status Check Remote Denial of Service Vulnerability in RIL with Incorrect Bounds Check Out of Bounds Write Vulnerability in CPU DVFS Out of Bounds Write Vulnerability in vowe Widevine Out of Bounds Write Vulnerability Widevine Vulnerability: Out of Bounds Read with Local Information Disclosure Widevine Vulnerability: Out of Bounds Write Leading to Local Privilege Escalation Widevine Vulnerability: Out of Bounds Write Leading to Local Privilege Escalation Widevine Vulnerability: Out of Bounds Write Leading to Local Privilege Escalation Out of Bounds Write Vulnerability in rpmb Clickjacking Vulnerability: Missing X-FRAME-OPTIONS in Response Header Telephony Vulnerability: Permission Bypass and Local Privilege Escalation via Parcel Format Mismatch Out of Bounds Read Vulnerability in keyinstall GPU DRM Out-of-Bounds Write Vulnerability Allows Local Privilege Escalation ISP Out of Bounds Write Vulnerability Allows Local Privilege Escalation Possible Use After Free Vulnerability with Missing Bounds Check Race Condition Use After Free Vulnerability in JPEG Codec Race Condition Vulnerability in VCU Allows for Local Privilege Escalation OpenStack Overcloud Update Vulnerability: Plain-Text Password Disclosure Race Condition Vulnerability in VCU Allows Local Privilege Escalation ISP Out of Bounds Write Vulnerability: Local Privilege Escalation without User Interaction Possible Use After Free Vulnerability in VCU with Race Condition Race Condition Vulnerability in VCU Allows Local Privilege Escalation Audio Logic Error Vulnerability Allows Local Privilege Escalation Uninitialized Data Out of Bounds Write Vulnerability in ccd Uninitialized Data Out of Bounds Write Vulnerability in ISP TypeC Out of Bounds Write Vulnerability TypeC Out of Bounds Write Vulnerability Out of Bounds Write Vulnerability in keyinstall DNS Spoofing Vulnerability in Openshift Possible Memory Corruption Vulnerability in MPU Race Condition Vulnerability in ISP Allows for Local Privilege Escalation Potential Memory Corruption Vulnerability in gz Possible Out of Bounds Write Vulnerability in mdp Out of Bounds Write Vulnerability in Throttling Allows Local Privilege Escalation Out of Bounds Write Vulnerability in Display: Local Privilege Escalation Out of Bounds Write Vulnerability in Display Bounds Check ISP Out of Bounds Write Vulnerability Allows Local Privilege Escalation Critical Vulnerability in ISP Allows Local Privilege Escalation Inconsistent Permissions in Measuresoft ScadaPro Server 6.7 Allow Privilege Escalation Out of Bounds Write Vulnerability in Throttling Algorithm Wi-Fi Vulnerability: Out of Bounds Write Exploit for Local Privilege Escalation Wi-Fi Vulnerability: Out of Bounds Write Exploit for Local Privilege Escalation Wi-Fi Logic Error Vulnerability: Local Privilege Escalation without User Interaction Possible Out of Bounds Write Vulnerability in ccci GPS Out of Bounds Write Vulnerability Integer Overflow Vulnerability in keyinstall Allows for Local Privilege Escalation Out of Bounds Write Vulnerability in HEVC Decoder Allows Local Privilege Escalation Race Condition Vulnerability in ISP Allows for Local Privilege Escalation Potential Out of Bounds Read Vulnerability in Watchdog Meta WiFi Out of Bounds Write Vulnerability Meta WiFi Out of Bounds Read Vulnerability Race condition vulnerability in ccd allows for local privilege escalation Race condition vulnerability in ccd allows for local privilege escalation Race Condition Vulnerability in Vow Leads to Local Privilege Escalation Race Condition Vulnerability in Vow Leads to Local Information Disclosure GPU DRM Stack Overflow Vulnerability Allows Local Privilege Escalation Possible Out of Bounds Write Vulnerability in CCU Race condition vulnerability in disp leading to local privilege escalation JPEG Use After Free Vulnerability Stored XSS Vulnerability in GitLab CE/EE Versions Prior to 15.5.2 Possible Use After Free Vulnerability in mtk-isp Possible Use After Free Vulnerability in mtk-aie Possible Use After Free Vulnerability in mtk-aie Possible Use After Free Vulnerability in mtk-aie Wi-Fi Driver Vulnerability: Local Privilege Escalation via Incorrect Error Handling Wi-Fi Driver Vulnerability: Local Privilege Escalation via Incorrect Error Handling Wi-Fi Driver Vulnerability: Local Privilege Escalation via Incorrect Error Handling Wi-Fi Driver Vulnerability: Local Privilege Escalation via Incorrect Error Handling Wi-Fi Driver Vulnerability: Local Privilege Escalation via Incorrect Error Handling Wi-Fi Driver Vulnerability: Local Privilege Escalation via Incorrect Error Handling H264 Video Decoding Out-of-Bounds Read Vulnerability Wi-Fi Driver Null Pointer Dereference Vulnerability Command Injection Vulnerability in Config Manager: Remote Privilege Escalation (Patch A20220004, Issue ID: OSBNB00140929) Remote Command Injection Vulnerability in Boa Web Server Wi-Fi Vulnerability: Remote Denial of Service Exploitation without User Interaction CSRF Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.6 Insecure Password Requirements in GitHub Repository ikus060/minarca prior to 4.2.2 Session Fixation Vulnerability in ikus060/rdiffweb (prior to 2.4.7) Undocumented Protocol Exploitation: A Threat to Confidentiality, Integrity, and Availability in Festo Products Length Parameter Inconsistency Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.8 Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.0a4 Exposure of OTRS Release Number in ICS File via Public Calendar Sharing CSRF Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.7 Unintended Email Content Exposure: Vulnerability in Reply to Forwarded Emails Username Enumeration Vulnerability Samba Vulnerability: Memory Contents Overwritten in File/Printer Samba Vulnerability: Unprivileged User Write Access to Validated-DNS-Host-Name Attribute Samba Vulnerability: Key Forgery Allows Domain Takeover Samba Vulnerability: Uninitialized Data Access in LDAP Add/Modify Request Use-after-free vulnerability in Samba AD LDAP server allows unauthorized access to freed LDAP message values Authentication Bypass by Spoofing in EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) Improper Certificate Validation in EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) Apache Traffic Server Unhandled Exception Crash Vulnerability Title: Limited Command Injection Vulnerability in puppetlabs-apt Module (CVE-2021-XXXX) Cross-Site Scripting (XSS) Vulnerability in IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 CVE-2022-32751 Arbitrary Command Execution Vulnerability in IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 CVE-2022-32753 CVE-2022-32754 XML External Entity Injection (XXE) Vulnerability in IBM Security Directory Server 6.4.0 CVE-2022-32756 Inadequate Account Lockout Setting in IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 Title: Rare Command Injection Vulnerability in puppetlabs-mysql Module (pre-13.0.0) Denial of Service Vulnerability in Abode iota All-In-One Security Kit 6.9X and 6.9Z Arbitrary File Read Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Cross-Site Scripting (XSS) Sanitization Bypass in Lansweeper 10.1.1.0 Race Condition Vulnerability in Intel(R) DSA Software Allows Privilege Escalation Robustel R1510 OS Command Injection Vulnerability Privilege Escalation Vulnerability in Intel(R) BIOS Firmware Authentication Bypass Vulnerability in WWBN AVideo Live Schedules Plugin Authentication Bypass Vulnerability in WWBN AVideo Playlists Plugin Uncontrolled Resource Consumption Vulnerability in openstack-neutron Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 Cross-Site Scripting (XSS) Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 OS Command Injection Vulnerability in Abode iota All-In-One Security Kit 6.9X and 6.9Z Use-After-Free Vulnerability in Foxit PDF Reader 12.0.1.12430 Allows Arbitrary Code Execution Integer Overflow Vulnerability in Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z Stored Cross-Site Scripting (XSS) Vulnerability in Advanced Ads Plugin for WordPress Session Cookie Information Disclosure Vulnerability Cookie Information Disclosure Vulnerability in WWBN AVideo 11.6 and dev master commit 3f7c0364 NULL Pointer Dereference Vulnerability in vim/vim Privilege Escalation Vulnerability in macOS and iOS Privilege Escalation Vulnerability in macOS Monterey 12.4 Unauthorized Bluetooth Access Vulnerability Patched in macOS Monterey 12.4 Sensitive Data Leakage Vulnerability Patched in Safari 15.6 and iOS 15.6 Image Processing Null Pointer Dereference Vulnerability Vulnerability: Environment Variable Manipulation Allows Unauthorized File System Modification Arbitrary Code Execution Vulnerability in Apple Operating Systems Improved Bounds Checking Fixes Buffer Overflow Vulnerability in Apple Operating Systems Privacy Preference Bypass Vulnerability Patched in macOS Monterey 12.5 Job Log Parsing Vulnerability in GitLab CE/EE Versions Prior to 15.4.1: Denial of Access Remote Denial-of-Service Vulnerability Patched in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in Apple Devices Kernel Memory Disclosure Vulnerability Fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6, and iPadOS 15.6 Elevated Privileges Vulnerability Patched in macOS Updates Address Bar Spoofing Vulnerability Fixed in iOS 16, iOS 15.7, and iPadOS 15.7 Memory Corruption Vulnerability in macOS Monterey 12.5 Allows Arbitrary Code Execution with Kernel Privileges AppleScript Binary Processing Vulnerability Elevated Privileges Vulnerability in macOS Monterey 12.5 Out-of-Bounds Read Vulnerability in macOS Open Redirect Vulnerability in GitLab CE/EE Versions 10.1 to 15.5.2 Vulnerability: Unauthorized Modification of Protected File System Root Privilege Escalation Vulnerability Patched in macOS Monterey 12.5 Arbitrary Code Execution Vulnerability Patched in iOS 15.6 and Other Apple Operating Systems Cache Vulnerability: Unauthorized Access to Sensitive User Information Arbitrary File Overwrite Vulnerability Patched in macOS Security Update 2022-005 Loss of MAC-Address-Filtering Vulnerability in WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller CC100, and Edge Controller Improved Memory Handling Patch Fixes Arbitrary Code Execution Vulnerability Memory Corruption Vulnerability in macOS Monterey, Big Sur, and Catalina Allows Arbitrary Code Execution with Kernel Privileges Arbitrary Code Execution Vulnerability in macOS Monterey, Big Sur, and Catalina Vulnerability: Arbitrary Code Execution with Kernel Privileges Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Vulnerability: Arbitrary Code Execution with Kernel Privileges UI Spoofing Vulnerability Patched in Multiple Apple Operating Systems Kernel Memory Disclosure Vulnerability Fixed in Multiple Apple Operating Systems Improved Memory Handling in macOS Monterey 12.5 Fixes Kernel State Leakage Vulnerability Root Privilege Escalation Vulnerability in iOS, iPadOS, macOS, watchOS, tvOS, and macOS Monterey Unrestricted File Length Upload Vulnerability in Drag and Drop Multiple File Upload WordPress Plugin Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, watchOS, tvOS, and macOS Monterey Arbitrary Code Execution Vulnerability in Apple Operating Systems Memory Initialization Vulnerability in iOS, iPadOS, macOS, watchOS, tvOS, and macOS Monterey Improved Memory Handling to Prevent Kernel Memory Disclosure Improved Memory Handling to Prevent Kernel Memory Disclosure Vulnerability Root Privilege Escalation Vulnerability Patched in Apple Operating Systems Memory Corruption Vulnerability in iOS 16 and macOS Ventura 13 Allows Denial-of-Service Attacks Improved Memory Handling Fixes Kernel Memory Disclosure Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS GitLab CE/EE Vulnerability: Denial of Service via Cloned Issue Description Image Processing Out-of-Bounds Read Vulnerability Improper Bounds Checking in AppleScript Binary Processing Leads to Memory Disclosure Vulnerability: Arbitrary Code Execution with Kernel Privileges Improper File Path Handling in iOS 16 Allows Unauthorized Access to Browsing History Sandbox Access Vulnerability in macOS Monterey, Big Sur, and Catalina Improved Entitlements Fix for Persistent Device Identifier Vulnerability Improved State Management in Apple Music 3.9.10 for Android: Resolving User-Sensitive Data Access Vulnerability Improved Checks to Prevent Unexpected System Termination and Kernel Memory Write Vulnerability File Read Vulnerability in macOS and iOS Remote Code Execution Vulnerability in macOS and iOS Insecure Logging of Download Key in M-Files New Web Arbitrary Code Execution Vulnerability in macOS Monterey, watchOS, iOS, and iPadOS Memory Disclosure Vulnerability in Apple Operating Systems Elevated Privileges Vulnerability Patched in macOS Update 2022-005 Vulnerability: Out-of-Bounds Write in Postscript File Processing Vulnerability: Pointer Authentication Bypass in iOS and iPadOS Sandbox Escape Vulnerability Patched in Multiple Apple Operating Systems Improved State Management Fixes Logic Issue Allowing Unauthorized Access to User-Sensitive Data in Apple Music for Android Remote Code Execution Vulnerability in Apple Operating Systems Screen Capture Vulnerability Patched in macOS Big Sur 11.6.8 and macOS Monterey 12.5 Title: Information Disclosure Vulnerability Patched in iOS, iPadOS, macOS, tvOS, and Security Update Healthcheck Endpoint Bypass Vulnerability in GitLab AppleScript Binary Out-of-Bounds Read Vulnerability AppleScript Binary Processing Vulnerability in macOS Monterey 12.5 AppleScript Binary Out-of-Bounds Read Vulnerability Privacy Bypass Vulnerability in iOS, iPadOS, and macOS Lock Screen Content Access Vulnerability Privacy Vulnerability: User Activity Tracking in macOS and iOS Improved Memory Handling to Prevent Sensitive Kernel State Leakage Spotlight Search Results Display Deleted Contacts Vulnerability IP Address Bypass Vulnerability in GitLab EE Versions 14.2 to 15.4.1 Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS Improved State Management Fixes IP Address Tracking Vulnerability Privilege Escalation Vulnerability Allows Unauthorized Access to Private Information Arbitrary Code Execution Vulnerability Fixed in Safari 15.6 and macOS Monterey 12.5 Improved Memory Handling to Prevent Kernel Memory Disclosure Vulnerability Memory Handling Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Vulnerability: Arbitrary Code Execution with Kernel Privileges Improved Data Protection in iOS 16 and macOS Ventura 13: Addressing Physical Access Vulnerability to Read Past Diagnostic Logs Improved State Management in Safari 16 and iOS 16 Fixes Web Extension Tracking Vulnerability Insecure Password Storage in Redfish Plugin for BMC Operator User Account Siri-enabled Device Vulnerability: Unauthorized Access to Call History iOS 16 Patch: Siri Exploit Allows Unauthorized Access to Private Calendar Data Lock Screen Photo Access Vulnerability Vulnerability: Sensitive Location Information Disclosure Shortcut Bypasses Authentication to Access Hidden Photos Album in macOS Ventura 13 User-sensitive Data Access Vulnerability Patched in macOS Big Sur 11.7 and macOS Monterey 12.6 Lock Screen Contact Access Vulnerability GitLab CE/EE Branch/Tag Name Confusion Vulnerability Vulnerability Patched: User-Sensitive Data Accessible by Unauthorized Apps in macOS Monterey 12.5 File System Modification Vulnerability Privacy Preferences Bypass Vulnerability Patched in macOS Monterey 12.4 and macOS Big Sur 11.6.6 Sensitive Location Information Exposure Vulnerability Memory Corruption Vulnerability Patched in iOS 15.6, iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6 Buffer Overflow Vulnerability Fixed in Safari 16, iOS 16, iOS 15.7, and iPadOS 15.7 iOS 16 Patch: Fixing Arbitrary Code Execution Vulnerability with Improved Memory Handling Arbitrary Code Execution Vulnerability in macOS and iOS Memory Handling Vulnerability Allows Arbitrary Code Execution in iOS 16 and watchOS 9 Sandbox Circumvention Vulnerability in macOS Ventura 13 UI Spoofing Vulnerability Fixed in Safari 16 and iOS 16 Sandbox Circumvention Vulnerability in Safari 16, iOS 15.7, iPadOS 15.7, iOS 16, and macOS Ventura 13 Arbitrary Code Execution Vulnerability in Apple Software Arbitrary Code Execution Vulnerability in Apple Devices Vulnerability: File System Modification via Race Condition in macOS Ventura 13 Sensitive User Information Exposure Vulnerability in macOS Monterey 12.6 and macOS Big Sur 11.7 Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, and watchOS Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, and watchOS Length Parameter Inconsistency Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.8 Privilege Escalation Vulnerability in macOS Monterey 12.6 and macOS Big Sur 11.7 Privacy Bypass Vulnerability in macOS Ventura 13, macOS Monterey 12.6, and macOS Big Sur 11.7 Arbitrary Code Execution Vulnerability in tvOS 16, iOS 16, and watchOS 9 Sandbox Restrictions Patched to Address User Data Access Vulnerability Arbitrary Code Execution Vulnerability in macOS Ventura 13 via Malicious DMG File SSL/TLS Connection Interception Vulnerability in Apple Music 3.9.10 for Android Arbitrary Code Execution Vulnerability in tvOS, iOS, and watchOS Privilege Escalation Vulnerability Patched in macOS Monterey 12.6, iOS 15.7, and iPadOS 15.7 Cache Vulnerability in iOS 16: Potential Unauthorized Access to User-Sensitive Data Sensitive Data Leakage via Cache in GitLab EE Versions 14.9 to 15.2.5, 15.3 to 15.3.4, and 15.4 to 15.4.1 Gatekeeper Bypass Vulnerability in macOS Arbitrary Code Execution Vulnerability in macOS and iOS Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in Safari and iOS/iPadOS Sandboxed App Camera Privacy Vulnerability Kernel Privilege Escalation via Use After Free Vulnerability Type Confusion Vulnerability in macOS Ventura 13 Allows Arbitrary Code Execution with Kernel Privileges Kernel Memory Disclosure Vulnerability in iOS 16 Arbitrary Code Execution Vulnerability in macOS and iOS Privacy Bypass Vulnerability Patched in iOS 16 and macOS Ventura 13 UI Spoofing Vulnerability in iOS, iPadOS, and macOS Cache Containing Sensitive Information Vulnerability in rdiffweb prior to 2.4.8 Improved Checks in Xcode 14.0 Prevent User Information Disclosure via File Parsing Arbitrary Code Execution Vulnerability Fixed in Safari 16.1, iOS 16.1, iPadOS 16, and macOS Ventura 13 JIT Correctness Issue Allows Disclosure of Internal States in Apple Devices Arbitrary Code Execution Vulnerability in Apple Operating Systems Out-of-Bounds Write Vulnerability in tvOS, iOS, and watchOS Arbitrary Code Execution Vulnerability with Kernel Privileges Denial-of-Service Vulnerability in iOS and iPadOS Settings App via Malicious Wi-Fi Network Mail Credential Interception Vulnerability Vulnerability: Unauthorized Access to iOS Backups Email Address Leakage in GitLab EE WebHook Logs Improved Data Protection in macOS Ventura 13: Fixing App Privilege Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, and watchOS Title: Remote Code Execution Vulnerability in macOS Kernel (Fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6) Lock Screen Content Disclosure Vulnerability Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in macOS Ventura 13, Preventing Kernel Memory Disclosure Arbitrary Path Existence Check Vulnerability Arbitrary Code Execution Vulnerability in iOS and iPadOS Bypassing Node Proxy Validation in Kubernetes API Server Arbitrary Code Execution Vulnerability in Apple Operating Systems Buffer Overflow Vulnerability in iOS, iPadOS, macOS: Arbitrary Code Execution Arbitrary Code Execution Vulnerability in macOS Monterey, Ventura, and Big Sur Shake-to-Undo Vulnerability: Unauthorized Resurfacing of Deleted Photos Memory Corruption Vulnerability Allows Arbitrary Code Execution with Kernel Privileges macOS Ventura 13 Patch: Enhanced Sandbox Restrictions Prevent Unauthorized Audio Recording with Paired AirPods Audio Recording Vulnerability Exploitable via Connected AirPods Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, and watchOS Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability Allowing Arbitrary Code Execution Arbitrary Code Execution Vulnerability in iOS 15.7.1 and iPadOS 15.7.1 Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.8 InsydeH2O Kernel DMA Attack Vulnerability TOCTOU Race-Condition Vulnerability in InsydeH2O Kernel 5.1-5.5 InsydeH2O Kernel DMA Attack Vulnerability Teamplus Pro Chat Group Denial of Service Vulnerability Stack-based Buffer Overflow Vulnerability in HiCOS' Client-Side Citizen Digital Certificate Component Critical Stack-based Buffer Overflow in vim/vim Repository (CVE-2021-xxxx) Stack-based Buffer Overflow Vulnerability in HiCOS' Client-Side Citizen Digital Certificate Component Stack-based Buffer Overflow Vulnerability in HICOS' Client-Side Citizen Digital Certificate Component Double Free Vulnerability in HiCOS' Client-Side Citizen Certificate Component Path Traversal Vulnerability in OMICARD EDM's Mail File Relay Function Insufficient Validation in OMICARD EDM's API Allows SQL Injection Attacks Hard-coded Machine Key Vulnerability in OMICARD EDM Missing Authorization in RTL8168FP-CG Dash Remote Management Function Hard-coded Default Password Vulnerability in RTL8111EP-CG/RTL8111FP-CG DASH Function Demonic Issue: Vulnerability in MetaMask Allows Secret Recovery Phrase Access Critical Use After Free Vulnerability in vim/vim Repository (CVE-2021-XXXX) Stored Cross-Site Scripting (XSS) Vulnerability in Themify Themify Portfolio Post Plugin <= 1.2.4 Authentication Bypass Vulnerability in Intel(R) SUR Software DLL Injection Vulnerability in Infoblox BloxOne Endpoint for Windows through 2.2.7 Allows Local Privilege Escalation PowerShell Audit File Bypass Vulnerability Arbitrary File Read Vulnerability in Scanner's Compliance Audit File Handling Empty JPEG-LS Scan Assertion Failure in libjpeg Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.4.8 Buffer Overflow in ptrace PEEKUSER and POKEUSER on PowerPC 32-bit Platforms DNS Cache Poisoning Vulnerability in Knot Resolver 5.5.1 Sensitive Information Exposure in BTCPay Server's Public Point of Sale App Backdoor SSH Account Vulnerability in Nexans FTTO GigaSwitch Cross-Site Scripting (XSS) Vulnerabilities in Simple Bakery Shop Management System v1.0 Cross Site Scripting (XSS) vulnerability in Asus DSL-N14U-B1 1.1.2.3_805 router via *list parameters in multiple ASP pages Denial of Service Vulnerability in Open5GS up to 2.4.10 (VDB-209545) Unhandled Exception DoS Vulnerability in GNOME GIMP 2.10.30 SQL Injection Vulnerability in Web Based Quiz System v1.0 via eid parameter at welcome.php SQL Injection Vulnerability in Online Tours And Travels Management System v1.0 Access Control Bypass Vulnerability in TOTOLINK A7000R V4.1cu.4134 via /cgi-bin/ExportSettings.sh Arbitrary File Upload Vulnerability in Halo CMS v1.5.3 Halo CMS v1.5.3 Server-Side Request Forgery (SSRF) Vulnerability Code Execution Backdoor in django-navbar-client Package (v0.9.50 - v1.0.1) Allows Unauthorized Access and Privilege Escalation Code Execution Backdoor in RootInteractive Package Allows Privilege Escalation and Data Breach Code Execution Backdoor in cryptoasset-data-downloader Package via request Package Code Execution Backdoor in PyPI v0.0.1 Cloudlabeling Package: Exploiting Sensitive User Data and Privilege Escalation SQL Injection Vulnerability in Form Maker WordPress Plugin (Version 1.15.6 and below) Code Execution Backdoor in ML-Scanner Package: Exploiting Sensitive User Information and Privilege Escalation Code Execution Backdoor in AAmiles Package: Exploiting Sensitive User Information and Privilege Escalation Code Execution Backdoor in KGExplore Package: Exploiting Sensitive User Information and Privilege Escalation Code Execution Backdoor in watools Package Allows for Privilege Escalation and Data Breach Code Execution Backdoor in PyPI Beginner Package (v0.0.2 - v0.0.4): Exploiting Sensitive Data and Privilege Escalation Cross-Site Scripting (XSS) Vulnerability in Delta Electronics DIAEnergie v1.08.00 System Settings/IOT Settings Module Stack Overflow Vulnerability in TRENDnet Wi-Fi Routers TEW751DR v1.03 and TEW-752DRU v1.03 via genacgi_main Function Stored XSS Vulnerability in LightCMS v1.3.11 via Crafted PDF Upload Improper Exception Handling in GitHub Repository ikus060/rdiffweb prior to 2.4.8 Host Header Injection Vulnerability in Known v1.3.1+2020120201 Allows Account Takeover Host Header Injection Vulnerability in Microweber v1.2.15 Allows Account Takeover SQL Injection Vulnerability in CleanTalk WordPress Plugin Invalid Memory Access Vulnerability in CVA6 Commit 909d85a Incorrect Permission Vulnerability in CVA6 Commit 909d85a Assertion Failure in decode_preR13_entities() function at decode.c:5801 in libredwg v0.12.4.4608 Heap-Use-After-Free Vulnerability in LibreDWG v0.12.4.4608 Heap Buffer Overflow in LibreDWG v0.12.4.4608: bit_calc_CRC Vulnerability Heap-Use-After-Free Vulnerability in LibreDWG v0.12.4.4608 Heap Buffer Overflow in LibreDWG v0.12.4.4608: Vulnerability in dwg_add_object function at decode.c Race Condition Vulnerability in Linux Kernel Sound Subsystem Leads to Denial of Service Heap-Buffer-Overflow Vulnerability in LibreDWG v0.12.4.4608 Double-Free Vulnerability in LibreDWG v0.12.4.4608: dwg_read_file at dwg.c Stack Overflow Vulnerability in LibreDWG v0.12.4.4608: Exploiting the copy_bytes Function in decode_r2007.c Unquoted Service Path Vulnerability in XLPD v7.0.0094 and Below Arbitrary Code Execution Vulnerability in Embarcadero Dev-CPP v6.3 Binary Hijack Vulnerability in Orwell-Dev-Cpp v5.11: Arbitrary Code Execution via Crafted .exe File CSS Use After Free Vulnerability in Google Chrome SQL Injection Vulnerability in Online Railway Reservation System v1.0 Cross-Site Scripting (XSS) Vulnerability in Urtracker Premium v4.0.1.1477 Batch Add Function Heap Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccbuild.c SQL Injection Vulnerability in Online Railway Reservation System v1.0 SQL Injection Vulnerability in Online Railway Reservation System v1.0 Remote Code Execution Vulnerability in Google Chrome on ChromeOS SQL Injection Vulnerability in Online Railway Reservation System v1.0 SQL Injection Vulnerability in Online Railway Reservation System v1.0 SQL Injection Vulnerability in Online Railway Reservation System v1.0 SQL Injection Vulnerability in Online Railway Reservation System v1.0 SQL Injection Vulnerability in Online Railway Reservation System v1.0 Remote Code Execution Vulnerability in Google Chrome on ChromeOS SQL Injection Vulnerability in Online Railway Reservation System v1.0 SQL Injection Vulnerability in Online Railway Reservation System v1.0 Off-by-one Error in Libsndfile 1.1.0 Allows Arbitrary Code Execution and Denial of Service Integer Overflow Vulnerability in Libsndfile Allows for Denial of Service and Other Impacts Arithmetic Shift Vulnerabilities in Lrzip v0.651: Denial of Service Exploitation Integer Overflow Vulnerability in Harfbuzz v4.3.0 Component hb-ot-shape-fallback.cc Assertion Failure in Ethereum Solidity v0.8.14: SMTEncoder::indexOrMemberAssignment() Vulnerability Remote Code Execution Vulnerability in Google Chrome Arithmetic Shift Vulnerability in Protobuf-c v1.4.0 Stored XSS Vulnerability in Zoo Management System v1.0's Add Classification Function Arbitrary Address Modification Vulnerability in nopCommerce v4.50.2 Sandbox Escape Vulnerability in Google Chrome Developer Tools Denial of Service (DoS) Vulnerability in Open Policy Agent v0.10.2 AST Parser ESPCMS P8 Authenticated Remote Code Execution Vulnerability Stack Overflow Vulnerability in TP-Link Archer C50&A5(US)_V5_200407: Denial of Service via Crafted HTTP Request Use after free vulnerability in Google Chrome Assistant on ChromeOS prior to 106.0.5249.62 allows remote sandbox escape via specific UI gestures SQL Injection Vulnerability in 74cmsSE v3.5.1 via Keyword Parameter at /home/job/index SQL Injection Vulnerability in 74cmsSE v3.5.1 via key parameter at /freelance/resume_list SQL Injection Vulnerability in 74cmsSE v3.5.1 via Keyword Parameter at /home/job/map SQL Injection Vulnerability in 74cmsSE v3.5.1 via Keyword Parameter at /home/jobfairol/resumelist SQL Injection Vulnerability in 74cmsSE v3.5.1 via Keyword Parameter at /home/resume/index SQL Injection Vulnerability in 74cmsSE v3.5.1 via Keyword Parameter at /home/campus/campus_job Cross-Site Scripting (XSS) Vulnerability in Magnolia CMS v6.2.19 via Edit Contact Function Heap-Buffer Overflow in luaG_runerror: Recursive Error Vulnerability Insufficient Policy Enforcement in Custom Tabs on Android Allows Same Origin Policy Bypass Out-of-Bounds Write Vulnerability in Das U-Boot's sqfs_readdir() Function Redis v7.0 Memory Leak Vulnerability in streamGetEdgeID Component No Rate Limit Vulnerability in WiJungle NGFW Version U250 Allows for Account Take Over Deserialization Vulnerability in ThinkPHP v6.0.12 via AbstractCache.php Stack Overflow Vulnerability in XPDF v4.04 via Object::Copy Class Use after free vulnerability in Google Chrome allows remote sandbox escape via crafted HTML page Arbitrary Web Script Execution Vulnerability in Jfinal CMS v5.1.0 SQL Injection Vulnerability in Jfinal CMS v5.1.0 via attrVal Parameter at /jfinal_cms/system/dict/list Arbitrary File Read Vulnerability in GUnet Open eClass Platform (openeclass) v3.12.4 and below Reflected Cross-Site Scripting (XSS) Vulnerability in NUUO Network Video Recorder NVRsolo v03.06.02 via login.php Bypassing Managed Device Restrictions via Physical Access in Google Chrome VPN on ChromeOS Arbitrary File Deletion Vulnerability in MiniCMS v1.11 Stored XSS Vulnerability in eyoucms v1.5.6 Login Page URL Field AIOHTTP 3.8.1 Vulnerability: Denial of Service via Invalid IPv6 URL Arbitrary Command Execution via Double Quotes in Filename in Diffy 3.4.1 SQL Injection Vulnerability in RG-EG Series Gateway EG350 EG_RGOS 11.1(6) Remote Spoofing of Security UI in Full Screen Mode in Google Chrome Session Hijacking Vulnerability in SIMATIC MV540 and MV550 Series Unauthenticated Remote Data Access Vulnerability in SIMATIC MV540/550/560 Series Title: Authentication Bypass Vulnerability in Cerberus DMS, Desigo CC, and SIMATIC WinCC OA Use After Free Vulnerability in Google Chrome Allows Remote Sandbox Escape Command Injection in Apache NiFi and NiFi Registry User Group Provider WordPlus WordPress Better Messages Plugin <= 1.9.10.57 Authenticated Denial of Service (DoS) Vulnerability Open Redirect Vulnerability in web2py Versions Prior to 2.22.5: Phishing Attack via Specially Crafted URL SQL Injection Vulnerability in ObjectYPT Functionality of WWBN AVideo 11.6 and Dev Master Commit 3f7c0364 SQL Injection Vulnerability in Live Schedules Plugin of WWBN AVideo 11.6 and dev master commit 3f7c0364 SQL Injection Vulnerability in CloneSite Plugin of WWBN AVideo 11.6 and dev master commit 3f7c0364 Type Confusion Vulnerability in Google Chrome (CVE-2021-30563) OS Command Injection Vulnerability in Robustel R1510 3.1.16's js_package Install Functionality Arbitrary Script Injection Vulnerability in Cybozu Office 10.0.0 to 10.8.5 Cross-Site Scripting (XSS) Vulnerability in TYPO3 Schema Extension XSS Vulnerability in ameos_tarteaucitron TYPO3 Extension XSS Vulnerability in Matomo Integration Extension for TYPO3 Cross-Site Scripting (XSS) Vulnerability in libconnect Extension for TYPO3 Privilege Escalation Vulnerability in Trend Micro VPN Proxy Pro version 5.2.1026 and below Clear Text Storage of User Credentials in IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 Bypassing Security Feature in Safe Browsing in Google Chrome Weak Cryptographic Algorithms in IBM Security Directory Suite 8.0.1: A Potential Decryption Vulnerability HTTP Strict Transport Security Bypass in IBM Security Directory Server 6.4.0 Insecure Permissions in IBM Security Directory Suite VA 8.0.1 Arbitrary File Access Vulnerability in IBM Security Directory Server 7.2.0 Arbitrary File Viewing Vulnerability in IBM Security Directory Server 6.4.0 Privileged User File Upload Vulnerability in IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 Uncontrolled Resource Consumption Vulnerability in IBM Security Directory Suite VA 8.0.1 Insufficiently Protected Credentials for Bulk Uploaded Users in IBM Robotic Process Automation Bypassing Navigation Restrictions via Crafted HTML Page in Google Chrome on Android SQL Injection Vulnerability in TypeORM's findOne Function Bypassing User Presence Protection Mechanism in de.fac2 1.34 Algorithm-Downgrade Vulnerability in Couchbase Server Allows Temporary Non-TLS Connection Remote Authorization Bypass in Powertek Firmware Power Distribution Units (Versions before 3.30.30) Insecure Permissions Setting in Powertek Firmware Allows Disclosure of Active Session IDs Privilege Escalation Vulnerability in Intel(R) NUC 11 Performance Kits and Mini PCs CSRF Vulnerability in WPdevelop/Oplugins Booking Calendar Plugin Allows Translations Update Remote Code Execution Vulnerability in Brocade Fabric OS Authentication System Privilege Escalation Vulnerability in Brocade Fabric OS CLI Use After Free Vulnerability in ChromeOS Notifications Local Authenticated File Export Vulnerability in Brocade Fabric OS CLI Information Disclosure Vulnerability in Brocade Fabric OS CLI Privilege Escalation Vulnerability in Brocade Fabric OS CLI Stack Buffer Overflow Vulnerability in Brocade Fabric OS CLI Stack-based Buffer Overflow Vulnerability in Brocade Fabric OS Versions Stack-based Buffer Overflow in Brocade Fabric OS Versions Before v9.0.1e and v9.1.0 Remote Command Execution Vulnerability in Brocade Fabric OS Software Brocade SANnav Debug Log Information Disclosure Vulnerability XCMD OS Command Injection Vulnerability in Abode iota All-In-One Security Kit 6.9Z Privilege Escalation Vulnerability in Intel(R) SUR Software Stored Cross-Site Scripting (XSS) Vulnerability in Chinmoy Paul's Testimonials Plugin <= 3.0.1 for WordPress OS Command Injection Vulnerabilities in Abode iota All-In-One Security Kit 6.9X and 6.9Z: Unsafe Use of WL_SSID and WL_SSID_HEX Configuration Values OS Command Injection Vulnerabilities in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z OS Command Injection Vulnerabilities in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z XCMD testWifiAP Functionality OS Command Injection Vulnerabilities in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z Intel Xeon Processors with Intel Software Guard Extensions Vulnerability: Incorrect Default Permissions in Memory Controller Configurations Unauthenticated Options Change Vulnerability in Biplob Adhikari's Accordions Plugin for WordPress Bypassing Zero Trust Secure Web Gateway Policies via warp-cli 'set-custom-endpoint' Subcommand CSRF Vulnerability in MailerLite – Signup Forms Plugin Allows API Key Modification Authentication Bypass Vulnerability in L2Blocker Setup Screen Memory Resource Utilization Vulnerability in BIG-IP APM Access Policy with Service Connect Agent OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z OS Command Injection Vulnerabilities in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z OS Command Injection Vulnerabilities in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z OS Command Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z Authentication Bypass by Capture-Replay Vulnerability in Machine Automation Controllers and Software Privilege Escalation Vulnerability in Intel(R) NUC Laptop Kits Firmware Bypassing Lock WARP Switch Feature by Enabling Multiple Settings Simultaneously Critical Memory Corruption Vulnerability in Snapdragon Auto: Out-of-Range Pointer Offset Exploit Vulnerability: Memory Corruption in Modem due to Improper Size Calculation in CoAP Message Serialization Buffer Overflow Vulnerability in Modem's PPP Packet Processing Time-of-Check Time-of-Use Vulnerability in Snapdragon Platforms: Memory Corruption in Display ELF File Parsing Vulnerability Leads to Transient Denial-of-Service in Automotive Systems Critical Memory Corruption Vulnerability in Snapdragon Mobile: Unchecked Buffer Copy in Qualcomm IPC Automotive Memory Corruption: The Consequences of Inadequate Input Validation Integer Overflow Vulnerability Leads to Buffer Overflow in Automotive Listener Registration Bypassing Lock Warp Switch Vulnerability Buffer Over-read Vulnerability in Automotive Multimedia Systems Buffer Over-read Vulnerability in Trusted Execution Environment Metadata Verification Modem Vulnerability: DNS Response Packet Buffer Over-read Leading to Information Disclosure Null Pointer Dereference Vulnerability in Modem Processing HTTP Chunked Encoding Buffer Overflow Vulnerability in Core: Unchecked Input Size in ioctl Queries Exploiting Use After Free Vulnerability in Trusted Application Environment Buffer Overflow Vulnerability in Core's ioctl Command Processing Double Free Vulnerability in Linux Android: Memory Corruption during Unregister Provider IPv6 Packet Buffer Over-read Vulnerability Modem Vulnerability: Information Disclosure through Buffer Over-read SQL Injection Vulnerability in Advantech iView 5.7.04.6469 ConfigurationServlet Endpoint Buffer Overflow Vulnerability in FM Host Double Free Vulnerability in Encryption Key Initialization Memory Corruption Vulnerability: Buffer Overflow during Memory Sharing Tests with Large Scattered Memory Modem Configuration Vulnerability Allows Memory Corruption and Unauthorized File Write Critical Memory Corruption Vulnerability in Snapdragon Platforms Buffer Over-read Vulnerability in WLAN Firmware: A Potential Information Disclosure Risk Buffer Over-read Vulnerability in WLAN Firmware: A Transient Denial-of-Service Exploit Buffer Over-read Vulnerability in WLAN Firmware: Transient Denial of Service (DoS) Transient Denial-of-Service Vulnerability in WLAN Processing of FTM Frames in Multiple Snapdragon Platforms Transient Denial of Service Vulnerability in WLAN Firmware Parsing IPV6 Extension Header Critical Stack-based Buffer Overflow in vim/vim Repository (CVE-XXXX-XXXX) Audio Memory Corruption Vulnerability Memory Corruption Vulnerability in Qualcomm IPC during Loading of Unsigned Lib in Audio PD Qualcomm IPC Access Control Vulnerability Vulnerability: Transient Denial of Service (DoS) Exploit via Reachable Assertion in Modem WLAN Memory Corruption: Exploiting Use After Free Vulnerability Audio Memory Corruption Vulnerability in Voice Call Session Initialization Integer Overflow Vulnerability in User Identity Module Leads to Buffer Overflow via QMI HTTP Unauthorized Access Control Vulnerability in GitLab CE/EE API: Ability to Edit Approval Rules by Unauthenticated Users Transient Denial of Service Vulnerability in Modem during NR to LTE Handover Transient Denial of Service (DoS) Vulnerability in Modem Caused by Invalid Network Configuration WLAN IBSS Beacons Frame Buffer Over-read Information Disclosure Vulnerability Buffer Over-read Vulnerability in WLAN Parsing Corrupted NAN Frames Leading to Transient DOS Vulnerability: Transient Denial of Service (DoS) in Modem via Reachable Assertion in SIB1 Message Processing Bluetooth HOST Buffer Over-read Vulnerability Array Index Out of Bounds Vulnerability in Multi-mode Call Processor Time-of-Check Time-of-Use Race Condition Vulnerability in Core's Dump Collection in Trust Zone Modem Configuration Parameter Buffer Over-read Vulnerability Buffer Overflow Vulnerability in Modem's SMS Decoding Function Insecure Password Policies in GitHub Repository ikus060/rdiffweb prior to 2.4.9 Stack-based Buffer Overflow Vulnerability in USB Command Processing Use-after-free vulnerability in Core allows memory corruption when multiple DCI clients register and deregister Stack-based buffer overflow vulnerability in modem during parsing of OTASP Key Generation Request Message Memory Corruption Vulnerability in Powerline Communication Firmware: Information Exposure via Unassociated Device MMEs Audio Playback Vulnerability: Integer Overflow Leading to Buffer Overflow in AMR, EVRC, and QCELP Clips Linux DRM Request Vulnerability: Memory Corruption Exploit Bluetooth A2DP Pairing and Connection Vulnerability in Snapdragon Devices Integer Overflow Vulnerability in Core DDR Memory Assignment Missing Authentication for Critical Function in GitHub Repository Time-of-Check Time-of-Use Race Condition Vulnerability in Modem's RRC Reconfiguration Message Processing WLAN NMF Frame Buffer Over-read Vulnerability Vulnerability: Transient Denial of Service (DoS) in Modem via Reachable Assertion Buffer Over-read Vulnerability in Trusted Execution Environment during QRKS Report Generation Android Core Memory Corruption Vulnerability: Improper Array Index Validation in License Authentication Feature ID Retrieval Array Index Out of Bounds Vulnerability in WLAN HAL Buffer Overflow Vulnerability in Modem's WMI_REQUEST_STATS_CMDID Command Buffer Overflow Vulnerability in Modem's WMI Command Handling Buffer Overflow Vulnerability Stack-based buffer overflow vulnerability in WLAN with invalid WNM frame length leading to memory corruption. Race condition vulnerability in snap-confine's must_mkdir_and_open_with_perms() Uninitialized Pointer Vulnerability in Bluetooth HOST Processing AVRCP Packet Array Index Out of Bounds Vulnerability in EVA Kernel Integer Overflow Vulnerability in Automotive Multimedia Video Playback WLAN Frame Parsing Vulnerability: Information Disclosure via Buffer Over-read WLAN Buffer Over-read Vulnerability in BTM Action Frame Parsing WLAN CSA Action Frames Buffer Over-read Vulnerability Buffer Over-read Vulnerability in WLAN Processing of 802.11 Management Frames Leading to Transient Denial of Service (DoS) IPv6 Packet Header Length Information Disclosure Vulnerability Buffer Overflow Vulnerability in Core SCM Command for Write Protection Information Retrieval Modem Memory Corruption Vulnerability Null Pointer Dereference Vulnerability in Bluetooth HOST Modem Vulnerability: Information Disclosure via Buffer Over-read Use-after-free vulnerability in Qualcomm IPC leads to memory corruption during packet reception and reposting NULL Pointer Dereference Vulnerability in Modem Leads to Transient Denial of Service (DoS) Modem Vulnerability: Information Disclosure via Buffer Over-read in WMS Message Parsing Integer Overflow Vulnerability in Modem's Traffic Channel Neighbor List Update Message Parsing Linux Sensors Buffer Overread Vulnerability Exposes Sensitive Information Use-after-free vulnerability in Modem during initialization leads to memory corruption Null Pointer Dereference Vulnerability in Bluetooth HOST Guest User Privilege Escalation in Gitlab CE/EE Versions 15.0 - 15.4.1 Critical Memory Corruption Vulnerability in Automotive Android OS: Exploiting Improper Input Validation Audio Memory Corruption Vulnerability in AGM IPC APN TLV Length Vulnerability in User Identity Module Gunyah Resource Manager Message Queue Vulnerability NULL Pointer Dereference Vulnerability in Modem during TCP/UDP Packet Pullup: Transient Denial of Service NULL Pointer Dereference Vulnerability in Modem Leads to Transient Denial of Service (DoS) Buffer Over-read Vulnerability in WLAN Management Frame Processing Double Free Vulnerability in Automotive Systems: Exploiting Memory Corruption via Bad HLOS Address Mapping Buffer Over-read Vulnerability in WLAN Firmware Parsing Secure FTMR Frames Insecure Direct Object Reference Vulnerability in GitLab's Zentao Integration Address Book Data Leakage Vulnerability in Cybozu Office 10.0.0 to 10.8.5 Command Injection Vulnerability in Robustel R1510 3.3.0 Web Server Action Endpoints Command Injection Vulnerability in Robustel R1510 3.3.0: /action/import_https_cert_file/ API Command Injection Vulnerability in Robustel R1510 3.3.0 Web Server Action Endpoints Arbitrary Code Execution via Deserialization of Untrusted Data in ICONICS GENESIS64 and Mitsubishi Electric MC Works64 Arbitrary Code Execution via Deserialization in ICONICS GENESIS64 and Mitsubishi Electric MC Works64 Arbitrary Code Execution via Untrusted Control Sphere in ICONICS GENESIS64 and Mitsubishi Electric MC Works64 Remote Code Execution Vulnerability in ICONICS GENESIS64 and Mitsubishi Electric MC Works64 ICONICS GENESIS64 and Mitsubishi Electric MC Works64 Out-of-bounds Read Vulnerability Critical SQL Injection Vulnerability in SourceCodester Food Ordering Management System Arbitrary Code Execution via Deserialization of Untrusted Data in ICONICS GENESIS64 and Mitsubishi Electric MC Works64 Cleartext Transmission of Sensitive Information Vulnerability in Mitsubishi Electric Consumer Electronics Products Critical Cross-Site Scripting Vulnerability in Mitsubishi Electric Consumer Electronics Products Authentication Bypass Vulnerability in Mitsubishi Electric Corporation Industrial Robot Controller Denial of Service Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R and iQ-L Series Command Injection Vulnerability in Robustel R1510 3.3.0: Arbitrary Command Execution via /ajax/clear_tools_log/ API Command Injection Vulnerability in Robustel R1510 3.3.0 Web Server AJAX Endpoints Command Injection Vulnerability in Robustel R1510 3.3.0 Web Server AJAX Endpoint Command Injection Vulnerability in Robustel R1510 3.3.0 Web Server AJAX Endpoints Command Injection Vulnerability in Robustel R1510 3.3.0 Web Server AJAX Endpoint Functionality Cross-Site Scripting (XSS) Vulnerability in Zephyr Project Manager up to 3.2.4 (VDB-209370) Unserializing Vulnerability in Easy WP SMTP WordPress Plugin Unserialisation Vulnerability in Kadence WooCommerce Email Designer WordPress Plugin CSRF Vulnerability in Event Monster WordPress Plugin Allows Arbitrary Visitor Deletion Bypassing VPN Profile Deletion Restrictions on WARP Mobile Client for iOS XXE vulnerability in ePO prior to 5.10 Update 14 allows for unauthenticated remote attackers to trigger Server Side Request Forgery attack Reflected Cross-Site Scripting (XSS) Vulnerability in ePO Prior to 5.10 Update 14 XML External Entity (XXE) Vulnerability in Trellix IPS Manager: Remote Authenticated Administrator XXE Attack via XML Configuration Import Null Pointer Dereference Vulnerability in FFmpeg's decode_main_header() Function Jetpack CRM Plugin for WordPress PHAR Deserialization Vulnerability Inflated Score Vulnerability in WPQA Builder WordPress Plugin Vulnerability: KVM's AMD Nested Virtualization (SVM) Shutdown Interception Flaw DNSSEC Validation Bypass Vulnerability DNSSEC Validation Bypass Vulnerability Account Hijacking Vulnerability in Same-App Editor Access Critical Heap-Based Buffer Overflow Vulnerability in Sony PS4 and PS5 (VDB-209679) Stored Cross-Site Scripting Vulnerability in Contact Bank WordPress Plugin GitLab EE Vulnerability: User Email Disclosure through Group Member Events Webhooks GitHub Repository vim/vim: Use After Free Vulnerability Vulnerability in Hitachi Energy Products: IEC 61850 Communication Stack Denial of Service Denial of Service Vulnerability in Open5GS up to 2.4.10 Stored Cross-site Scripting (XSS) vulnerability in inventree/inventree prior to 0.8.3 Unserializing Content Vulnerability in Smart Slider 3 WordPress Plugin Vulnerability: OpenSSL Legacy Custom Cipher Mishandling Unserialization Vulnerability in Phlox Theme WordPress Plugin Unauthenticated Remote Code Execution in LearnPress WordPress Plugin Directory Traversal Vulnerability in Ultimate Member Plugin for WordPress (Versions up to 2.5.0) Insufficient Session Expiration in GitHub Repository ikus060/rdiffweb Prior to 2.5.0 Business Logic Errors in GitHub Repository ikus060/rdiffweb Prior to 2.5.0a7: Exploiting Flaws in Business Logic Excel Security Feature Bypass Vulnerability Office Security Feature Bypass Vulnerability: A Potential Breach in Microsoft Office Critical Remote Code Execution Vulnerability in Skype for Business and Lync Pervasive Windows PPTP Remote Code Execution Vulnerability Exploiting the Windows GDI+ Remote Code Execution Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) Guardian Breached: Microsoft Defender for Endpoint Tampering Vulnerability Exposed Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.0a3 OMI Elevation of Privilege Vulnerability in System Center Operations Manager Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Xbox Live Save Service Elevation of Privilege Vulnerability: Exploiting Privilege Escalation in Xbox Live Save Service BlueKeep: Windows TCP/IP Driver Denial of Service Vulnerability Escalation of Privilege Vulnerability in Azure Batch Node Agent Kerberos Privilege Escalation Vulnerability in Windows Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Edge (Chromium-based) Security Feature Bypass Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Unserialized Content Injection Vulnerability in PublishPress Capabilities WordPress Plugin Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Windows Partition Management Driver Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Azure Site Recovery Azure Site Recovery Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Azure Site Recovery Kerberos Privilege Escalation Vulnerability in Windows Privilege Escalation Vulnerability in Avira Security Software Updater Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Delayed TLS hostname verification in Pulsar Java Client and Pulsar Proxy: Man-in-the-Middle Attack Vulnerability TLS hostname verification bypass vulnerability in Apache Pulsar Broker, Proxy, and WebSocket Proxy Apache Pulsar Broker and Proxy TLS Certificate Verification Bypass Vulnerability Apache Pulsar C++ and Python Clients OAuth2.0 Man-in-the-Middle Vulnerability Unprotected Dynamic Receiver Vulnerability in Wearable Manager Service GsmAlarmManager Log Leakage Vulnerability Local Access to IMSI via Log in telephony-common.jar IMSISpy: Sensitive Information Exposure Vulnerability in EventType Improper Access Control Vulnerability in TelephonyUI Allows Unauthorized Network Type Modification Privileged Registry Key Deletion Vulnerability in Bitdefender Engines Arbitrary File Access Vulnerability in Contacts Storage prior to SMR Jul-2022 Release 1 Race Condition Vulnerability in Score Driver Prior to SMR Jul-2022 Release 1: Local Attackers Can Interleave Malicious Operations Information Leakage in Messaging Application Prior to SMR Jul-2022 Release 1: Local Attacker Access to IMSI and ICCID via Log CID Manager Vulnerability: Unauthorized Access to ICCID via Log Unprotected Intent Broadcasting Vulnerability in CSC Application Allows Local Attacker to Access WiFi Information Improper Permission Handling in InputManagerService: Unauthorized Service Access Vulnerability Telephony Service Vulnerability: Unauthorized Access to IMSI and ICCID via Log IMS Core Vulnerability: Unauthorized Access to IMSI via ImsServiceSwitchBase Local Attackers Can Access ICCID via Log in Telecom Application Prior to SMR Jul-2022 Release 1 Information Disclosure Vulnerability in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 Heap Corruption Vulnerability in Custom Elements in Google Chrome Information Disclosure Vulnerability in putDsaSimImsi in TelephonyUI Improper Access Control Vulnerability in KnoxCustomManagerService Allows Unauthorized Invocation of PowerManager.goToSleep Method Knoxguard Improper Authorization Vulnerability Allows Local Attacker to Bypass Lock Improper Validation Vulnerability in CACertificateInfo: SMR Jul-2022 Release 1 Activity Launch Vulnerability in KnoxSDK ucmRetParcelable (SMR Jul-2022 Release 1) Calendar Information Exposure Vulnerability Improper Access Control Vulnerability in Samsung Gallery Allows Unauthorized Picture Access via S Pen Air Gesture Device Identification Vulnerability in Find My Mobile (Versions prior to 7.2.24.12) Privilege Escalation Vulnerability in Galaxy Store's AppsPackageInstaller ApexPackageInstaller Local Privilege Escalation Vulnerability Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.0a3 Improper Input Validation Vulnerability in Galaxy Store BillingPackageInstaller Directory Junction Vulnerability in Samsung USB Driver Windows Installer for Mobile Phones Camera Implicit Intent Redirection Vulnerability in Android S (12) Samsung Cloud Implicit Intent Hijacking Vulnerability Access Control Vulnerability in SemWifiApBroadcastReceiver Allows Unauthorized Reset of Mobile Hotspot Setting Improper Access Control and Path Traversal Vulnerability in LauncherProvider: Local File Access in One UI Uninitialized Memory Read Vulnerability in ICCC TA Prior to SMR Aug-2022 Release 1 Memory Read Vulnerability in SEM TA Prior to SMR Aug-2022 Release 1 Improper Access Control Vulnerability in Wi-Fi Service Allows Manipulation of Mobile Data Usage Permissions Baseband Integer Overflow Vulnerability Leading to Heap Overflow CSRF Vulnerability in Netman-204 Version 02.05 Allows Unauthorized Password Changes AppLock Vulnerability: Unauthorized Access to Chrome via Tap Shortcut System Privilege File Access Vulnerability in DeX for PC (SMR Aug-2022 Release 1) Smart View Implicit Intent Hijacking Vulnerability: Exposing Connected Device MAC Address Bluetooth Device Selection Vulnerability in onCreate of BluetoothScanDialog ICCID Exposure Vulnerability in Samsung Dialer Application System Privilege Escalation Vulnerability in Knox VPN Prior to SMR Aug-2022 Release 1 Unprotected Dynamic Receiver Vulnerability in Samsung Galaxy Friends Tapjacking/Overlay Vulnerability in SecDevicePickerDialog Bluetooth Vulnerability: Unauthorized Access to BT MacAddress via Settings.Global NFC ConfirmConnectActivity Vulnerability: MAC Address Leakage in Pre-SMR Aug-2022 Release 1 Out of Bounds Write Vulnerability in V8 in Google Chrome Heap-based Buffer Overflow Vulnerability in Samsung Dex for PC Arbitrary Component Control Vulnerability in DesktopSystemUI Unprotected Binder Call Vulnerability in Samsung Dex for PC Bluetooth Connection Information Exposure in Charm by Samsung (prior to version 1.2.3) Bluetooth Connection Information Exposure in Charm by Samsung (prior to version 1.2.3) WS7200-10 11.0.2.13 Password Verification Vulnerability: LAN Brute Force Attack Exploitation Authentication Bypass Vulnerability in Opcenter Quality OpenVPN Access Server Installer Log File Exposes Random Admin Password Vulnerability Weak Random Generator in OpenVPN Access Server: A Breach in User Session Token Security Insecure XML Parsing Vulnerability in CA Clarity 15.8 and Below and 15.9.0 Unserializing Content Vulnerability in Ocean Extra WordPress Plugin Linux Disk/NIC Frontends Data Leakage Vulnerabilities Linux Disk/NIC Frontends Data Leakage Vulnerabilities Linux Disk/NIC Frontends Data Leakage Vulnerabilities Vulnerability: Freed SKBs in Linux netfront due to XDP support logic Vulnerability: Arm Guests Exploit Race Window to Cause Dom0 Denial of Service via PV Devices Insufficient TLB Flush in Shadow Mode for x86 PV Guests Vulnerability: Excessive Time for P2M Pool Freeing without Preemption Checks Unbounded Memory Consumption Vulnerability in Arm's 2nd-Level Page Tables Lock Order Inversion in Transitive Grant Copy Handling XAPI File Descriptor Limit Denial-of-Service Vulnerability GitLab Branch Name Disclosure Vulnerability Authentication Bypass Vulnerability in CA Automic Automation 12.2 and 12.3 Insecure Memory Handling Vulnerability in CA Automic Automation Agent Insufficient Input Validation in CA Automic Automation Agent: Remote Code Execution Vulnerability Insecure File Creation and Handling Vulnerability in CA Automic Automation 12.2 and 12.3 Insufficient Input Validation in CA Automic Automation Agent: Remote Code Execution Vulnerability Insecure Input Handling Vulnerability in CA Automic Automation Agent Allows User Enumeration Entropy Weakness Vulnerability in CA Automic AutomationEngine Nessus Debug Log File Disclosure Vulnerability Insecure Password Requirements in GitHub Repository ikus060/rdiffweb prior to 2.5.0a4 Uninitialized Pointer Vulnerability in Horner Automation's Cscape Version 9.90 SP 6 and Prior Uninitialized Pointer Vulnerability in Horner Automation's Cscape Version 9.90 SP 7 and Prior Arbitrary Code Execution Vulnerability in Horner Automation's Cscape Version 9.90 SP7 and Prior Unserialization PHP Object Injection Vulnerability in Customizer Export/Import WordPress Plugin URL Redirection Vulnerability in GitLab Denial-of-Service Vulnerability in HIWIN Robot System Software version 3.3.21.9869 Remote Code Execution Vulnerability in Ultimate Member WordPress Plugin Remote Code Execution Vulnerability in Ultimate Member WordPress Plugin (Versions up to 2.5.0) Stack-Based Buffer Overflow in Advantech R-SeeNet Versions 2.4.17 and Prior Arbitrary File Upload Vulnerability in Eaton Foreseer EPMS Software Stack-Based Buffer Overflow in Advantech R-SeeNet Versions 2.4.17 and Prior Command Injection Vulnerability in FortiWAN Management Interface Path Traversal Vulnerability in Advantech R-SeeNet Allows Remote Deletion of .PDF Files Command Injection Vulnerability in FortiTester Command Line Interpreter FortiWeb CLI Buffer Overflow Vulnerability Telnet Login OS Command Injection Vulnerability in FortiTester OS Command Injection Vulnerability in FortiTester Console Login Components OS Command Injection Vulnerability in FortiTester SSH Login Components SQL Injection Vulnerability in Fortinet FortiADC Versions 7.1.0, 7.0.0-7.0.2, and 6.2.4 and Below File Retrieval Vulnerability in Fortinet FortiADC Insecure Default Permissions Vulnerability in FortiClient and FortiConverter Cleartext SSL-VPN Password Exposure Vulnerability in FortiClient for Mac New Regex Denial of Service (DoS) Vulnerability Discovered in StandardsExtractingContentHandler Remote Code Execution Vulnerability in Monitor Pro Interface of MicroSCADA Pro and MicroSCADA X SYS600 SQL Injection Vulnerability in hms-staff.php of Projectworlds Hospital Management System Mini-Project Autodesk AutoCAD 2023 PRT File Parsing Vulnerability Unintended Sphere of Control: Privilege Escalation and Arbitrary Code Execution in Autodesk Desktop App Memory Corruption Vulnerability in Moldflow Applications Autodesk AutoCAD 2023 and 2022 X_B File Parsing Boundary Read Vulnerability Buffer Overflow Vulnerability in Autodesk AutoCAD 2023 and 2022 Buffer Overflow Vulnerability in Autodesk AutoCAD and Maya Autodesk AutoCAD 2023 Unhandled Exception Vulnerability Memory Corruption Vulnerability in Autodesk DWG Application Heap Buffer Overflow Vulnerability in Autodesk Design Review and AutoCAD GitHub Repository Path Traversal Vulnerability in ikus060/rdiffweb (prior to 2.4.10) Memory Corruption Vulnerability in DesignReview.exe Apache Spark UI ACL Bypass and Arbitrary Shell Command Execution Vulnerability Path Traversal Vulnerability in Intel(R) Quartus Prime Pro and Standard Edition Software BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors Buffer Underflow Vulnerability in Hancom Office 2020 Version 11.0.0.5357 Directory Traversal Vulnerability in Robustel R1510 3.1.16 Allows Arbitrary File Deletion Insecure Inherited Permissions in Intel(R) NUC Watchdog Timer Installation Software PHP Object Injection Vulnerability in Easy Digital Downloads Plugin <= 3.0.1 for WordPress Unauthenticated Arbitrary File Read Vulnerability in MultiSafepay Plugin for WooCommerce Privilege Escalation Vulnerability in Intel(R) Quartus Prime Pro and Standard Edition Software Denial of Service Vulnerability in Tor 0.4.7.x AhciBusDxe Software SMI Handler Input Buffer DMA Vulnerability TOCTOU Vulnerability in FwBlockServiceSmm Software SMI Handler Leads to SMRAM Corruption Vulnerability: DMA-based TOCTOU Attack on IdeBusDxe Driver's SMI Handler TOCTOU Vulnerability in SdHostDriver Software SMI Handler Leads to SMRAM Corruption TOCTOU Attack Vulnerability in HddPassword Software SMI Handler Stored Cross-Site Scripting Vulnerability in Retain Live Chat WordPress Plugin SVG Document XSS Vulnerability in MantisBT before 2.25.5 Information Disclosure Vulnerability in Couchbase Server Analytics Service Local Privilege Escalation Vulnerability in Checkmk Debian Package Unauthenticated File Download Vulnerability in Mahara Race Condition Vulnerability in Amazon AWS Apache Log4j Hotpatch Package Remote Information Disclosure Vulnerability in OPC UA .NET Standard Reference Server 1.04.368 Arm Mali GPU Kernel Driver Vulnerability: Improper GPU Processing Operations Leading to Memory Access Dell GeoDrive Information Disclosure Vulnerability Dell GeoDrive GUI Information Disclosure Vulnerability Stored Cross-Site Scripting Vulnerability in WP Humans.txt WordPress Plugin Unquoted File Path Vulnerability in Dell GeoDrive Prior to 2.2 Multiple DLL Hijacking Vulnerabilities in Dell GeoDrive versions prior to 2.2 Insecure File and Folder Permissions in Dell GeoDrive versions prior to 2.2 Dell PowerStore OS Command Injection Vulnerability Improper Access Control Vulnerability in Dell Wyse Management Suite 3.6.1 and Below Improper Access Control in Dell Wyse Management Suite 3.6.1 and Below: Unauthorized Report Download Improper Access Control Vulnerability in Dell Wyse Management Suite 3.6.1 and Below Session Fixation Vulnerability in Dell Wyse Management Suite 3.6.1 and Below Dell Wyse Management Suite 3.6.1 and below: Plain-text Password Storage Vulnerability in UI Reflected Cross-Site Scripting Vulnerability in Dell Wyse Management Suite 3.6.1 and Below CSV Injection Vulnerability in Post to CSV by BestWebSoft WordPress Plugin Information Disclosure in Dell Wyse Management Suite 3.6.1 and below: Exploiting Error Pages for Sensitive Data Disclosure Improper Access Control Vulnerability in Dell Wyse Management Suite 3.6.1 and Below: Unauthorized Alert Category Modification Unprotected Primary Channel Vulnerability in Dell PowerScale OneFS Stored Cross-Site Scripting Vulnerabilities in Dell PowerScale OneFS Stored Cross Site Scripting in Dell EMC Data Protection Advisor Critical Remote Code Execution Vulnerability in Cloud Mobility for Dell EMC Storage, 1.3.0.XXX Dell GeoDrive Path Traversal Vulnerability Allows Unauthorized File Deletion Format String Injection Vulnerability in Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X Denial of Service Vulnerability in CENTUM VP / CS 3000 Controller FCS Arbitrary Code Execution Vulnerability in WP All Export Pro WordPress Plugin PowerCMS XMLRPC API Command Injection Vulnerability Vulnerability in Intel(R) DCM Software Allows Privilege Escalation via Adjacent Access Title: Authenticated Cross-Site Scripting (XSS) Vulnerability in Nico Amarilla's BxSlider WP Plugin <= 2.0.0 for WordPress Authenticated Insecure Direct Object References Vulnerability in MiCODUS MV720 GPS Tracker Web Server Privilege Escalation Vulnerability in Intel Server Board and Server System BIOS Firmware Authentication Bypass Vulnerability in Intel(R) SUR Software Vulnerability in BIG-IP DNS Traffic Management User Interface (TMUI) Allows Unauthorized DNS Requests and Operations OS Command Injection Vulnerability in HOME SPOT CUBE2 V102 SQL Injection Vulnerability in WP All Export Pro WordPress Plugin Insufficiently Protected Access Tokens in IBM Robotic Process Automation 21.0.1 and 21.0.2 Physical Access Vulnerability in IBM CICS TX 11.1: Back and Refresh Attack User Impersonation Vulnerability in IBM Sterling Order Management 10.0 OMRON CX-Programmer 9.78 and Prior Out-of-Bounds Write Vulnerability Authenticated SQL Injection Vulnerabilities in Social Share Buttons by Supsystic Plugin <= 2.2.3 Stored XSS Vulnerability in WaspThemes Visual CSS Style Editor Plugin Access Control Bypass Vulnerability in BIG-IP Versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x Privilege Escalation Vulnerability in Intel(R) Unite(R) Client Software for Windows Unauthenticated Privilege Escalation Vulnerability in Intel(R) SUR Software Critical Unauthenticated SQL Injection Vulnerabilities in Osamaesh WP Visitor Statistics Plugin Heap-based Buffer Overflow Vulnerability in U-Boot's SquashFS Filesystem Implementation Buffer Over-read Vulnerability in BIG-IP Virtual Servers with LTM Monitor or APM SSO Authenticated Options Change Vulnerability in Flipbox Plugin <= 2.6.0 for WordPress OMRON CX-Programmer 9.78 and Prior Out-of-Bounds Write Vulnerability Authenticated WordPress Options Change Vulnerability in Biplob018 Shortcode Addons Plugin <= 3.1.2 Authentication Bypass by Capture-Replay Vulnerability in OMRON Machine Automation Controllers Microcode Keying Vulnerability in 3rd Generation Intel Xeon Scalable Processors Allows Information Disclosure via Local Access Improper Access Control in Intel(R) WAPI Security Software: Potential Information Disclosure Vulnerability CSRF Vulnerability in Smash Balloon Custom Twitter Feeds Plugin (<= 1.8.4) XML Entity Expansion Denial-of-Service Vulnerability in untangle Library Critical Reflected Cross-Site Scripting (XSS) Vulnerability in FontMeister Plugin for WordPress OMRON CX-Programmer 9.78 and Prior Out-of-Bounds Write Vulnerability Arbitrary Code Execution and Remote Server Contact in Apache Commons Configuration Concurrency Use-After-Free Vulnerability in Linux Kernel's floppy.c DMA Attacks on Int15ServiceSmm Software SMI Handler Parameter Buffer: TOCTOU Vulnerability TOCTOU Vulnerability in NvmExpressLegacy Software SMI Handler Leads to SMRAM Corruption TOCTOU Vulnerability in SdMmcDevice Software SMI Handler Leads to SMRAM Corruption TOCTOU Vulnerability in NvmExpressDxe Software SMI Handler Allows SMRAM Corruption DMA Attacks on VariableRuntimeDxe Software SMI Handler Parameter Buffer: TOCTOU Vulnerability Vulnerability: Redirect to UNIX Socket in got package for Node.js DNS Cache-Poisoning Vulnerability in dproxy-nexgen Static UDP Source Port in dproxy-nexgen Allows DNS Cache Poisoning Cache Poisoning Vulnerability in dproxy-nexgen DNS Cache Poisoning Vulnerability in dproxy-nexgen DNS Cache Poisoning Vulnerability in DNRD 2.20.3 Cache Poisoning Vulnerability in DNRD 2.20.3 due to Misinterpretation of Special Domain Name Characters Stored XSS Vulnerability in Gutenberg Plugin for WordPress Arbitrary File Creation and Overwrite Vulnerability in Devolutions Remote Desktop Manager Insecure Permission Inheritance in Devolutions Server (before 2022.2) Authorization Bypass Vulnerability in Bricks WordPress Theme Assertion Failure in LowMemoryRenderPipeline::Init() in libjxl 0.6.1 XXE Vulnerability in Unit4 ERP 7.9: ExecuteServerProcessAsynchronously Local File Inclusion Vulnerability in PDS Vista 7's /application/documents/display.aspx Page Hardcoded Password Vulnerability in TitanFTP NextGen Privilege Escalation via Default SQL Instance Configuration in TitanFTP NextGen Stored XSS Vulnerability in EQS Integrity Line Professional Quarantine Flaw in Comodo Antivirus 12.2.2.8012 Allows Privilege Escalation via NTFS Directory Junction Denial of Service Vulnerability in Fossil 2.18 on Windows via XSS Payload in Ticket Remote Code Execution Vulnerability in Bricks WordPress Theme (CVE-2022-3400) Server-Side Request Forgery (SSRF) Vulnerability in OneBlog v2.3.4 via entryUrls Parameter Privilege Escalation Vulnerability in OneBlog v2.3.4 Server-Side Request Forgery (SSRF) Vulnerability in OneBlog v2.3.4 via Logo Parameter in Link Module Stored Cross-Site Scripting Vulnerability in Log HTTP Requests Plugin for WordPress CSRF Vulnerability in ResIOT IOT Platform + LoRaWAN Network Server ResIOT IOT Platform + LoRaWAN Network Server Multiple Cross Site Scripting (XSS) Vulnerabilities SQL Injection Vulnerability in ResIOT IOT Platform + LoRaWAN Network Server SQL Injection Vulnerability in Barangay Management System v1.0 via hidden_id parameter at /officials/officials.php Arbitrary File Upload Vulnerability in Barangay Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in Vesta v1.0.0-5 via /web/api/v1/upload/UploadHandler.php Directory Traversal Vulnerability in ICEcoder v8.1 Segmentation Violation Vulnerability in Nginx NJS v0.7.4 Segmentation Violation Vulnerability in Nginx NJS v0.7.5 Out-of-Bounds Read Vulnerability in Nginx NJS v0.7.4 Segmentation Violation Vulnerability in Nginx NJS v0.7.5 Segmentation Violation Vulnerability in Nginx NJS v0.7.5 Segmentation Violation Vulnerability in Nginx NJS v0.7.5 Heap Overflow Vulnerability in HTMLDoc v1.9.15 via write_header in html.cxx:273 Heap Overflow Vulnerability in HTMLDoc v1.9.12 and Below Out-of-Bounds Read DoS Vulnerability in Caddy v2.5.1 Rewrite Function Denial of Service Vulnerability in Etcd v3.5.4 via PageWriter.write in pagewriter.go SQL Injection Vulnerability in Barangay Management System v1.0 via hidden_id Parameter DLL Hijacking Vulnerability in NoMachine v7.9.2: Arbitrary Code Execution via Incorrect Folder Permissions Hardcoded Encryption/Decryption Key Vulnerability in Wavlink WN530HG4 M30HG4.V5030.191116 Access Control Vulnerability in Wavlink WN533A8 M33A8.V5030.190716 Allows Unauthorized Retrieval of Usernames and Passwords Access Control Vulnerability in Wavlink WN530HG4 M30HG4.V5030.191116 Exposes Usernames and Passwords Reflected Cross-Site Scripting (XSS) Vulnerability in Wavlink WN533A8 M33A8.V5030.190716 Unauthenticated Access Control Vulnerability in Wavlink WN530HG4 M30HG4.V5030.191116 Excessive Privileges in Acronis Agent Lead to Code Execution and Sensitive Information Disclosure Backdoor Code Execution Vulnerability in DR-Web-Engine Package Code Execution Backdoor in Perdido Package: Exploiting Sensitive User Information and Privilege Escalation Code Execution Backdoor in drxhello Package: Exploiting Sensitive User Information and Privilege Escalation Code Execution Backdoor in Watertools Package: Exploiting Sensitive User Information and Privilege Escalation Code Execution Backdoor in Scoptrial Package v0.0.5 Allows Unauthorized Access and Privilege Escalation Backdoor Code Execution Vulnerability in Sixfab-Tool v0.0.2 to v0.0.3 Code Execution Backdoor in Togglee Package (v0.0.8) Enables Unauthorized Access and Privilege Escalation Code Execution Backdoor in Catly-Translate Package: A Critical Vulnerability Allowing Unauthorized Access and Privilege Escalation Critical Code Execution Backdoor in Zibal Package: User Data and Digital Currency Keys at Risk Code Execution Backdoor in Rondolu-YT-Concate Package in PyPI v0.1.0 Code Execution Backdoor in Texercise Package: User Information and Privilege Escalation Vulnerability SQL Injection Vulnerability in Warehouse Management System v1.0 via cari Parameter Vulnerability: Modem Reset Issue Blocks Emergency Calls Cross-Site Scripting Vulnerability in WP Word Count WordPress Plugin Denial of Service Vulnerability in bmcweb of OpenBMC Project Cross-Site Scripting (XSS) Vulnerability in i3geo v7.0.5 via svg2img.php Cross-Site Scripting (XSS) Vulnerability in Portal do Software Publico Brasileiro i3geo v7.0.5 via access_token.php Cross-Site Scripting (XSS) Vulnerability in Portal do Software Publico Brasileiro i3geo v7.0.5 via request_token.php Privilege Escalation Vulnerability in Crestron AirMedia Windows Application Privilege Escalation Vulnerability in Crestron AirMedia Windows Application (Version 4.3.1.39) Uncontrolled Uninstallation Pause Exploit in Crestron AirMedia Windows Application Denial of Service (DoS) Vulnerability in Micro-Star International MSI Feature Navigator v1.0.1808.0901 Arbitrary File Write Vulnerability in Micro-Star International MSI Feature Navigator v1.0.1808.0901 CPU Saturation Vulnerability in GitLab CE/EE via Large Issue Description in GraphQL Arbitrary File Download Vulnerability in Micro-Star International MSI Feature Navigator v1.0.1808.0901 Arbitrary Uninstallation Vulnerability in Dataease v1.11.1 Plugin Arbitrary Code Execution Vulnerability in Dataease v1.11.1 Plugin Upload Component SQL Injection Vulnerability in Dataease v1.11.1 via dataSourceId Parameter Arbitrary File Write Vulnerability in DataEase v1.11.1 via dataSourceId Parameter Remote Code Execution Vulnerability in Barangay Management System v1.0 via Activity Module Editing Cuppa CMS v1.0 Local File Inclusion (LFI) Vulnerability in /templates/default/html/windows/right.php Sensitive Information Disclosure in CMDB Plugin for GLPI via Path Traversal Local File Reading Vulnerability in GLPI Activity Plugin Local File Reading Vulnerability in Managentities Plugin for GLPI Remote Code Execution Vulnerability in Cartography Plugin for GLPI Improper Access Control in GitLab EE: Unauthorized Access to Audit Events SQL Injection Vulnerability in Jorani v1.0 via id Parameter in Leaves.php Cross-Site Scripting (XSS) Vulnerability in Jorani v1.0 via Comment Parameter Cross-Site Request Forgery (CSRF) Vulnerability in Jorani v1.0 IDOR Vulnerability in Biltema IP and Baby Camera Software v124: Unauthorized Access to Sensitive Information Critical SQL Injection Vulnerability in SourceCodester Web-Based Student Clearance System Stored XSS Vulnerability in Feehi CMS v2.1.1 Allows Arbitrary Code Execution via Crafted Username Field Vulnerability: Transient Denial of Service (DoS) in Modem's OSI Decode Scheduling Buffer Over-read Vulnerability in WLAN Host Parsing Frame Information WLAN Host Vulnerability: Transient DOS through Improper Input Validation during Frame Defragmentation BIOS Firmware Vulnerability in Intel NUC Kits and Mini PCs Allows Privilege Escalation Cross-site Scripting Vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore Plugin <= 1.6.9.0 miniOrange WP OAuth Server Plugin Authentication Bypass Vulnerability Stored Cross-Site Scripting Vulnerability in Chat Bubble WordPress Plugin Authenticated Insecure Direct Object Reference Vulnerability in MiCODUS MV720 GPS Tracker Web Server Hard-coded Credentials Vulnerability in Machine Automation Controllers and Sysmac Studio Vulnerability: Privilege Escalation via Local Access in Intel(R) NUC Boards and Kits Privilege Escalation Vulnerability in Intel(R) Battery Life Diagnostic Tool Software Authenticated Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress Authentication Bypass Vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) Plugin Improper Certificate Verification in Hulu iOS App Prior to 3.0.81 Allows Man-in-the-Middle Attacks Privilege Escalation Vulnerability in Intel FPGA SDK for OpenCL with Intel Quartus Prime Pro Edition Software CSRF Vulnerability in Apache JSPWiki Image Plugin Allows Account Privilege Escalation Arbitrary File Upload Vulnerability in WPtouch WordPress Plugin HTML Injection Vulnerability in IBM CICS TX Standard and Advanced 11.1 Cross-Site Request Forgery Vulnerability in IBM CICS TX 11.1 Remote Clickjacking Vulnerability in IBM CICS TX 11.1 HTTP Header Injection Vulnerability in IBM CICS TX 11.1 Improper Input Validation in IBM CICS TX 11.1 Allows Local User Impersonation HTTP Header Injection Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Cross-Site Scripting (XSS) Vulnerability in IBM CICS TX Standard and Advanced 11.1 Stored Cross-Site Scripting Vulnerability in IBM CICS TX Standard and Advanced 11.1 Apache Xalan Java XSLT Library Integer Truncation Vulnerability Unserialisation Vulnerability in WPtouch WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Jenkins Help Icon Tooltip Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.321 through 2.355 and LTS 2.332.1 through LTS 2.332.3 Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.340 through 2.355 Cross-Site Scripting (XSS) Vulnerability in Jenkins Build Button Tooltip Timing Discrepancy Vulnerability in Jenkins User Database Security Realm Jenkins Vulnerability: Bypassing Protection Mechanism to Access Sensitive View Fragments Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins JUnit Plugin Arbitrary File Upload Vulnerability in Jenkins Pipeline: Input Step Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Embeddable Build Status Plugin 2.0.3 Jenkins Embeddable Build Status Plugin 2.0.3 and earlier - Relative Path Traversal Vulnerability Arbitrary File Upload Vulnerability in Import any XML or CSV File to WordPress Plugin Jenkins Embeddable Build Status Plugin Vulnerability: Unauthorized Access to Build Status Badge Arbitrary Directory Creation and Test Result Extraction Vulnerability in Jenkins xUnit Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Nested View Plugin 1.20 - 1.25 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Agent Server Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins CRX Content Package Deployer Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Date Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Dynamic Extended Choice Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Filesystem List Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Hidden Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Image Tag Parameter Plugin Vulnerability: Unrestricted User Role Assignment in Automatic User Roles Switcher WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Maven Metadata Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Ontrack Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Package Version Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Readonly Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Repository Connector Plugin 2.2.0 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins REST List Parameter Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Sauce OnDemand Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Stash Branch Parameter Plugin Unencrypted Password Storage in Jenkins Convertigo Mobile Platform Plugin Stored Cross-Site Scripting Vulnerability in Billingo WordPress Plugin CSRF Vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and Earlier Allows Unauthorized URL Connections Unauthenticated Remote URL Connection Vulnerability in Jenkins Convertigo Mobile Platform Plugin Unencrypted Storage of User Passwords in Jenkins EasyQA Plugin Jenkins EasyQA Plugin 1.0 CSRF Vulnerability: Unauthorized Connection to Attacker-Specified Server Missing Permission Check in Jenkins EasyQA Plugin Allows Unauthorized Connection to Attacker-Specified Server Jenkins Jianliao Notification Plugin CSRF Vulnerability Jenkins Jianliao Notification Plugin 1.1 and Earlier: Missing Permission Check Allows Unauthorized HTTP POST Requests Jenkins Beaker Builder Plugin CSRF Vulnerability: Unauthorized Connection to Attacker-Specified URL Unauthenticated Remote URL Connection Vulnerability in Jenkins Beaker Builder Plugin Jenkins ThreadFix Plugin 1.5.4 CSRF Vulnerability: Unauthorized URL Connection Privilege Escalation Vulnerability in Google Drive for Desktop Installer Unauthenticated Remote URL Connection Vulnerability in Jenkins ThreadFix Plugin CSRF Vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and Earlier Unauthenticated HTTP POST Request Vulnerability in Jenkins vRealize Orchestrator Plugin Unencrypted Password Storage in Jenkins Squash TM Publisher Plugin Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-Of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Account Takeover: Exploiting Weak Password Hashing and Forgotten Password Tokens Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Adobe Acrobat Reader Type Confusion Vulnerability Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Adobe Acrobat Reader Uninitialized Pointer Vulnerability Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Unrestricted Resource Allocation Vulnerability in nocodb/nocodb prior to 0.92.0 Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Uncontrolled Search Path Element Vulnerability in Adobe Premiere Elements 2020v20 (and earlier) Allows Privilege Escalation Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Use-After-Free Vulnerability in Linux Kernel's SGI GRU Driver Allows Privilege Escalation Heap-based Buffer Overflow Vulnerability in Adobe Character Animator: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Character Animator Use After Free Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Access of Uninitialized Pointer Vulnerability in Adobe Photoshop Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-Of-Bounds Write Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Unserialized PHP Object Injection Vulnerability in Analyticator WordPress Plugin Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-Of-Bounds Write Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InCopy Allows Memory Disclosure XML Injection Vulnerability in Adobe Commerce Widgets Module Allows Remote Code Execution Path Traversal and Stored XSS Vulnerability in Adobe Commerce Versions 2.4.3-p2 and Earlier, 2.3.7-p3 and Earlier, and 2.4.4 and Earlier Adobe Commerce Improper Access Control Vulnerability Allows Privilege Escalation and Account Takeover Improper Authorization Vulnerability in Adobe Commerce Allows Privilege Escalation and Data Access Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Commerce Versions 2.4.3-p2, 2.3.7-p3, and 2.4.4 Stored Cross-Site Scripting (XSS) Vulnerability in Adobe Commerce Improper Access Control Vulnerability in Adobe Commerce Versions 2.4.3-p2 and Earlier, 2.3.7-p3 and Earlier, and 2.4.4 and Earlier: Security Feature Bypass Stored Cross-Site Scripting Vulnerability in Advanced WP Columns WordPress Plugin Out-of-Bounds Write Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Use After Free Vulnerability in Adobe Illustrator Allows Arbitrary Code Execution Adobe FrameMaker: Out-of-Bounds Read Vulnerability with ASLR Bypass SQL Injection in Django Trunc() and Extract() Database Functions Denial of Service Vulnerability in libtiff-4.0.3-35.amzn2.0.1 Package Authentication Bypass and Arbitrary Code Execution in RWS WorldServer Unauthenticated Deserialization Vulnerability in RWS WorldServer CVE-2022-34269 Cross-Site Request Forgery Vulnerability in Corner Ad Plugin for WordPress CVE-2022-34270 Authenticated User Write Access Vulnerability in Apache Atlas Import Module Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Write Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Write Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Write Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Write Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Write Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Write Vulnerability in PADS Standard/Plus Viewer (All Versions) Stack Corruption Vulnerability in PADS Standard/Plus Viewer: Information Leakage Out of Bounds Read Vulnerability in PADS Standard/Plus Viewer (All Versions) Out of Bounds Write Vulnerability in PADS Standard/Plus Viewer (All Versions) Lenovo Printer Firmware Denial-of-Service Vulnerability Stack Corruption Vulnerability in PADS Standard/Plus Viewer (All Versions) Allows Information Leakage Stack Corruption Vulnerability in PADS Standard/Plus Viewer Symlink Attack Vulnerability in Docker Desktop for Windows Denial of Service in wolfSSL DTLS due to Return-Routability Check Bypass Fixed UDP Source Port in totd 1.5.3 Allows DNS Cache Poisoning Insecure Message ID Randomization in totd before 1.5.3 Bypassing Query Predicate in Zalando Skipper before 0.13.218 Stored XSS Vulnerability in Yii2 Gii (through 2.2.4) Allows Injection in Any Field Replace Samba Username Attack Vulnerability in OpenAM Heap-Based Buffer Over-Read Vulnerability in libdwarf 0.4.0 Vulnerability in Lenovo Notebook WMI Setup Driver Allows Unauthorized Modification of Secure Boot Settings Heap-Based Buffer Over-Read Vulnerability in tinyexr::DecodePixelData Vulnerability: Secure Boot Bypass and Tampering in CryptoPro Secure Disk Bootloaders Vulnerability: Secure Boot Bypass and Tampering in New Horizon Datasys Bootloaders Secure Boot Bypass and Tampering Vulnerability in Eurosoft Bootloaders XSS Vulnerability in Apache Tomcat Form Authentication Example HTTP Header Injection Vulnerability in IBM CICS TX Standard and Advanced 11.1 Insecure Cookie Handling in IBM CICS TX 11.1 Improper Load Handling Vulnerability in IBM CICS TX 11.1 Weak Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Lenovo Notebook Driver Vulnerability: Unauthorized Modification of Secure Boot Setting Weak Cryptographic Algorithms in IBM CICS TX Standard and Advanced 11.1 Insufficient Credential Protection in IBM CICS TX Standard and Advanced 11.1 Local File Disclosure Vulnerability in IBM CICS TX 11.1 Insecure Cookie Handling in IBM CICS TX 11.1 Insecure Permission Settings in IBM CICS TX 11.1: Local User Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM CICS TX 11.1 HTTP Header Injection Vulnerability in IBM CICS TX 11.1 Cross-Site Scripting (XSS) Vulnerability in IBM CICS TX 11.1 Remote Click Hijacking Vulnerability in IBM CICS TX 11.1 Weak Cryptographic Algorithms in IBM CICS TX 11.7: A Potential Threat to Sensitive Data Unintended Activation of Secure Boot Modification Vulnerability in Ideapad Y700-14ISK Manufacturing Driver Weak Cryptographic Algorithms in IBM CICS TX 11.1: A Potential Threat to Sensitive Data CVE-2022-34321 Stored XSS and Self-XSS Vulnerabilities in Sage Enterprise Intelligence 2021 R1.1 Multiple Stored XSS Vulnerabilities in Sage XRT Business Exchange 12.4.302 SQL Injection Vulnerabilities in Sage XRT Business Exchange 12.4.302 TOCTOU Attack Vulnerability in StorageSecurityCommandDxe Software SMI Handler Locking of Timer and RX Tasks in ambiot amb1_sdk Reflected XSS vulnerability in PMB 7.3.10 via id parameter in lvl=author_see request HTTP Response Header Information Disclosure Vulnerability in IBM CICS TX 11.7 Vulnerability: Denial of Service via Hash Collision in aeson Library Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 Improper Configuration of SRIOV Network Adapter Disables Desired VEPA Configuration Weak Password Policy in IBM Sterling Order Management 10.0 Puts User Accounts at Risk Session Invalidation Vulnerability in IBM Sterling Partner Engagement Manager 2.0 Denial of Service Vulnerability in IBM Sterling Partner Engagement Manager Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Improper Privilege Management in IBM Robotic Process Automation 21.0.0-21.0.2 IBM Cognos Analytics User Credentials Stored in Plain Text Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Web-Based Student Clearance System Missing Authorization vulnerability in Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More Privilege Escalation Vulnerability in Intel(R) NUC Laptop Kits Firmware Intel(R) Media SDK Software Out-of-Bounds Read Vulnerability Exploiting Cross-Site Request Forgery (CSRF) Vulnerability in W3 Eden Download Manager Plugin <= 3.2.48 for WordPress XML External Entity Injection (XXE) Vulnerability in IBM Sterling Partner Engagement Manager 6.1 Out-of-Bounds Read Vulnerability in Linux Kernel's IPv4 Handler (VDB-210357) IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 Vulnerability: External Service Interaction Information Exposure Vulnerability in IBM QRadar SIEM 7.4 and 7.5 Information Exposure Vulnerability in IBM QRadar SIEM 7.5.0 Local Encrypted Data Storage Vulnerability in IBM Sterling Partner Engagement Manager 2.0 Sensitive Version Information Disclosure in IBM Jazz Foundation Privilege Escalation Vulnerability in IBM AIX and VIOS CVE-2022-34357 Cross-Site Scripting (XSS) Vulnerability in IBM i 7.2, 7.3, 7.4, and 7.5 Unrestricted Upload Vulnerability in SourceCodester Web-Based Student Clearance System 1.0 Weak Cryptographic Algorithms in IBM Sterling Secure Proxy 6.0.3: A Critical Vulnerability HTTP Header Injection Vulnerability in IBM Sterling Secure Proxy 6.0.3 Dell BSAFE SSL-J Debug Message Information Disclosure Vulnerability Path Traversal Vulnerability in WMS 3.7 Device API Allows Unauthorized File Access Dell SupportAssist for Home PCs: Overly Permissive Cross-domain Whitelist Vulnerability Dell EMC Data Protection Central Cross-Site Request Forgery Vulnerability Improper Handling of Insufficient Permissions or Privileges in Dell EMC NetWorker 19.2.1.x - 19.7.0.0 Dell PowerScale OneFS Log File Information Exposure Vulnerability Heap-based Buffer Overflow Vulnerability in Samba GSSAPI Unwrap DES and Unwrap DES3 Routines Unprotected Transport of Credentials Vulnerability in Dell PowerScale OneFS Dell PowerProtect Cyber Recovery Authentication Bypass Vulnerability Arbitrary File Write Vulnerability in Dell Command | Integration Suite for System Center OS Command Injection in Dell Container Storage Modules 1.2 Path Traversal Vulnerability in Dell Container Storage Modules 1.2 Denial of Service Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Dell PowerScale OneFS Relative Path Traversal Vulnerability Dell EMC CloudLink Authentication Bypass Vulnerability Open Redirect Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.0a4 Title: Dell CloudLink Authentication Bypass Vulnerability Unmaintained Third-Party Component Vulnerability in Dell BSAFE SSL-J and Crypto-J Local Privilege Escalation Vulnerability in Dell Command Update, Dell Update, and Alienware Update Operating System Command Injection Vulnerability in Dell Edge Gateway 5200 (EGW) Versions Before 1.03.10 Local Privilege Escalation Vulnerability in Dell SupportAssist Client and Dell Update Cryptographic Weakness Vulnerability in SupportAssist for Home and Business PCs Cryptographic Weakness Vulnerability in Dell SupportAssist for Home and Business PCs Privilege Escalation Vulnerability in Dell SupportAssist Software Information Disclosure Vulnerability in Dell SupportAssist Software Rate Limit Bypass Vulnerability in Dell SupportAssist's Screenmeet API Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.0 Dell BIOS Uninitialized Variable Vulnerability Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Dell Client BIOS Versions Insufficient Session Expiration Vulnerability in SupportAssist for Home PCs (versions 3.11.4 and prior) Dell BIOS Improper Input Validation Vulnerability Allows Arbitrary Code Execution Improper Certificate Validation in Dell OS10 Support Assist Allows Unauthorized Access DLL Injection Vulnerability in Dell OpenManage Server Administrator (OMSA) Allows Arbitrary Code Execution Authorization Bypass Vulnerability in Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below Dell BIOS Time-of-check Time-of-use Vulnerability Allows Arbitrary Code Execution Buffer Access Vulnerability in Dell Alienware m17 R5 BIOS (Prior to Version 1.2.2) Allows Unauthorized Access to SMRAM Reflected Cross-Site Scripting in Rock Convert WordPress Plugin Dell BIOS Heap Buffer Overflow Vulnerability Allows Arbitrary Write to SMRAM Dell BIOS Stack Based Buffer Overflow Vulnerability Dell Wyse ThinOS 2205 UI Regular Expression Denial of Service Vulnerability Dell BIOS Stack-Based Buffer Overflow Vulnerability Allows Arbitrary Code Execution Improper Certificate Validation in Dell System Update 2.0.0 and Earlier Privilege Escalation Vulnerability in Realtek Audio Driver Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Stored Cross-Site Scripting Vulnerability in Rock Convert WordPress Plugin Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Cross-Site Scripting (XSS) Vulnerability in Crealogix EBICS 7.0 (VDB-210374) Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS Improper SMM Communication Buffer Verification Vulnerability in Dell PowerEdge and Dell Precision BIOS OS10 Networking Vulnerability: System Crash via Security Scans Dell Enterprise SONiC OS SSH Cryptographic Key Vulnerability Dell Container Storage Modules 1.2 OS Command Injection Vulnerability Dell Container Storage Modules 1.2 OS Command Injection Vulnerability Dell Hybrid Client UI Regular Expression Denial of Service Vulnerability Zip Slip Vulnerability in Dell Hybrid Client UI: Privilege Escalation and System File Modification File System API Bypass Vulnerability in Google Chrome Dell Hybrid Client UI Zip Bomb Vulnerability Allows Unauthorized System File Modification Dell Hybrid Client 1.8 and below: Guest User Profile Corruption Vulnerability Critical Vulnerability in Dell Hybrid Client 1.8 and Below: Exploitable gedit Vulnerability Allows Unauthorized File Deletion Improper Access Control Vulnerability in Dell Storage Cloud Mobility Dell iDRAC9 Firmware Lock-Down Bypass Vulnerability Dell iDRAC8 Firmware Lock-Down Bypass Vulnerability Dell PowerScale OneFS OS Command Injection Vulnerability Privilege Escalation Vulnerability in Dell PowerScale OneFS Dell PowerScale OneFS Denial of Service and Performance Issue Vulnerability File System API Vulnerability in Google Chrome: Bypassing Restrictions via Crafted HTML Page and Malicious File Dell EMC SCG Policy Manager Hard-coded Cryptographic Key Vulnerability Hard-coded Cryptographic Key Vulnerability in Dell EMC SCG Policy Manager Dell EMC SCG Policy Manager Hard-coded Cryptographic Key Vulnerability Dell Rugged Control Center Local Privilege Escalation Vulnerability Dell PowerScale OneFS Information Disclosure Vulnerability Weak Password Encoding Vulnerability in Dell PowerScale OneFS Authorization Bypass Vulnerability in PowerPath Management Appliance 3.3 & 3.2 OS Command Injection Vulnerability in PowerPath Management Appliance Cross-Site Request Forgery Vulnerability in PowerPath Management Appliance Hardcoded Cryptographic Keys Vulnerability in PowerPath Management Appliance Skia Use After Free Vulnerability in Google Chrome Privilege Escalation Vulnerability in PowerPath Management Appliance 3.3 Stored Cross-site Scripting Vulnerability in PowerPath Management Appliance Sensitive Information Disclosure Vulnerability in PowerPath Management Appliance Improper Access Control Vulnerability in Dell XtremIO X2 XMS Versions Heap-Based Buffer Overflow in Dell PowerScale OneFS: System Takeover Vulnerability Dell EMC Metro Node Code Injection Vulnerability Improper Folder Permission Vulnerability in Dell Command Configuration Exposure of Sensitive System Information in Dell Command | Update, Dell Update, and Alienware Update Improper Verification of Cryptographic Signature in Dell Command | Update, Dell Update, and Alienware Update Heap Buffer Overflow in WebSQL in Google Chrome Dell BIOS Vulnerability: Arbitrary Code Execution via SMI Exploit Dell EMC SCG Policy Manager Hard-coded Password Vulnerability Insecure File Import Vulnerability in SICAM GridEdge Essential Out of Bounds Read Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-15420) Expression Injection Vulnerability in Mendix Workflow Subsystem XML Entity Expansion Injection Vulnerability in Mendix Excel Importer Module Clickjacking Vulnerability in Firefox and Thunderbird TLS Certificate Bypass Vulnerability in Firefox for Android Spoofing Vulnerability in Custom Tabs on Android Chrome Use-After-Free Crash Vulnerability in Firefox and Thunderbird Addon Downgrade Attack Vulnerability PAC URL Unavailability Leads to Incorrect Error Pages in Firefox and Thunderbird Unsanitized xlink:href attribute in SVG <use> tags in Firefox < 102 Vulnerability: External Protocol Redirect Bypass in Firefox < 102 Same-Origin SVG <code>&lt;use&gt;</code> Tag Script Execution in Firefox < 102 ASN.1 Parsing Vulnerability in Firefox < 102: Indefinite SEQUENCE and GROUP Parsing Cross-Origin Resource Information Leakage in Firefox < 102 Vulnerability: Protocol-based Content Delivery Bypass in Microsoft Applications Popup Overlay Vulnerability in Thunderbird for Linux Use After Free Vulnerability in Permissions API in Google Chrome Uninitialized Pointer Freeing Vulnerability in Firefox < 102 Integer Overflow in nsTArray_Impl::ReplaceElementsAt() Function Drag-and-Drop Filename Manipulation Vulnerability in Firefox Drag-and-Drop Filename Manipulation Vulnerability in Firefox Memory Corruption Vulnerabilities in Thunderbird 91.10 Memory Corruption Vulnerabilities in Firefox 101 Path Traversal Vulnerability in PukiWiki Versions 1.4.5 to 1.5.3 Unauthenticated Arbitrary Option Update Vulnerability in Shortcode Addons Plugin Buffer Overflow Vulnerability in Intel(R) NUC Laptop Kits Firmware (Before BC0076) Allows Privilege Escalation via Local Access Use After Free Vulnerability in Safe Browsing in Google Chrome Double Free Vulnerability in rpmsg_virtio_add_ctrl_dev Double Free Vulnerability in rpmsg_probe() Function File Upload Vulnerability in Hiby R3 PRO Firmware v1.5 to v1.7 Use After Free Vulnerability in Google Chrome's Peer Connection Code Execution Backdoor in bin-collect Package Code Execution Backdoor in bin-collection Package Heap Buffer Overflow in Radare2 v5.7.0 via consume_encoded_name_new in format/wasm/wasm.c Heap Buffer Overflow in QPDF v8.4.2 via QPDF::processXRefStream Function Code Execution Backdoor Found in PyPI v1.0's Wikifaces Package Arbitrary Option Update Vulnerability in Product Stock Manager WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SourceCodester Book Store Management System 1.0 NULL Pointer Dereference Vulnerability in Radare2 v5.7.2 Stack Overflow Vulnerability in Tiffsplit v4.4.0's _TIFFVGetField Function Command Injection Vulnerability in D-Link DSL-3782 v1.03 and Below via byte_4C0160 Function Stack Overflow Vulnerability in D-Link DSL-3782 v1.03 and Below: Exploiting getAttrValue Function Segmentation Fault Vulnerability in WASM3 v0.5.0 via Compile_Memory_CopyFill Component Cross-Site Scripting (XSS) Vulnerability in SourceCodester Book Store Management System 1.0 Username Enumeration Vulnerability in Backdrop CMS v1.22.0 Login and Password Reset Functionality Remote Code Execution (RCE) Vulnerability in DedeCMS v5.7.95 via mytag_main.php Component Information Disclosure Vulnerability in Digital Watchdog DW Spectrum Server 4.2.0.32842 Unauthenticated Access to Internal Paths and Scripts in Digital Watchdog DW MEGApix IP Cameras Vulnerability: Unauthorized Access and Session Hijacking in Digital Watchdog DW MEGApix IP Cameras A7.2.2_20211029 Cross-Site Scripting (XSS) Vulnerability in Digital Watchdog DW MEGApix IP Cameras A7.2.2_20211029 via bia_oneshot.cgi Component Command Injection Vulnerability in Digital Watchdog DW MEGApix IP Cameras A7.2.2_20211029 Command Injection Vulnerability in Digital Watchdog DW MEGApix IP Cameras A7.2.2_20211029 Command Injection Vulnerability in Digital Watchdog DW MEGApix IP Cameras A7.2.2_20211029 Arbitrary File Upload Vulnerability in Sims v1.0 via /uploadServlet Component Cross-Site Scripting (XSS) Vulnerability in Sims v1.0 via /addNotifyServlet Component Path Traversal Vulnerability in Sims v1.0 Attachment Downloads Remote Code Execution Vulnerability in TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n NULL Pointer Dereference Vulnerability in PicoC v3.2.2 at variable.c SQL Injection Vulnerability in Barangay Management System v1.0 Arbitrary Code Execution Vulnerability in WMAgent, ReqMgr, ReqMon, and Global-Workqueue via Crafted dbs-client Package Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.0 Privilege Escalation Vulnerability in University of Texas Multi-image Analysis GUI (Mango) 4.1 Use-After-Free Vulnerability in SDL v1.2 via XFree Function in SDL_x11yuv.c GitHub Repository ikus060/rdiffweb Prior to 2.5.0a5 Origin Validation Error Vulnerability Information Leak Vulnerability in WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 Access Control Issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 Allows Unauthorized Access and Command Execution via syslog.shtml Access Control Vulnerability in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 Allows Telnet Password Retrieval via tftp.txt Arbitrary Configuration Vulnerability in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 Access Control Vulnerability in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 Allows Key Information Extraction via Tftpd32.ini Access Access Control Issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19: Unauthorized Key Information Retrieval via fctest.shtml Arbitrary Code Execution Vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927 Arbitrary Code Execution Vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927 adm.cgi Arbitrary File Upload Vulnerability in Open Source Point of Sale v3.3.7 Unrestricted Upload Vulnerability in SourceCodester Human Resource Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Advanced School Management System v1.0 SQL Injection Vulnerability in Advanced School Management System v1.0 via grade parameter at /school/view/student_grade_wise.php SQL Injection Vulnerability in Advanced School Management System v1.0 via grade parameter at /school/view/timetable_insert_form.php SQL Injection Vulnerability in Hospital Management System v1.0 via editid parameter in /HMS/admin.php Command Injection Vulnerability in Wavlink WL-WN575A3 RPT75A3.V4300.201217 Arbitrary File Read Vulnerability in DPTech VPN v8.1.28.0 Cross-Site Scripting (XSS) Vulnerability in Advanced School Management System v1.0 via update_subject.php Command Injection Vulnerability in Tenda AX1803 v1.0.0.1_2890 via setipv6status Function Command Injection Vulnerability in Tenda AX1803 v1.0.0.1_2890 via WanParameterSetting Function Command Injection Vulnerability in Tenda AX1806 v1.0.0.1's WanParameterSetting Function Arbitrary Command Execution Vulnerability in H3C Magic R100 V200R004 and V100R005 UDP Server Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via EdittriggerList Interface Sensitive Variables Unmasked in Octopus Deploy Variable Preview Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via EditSTList Interface Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via Delstlist Interface Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via ipqos_lanip_editlist Interface Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via DelDNSHnList Interface Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via INTF Parameter Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via HOST Parameter at /dotrace.asp Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via EditvsList Parameter Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via HOST Parameter at /doping.asp Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via ajaxmsg Parameter Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via INTF Parameter at /doping.asp Heap Buffer Overflow and Read Access Violation Vulnerability in PHOENIX CONTACT Automationworx Software Suite Stack Overflow Vulnerability in H3C Magic R200 R200V200R004L02 via /ihomers/app URL Cross-Site Scripting (XSS) Vulnerability in Online Fire Reporting System v1.0 via Crafted Payload in Contact # Field Integer Overflow Vulnerability in Rizin v0.4.0 and Below via get_long_object() Function Arbitrary File Upload Vulnerability in Mealie 1.0.0beta3 Weak Password Requirements in Mealie 1.0.0beta3: A Gateway for Unauthorized Access Stored XSS Vulnerability in Mealie 1.0.0beta3: Recipe Description Field Injection Stored XSS Vulnerability in Mealie v0.5.5 via Shopping Lists Item Names Field Stored Cross-Site Scripting Vulnerability in Highlight Focus WordPress Plugin Insecure Direct Object Reference (IDOR) Vulnerability in Mealie 1.0.0beta3 Allows Unauthorized Modification of User Attributes Timing Response Discrepancy Vulnerability in Mealie1.0.0beta3 Allows User Enumeration Unauthenticated Man-in-the-Middle Attack in Mealie1.0.0beta3 Server-Side Template Injection Vulnerability in Mealie1.0.0beta3 Allows Arbitrary Code Execution CSV Injection Vulnerability in Contact Form Plugin WordPress Plugin Insufficient Cryptography Vulnerability in Rocket-Chip Commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 Vulnerability: CVA6 Commit Allows Execution of Crafted or Incorrectly Formatted sfence.vma Instructions Vulnerability: CVA6 Allows Execution of Crafted or Incorrectly Formatted DET Instructions Inconsistent Update of mstatus.sd Field in CVA6 Commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a Incorrect Exception Type for PMA Violation during Address Translation Incorrect Exception Type for Illegal Virtual Address Loading Vulnerability Non-Standard Fence Instruction Vulnerability Cross-Site Scripting (XSS) Vulnerability in puppyCMS up to 5.1 via site_name Parameter in /admin/settings.php Incorrect tval vulnerability in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a Incorrect Exception Type for PMP Violation During Address Translation Incorrect Mask in RISCV ISA Sim Component mcontrol.action Leads to Denial of Service (DoS) Vulnerability Incorrect Exception Priority in RISCV ISA Sim Commit ac466a21df442c59962589ba296c702631e041b5 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in dmitrylitvinov Uploading Plugin Critical Remote Code Execution Vulnerability in Mediabridge Medialink (VDB-210700) Authenticated Stored Cross-Site Scripting (XSS) Vulnerabilities in wpWax Team Plugin <= 1.2.6 for WordPress TMM Termination Vulnerability in BIG-IP Versions 16.1.x and 15.1.x SQL Injection Vulnerability in WWBN AVideo Live Schedules Plugin CSRF Vulnerability in Manage Notification E-mails Plugin for WordPress Undisclosed Traffic Termination Vulnerability in BIG-IP Authenticated Cross-Site Scripting (XSS) Vulnerability in wpdevart Poll, Survey, Questionnaire and Voting System Plugin <= 1.7.4 Information Disclosure Vulnerability in Intel(R) PCSD BIOS Firmware W3 Eden Download Manager Plugin <= 3.2.48 Authenticated Persistent XSS Vulnerabilities Information Disclosure Vulnerability in Simcenter STAR-CCM+ with Power-on-Demand Public License Server Vulnerability: Incomplete Fix for CVE-2022-27652 in cri-o for Red Hat OpenShift Container Platform Command Injection Vulnerability in Teamcenter File Server Cache Service Denial of Service Vulnerability in Teamcenter File Server Cache Service Path Traversal Vulnerability in Resource Center for Logged-In Users Web-based Code Injection Vulnerability in RUGGEDCOM Devices NVIDIA GPU Display Driver Null-Pointer Dereference Vulnerability NVIDIA GPU Display Driver Null-Pointer Dereference Vulnerability Stack-based Buffer Overflow Vulnerability in NVIDIA CUDA Toolkit SDK's cuobjdump Untrusted Data Deserialization Vulnerability in NVFLARE (versions prior to 2.1.4) Critical Privilege Escalation Vulnerability in NVIDIA GPU Display Driver for Windows Critical SQL Injection Vulnerability in Jiusi OA (CVE-2021-XXXX) NVIDIA GPU Display Driver for Linux Kernel Mode Layer Truncation Vulnerability Out-of-Bounds Write Vulnerability in NVIDIA GPU Display Driver for Windows Privilege Escalation and Command Execution Vulnerability in NVIDIA Control Panel for Windows Out-of-Bounds Array Access Vulnerability in NVIDIA GPU Display Driver for Linux Vulnerability in NVIDIA GPU Display Driver for Linux: Kernel Mode Layer Handler Allows Information Leak Null-Pointer Dereference Vulnerability in NVIDIA Display Driver for Linux Virtual GPU Manager Out-of-Bounds Read Vulnerability in NVIDIA GPU Display Driver for Linux NVIDIA GPU Display Driver for Linux: Integer Truncation Vulnerability NVIDIA GPU Display Driver Kernel Mode Null-Pointer Dereference Vulnerability NVIDIA GPU Display Driver for Linux Kernel Mode Layer Null-Pointer Dereference Vulnerability Integer Truncation Vulnerability in NVIDIA GPU Display Driver for Linux NVIDIA GPU Display Driver for Windows Kernel Mode Layer Denial of Service Vulnerability NVIDIA GPU Display Driver for Linux Null-Pointer Dereference Vulnerability Null-Pointer Dereference Vulnerability in NVIDIA GPU Display Driver for Windows Off-by-One Error in NVIDIA GPU Display Driver for Linux: Potential Data Tampering and Information Disclosure Vulnerability Azure RTOS GUIX Studio Information Disclosure Vulnerability Azure RTOS GUIX Studio Information Disclosure Vulnerability Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Windows CryptoAPI Spoofing Vulnerability: Impersonation Exploit Stored Cross-Site Scripting Vulnerability in WP Attachments WordPress Plugin Windows Fax Service Privilege Escalation Vulnerability Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services Exposed: Microsoft Exchange Server Information Leakage Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows Windows Win32k Privilege Escalation Vulnerability Critical SQL Injection Vulnerability in SourceCodester Human Resource Management System (VDB-210714) Exploiting the Microsoft Dynamics CRM Remote Code Execution Vulnerability Windows SSTP Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Partition Management Driver Privilege Escalation Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability Exposes Sensitive Data Guarding the Gates: Windows Defender Credential Guard Elevation of Privilege Vulnerability Windows LSA Elevation of Privilege Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Information Leakage Vulnerability Windows Defender Credential Guard Security Feature Bypass Vulnerability: A Critical Flaw in Credential Guard Protection Critical SQL Injection Vulnerability in SourceCodester Human Resource Management System (VDB-210715) Windows Defender Credential Guard Information Disclosure Vulnerability Exposes Sensitive Data Guarding the Gates: Windows Defender Credential Guard Elevation of Privilege Vulnerability Windows Defender Credential Guard Information Disclosure Vulnerability Exposes Sensitive Data Critical Remote Code Execution Vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Network File System RCE Vulnerability .NET Assembly Spoofing Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Critical Windows TCP/IP Remote Code Execution Vulnerability Discovered DFS Privilege Escalation Vulnerability Critical SQL Injection Vulnerability in SourceCodester Human Resource Management System (VDB-210716) IKE Extension Denial of Service Vulnerability IKE Protocol Extensions Remote Code Execution Vulnerability IKE Protocol Extensions Remote Code Execution Vulnerability Windows DPAPI Information Disclosure Vulnerability Windows DNS Server DoS Vulnerability ALPC Privilege Escalation Vulnerability in Windows Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows GDI Privilege Escalation Vulnerability Critical SQL Injection Vulnerability in SourceCodester Human Resource Management System (VDB-210717) Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Null Pointer Dereference Vulnerability in Frame Scheduling Module Affects Kernel Availability Null Pointer Dereference Vulnerability in Frame Scheduling Module Affects Kernel Availability Critical Vulnerability: Permission Assignment Flaw in Application Security Module SystemUI Module Vulnerability: Stealthy Background Service Exploitation Arithmetic Addition Overflow Vulnerability in Fingerprint Module Insecure Credential Handling in Bazel Remote Assets API NFC Module Buffer Overflow Vulnerability: Impact on Card Registration, Deletion, and Activation NFC Module Buffer Overflow Vulnerability: Impact on Card Registration, Deletion, and Activation System Module Read/Write Vulnerability: Threat to Data Confidentiality USB Port AT Commands Out-of-Bounds Read Vulnerability Insufficient Entropy Vulnerability in Zyxel GS1900 Series Firmware Remote Code Execution Vulnerability in Zyxel NAS326 Firmware Out of Bounds Write Vulnerability in Simcenter Femap (All versions < V2022.2) Catastrophic Backtracking Vulnerability in Mistune through 2.0.2 Unvalidated Lemma Length in MediaWiki Allows Denial-of-Service Attacks Remote Root Exploit Vulnerability in SpaceLogic C-Bus Home Controller (5200WHC2) Elevated Functionality Vulnerability in Acti9 PowerTag Link C (A9XELC10-A/B) Uncontrolled Search Path Element Vulnerability in Easergy Builder Installer (1.7.23 and prior) Buffer Overflow Vulnerability in Easergy P5 (V01.401.102 and prior) Could Lead to Remote Code Execution or HTTPs Stack Crash Weak Cipher Suites in Easergy Pro Software Allow Observation of Protected Communication Details Privileged User Credential Access Vulnerability in Easergy P5 (V01.401.102 and prior) HTTP Header Parsing Out-of-bounds Write Vulnerability Denial of Service Vulnerability in X80 Advanced RTU Communication Module and OPC UA Modicon Communication Module Denial of Service Vulnerability in JSON Parsing of X80 and OPC UA Communication Modules Firmware Image Path Traversal Vulnerability in X80 and OPC UA Modicon Communication Modules Firmware Signature Verification Vulnerability in X80 Advanced RTU and OPC UA Modicon Communication Modules Buffer Overflow Vulnerability in X80 Advanced RTU Communication Module and OPC UA Modicon Communication Module Firmware Image Loading Vulnerability in X80 and OPC UA Modicon Communication Modules Authorization Bypass Vulnerability in ALLNET Router Model WR0500AC Cross-Site Scripting (XSS) Vulnerability in Worker Nickname Input Unauthenticated OS Command Injection in PROSCEND Industrial Cellular Router Unauthenticated User Login Vulnerability in tagDiv Composer WordPress Plugin Tabit - Sensitive Information Disclosure via Unauthorized APIs Arbitrary SMS Sending and Template Injection Vulnerability in Tabit Tabit System Vulnerability: Password Enumeration via OTP Resend HTTP Method Manipulation Vulnerability in Tabit Cloud Configuration Endpoint Tabit - Arbitrary Account Modification Vulnerability Excessive Data Exposure in Tabit Reservation Cancellation Endpoint Tabit - Unauthorized Access to Sensitive Information via Giftcard Stealth Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins GitLab Plugin Cross-Site Scripting (XSS) Vulnerability in Jenkins TestNG Results Plugin Vulnerability: Credential Enumeration in Jenkins XebiaLabs XL Release Plugin GitLab Vulnerability: Denial of Service (DoS) Attack via Malicious NuGet Package Upload CSRF Vulnerability in Jenkins XebiaLabs XL Release Plugin Allows Unauthorized Credential Capture Unauthenticated Remote Code Execution in Jenkins XebiaLabs XL Release Plugin Vulnerability: Unauthorized Access to Pending Requests in Jenkins requests-plugin Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Plot Plugin 2.1.10 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Build-Metrics Plugin 1.3 Jenkins build-metrics Plugin 1.3 and earlier: Information Disclosure Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Rich Text Publisher Plugin 1.4 and Earlier Cross-Site Scripting (XSS) Vulnerability in Jenkins Project Inheritance Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and Earlier Jenkins Matrix Reloaded Plugin CSRF Vulnerability: Unauthorized Rebuilding of Previous Matrix Builds NSS Client Authentication Crash Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins eXtreme Feedback Panel Plugin 2.0.1 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Validating Email Parameter Plugin Jenkins Recipe Plugin 1.2 CSRF Vulnerability: Remote XML Parsing Jenkins Recipe Plugin 1.2 and Earlier XML External Entity (XXE) Vulnerability Unauthenticated Remote Code Execution in Jenkins Recipe Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and Earlier Vulnerability: Enumeration of Credentials IDs in Jenkins Deployment Dashboard Plugin CSRF Vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and Earlier Jenkins Deployment Dashboard Plugin: Unauthenticated HTTP Endpoint Access Unencrypted Password Storage in Jenkins Deployment Dashboard Plugin Denial-of-Service Vulnerability in PHOENIX CONTACT FL MGUARD and TC MGUARD Devices Unencrypted Storage of Tokens in Jenkins Build Notifications Plugin Jenkins Build Notifications Plugin: Plain Text Transmission of Tokens in Global Configuration Form Unencrypted Storage of Login Credentials and Webhook Token in Jenkins RocketChat Notifier Plugin Unencrypted Storage of API Keys in Jenkins OpsGenie Plugin Insecure Transmission of API Keys in Jenkins OpsGenie Plugin Unencrypted Password Storage in Jenkins Skype Notifier Plugin Unencrypted Password Storage in Jenkins Jigomerge Plugin Unencrypted Password Storage in Jenkins Elasticsearch Query Plugin Unencrypted Storage of Bearer Tokens in Jenkins Cisco Spark Plugin Unencrypted Password Storage in Jenkins RQM Plugin 2.8 and Earlier SQL Injection Vulnerability in WooCommerce Dropshipping WordPress Plugin Jenkins RQM Plugin 2.8 and Earlier: Credential Enumeration Vulnerability XPath Configuration Viewer Plugin Vulnerability: Unauthorized Access to XPath Configuration Viewer Page Jenkins XPath Configuration Viewer Plugin CSRF Vulnerability XPath Configuration Viewer Plugin Vulnerability: Unauthorized Creation and Deletion of XPath Expressions Jenkins Request Rename Or Delete Plugin Information Disclosure Vulnerability CSRF Vulnerability in Jenkins Request Rename Or Delete Plugin Allows Job Renaming or Deletion Unencrypted Password Storage in Jenkins HPE Network Virtualization Plugin 1.0 Jenkins Failed Job Deactivator Plugin 1.2.1 CSRF Vulnerability: Disabling Jobs Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows unauthorized job disabling Heap-based Buffer Overflow Vulnerability in SIMATIC CP and SIPLUS Devices Improper Access Control Vulnerability in GitLab CE/EE: Unauthorized Access to Release Names Authentication Bypass and Code Execution Vulnerability in SIMATIC CP and SIPLUS Devices Vulnerability: Code Injection in OpenVPN Configuration Options Path Traversal Vulnerability in CLUSTERPRO X and EXPRESSCLUSTER X for Windows Remote Code Execution and File System Overwrite Vulnerability in CLUSTERPRO X 5.0 and EXPRESSCLUSTER X 5.0 for Windows Remote Code Execution via Weak File and Folder Permissions in CLUSTERPRO X 5.0 and EXPRESSCLUSTER X 5.0 for Windows Uncontrolled Search Path Element Vulnerability in CLUSTERPRO X 5.0 and EXPRESSCLUSTER X 5.0 for Windows Passphrase Leakage in Couchbase Server 7.1.x Improper Access Control in Carel Boss Mini 1.5.0 Denial of Service Vulnerability in Zoho ManageEngine ADSelfService Plus Mobile App Deployment API GitLab CE/EE Vulnerability: Exfiltration of Datadog Integration Access Token TOCTOU Race Condition Vulnerability in Arm Product Family: Exploiting GPU Processing Operations for Unauthorized Access to Freed Memory Inconsistent DNS Identifier Validation in Keyfactor PrimeKey EJBCA XML External Entity (XXE) Vulnerability in VERMEG AgileReporter 21.3 Analysis Component XSS Vulnerability in VERMEG AgileReporter 21.3 Analysis Component XSS Vulnerability in VERMEG AgileReporter 21.3 Allows Privilege Escalation via Add Comment Action Stack-based Buffer Overflow in i2c md Command in Das U-Boot through 2022.07-rc5 ABB Zenon 8.20 Relative Path Traversal Vulnerability Password Storage Vulnerability in ABB Zenon 8.20 Enables Unauthorized Network Client Addition Recoverable Password Storage Vulnerability in ABB Zenon 8.20 Authentication Bypass Vulnerability in WP OAuth2 Server Plugin <= 1.0.1 Reflected Cross-Site Scripting Vulnerability in WPB Show Core WordPress Plugin Hard-coded Credentials Vulnerability in Buffalo Network Devices Allows Unauthorized Configuration Alteration Buffer Overflow Vulnerability in Intel(R) Media SDK Software Potential Privilege Escalation via Integer Overflow in Intel(R) Trace Analyzer and Collector Software Undisclosed Traffic Termination Vulnerability in BIG-IP and BIG-IQ on AWS Firmware Update Vulnerability in Robustel R1510 3.1.16 and 3.3.0 Uncontrolled Search Path Vulnerability in Intel(R) NUC Pro Software Suite Denial of Service Vulnerability in Intel(R) Iris(R) Xe MAX Drivers for Windows Unauthenticated Remote Password Reset Vulnerability in IFM Moneo Appliance OS Command Injection Vulnerability in Robustel R1510 3.1.16 and 3.3.0 iControl SOAP Denial of Service Vulnerability Authenticated Persistent XSS Vulnerabilities in wpWax Team Plugin <= 1.2.6 for WordPress Improper Access Control in Intel(R) SUR Software: Local Privilege Escalation Vulnerability Path Traversal Vulnerability in Intel(R) NUC Pro Software Suite (Version < 2.0.0.3) Allows Privilege Escalation Critical Reflected Cross-Site Scripting (XSS) Vulnerability in smartypants SP Project & Document Manager Plugin <= 4.59 for WordPress miniOrange OAuth 2.0 Client for SSO Plugin <= 1.11.3 WordPress Authentication Bypass Vulnerability Open Redirect Vulnerability in GitLab EE/CE Versions 9.3 to 15.5.2 Undisclosed Requests Vulnerability in BIG-IP Virtual Server Normalization Intel(R) Trace Analyzer and Collector Software: Local Privilege Escalation Vulnerability Unverified Remote Endpoint Identity Vulnerability in BIG-IP Traffic Intelligence Feeds Insufficient Data Verification Vulnerability in Passage Drive and Passage Drive for Box Unauthenticated Sensitive Information Disclosure and Submission Manipulation in WP Libre Form 2 Plugin <= 2.0.8 YooMoney ЮKassa для WooCommerce Plugin <= 2.3.0 Authenticated Arbitrary Settings Update Vulnerability Undocumented Hidden Command Execution Vulnerability in CentreCOM AR260S V2 Firmware Cross-Site Scripting (XSS) Vulnerability in Apache Geode Pulse Web Application Privilege Escalation Vulnerability in Centreon's Poller Resource Configuration Centreon Virtual Metrics SQL Injection Vulnerability Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.2.53575 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 SQL Injection Vulnerability in VICIdial Admin Interface (CVE-2021-XXXX) SQL Injection Vulnerability in VICIdial AST Agent Time Sheet Interface SQL Injection Vulnerability in User Stats Interface of VICIdial Reflected Cross Site Scripting (XSS) Vulnerabilities in VICIdial 2.14b0.5 (prior to 3555) via AST_agent_time_sheet.php and search_archived_data Parameters BIND Vulnerability: Assertion Failure Due to Processing of Repeated Responses with Broken ECS Pseudo-Options Sensitive Information Disclosure in Hitachi JP1/Automatic Operation through Error Message Generation Hitachi RAID Manager Storage Replication Adapter Information Exposure Vulnerability Hitachi RAID Manager Storage Replication Adapter OS Command Injection Vulnerability Buffer Overflow Vulnerability in Remote Presence Subsystem Local Privilege Escalation Vulnerability in Motorola MR2600 Router Lenovo Printer Firmware Remote Code Execution Vulnerability Unauthenticated Configuration Access in Lenovo Printers Remote Mount Feature Allows Unauthorized Access to Internal Services Privilege Escalation via ACPI Virtual Device in Parallels Desktop 17.1.1 (51537) Unauthenticated Attackers Can Modify Custom WP Admin Slug in WP Hide WordPress Plugin Parallels Desktop 17.1.1 (51537) Local Information Disclosure Vulnerability Privilege Escalation via Incorrect Permissions in Parallels Desktop 17.1.1 Update Mechanism Privilege Escalation Vulnerability in Parallels Desktop 17.1.1 Privilege Escalation via Mountpoint Manipulation in Trend Micro Security 2022 (Consumer) Insufficient Access Control in JetBrains Hub before 2022.2.14799: Hijacking of Untrusted Services Privilege Escalation via Symbolic Link Vulnerability in Parallels Access 6.5.4 (39316) Agent Unserialized User Input Vulnerability in Checkout Field Editor Plugin for WooCommerce WordPress Privilege Escalation via Insecure OpenSSL Configuration File Loading in Parallels Access 6.5.3 (39313) Agent Privilege Escalation Vulnerability in Parallels Access 6.5.4 (39316) Agent Privilege Escalation via Insecure Loading of Qt Plugins in Parallels Access 6.5.4 (39316) Agent Signature Forgery Vulnerability in GnuPG through 2.3.6 Hard-coded Cryptographic Key Vulnerability in FileWave FileWave Authentication Bypass Vulnerability Authentication Bypass Vulnerability in A4N (Aremis 4 Nomad) Application 1.5.0 for Android SQL Injection Vulnerability in A4N (Aremis 4 Nomad) Application 1.5.0 for Android Heap-based Buffer Overflow in Vim prior to 9.0.0742 Cleartext Password Storage Vulnerability in A4N (Aremis 4 Nomad) Application 1.5.0 for Android Cross-Site Scripting (XSS) Vulnerability in MediaWiki Unescaped HTML Entities in MediaWiki Contributions Title Stack-based Buffer Overflow in md2roff 1.7 via Large Consecutive Characters in Markdown File X-Forwarded-For Header Injection Vulnerability in Webswing Remote Code Execution (RCE) Vulnerability in Apache Flume JMS Source with JNDI LDAP Data Source URI Apache Kafka Denial of Service Vulnerability Type Confusion Vulnerability in nft_set_elem_init Leading to Privilege Escalation Unauthenticated File Upload Vulnerability in Zengenti Contensis Classic Critical Remote Command Injection Vulnerability in SourceCodester Human Resource Management System 1.0 Arbitrary File Read Vulnerability in Lanling OA Landray Office Automation (OA) Internal Patch #133383/#137780 Stack Overflow Vulnerability in MilkyTracker v1.03.00 via LoaderXM::load SQL Injection Vulnerability in JFinal CMS v5.1.0 via /system/user Cross-Site Scripting (XSS) Vulnerability in SourceCodester Human Resource Management System 1.0 Yuba U5CMS v8.3.5 - Cross-Site Request Forgery (CSRF) in savepage.php leading to Arbitrary Code Execution Arbitrary SQL Injection Vulnerability in Complianz WordPress Plugin SQL Injection Vulnerability in Pharmacy Management System v1.0 via startDate Parameter at getproductreport.php SQL Injection Vulnerability in Pharmacy Management System v1.0 via startDate Parameter at getexpproduct.php SQL Injection Vulnerability in Pharmacy Management System v1.0 via id parameter at editcategory.php SQL Injection Vulnerability in Pharmacy Management System v1.0 via editbrand.php's id parameter Multiple SQL Injection Vulnerabilities in Pharmacy Management System v1.0 Critical SQL Injection Vulnerability in SourceCodester Simple Online Public Access Catalog 1.0 SQL Injection Vulnerability in Pharmacy Management System v1.0 via id parameter at editproduct.php SQL Injection Vulnerability in Pharmacy Management System v1.0 via startDate Parameter at getsalereport.php SQL Injection Vulnerability in Pharmacy Management System v1.0 via id parameter at edituser.php SQL Injection Vulnerability in Pharmacy Management System v1.0 via startDate Parameter at getOrderReport.php SQL Injection Vulnerability in Pharmacy Management System v1.0 via invoiceprint.php Time-Based SQL Injection Vulnerability in Pligg CMS v2.0.2 via page_size Parameter at load_data_for_topusers.php Time-Based SQL Injection Vulnerability in Pligg CMS v2.0.2 via page_size Parameter at load_data_for_groups.php Improper Access Controls in SourceCodester Human Resource Management System 1.0 (VDB-210785) Arbitrary File Mounting Vulnerability in MikroTik RouterOS 7.4beta4 Stored Cross-Site Scripting (XSS) Vulnerability in OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS Users Timeline Module Stored XSS Vulnerability in OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS Group Timeline Module Stored Cross-Site Scripting (XSS) Vulnerability in OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS News Feed Module Stored Cross-Site Scripting (XSS) Vulnerability in OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS SitePages Module Arbitrary File Upload Vulnerability in OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS HTML Injection Vulnerability in OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS via location parameter Assertion Failure in MonetDB Database Server v11.43.13: stmt->Dbc->FirstStmt Denial of Service (DoS) Vulnerability in Percona Server for MySQL v8.0.28-19's fetch_step Function NULL Pointer Dereference Vulnerability in PingCAP TiDB v6.1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Human Resource Management System 1.0 Heap-based Buffer Overflow in qs_parse function of Crow before 1.0+4 Arbitrary File Upload Vulnerability in Feehi CMS v2.1.1 Advertising Management Module Multiple Blind SQL Injection Vulnerabilities in Filter Shop v3.x Buffer Overflow Vulnerability in D-Link DIR-820L Router Firmware (Version 1.06B02) Command Injection Vulnerability in D-Link DIR810LA1_FW102B22 via Ping_addr Function Code Execution Backdoor in PyCrowdTangle Package Code Execution Backdoor in eziod Package Code Execution Backdoor in scu-captcha Package Cross-Site Scripting (XSS) Vulnerability in Inout Blockchain AltExchanger v1.2.1 SQL Injection Vulnerability in Fruits Bazar v1.0 via recover_email Parameter Identical Agent and Cluster Node Linking Keys Vulnerability Multiple Reflected XSS Vulnerabilities in Paymoney v3.3 via first_name and last_name Parameters Heap-Buffer Overflow Vulnerability in Luadec v0.9.9 via UnsetPending Function Hard-coded Root Password Vulnerability in Totolink A3600R Firmware V4.1.2cu.5182_B20201102 Global Buffer Overflow in JPEGDEC Commit be4843c FPE Vulnerability in JPEGDEC commit be4843c via DecodeJPEG at /src/jpeg.inl Improper Exception Handling in Keylime Allows Rogue Agents to Bypass Verification Segmentation Fault Vulnerability in JPEGDEC commit be4843c Segmentation Fault Vulnerability in JPEGDEC Commit be4843c Global Buffer Overflow Vulnerability in JPEGDEC Commit be4843c FPE Vulnerability in JPEGDEC commit be4843c via TIFFSHORT at /src/jpeg.inl Heap Buffer Overflow in PNGDec Commit 8abf6be via __interceptor_fwrite.part.57 Stack Overflow Vulnerability in PNGDec Commit 8abf6be Memory Allocation Vulnerability in PNGDec Commit 8abf6be Unauthorized Access to Sensitive Data: Agents Able to Retrieve Article Template Contents Heap Buffer Overflow in PNGDec Commit 8abf6be via asan_interceptors_memintrinsics.cpp Global Buffer Overflow in PNGDec Commit 8abf6be via inflate_fast Heap Buffer Overflow in PNGDec Commit 8abf6be: SaveBMP Vulnerability FPE Vulnerability in PNGDec Commit 8abf6be: SaveBMP in /linux/main.cpp Segmentation Fault Vulnerability in Advancecomp v2.3 Heap Buffer Overflow in Advancecomp v2.3 via le_uint32_read at /lib/endianrw.h Heap Buffer Overflow in Advancecomp v2.3 Heap Buffer Overflow in Advancecomp v2.3 Segmentation Fault Vulnerability in Advancecomp v2.3 Segmentation Fault Vulnerability in Advancecomp v2.3 Cross-Site Scripting (XSS) Vulnerability in Human Resource Management System 1.0 Heap Buffer Overflow in Advancecomp v2.3 via __interceptor_memcpy Global Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x718693 Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Cross-Site Scripting (XSS) Vulnerability in SourceCodester Purchase Order Management System 1.0 Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e7e3d Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b559f Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e1fc8 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6adb1e Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b064d Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e20a0 Critical SQL Injection Vulnerability in SourceCodester Sanitization Management System (VDB-210839) Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b5567 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b558f Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x4adb11 Heap Buffer Overflow in OTFCC commit 617837b via otfccdump+0x6c08a6 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x617087 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b0d63 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b0466 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b05aa Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b0b2c Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b03b5 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sanitization Management System Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b04de Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b55af Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b84b1 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x61731f Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6171b2 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6c0473 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b0478 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b05ce Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6c0414 Stored Cross-site Scripting (XSS) Vulnerability in related-posts-for-wp Plugin (prior to 2.1.3) Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6c0a32 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e412a Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6c0bc3 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e41a8 Heap Buffer Overflow Vulnerability in OTFCC Commit 617837b Segmentation Violation Vulnerability in OTFCC Commit 617837b Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e41b8 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e41b0 Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6e420d Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x6b544e Heap Buffer Overflow in OTFCC Commit 617837b via otfccdump+0x65fc97 Heap-Buffer Overflow Vulnerability in SWFTools Commit 772e55a2 Heap-Buffer Overflow Vulnerability in SWFTools commit 772e55a2 Memory Leak Vulnerability in SWFTools Commit 772e55a2 Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Segmentation Violation Vulnerability in SWFTools commit 772e55a2 Heap Buffer-Overflow Vulnerability in SWFTools Commit 772e55a2 Heap-buffer-overflow vulnerability in SWFTools commit 772e55a2 via getTransparentColor Denial of Service Vulnerability in Protobuf-Java Core and Lite Versions Heap-Buffer Overflow Vulnerability in SWFTools commit 772e55a2 Floating Point Exception (FPE) Vulnerability in SWFTools Commit 772e55a2 Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Global Buffer Overflow in SWFTools Commit 772e55a2 via DCTStream::transformDataUnit Heap-Buffer Overflow Vulnerability in SWFTools Commit 772e55a2 Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Heap-Buffer Overflow Vulnerability in SWFTools Commit 772e55a2 Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Heap-Buffer Overflow Vulnerability in SWFTools Commit 772e55a2 Stack Overflow Vulnerability in SWFTools Commit 772e55a2 via ImageStream::getPixel(unsigned char*) Denial of Service Vulnerability in protobuf-java Core and Lite Versions Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Heap-Buffer Overflow Vulnerability in SWFTools Commit 772e55a2 Heap-Buffer Overflow Vulnerability in SWFTools commit 772e55a2 Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Stack Overflow Vulnerability in SWFTools Commit 772e55a2 via vfprintf at /stdio-common/vfprintf.c Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 Heap-Buffer Overflow Vulnerability in SWFTools Commit 772e55a2 Arbitrary Exported Tickets Download Vulnerability in Awesome Support WordPress Plugin Memory Leak Vulnerability in SWFTools Commit 772e55a2 Stack Overflow Vulnerability in SWFTools Commit 772e55a2 Heap-Buffer Overflow Vulnerability in SWFTools commit 772e55a2 Segmentation Violation Vulnerability in SWFTools Commit 772e55a2 IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) SQL Injection Vulnerability in webmail.php Cross-Site Scripting (XSS) Vulnerability in Clinic's Patient Management System v1.0 via update_medicine_details.php Multiple Cross-Site Scripting (XSS) Vulnerabilities Found in PyroCMS v3.9 WARP Client Vulnerability: Bypassing Lock WARP Switch to Disable Zero Trust Policies Access Control Issue in IXPdata EasyInstall 6.6.14725 SQL Injection Vulnerability in Novel-Plus v3.6.1 via Keyword Parameter Ecowitt GW1100 Series Weather Stations Access Control Vulnerability Reflected XSS Vulnerability in GitLab Versions 12.8 to 15.10.1 Arbitrary Command Execution Vulnerability in Joplin v2.8.8 via Crafted Node Titles Command Injection Vulnerability in Usermin GPG Module Cross-Site Scripting (XSS) Vulnerability in CherryTree v0.99.30 via Crafted Payload in Name Field Cross-Site Scripting (XSS) Vulnerability in Boodskap IoT Platform v4.4.9-02 Privilege Escalation Vulnerability in Boodskap IoT Platform v4.4.9-02 Unauthenticated API Request Vulnerability in Boodskap IoT Platform v4.4.9-02 Multiple Cross-Site Scripting (XSS) Vulnerabilities in DGIOT Lightweight Industrial IoT v4.5.4 GitLab Submodule URL Parser Regex Denial of Service Vulnerability Denial of Service (DoS) Vulnerability in Renato v0.17.0 via Crafted Search Parameter Payload Weak Password Complexity Requirements in Renato v0.17.0: A Gateway for Brute-Force Attacks Renato v0.17.0 XSS Vulnerability Authentication Bypass Vulnerability in DoraCMS v2.18 and Earlier SQL Injection Vulnerability in Maccms10 v2021.1000.1081 to v2022.1000.3031 via table parameter at database/columns.html Integer Overflow Vulnerability in Libksba Library Allows Remote Code Execution Arbitrary File Upload Vulnerability in Baijicms v4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in kkFileView v4.1.0 Command Injection Vulnerability in FusionPBX 5.0.1 via /fax/fax_send.php SQL Injection Vulnerability in Shopro Mall System v1.3.8 via Value Parameter Reflected XSS Vulnerability in Bus Pass Management System v1.0 SQL Injection Vulnerability in Bus Pass Management System 1.0 Denial of Service (DoS) Vulnerability in TscanCode tsclua v2.15.01 Lua Parser Stored Cross-site Scripting (XSS) Vulnerability in LibreNMS GitHub Repository Buffer Overflow Vulnerability in GVRET Stable Release (Aug 15, 2015) Cross-Site Scripting (XSS) Vulnerability in Complete Online Job Search System v1.0 Cross-Site Scripting (XSS) Vulnerability in Complete Online Job Search System v1.0 Heap Use-After-Free Vulnerability in LibreDWG v0.12.4.4608 & commit f2dea29 Denial of Service (DoS) Vulnerability in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 Infinite Loop Vulnerability in libjpeg Commit 842c7ba Insecure Permissions in Printix Cloud Print Management v1.3.1149.0 for Windows XML Input Denial-of-Service Vulnerability in SAP Business One - Version 10.0 SAP BusinessObjects Business Intelligence Platform (LCM) Privilege Escalation Vulnerability Vulnerability in minimatch Package: Regular Expression Denial of Service (ReDoS) in braceExpand Function Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal JPEG 2000 File Format Crash Vulnerability in SAP 3D Visual Enterprise Viewer Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Segmentation Violation Vulnerability in Nginx NJS v0.7.5 Stored XSS Vulnerability in Kirby's Starterkit v3.7.0.2 via Crafted Payload in Tags Field SQL Injection Vulnerability in Barangay Management System v1.0 via hidden_id parameter at /blotter/blotter.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sanitization Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sanitization Management System 1.0 D-Link DSL-3782 Firmware v1.01 Denial of Service Vulnerability Unauthenticated DoS Vulnerability in D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 SQL Injection Vulnerability in TestLink v1.9.20 via /lib/execute/execNavigator.php Stored Cross-Site Scripting (XSS) Vulnerability in TestLink v1.9.20 via /lib/inventory/inventoryView.php Broken Access Control Vulnerability in TestLink 1.9.20 Raijin at /lib/attachments/attachmentdownload.php Cross-Site Request Forgery (CSRF) Vulnerability in TestLink v1.9.20 Weak Default Password in Contract Management System v2.0 Allows Unauthorized Access to Database Connection Information Heap-based Buffer Overflow in Vim prior to 9.0.0765 Remote Command Execution (RCE) Vulnerability in Tenda-AC18 V15.03.05.05 Unauthenticated Access Control Vulnerability in TrendNet TV-IP572PI v1.0 Directory Traversal Vulnerability in Vitejs Vite (before v2.9.13) Denial of Service Vulnerability in Binutils readelf 2.38.50 Null Pointer Dereference Vulnerability in Binutils Readelf 2.38.50 via read_and_display_attr_value in dwarf.c Race Condition Vulnerability in Linux Kernel's kcm_tx_work Function (VDB-211018) Cross-Site Scripting (XSS) Vulnerability in osCommerce2 before v2.3.4.1 via tep_db_error() Function Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap OMICARD EDM's Mail Image Relay Function Path Traversal Vulnerability Stack-based Buffer Overflow Vulnerability in NHI Card's Web Service Component Heap-based Buffer Overflow Vulnerability in NHI Card's Web Service Component Stack-based Buffer Overflow Vulnerability in NHI Card's Web Service Component Teamplus Pro Community Discussion Function Memory Allocation Vulnerability Teamplus Pro Community Discussion Thread Subject Field Memory Allocation Vulnerability Stack-Based Buffer Overflow Vulnerability in HiCOS Citizen Verification Component Cookie Deserialization Vulnerability in EasyUse MailHunter Ultimate SAP Enterprise Portal Cross-Site Scripting (XSS) Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability in SAP Data Services Management Console Cross-Site Scripting (XSS) Vulnerability in SAP NW EP (WPC) - Versions 7.30, 7.31, 7.40, 7.50 Unauthenticated Network-Based Token Information Retrieval Vulnerability in SAP BusinessObjects CMC Reflected JavaScript Code Execution via Authenticated User-Created Links with CSRF Token Protection Linux Kernel Driver Handler Use After Free Vulnerability (VDB-211020) Reflected JavaScript Code Execution via Authenticated User-Created Links Out-Of-Bounds Read Information Disclosure Vulnerability in Trend Micro Security 2021 and 2022 (Consumer) Authenticated Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 Undisclosed Traffic-Induced Memory Resource Utilization Vulnerability Unauthenticated Plugin Settings Change Vulnerability in Awesome Filterable Portfolio Plugin Arbitrary PHP Code Execution Vulnerability in SolarView Compact SV-CPT-MC310 Ver.7.23 and Earlier Remote Memory Leak Vulnerability in Linux Kernel's IPv6 Handler (VDB-211021) Memory Resource Utilization Vulnerability in BIG-IP Versions 16.1.x, 15.1.x, and 14.1.x NGINX Instance Manager Disk Resource Utilization Vulnerability Unauthenticated Plugin Settings Change Vulnerability in 59sec LITE Plugin <= 3.4.1 Appliance Mode Bypass Vulnerability in BIG-IP Versions 16.1.x, 15.1.x, 14.1.x, and 13.1.x Format String Injection Vulnerability in XCMD getVarHA Functionality of Abode Systems, Inc. Iota All-In-One Security Kit 6.9X and 6.9Z Undisclosed Traffic Termination Vulnerability in BIG-IP APM Access Policy NoSQL-Injection Information Disclosure Vulnerability in Rocket.Chat Information Disclosure Vulnerability in Rocket.chat Bypassing Two-Factor Authentication in Rocket.Chat via CAS Login Vulnerability Information Disclosure Vulnerability in Rocket.Chat <v5: getUserMentionsByChannel Method Allows Unauthorized Access to Private Messages Deserialization of Untrusted Data in LibreNMS GitHub Repository Privilege Escalation Vulnerability in Rocket.chat <v5: Unauthorized Access to Direct Messages Persistent Cross-Site Scripting Vulnerability in Rocket.chat <v5 Curl Cookie Parsing Vulnerability Denial-of-Service Vulnerability in Ivanti Products Insecure Randomness in WebCrypto Key Generation Vulnerability HTTP Request Smuggling Vulnerability in Node v18.7.0's llhttp Parser Local Privilege Escalation Vulnerability in UI Desktop for Windows (Version 0.55.1.2 and Earlier) Denial-of-Service Vulnerability in Ivanti Products XML Injection Vulnerability in Endpoint Manager 2022.3 and Below: Unauthorized File Download and Execution Memory Leak Vulnerability in Linux Kernel's macvlan_handle_frame Function (VDB-211024) Stack-based Buffer Overflow in curl when Parsing .netrc File Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server HashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server HashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Denial of Service Vulnerability in Robustel R1510 Web Server's hashFirst Functionality Undisclosed Traffic Causes TMM Core File Generation and Connection Termination in BIG-IP Versions 17.0.x and 16.1.x CentreCOM AR260S V2 Firmware: Remote OS Command Injection Vulnerability AlgolPlus Advanced Order Export For WooCommerce Plugin <= 3.3.1 Authenticated Reflected XSS Vulnerability Vulnerability: Privilege Escalation via Local Access in Intel(R) NUC 8 Compute Elements BIOS Firmware GetResponse Plugin <= 5.5.20 CSRF Vulnerability in WordPress HTML Injection in Apache ActiveMQ Artemis Web Console Sensitive Version Disclosure Vulnerability in IBM Business Automation Workflow Weak Password Policy in IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 CSV Injection Vulnerability in IBM Maximo Asset Management and IBM Maximo Application Suite IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 SSRF Vulnerability Denial of Service Vulnerability in IBM Security Verify Information Queue 10.0.2 Missing SameSite attribute in IBM Security Verify Information Queue 10.0.2 exposes sensitive information (IBM X-Force ID: 230811) Cross-Site Request Forgery Vulnerability in IBM Security Verify Information Queue 10.0.2 Cross-Site Request Forgery Vulnerability in IBM Security Verify Information Queue 10.0.2 Hard-coded Credentials in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 Information Disclosure Vulnerability Integer Overflow Vulnerability in Hermes JavaScript Engine SAP Authenticator for Android Information Disclosure Vulnerability SAP SuccessFactors Attachment API Misconfiguration Allows Privilege Escalation and Data Compromise Unquoted Service Path Vulnerability in SAP Business One: Exploiting Unquoted Executable Paths for SYSTEM Privileges Insecure Session Management in SAP Enable Now Allows Unauthorized Account Access Stored Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server ABAP Privilege Escalation Vulnerability in SAP Host Agent (SAPOSCOL) Version 7.22 Unauthorized Access to Sensitive Information in SAP BusinessObjects Business Intelligence Platform Stored Cross-Site Scripting (XSS) Vulnerability in SAP Enable Now Cross-Site Scripting Vulnerability in SAP NetWeaver Enterprise Portal (KMC) 7.50 Memory Corruption Vulnerability in SAP SQL Anywhere and SAP IQ Memory Leak Vulnerability in Linux Kernel's BPF Component (VDB-211031) Critical Use After Free Vulnerability in Linux Kernel (VDB-211032) Vulnerability: Unauthenticated PHAR Deserialization in Role Based Pricing for WooCommerce WordPress Plugin Arbitrary File Upload Vulnerability in Role Based Pricing for WooCommerce WordPress Plugin Unauthenticated Users Can Disable Arbitrary Plugins in Webmaster Tools Verification WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Testimonials and Super-Testimonial-Pro WordPress Plugins Email Address Extraction Vulnerability in hunter2 (Versions < 2.1.0) Authentication Bypass Vulnerability in Asus RT-AX82U 3.0.0.4.386_49674-ge182230 Unauthenticated Local File Disclosure Vulnerability in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus Unauthorized File and Directory Creation Vulnerability in ManageEngine Password Manager Pro and OPManager Unauthenticated Remote Code Execution Vulnerability in Zoho ManageEngine Password Manager Pro, PAM360, and ManageEngine Access Manager Plus URL Disclosure Vulnerability in Burp Suite Stack Buffer Overflow in InsydeH2O SetupUtility Driver on Intel Platforms SMM Callout Vulnerability in InsydeH2O with Kernel 5.0 through 5.5 Heap-based Buffer Over-read in Mbed TLS DTLS Server Critical Use After Free Vulnerability in Linux Kernel (VDB-211041) Directory Traversal Vulnerability in mat2 (Metadata Anonymisation Toolkit) Allows Information Disclosure via Crafted Archive Unauthenticated Remote Code Execution via Unpickle in rpc.py Vulnerability: Unauthorized Disabling and Exfiltration of Files in Digital Guardian Agent 7.7.4.0042 Hardcoded Systemi Account Vulnerability in WAPPLES 6.0 Uninitialized Read Vulnerability in QEMU's softmmu/physmem.c Privilege Escalation Vulnerability in NI System Configuration Manager H3C SSL VPN through 2022-07-10: wnm/login/login.json svpnlang cookie XSS Vulnerability SQL Injection Vulnerability in Online Tours And Travels Management System v1.0 SQL Injection Vulnerability in Web Based Quiz System v1.0 via qid Parameter at update.php Arbitrary File Upload Vulnerability in UCMS 1.6 via ucms/sadmin/file PHP File Memory Leak Vulnerability in Linux Kernel's BPF Component (VDB-211043) Memory Leak Vulnerability in ffjpeg Commit caade60a69633d74100bd3c2528bddee0b6a1291 Floating Point Exception (FPE) Vulnerability in jpeg-quantsmooth/jpegqs+0x4f5d6c Memory Leak Vulnerability in Linux Kernel's Netfilter Component (VDB-211044) Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b04de Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b55af Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b0466 Critical Use After Free Vulnerability in Linux Kernel's IPsec Component (VDB-211045) Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b84b1 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b03b5 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6c08a6 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x6b05aa Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b0d63 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x617087 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b05ce Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6e412a Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Cold Storage Management System 1.0 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x61731f Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6c0a32 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6c0bc3 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6b0478 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x6171b2 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6c0414 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x6c0473 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6e41b8 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x6e420d Segmentation Violation Vulnerability in OTFCC v0.10.4 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Cold Storage Management System 1.0 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x65fc97 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6e41b0 Global Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x718693 Segmentation Violation Vulnerability in OTFCC v0.10.4 Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via /release-x64/otfccdump+0x6b544e Heap-Buffer Overflow Vulnerability in OTFCC v0.10.4 via otfccdump+0x6e41a8 Segmentation Violation Vulnerability in OTFCC v0.10.4 Segmentation Violation Vulnerability in OTFCC v0.10.4 Segmentation Violation Vulnerability in OTFCC v0.10.4 Segmentation Violation Vulnerability in OTFCC v0.10.4 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Cold Storage Management System 1.0 Segmentation Violation Vulnerability in OTFCC v0.10.4 via /multiarch/memmove-vec-unaligned-erms.S Segmentation Violation Vulnerability in OTFCC v0.10.4 Segmentation Violation Vulnerability in OTFCC v0.10.4 Segmentation Violation Vulnerability in OTFCC v0.10.4 Segmentation Violation Vulnerability in OTFCC v0.10.4 Segmentation Violation Vulnerability in OTFCC v0.10.4 Zammad 5.2.0 Vulnerability: Incorrect Access Control on Attachment Endpoints Zammad 5.2.0 'Forgot Password' Rate Limiting Manipulation Vulnerability Zammad 5.2.0 Vulnerability: Unauthorized Access to System Organizations by Customers with Secondary Organizations Unrestricted Upload Vulnerability in SourceCodester Simple Cold Storage Management System 1.0 Zammad 5.2.0 Privilege Escalation via Brute-Force Prevention Bypass Hardcoded Root Password Vulnerability in TOTOLINK A3002RU V3.0.0-B20220304.1804 Cross-site Scripting (XSS) Vulnerability in eShop - Multipurpose Ecommerce Store Website 3.0.4 Critical Buffer Overflow Vulnerability in X.org Server (VDB-211051) Cross Site Scripting (XSS) Vulnerability in Amasty Blog 2.10.3 via Leave Comment Functionality Stored Cross-site Scripting (XSS) in Amasty Blog Pro Plugin for Magento 2 Segmentation Fault Vulnerability in TripleCross v0.1.0: Unbounded Output Length in Control Command Stack Overflow Vulnerability in TripleCross v0.1.0: Unbounded Program Parameter Length CRLF Injection Vulnerability in Proxmox Virtual Environment and Proxmox Mail Gateway Web Interface SSRF and Privilege Escalation Vulnerabilities in Proxmox Virtual Environment and Proxmox Mail Gateway EyouCMS 1.5.8 - Storage XSS Vulnerability via Title Parameter Memory Leak Vulnerability in X.org Server (VDB-211052) Insecure Password Encryption and Storage in Blink1Control2 Application Remote Code Execution Vulnerability in DedeCMS v5.7.93 - v5.7.96 login.php Command Injection Vulnerability in WAVLINK Routers Command Injection Vulnerability in WAVLINK NAS Devices Command Injection Vulnerability in WAVLINK Firewall.cgi Unrestricted File Upload Vulnerability in BoxBilling Prior to 0.0.1 Command Injection Vulnerability in WAVLINK WN Series Routers Command Injection Vulnerability in WAVLINK Firewall Configuration Command Injection Vulnerability in WAVLINK Routers Command Injection Vulnerability in WAVLINK Firewall.cgi Command Injection Vulnerability in WAVLINK Routers Command Injection Vulnerability in WAVLINK Routers Command Injection Vulnerability in WAVLINK Routers Denial of Service Vulnerability in X.org Server (VDB-211053) Command Injection Vulnerability in WAVLINK Routers Command Injection Vulnerability in WAVLINK Wireless Routers Command Injection Vulnerability in WAVLINK Wireless Routers Command Injection Vulnerability in WAVLINK Routers Command Injection Vulnerability in WAVLINK Wireless Routers Command Injection Vulnerability in WAVLINK Wireless.cgi AgileConfig <1.6.8 Server: Remote Attackers Exploit Hardcoded JWT Secret to Gain Administrator Access Multiple Reflected XSS Vulnerabilities in BPC SmartVista 3.28.0: Exploiting Error Message Handling Command Injection Vulnerability in Tenda W6 V1.0.0.9(4122) Stack Overflow Vulnerability in Tenda W6 V1.0.0.9(4122) - Denial of Service via /goform/wifiSSIDget Stack Overflow Vulnerability in Tenda W6 V1.0.0.9(4122) - DoS via /goform/WifiMacFilterGet Stack Overflow Vulnerability in Tenda W6 V1.0.0.9(4122): Remote Code Execution via /goform/setAutoPing Stack Overflow Vulnerability in Tenda W6 V1.0.0.9(4122) - Denial of Service via /goform/wifiSSIDset Stack Overflow Vulnerability in Tenda W6 V1.0.0.9(4122) - DoS via /goform/WifiMacFilterSet Arbitrary File Upload Vulnerability in Blogifier v3.0 Unauthenticated Information Disclosure in Linksys E5350 WiFi Router CSV Injection Vulnerability in Import and Export Users and Customers WordPress Plugin Undocumented Remote Control Vulnerability in Penta Security Systems WAPPLES SSRF Vulnerability in wkhtmlTOpdf 0.12.6 Allows Remote System Access and Infrastructure Takeover Stored Cross-Site Scripting (XSS) Vulnerability in ForkCMS 5.9.3 via start_date Parameter Cross-Site Scripting (XSS) Vulnerability in Fork 5.9.3 via publish_on_date Parameter Cross-Site Scripting (XSS) Vulnerability in Fork CMS 5.9.3 via publish_on_time Parameter Exim Regex Handler Use After Free Vulnerability (VDB-211073) Cross-Site Scripting (XSS) Vulnerability in ForkCMS 5.9.3 via end_date Parameter SQL Injection Vulnerability in ConnectionFactoryDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in Stocks.java in InventoryManagementSystem 1.0 Path Traversal Vulnerability in pesign systemd Service SQL Injection Vulnerability in SupplierDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in UserDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in CustomerDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in SupplierDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in UserDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in CustomerDAO.java in InventoryManagementSystem 1.0 Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.10.0 CSRF Vulnerability in MQTTRoute v3.3 and Below: Unauthorized Dashboard Creation and Removal MQTTRoute v3.3 and below: Cross-Site Scripting (XSS) Vulnerability in Dashboard Name Field Critical CSRF Vulnerability Found in Konker v2.3.9 Critical Remote Code Execution Vulnerability in D-LINK DIR-818LW A1:DIR818L_FW105b01 Stored Cross-site Scripting (XSS) Vulnerability in LibreNMS GitHub Repository D-LINK DIR-818LW A1:DIR818L_FW105b01 Remote Code Execution (RCE) Vulnerability in binary.soapcgi_main Evoh NFT EvohClaimable Contract Access Control Vulnerability Nordic nRF5 SDK for Mesh 5.0 Heap Overflow Vulnerability Nordic nRF5 SDK for Mesh 5.0 Heap Overflow Vulnerability via Segmented Packets SQL Injection Vulnerability in TYPO3 Lux Extension Client ID Spoofing Vulnerability in Velociraptor 0.6.5-2 Null Pointer Dereference in BlueZ's read_50_controller_cap_complete Function (VDB-211086) Velociraptor 0.6.5-2 XSS Vulnerability in Collection Report Generation Symlink Attack Vulnerability in Velociraptor 0.6.5-2 Cross-Site Scripting (XSS) Vulnerability in Velociraptor GUI Editor Suggestion Feature Denial of Service Vulnerability in IBM Db2 Db2expln Tool Cross-Site Request Forgery (CSRF) Vulnerability in IBM Sterling B2B Integrator Unrestricted Connection Length Vulnerability in IBM Sterling Partner Engagement Manager Critical Use After Free Vulnerability in Linux Kernel Bluetooth Component (VDB-211087) Cross-Site Scripting Vulnerability in IBM InfoSphere Information Server 11.7 Remote Code Execution Vulnerability in IBM PowerVM VIOS 3.1 Stored Cross-Site Scripting Vulnerability in IBM Maximo Asset Management and IBM Maximo Application Suite Vulnerability: Unauthorized Access Request Modification in IBM Security Verify Governance, Identity Manager 10.0.1 Denial of Service Vulnerability in Nautilus T616 and T618 Treadmills Remote Code Execution Vulnerability in Moodle Due to Improper Input Validation Critical Use After Free Vulnerability in Linux Kernel Bluetooth Component (VDB-211088) Arbitrary File Read Vulnerability in Moodle's Lesson Question Import Stored XSS and Blind SSRF Vulnerability in Moodle's SCORM Track Details Open Redirect Vulnerability in Moodle's Mobile Auto-Login Feature Reflected XSS Vulnerability in Moodle LTI Module Unauthenticated XSS Vulnerability in Pega Platform 8.5.4 to 8.7.3 with Redirect Parameter XSS Vulnerability in Pega Platform 7.3 to 8.7.3 due to Misconfigured Datapage Setting CSRF Settings Alteration Vulnerability in Pega Platform 8.3 to 8.7.3 Race Condition Vulnerability in Linux Kernel's TCP Handler (VDB-211089) Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Acrobat Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Improper Input Validation Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Acrobat Reader Allows Memory Disclosure Race Condition Vulnerability in Linux Kernel's IPv6 Handler (VDB-211090) Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Out-of-Bounds Read Vulnerability in Adobe FrameMaker Out-of-Bounds Read Vulnerability in Adobe FrameMaker Use After Free Vulnerability in Adobe FrameMaker Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe FrameMaker Versions 2019 and 2020 Heap-based Buffer Overflow Vulnerability in Adobe FrameMaker Versions 2019 and 2020 Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Unauthenticated Remote Code Execution in ImageMagick Engine Plugin for WordPress Improper Access Control Vulnerability in Adobe Commerce Versions 2.4.4-p1 and 2.4.5 Local Privilege Escalation Vulnerability in Zimbra Collaboration Suite (ZCS) Versions 9.0.0 and Prior Stack-based Buffer Overflow Vulnerability in Adobe ColdFusion Allows Arbitrary Code Execution Adobe Acrobat Reader NULL Pointer Dereference Vulnerability Improper Access Control Vulnerability in Adobe Commerce Allows Security Feature Bypass Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager Core Components 2.20.6 and Earlier Stored Cross-site Scripting Vulnerability in Adobe Commerce Versions 2.4.4-p1 and 2.4.5 Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Heap Buffer Overflows in libtiff's tiffcrop.c Utility (Version 4.4.0) Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Code Execution Use After Free Vulnerability in Adobe Bridge Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Bridge Out-of-Bounds Read Vulnerability in Adobe Bridge Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Bridge Use After Free Vulnerability in Adobe Bridge Allows Memory Disclosure Stack-based Buffer Overflow Vulnerability in Adobe ColdFusion Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe ColdFusion: Remote Code Execution Heap-based Buffer Overflow Vulnerability in Adobe ColdFusion: Remote Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop: Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.1 Sensitive Information Disclosure in IBM InfoSphere Information Server 11.7 Improper Security Checking in IBM UrbanCode Deploy (UCD) Versions 6.2.0.0 - 7.2.3.0 Arbitrary Command Execution Vulnerability in IBM InfoSphere Information Server 11.7 Sensitive Information Exposure in IBM MQ Internet Pass-Thru 2.1, 9.2 LTS, and 9.2 CD Reflected XSS Vulnerability in GitLab CE/EE Versions 13.5 to 15.5.2 via Jira Connect Integration Weak Cryptographic Algorithms Used in IBM Sterling External Authentication Server and IBM Sterling Secure Proxy Installation Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management 1.1.3 Stored Cross-Site Scripting Vulnerability in IBM Jazz for Service Management Endless Loop CPU Consumption Vulnerability in Apache Avro Rust SDK Title: Authenticated Stored XSS Vulnerability in Hans Matzen's wp-forecast Plugin <= 7.5 for WordPress Broken Authentication in yotuwp Video Gallery Plugin <= 1.3.4.5 for WordPress Persistent Authentication Token Vulnerability Unauthenticated Out-of-Bounds Read Vulnerability in OpenBMC Firmware for Intel Platforms Arbitrary JavaScript Execution Vulnerability in GitLab CE/EE Oceanwp Sticky Header Plugin <= 1.0.8 CSRF Vulnerability Remote Command Execution Vulnerability in UNIMO Technology Digital Video Recorders Hard-coded API Key Vulnerability in Hulu / フールー App for Android Privilege Escalation in BIG-IP Configuration Utility Array-Bounds Overflow Vulnerability in SQLite Arbitrary Content Injection in PRTG Network Monitor Device Icons CSV Injection Vulnerability in WPForms Pro WordPress Plugin dotCMS Access Control Bypass via Semicolon in URL Vulnerability: XML External Entity (XXE) Injection in Apache CloudStack SAML 2.0 Authentication Service Provider Plugin Outlook DoS Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) PPP Remote Code Execution Vulnerability in Windows Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Digital Media Receiver Privilege Escalation Vulnerability Windows PPP DoS Vulnerability HTTP.sys DoS Vulnerability Windows Digital Media Receiver Privilege Escalation Vulnerability Vulnerability: Unauthenticated Malicious Code Upload in Frauscher Sensortechnik FDS102 Windows Kernel Win32k Elevation of Privilege Vulnerability Hyper-V Privilege Escalation Vulnerability in Windows Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Unified Write Filter Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Kerberos Privilege Escalation Vulnerability in Windows Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Windows Kernel Memory Leak Vulnerability Windows LSA Denial of Service Vulnerability: Disrupting Local Security Authority Out-of-Bounds Read Vulnerability in Out-of-Band Management: Disclosure of Sensitive Information ATA Port Driver Privilege Escalation Vulnerability in Microsoft Windows Kernel Privilege Escalation Vulnerability Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Kernel Privilege Escalation Vulnerability Windows PPP DoS Vulnerability Out-of-Bounds Memory Write Vulnerability in Linux Kernel's Kid-friendly Wired Controller Driver Unveiling the Windows NTLM Spoofing Vulnerability: A Critical Security Breach Guarding the Gates: Windows Defender Credential Guard Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Azure Site Recovery Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Denial of Service Vulnerability: Exploiting Weaknesses in Azure Site Recovery to Disrupt Service Availability Exploiting Visual Studio Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Reflected Cross-Site Scripting in ProfileGrid WordPress Plugin Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Critical SQL Injection Vulnerability in SourceCodester Cashier Queuing System 1.0 Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Exploiting the Storage Spaces Direct Elevation of Privilege Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Error Reporting Service Privilege Escalation Vulnerability Edge Chromium Elevation of Privilege Vulnerability Windows Hello Authentication Bypass Vulnerability Azure Arc Jumpstart Information Disclosure Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Cross-Site Scripting Vulnerability in SourceCodester Cashier Queuing System 1.0.1 Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability SMB RCE Vulnerability: Exploiting Remote Code Execution in SMB Client and Server Exploiting the Microsoft Dynamics CRM Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in SourceCodester Cashier Queuing System 1.0 Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Azure Site Recovery Privilege Escalation Vulnerability Cross-Site Request Forgery Vulnerability in SourceCodester Simple Cold Storage Management System 1.0 (VDB-211189) BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Azure Sphere Information Leakage Vulnerability Windows Defender Credential Guard Security Feature Bypass Vulnerability: A Critical Flaw in Credential Guard Protection Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Azure Site Recovery Exploiting Visual Studio Remote Code Execution Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Defender for Endpoint for Mac Service Fabric Explorer URL Spoofing Vulnerability Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (VDB-211192) RPC Runtime RCE Vulnerability Windows Remote Access Connection Manager Information Disclosure Vulnerability Windows Event Tracing Service DoS Vulnerability Windows Secure Channel DoS Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data HTTP/3 Denial of Service Vulnerability Critical SQL Injection Vulnerability in SourceCodester Canteen Management System 1.0 (CVE-2021-211193) Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Enterprise App Management Service Remote Code Execution Vulnerability in Windows FortiOS SSL-VPN Information Exposure Vulnerability FortiOS and FortiProxy SSH Login Authentication Bypass Vulnerability Command Injection Vulnerability in FortiTester Certificate Import Feature OS Command Injection Vulnerabilities in FortiTester Brute Force Authentication Vulnerability in FortiTester Telnet Port Arbitrary Code Execution Vulnerability in FortiSOAR Management Interface Command Injection Vulnerability in FortiADC Management Interface Cross-Site Request Forgery Vulnerability in SourceCodester Simple Cold Storage Management System 1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in FortiAuthenticator Stored Cross-Site Scripting (XSS) Vulnerability in FortiADC Management Interface 7.1.0 Arbitrary Code Execution Vulnerability in kvf-admin through 2022-02-12 Memory Overwrite, Denial of Service, and Information Disclosure Vulnerability in Samsung mTower 0.3.0 Use-after-free vulnerability in Linux kernel networking code allows local users to cause a denial of service Vulnerability: AES Encryption Absence in Corsair K63 Wireless 3.1.3 Allows Keystroke Injection and Sniffing via 2.4 GHz Radio Transmissions Privilege Escalation via .python-version File in pyenv BMC Track-It! 20.21.02.109 GetPopupSubQueryDetails SQL Injection Vulnerability Unauthenticated Remote Code Execution in BMC Track-It! 20.21.2.109 Hard-coded Password Vulnerability in Vinchin Backup and Recovery 6.5.0.17561 Privilege Escalation in xhyve via e1000 Virtual Device Buffer Overflow Untrusted Search Path Vulnerability in TIA Multiuser Server and TIA Project-Server Authentication Bypass Vulnerability in Inductive Automation Ignition 8.1.15 (b2022030114) Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Cold Storage Management System 1.0 Arbitrary Code Execution via Deserialization in Inductive Automation Ignition 8.1.15 (ZDI-CAN-17265) Unauthenticated Remote Code Execution in Inductive Automation Ignition 8.1.15 (b2022030114) Arbitrary Code Execution via ZIP File Parsing in Inductive Automation Ignition 8.1.15 (b2022030114) Arbitrary Code Execution via ZIP File Processing in Inductive Automation Ignition 8.1.15 Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z Format String Injection Vulnerability in Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z Format String Injection Vulnerability in Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit UPnP Logging Functionality Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit UPnP Logging Functionality Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit UPnP Logging Functionality Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit UPnP Logging Functionality GS Testimonial Slider Plugin <= 1.9.5 Authenticated Stored XSS Vulnerability NULL Pointer Dereference Vulnerability in Intel(R) Media SDK Software Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit 6.9Z and 6.9X Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit 6.9Z and 6.9X Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit 6.9Z and 6.9X Format String Injection Vulnerabilities in Abode Systems iota All-In-One Security Kit 6.9Z and 6.9X Hertzbleed: Power Side-Channel Attack Exploiting Ampere Altra and Ampere Altra Max Devices Authorization Bypass Vulnerability in Miele's AppWash Mobile App API Endpoint Session Hijacking Vulnerability in Inductive Automation Ignition InsydeH2O SMM Memory Corruption Vulnerability Untrusted Pointer Information Disclosure Vulnerability in InsydeH2O SMI Handler Memory Corruption and Arbitrary Code Execution in InsydeH2O Firmware Insyde InsydeH2O SMM Memory Leak Vulnerability Stack Buffer Overflow Vulnerability in Insyde InsydeH2O with Kernel 5.0-5.5 Allows Arbitrary Code Execution Improper Validation Allows Unauthorized Password Changes in OpenText BizManager Unquoted Service Path Vulnerability in ASUSTeK Aura Ready Game SDK Service Unauthenticated Blind SSRF Vulnerability in WordPress Pingback Feature Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View Out-of-bounds read vulnerability in Bentley MicroStation and Bentley View Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View Unsanitized Ping Host Argument Vulnerability in Cambium Enterprise Wi-Fi System Software Improper Access Control in Jellyfin /users Endpoint Critical Use After Free Vulnerability in vim/vim Repository (CVE-XXXX-XXXX) Stored XSS Vulnerability in Jellyfin Allows Theft of Admin Access Token Denial of Service Vulnerability in Patlite NH-FB Series Devices Remote Code Execution via Class Loader Access in Grails Data Binding Denial of Service Vulnerability in Samourai Wallet Stonewallx2 0.99.98e via P2P Coinjoin PHP Code Injection Vulnerability in htmlawed module for GLPI through 10.0.2 Unbounded Gas Consumption Vulnerability in OpenZeppelin Contracts Misclassification of Externally Owned Account (EOA) Interactions as Cross Chain Calls in OpenZeppelin Contracts Multiple Transfer Validation Vulnerability in Solana Pay SDK (Fixed in Version 0.2.1) Directory Traversal Vulnerability in Streamlit Custom Components Arbitrary Path Disclosure Vulnerability in MinIO Samba Symlink Following Vulnerability: Escaping Share Path and Unauthorized File System Access Directory Traversal Vulnerability in Sanic Web Server/Framework Vulnerability: Lack of Respect for Private Discussion Disablement in Byobu Extension Out-of-Memory Process Abort in Rust-WebSocket Library Inefficient Regular Expression Complexity in v8n's `lowercase()` and `uppercase()` Functions Leading to Denial of Service Email Injection Vulnerability in NextAuth.js Unlimited Authentication Attempts Vulnerability in BookWyrm 0.4.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Contiki-NG's IPv6 Neighbor Discovery Options Validation Buffer overflow vulnerability in Contiki-NG's RPL-Classic routing protocol implementation Vulnerability in AES Crypt for Linux 3.11: Password Length Check Bypass False Positive Verification Vulnerability in cosign 1.10.1 and earlier False positive admission vulnerability in PolicyController prior to version 0.2.1 Nextcloud Password Policy Vulnerability: Random Password Generator Generates Blocked Passwords Vulnerability: Brute Force Attack on Password Protected Conversations in Nextcloud Talk Cookie Theft Vulnerability in PrestaShop Product Review Module (Fixed in Version 5.0.2) Denial of Service Vulnerability in TensorFlow's tf.reshape Op Denial of Service Vulnerability in SobolSampleOp in TensorFlow Vulnerability: Contract Self-Destruct Bug in Ethermint Out-of-bounds memory read vulnerability in TensorFlow's `GatherNd` function Out-of-bounds Memory Read Vulnerability in TensorFlow's GatherNd Function Out-of-bounds Write Vulnerability in TensorFlow's ScatterNd Function Excessive Data Logging Vulnerability in Linux Kernel's BPF Component (VDB-211363) Vulnerability: Crash due to overflow in `RaggedRangOp` function Unvalidated Input in `AvgPoolOp` Function Can Cause Program Crash Arbitrary SQL Injection via `contains` LoopBack Filter in Postgres Connector Shield Authentication and Authorization Framework Vulnerability: SameSite Attack Bypass Safe Mode Bypass Vulnerability in October CMS Unescaped Registration Key Vulnerability in GLPI Unvalidated Input in GLPI Plugin Controller Allows Database Manipulation SQL Injection Vulnerability in GLPI Software: Arbitrary User Login Simulation CRLF Injection Vulnerability in Undici HTTP/1.1 Client SSRF Vulnerability in undici HTTP/1.1 Client Double Free Vulnerability in Linux Kernel's CIFS Handler (VDB-211364) Remote Code Execution in OroCommerce Shopping List Integer Overflow Vulnerability in Redis 7.0.0 - 7.0.4 Allows Remote Code Execution UnbatchGradOp Vulnerability: Crash due to Non-scalar Argument and Incorrect Batch Index Tabnabbing Vulnerability in BookWyrm: Redirecting Users to Malicious Sites GitHub Actions Toolkit: Arbitrary Variable Assignment Vulnerability SQL Injection Vulnerability in update_by_case Gem Vulnerability: Escalation from Admin to Server Admin in Grafana Denial of Service Vulnerability in TensorFlow's AvgPool3DGradOp Implementation OpenStack Undercloud Information Leak Vulnerability Vulnerability: TensorFlow TensorListReserve Allows Multiple Elements in num_elements Vulnerability: Signature Malleability in OpenZeppelin Contracts Credential Disclosure Vulnerability in Zulip Mobile Versions 27.189 and Below Denial of Service Vulnerability in TensorFlow's FractionalAvgPoolGrad Implementation Denial of Service Vulnerability in TensorFlow's BlockLSTMGradV2 Implementation Null Pointer Dereference in TensorFlow's LowerBound and UpperBound Functions Denial of Service Vulnerability in TensorFlow's QuantizedAvgPool Denial of Service Vulnerability in TensorFlow's QuantizedAdd Function Denial of Service Vulnerability in TensorFlow's `AvgPoolGrad` Implementation Denial of Service Vulnerability in TensorFlow's Conv2DBackpropInput Implementation Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0 Denial of Service Vulnerability in TensorFlow's QuantizedInstanceNorm Denial of Service Vulnerability in TensorFlow's FakeQuantWithMinMaxVars Denial of Service Vulnerability in TensorFlow's QuantizedBiasAdd Function Denial of Service Vulnerability in TensorFlow's QuantizedMatMul Denial of Service Vulnerability in TensorFlow's QuantizeDownAndShrinkRange Function Remote Code Execution Vulnerability in GitOps Tools Extension for VSCode Arbitrary Code Execution Vulnerability in GitOps Tools Extension for VSCode Redis Integer Overflow Vulnerability in SETRANGE and SORT(_RO) Commands Unsandboxed Lua Script Vulnerability in Minetest Denial of Service Vulnerability in TensorFlow's QuantizedRelu and QuantizedRelu6 Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0 OpenSearch Security Plugin Information Disclosure Vulnerability Denial of Service Vulnerability in TensorFlow's FractionalMaxPoolGrad Denial of Service Vulnerability in TensorFlow's SparseBincount Function Denial of Service Vulnerability in TensorFlow's `Save` and `SaveSlices` Functions Denial of Service Vulnerability in TensorFlow's ParameterizedTruncatedNormal Denial of Service Vulnerability in TensorFlow's LRNGrad with Invalid Input Tensor Denial of Service Vulnerability in TensorFlow's RaggedBincount Denial of Service Vulnerability in TensorFlow's `DenseBincount` Denial of Service Vulnerability in TensorFlow's `tf.linalg.matrix_rank` Denial of Service Vulnerability in TensorFlow's MaxPool with Oversized Window Size Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0 Denial of Service Vulnerability in TensorFlow's `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient` Denial of Service Vulnerability in TensorFlow's TensorListScatter and TensorListScatterV2 Denial of Service Vulnerability in TensorFlow's `TensorListFromTensor` Function Denial of Service Vulnerability in TensorFlow's `SetSize` Function Denial of Service Vulnerability in TensorFlow's CollectiveGather Denial of Service Vulnerability in TensorFlow's AudioSummaryV2 Denial of Service Vulnerability in TensorFlow's Conv2D Function Denial of Service Vulnerability in TensorFlow's `tf.sparse.cross` Function Denial of Service Vulnerability in TensorFlow's EmptyTensorList Denial of Service Vulnerability in TensorFlow's Conv2DBackpropInput with Empty out_backprop Inputs CSV Injection Vulnerability in Easy Digital Downloads WordPress Plugin Null dereference vulnerability in TensorFlow's `mlir::tfg::ConvertGenericFunctionToFunctionDef` when given empty function attributes Denial of Service Vulnerability in TensorFlow's DrawBoundingBoxes Function Denial of Service Vulnerability in TensorFlow's `Unbatch` Function Denial of Service Vulnerability in TensorFlow's RandomPoissonV2 Denial of Service Vulnerability in TensorFlow's `tf.random.gamma` Denial of Service Vulnerability in TensorFlow's `tf.quantization.fake_quant_with_min_max_vars_gradient` Arvados Workbench Remote Code Execution Vulnerability Partial Path Traversal Vulnerability in Venice Vulnerability: Parsing Issue in Frontier's Ethereum Compatibility Layer Vulnerability: Incorrect Parsing of Power Levels in gomatrixserverlib Stored Cross-Site Scripting Vulnerability in Image Hover Effects Css3 WordPress Plugin Arbitrary Code Execution via JSON Function Values Null Dereference Vulnerability in TensorFlow's `mlir::tfg::ConvertGenericFunctionToFunctionDef` Crash vulnerability in TensorFlow when given empty function attributes Crash vulnerability in TensorFlow's `mlir::tfg::GraphDefImporter::ConvertNodeDef` when converting NodeDefs without an op name Null type list attributes in `mlir::tfg::TFOp::nameAttr` can cause a crash in TensorFlow Vulnerability: Crash in TensorFlow when `RangeSize` receives values that exceed `int64_t` Vulnerability: CHECK-fail in `tensorflow::full_type::SubstituteFromAttrs` when receiving incorrect number of arguments Denial of Service Vulnerability in TensorFlow's Requantize Function Denial of Service Vulnerability in TensorFlow's RaggedTensorToVariant Function Denial of Service Vulnerability in TensorFlow's FakeQuantWithMinMaxVarsPerChannel Buffer Overrun Vulnerability in X.509 Certificate Verification Bypass of Cross-Site Scripting Mechanism in typo3/html-sanitizer Redis Denial-of-Service Vulnerability through String Matching Commands Unclaimed S3 Bucket Vulnerability in Deeplearning4J Gateway Client Application Malformed Request Crash Vulnerability Vulnerability: Remote Shutdown in py-cord 2.0.0 Incorrect Conversion between Numeric Types in Besu Ethereum Client (Versions 22.1.3 - 22.7.1) Leads to Consensus Failure and Gas Limit Exceedance Denial of Service Vulnerability in TensorFlow's QuantizeAndDequantizeV3 Vulnerability: Segfault and Python Process Crash in TensorFlow Transposed Convolutions with Per-Channel Weight Quantization CSV Injection Vulnerability in Export Customers List Plugin for WooCommerce SQL Injection Vulnerability in Project-Nexus Blog Website Framework Unauthorized File Access Vulnerability in Directus Vulnerability: Cookie Confusion in ReactPHP HTTP Server XSS Vulnerability in jsoup HTML Parser Possible ReDoS Vulnerability in nitrado.js (Versions <= 0.2.5) Arbitrary Content Injection in Flux CLI Deployment Arbitrary JavaScript Injection in mdx-mermaid (versions < 1.3.0 and 2.0.0-rc1) Cross-Site Scripting (XSS) Vulnerability in Kirby 3.5 Panel's Multiselect Field Remote Code Execution (RCE) Vulnerability in CircuitVerse Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Rizin's DEX File Parsing CSV Injection Vulnerability in Contact Form Entries WordPress Plugin Out-of-Bounds Write Vulnerability in Rizin 0.4.0 and Prior Versions Out-of-Bounds Write Vulnerability in Rizin's Mach-O File Parsing (CVE-2021-12345) Out-of-Bounds Write Vulnerability in Rizin 0.4.0 and Prior Versions Double Free Vulnerability in Rizin 0.4.0 and Prior Versions Out-of-Bounds Write Vulnerability in Rizin's Luac File Parsing Insecure Pseudo-random Number Generator in NodeBB Forum Software Allows Account Takeover Vulnerability: Denial of Service in Next.js with Node.js v15.0.0 and above Remote Image Reference Embedding Vulnerability in Zulip Server High Memory Consumption Vulnerability in Flux2 and Helm Controller CSV Injection Vulnerability in WP CSV Exporter WordPress Plugin Unauthorized Access to Projects in ZITADEL via Actions Out-of-Bounds Read Vulnerability in Contiki-NG's 6LoWPAN Implementation Buffer Overflow Vulnerability in Contiki-NG's IPv6 Extension Header Processing Out-of-Bounds Write Vulnerability in Contiki-NG's 6LoWPAN Implementation Denial of Service Vulnerability in Helm SDK's _strvals_ Package Vulnerabilities in Cosign verify-blob: Successful Verification Bypass Cross-Site Scripting (XSS) Vulnerability in Discourse-Chat Plugin Missing function name vulnerability in elrond-go prior to version 1.3.34 Vulnerability: Disruption of matrix-js-sdk functionality through special string events Vulnerability in Linux Kernel: Null Pointer Dereference in BPF Component (VDB-211749) Matrix-react-sdk Denial of Service Vulnerability Smart Contract State Alteration Vulnerability in Elrond Go (Versions prior to 1.3.35) Improper Preservation of Permissions in Grafana Allows Privilege Escalation Integer Underflow and Buffer Overflow in Azure RTOS USBx USB CDC ECM Host Support Inefficient Regular Expression Complexity Vulnerability in Shescape Arbitrary Code Execution via Account Registration and File Upload Vulnerability in GrowthBook Arbitrary File Write and Remote Code Execution Vulnerability in Discourse Remote Code Execution Vulnerability in vm2 Sandbox Unauthorized Theme Creation and Editing Vulnerability in Discourse Command Injection Vulnerability in Poetry's Git Dependency Handling Special Element Injection Vulnerability in OctoPrint GitHub Repository Arbitrary Code Execution via Git Dependency Handling in Poetry Vulnerability: Pre-Enabling Recovery Code Generation in SFTPGo Hash Collision Vulnerability in SilverwareGames.io Version 1.1.8 and Prior Vulnerability: Account Email Hijacking in RubyGems.org Information Exposure Vulnerability in Nextcloud Server Nextcloud Files Access Control App File Name Disclosure Vulnerability Vulnerability: Man-in-the-Middle Attack in NodeBB Forum Software SSO Process Electron Vulnerability: Exposure of Sensitive Information via SMB Redirect Memory Allocation Vulnerability in Binary Encoding/Decoding Library Vulnerability: Enumeration of Internal and Protected Fields in Parse Server Stored Cross-site Scripting (XSS) vulnerability in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha Session hijacking and code execution vulnerability in Wikmd prior to version 1.7.1 Path Traversal Vulnerability in Wikmd Prior to Version 1.7.1 Local File Inclusion Vulnerability in mangadex-downloader (versions 1.3.0 - 1.7.1) Untrusted Source CPU Consumption Vulnerability in JOSE Arbitrary AQL Query Injection in cruddl's @flexSearchFulltext Bypass of `WithUnsafeBuiltins` Protection in Open Policy Agent (OPA) Out-of-Bound Write Vulnerability in linked_list_allocator OAuthLib 3.1.1 - 3.2.1: Denial of Service and URI Validation Vulnerability Inadequate Permissions Vulnerability in GoCD Windows Installations Authentication Bypass Vulnerability in KubeVela's VelaUX APIServer Stored Cross-Site Scripting Vulnerability in GetYourGuide Ticketing WordPress Plugin XWiki Platform Old Core User Activation Bypass Vulnerability XWiki Platform Web Templates Information Disclosure Vulnerability XWiki Platform Old Core Template Bypass Vulnerability XWiki Platform Web Templates User Account Creation Vulnerability XWiki Platform Web Parent POM Attachment History JavaScript Execution Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in XWiki Platform XWiki Platform Index UI JavaScript Execution Vulnerability XWiki Platform Attachment UI Attachment Name JavaScript Execution Vulnerability Stored Code Execution Vulnerability in XWiki Platform Mentions UI Arbitrary Code Execution in XWiki Platform Wiki UI Main Wiki Stored Cross-Site Scripting Vulnerability in Jeeng Push Notifications WordPress Plugin Arbitrary Code Execution and Content Disclosure Vulnerability in XWiki Platform Applications Tag and XWiki Platform Tag UI Sensitive Data Exposure in Shopware Backend Administration ACL Bypass Vulnerability in Shopware Improper Validation of Talos API Certificate Issuance Recursive Amplification Vulnerability in TYPO3 User Account Existence Disclosure Vulnerability in TYPO3 TYPO3 Backend Password Reset Link Expiry Time Bypass Vulnerability TYPO3 FileDumpController Cross-Site Scripting Vulnerability Cross-Site Scripting Vulnerability in TYPO3's f:asset.css View Helper Vulnerability: Privilege Escalation via Supplementary Group Manipulation in Moby (Docker Engine) Lenovo App Store Information Disclosure Vulnerability: Unauthorized Access to Sensitive User Data Improper Authorization in Netmaker Prior to v0.15.1 Allows Non-privileged Users to Execute Privileged API Calls Vulnerability: Falsified Proof Acceptance in immudb Client SDKs SSRF Vulnerability in GLPI Allows Server-side Scanning and Blind SSRF Cargo Symbolic Link Extraction Vulnerability Cargo Vulnerability: Unrestricted Data Extraction in Compressed Archives Blue Prism Enterprise Vulnerability: Unauthorized Access and Code Injection Vulnerability: Unauthorized Access and Code Execution in Blue Prism Application Server Authentication Bypass and Credential Spoofing Vulnerability in Blue Prism Enterprise Unauthorized Access Control Bypass in Blue Prism Enterprise Remote Code Execution via Insecure Deserialization in Blue Prism Enterprise Vulnerability: Unauthorized Access and Execution of MSSQL Stored Procedures in Blue Prism Application Server Vulnerability: Unauthorized Access and URL Spoofing in Blue Prism Enterprise Improper Permissions Setting Vulnerability in Automox Agent on Windows Linux Kernel Denial of Service and Privilege Escalation Vulnerability Memory Consumption Vulnerability in Apache Avro Rust SDK Apache Avro Rust SDK Prior to 0.14.0: Vulnerability in Data Reading Leading to Application Crash Arbitrary Code Execution Vulnerability in Inductive Automation Ignition Apache SkyWalking NodeJS Agent Unavailability Vulnerability Unauthenticated API Endpoint Vulnerability in HashiCorp Vault Enterprise Denial of Service Vulnerability in GitLab CE/EE Versions Before 15.7.2 Privilege Escalation in HashiCorp Boundary up to 0.10.1 Stored XSS Vulnerability in Better PDF Exporter Add-on for Atlassian Jira Authentication Bypass Vulnerability in Epson TM-C3500 and TM-C7500 Devices XSS Vulnerability in ChurchCRM Version 4.4.5: Storing XSS via Location Input Deposit Comment XSS Vulnerability in ChurchCRM Version 4.4.5: Storing XSS via location input sHeader Heap-Buffer Overflow Vulnerability in SWFMill Commit 53d7690 Authentication Bypass Vulnerability in Octopus Deploy Segmentation Violation Vulnerability in SWFMill Commit 53d7690 Segmentation Violation Vulnerability in SWFMill Commit 53d7690 Heap-Buffer Overflow Vulnerability in SWFMill Commit 53d7690 Heap-Buffer Overflow Vulnerability in SWFMill Commit 53d7690 Heap-Buffer Overflow Vulnerability in SWFMill Commit 53d7690 via base64_encode Segmentation Violation Vulnerability in SWFMill Commit 53d7690 Memory Allocation Vulnerability in SWFMill Commit 53d7690 Floating Point Exception (FPE) Vulnerability Discovered in fdkaac Commit 53fe239 Heap-Use-After-Free Vulnerability in tifig v0.2.2 via temInfoEntry() Heap-Buffer Overflow Vulnerability in tifig v0.2.2 via __asan_memmove Segmentation Violation Vulnerability in tifig v0.2.2 via getType() at /common/bbox.cpp Memory Leak Vulnerability in tifig v0.2.2 via operator new[](unsigned long) Segmentation Violation in tifig v0.2.2: std::vector<unsigned int, std::allocator<unsigned int> >::size() const vulnerability Resource Allocation Issue in tifig v0.2.2: Operator new(unsigned long) Vulnerability Insecure Permissions in XXL-JOB: Execution of Admin Functions with Low Privilege Account Insecure Permissions in Wireless LAN Manager Interface Allows Root Privilege Escalation Hard Coded Root Password Vulnerability in Contec FXA3200 Version 1.13 and Under Denial of Service Vulnerability in OctoRPKI due to CA Chain Length SQL Injection Vulnerability in Orange Station 1.0 via Username Parameter Directory Traversal Vulnerability in Wuzhicms 4.1.0 via /coreframe/app/attachment/admin/index.php Hardcoded Credentials in MapGIS 10.5 Pro IGServer: Privilege Escalation and File Deletion Vulnerability Arbitrary File Deletion Vulnerability in MapGIS IGServer 10.5.6.11 TLS Man-in-The-Middle Vulnerability in FreshService Agents Vulnerability: Broken Integrity Checking in FreshService Agents Improper Session Handling in Fusiondirectory 1.3 Stored Cross-Site Scripting Vulnerability in Spacer WordPress Plugin Cross Site Scripting (XSS) Vulnerability in Fusiondirectory 1.3 Clickjacking Vulnerability in Hashicorp Boundary v0.8.0: Exploiting User Actions and Credentials Null Pointer Dereference Vulnerability in GPAC 2.1-DEV-revUNKNOWN-master Memory Leak Vulnerability in Linux Kernel Bluetooth Component (VDB-211918) Use-After-Free Vulnerability in GPAC mp4box 2.1-DEV-revUNKNOWN-master Heap-buffer-overflow vulnerability in gf_isom_dovi_config_get function of isomedia/avc_ext.c:2490 Persistent Data Modification and Deletion Vulnerability in School Management System 1.0 Cross Site Scripting (XSS) Vulnerability in Centreon 22.04.0 via Pollers > Broker Configuration Arbitrary File Upload Vulnerability in BigTree CMS 4.4.16 Allows Remote Code Execution via Crafted PDF File Critical SQL Injection Vulnerabilities in Bus Pass Management System 1.0 Use After Free Vulnerability in Exim's DMARC Handler (VDB-211919) Vulnerability: Credentials Exposed in URL of FiberHome VDSL2 Modem HG150-Ub_V3.0 Blind SQL Injection Vulnerability in Doctor’s Appointment System v1.0 via settings.php Incorrect Access Control in Doctor's Appointment System1.0 via edoc/patient/settings.php Cross Site Scripting (XSS) Vulnerability in Doctor's Appointment System 1.0 Allows Administrator Account Takeover Remote Code Execution Vulnerability in Linux Kernel Critical Remote Code Execution Vulnerability Found in DedeBIZ v6's sys_info.php Remote Code Execution Vulnerability in DedeCMS v5.7.94 - v5.7.97 member_toadmin.php Authorization Bypass Vulnerability in Blog2Social WordPress Plugin Code Execution via Print Dialog in Safe Exam Browser (Windows) <3.4.0 Authenticated Path Traversal Vulnerability in Nokia Fastmile 3tg00118abad52 Default Hardcoded Admin Account in Nokia Fastmile 3tg00118abad52 Devices Shipped by Optus Stored XSS Vulnerability in Emby Server 4.6.7.0 Allows Theft of Administrator Access Token and Account XunRuiCMS V4.5.6 CSRF Vulnerability Cross Site Request Forgery (CSRF) Vulnerability in EyouCMS V1.5.8-UTF8-SP1 Remote Download Getshell Vulnerability in SiteServerCMS 5.X via /SiteServer/Ajax/ajaxOtherService.aspx NULL Pointer Dereference Vulnerability in libarchive Insecure Permissions in Nokelock Smart Padlock O1 Version 5.3.0 Race Condition Vulnerability in Linux Kernel's BPF Component (VDB-211921) Command Execution Vulnerability in pdf_info 0.5.3 due to Improper Use of Backticks Buffer Overflow Vulnerability in Tenda AC9 V15.03.2.13: Exploiting form_fast_setting_wifi_set via httpd Double Free Vulnerability in SimpleNetwork TCP Server Memory Leak Vulnerability in Linux Kernel's rlb_arp_xmit Function (VDB-211928) SQL Injection Vulnerability in Clinic's Patient Management System v1.0 via /pms/update_medicine.php?id= Directory Traversal Vulnerability in Shop Beat Studio Software Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Shop Beat Media Player 2.5.95 up to 3.2.57 Insecure Permissions Vulnerability in Shop Beat Media Player 2.5.95 up to 3.2.57 IDOR Vulnerability in Shop Beat Media Player 2.5.95 up to 3.2.57 via controlpanel.shopbeat.co.za Bypassing 2FA on API Level in Shop Beat Media Player 2.5.95 up to 3.2.57 Critical Use After Free Vulnerability in Linux Kernel's IPsec Component (VDB-211929) Cross-Site Request Forgery (CSRF) Vulnerability in Shop Beat Media Player 2.5.95 - 3.2.57 Cross Site Scripting (XSS) Vulnerability in Clinic's Patient Management System v1.0 via patients.php Multiple Persistent XSS Vulnerabilities in Tramyardg Hotel Management System 1.0 SQL Injection Vulnerability in SupplierDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in Inventory Management System 1.0 Allows Arbitrary SQL Command Execution SQL Injection Vulnerability in UserDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in CustomerDAO.java in InventoryManagementSystem 1.0 SQL Injection Vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0 Arbitrary File Deletion Vulnerability in TaoCMS 3.0.2 Arbitrary PHP Code Injection Vulnerability in taocms 3.0.2 Incorrect Access Control Vulnerability in StreamLabs Desktop Application 1.9.0 via obs64.exe Unauthenticated Remote Arbitrary File Upload Vulnerability in Airspan AirSpot 5410 Hidden System Command Web Page Vulnerability in Airspan AirSpot 5410 Stored XSS Vulnerability in Airspan AirSpot 5410 Version 0.3.4.1-4 and Below Unauthenticated Remote Command Injection in Airspan AirSpot 5410 Version 0.3.4.1-4 and Below Out-of-Bounds Write Vulnerability in LibTIFF 4.4.0 Arbitrary Code Execution Vulnerability in Clinic's Patient Management System v1.0 Outbyte PC Repair Installation File 1.7.112.7856 Vulnerability: Dll Hijacking Exploit SQL Injection Vulnerability in Mingsoft MCMS 5.2.8 via fieldName Parameter Command Injection Vulnerability in Tenda AC9 V15.03.2.21_cn via goform/SetSysTimeCfg SQL Injection Vulnerability in TCMAN GIM v8.0.1 via 'SqlWhere' Parameter in 'BuscarESM' Function Persistent XSS Vulnerability in TCMAN GIM v8.0.1 Privilege Escalation Vulnerability in Intel(R) Battery Life Diagnostic Tool Software Stack-based Buffer Overflow in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020's httpd delfile.cgi Functionality Buffer Overflow Vulnerability in Linux Kernel Broadcom Full MAC Wi-Fi Driver VMWGFX Driver OOB Memory Access Vulnerability Title: Authenticated Stored XSS Vulnerability in Roman Pronskiy's Search Exclude Plugin <= 1.2.6 for WordPress Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin allows unauthorized modification of PayPal email Authenticated Arbitrary File Upload Vulnerability in dmitrylitvinov Uploading SVG, WEBP, and ICO Files Plugin <= 1.0.1 for WordPress Uncaught Exception Vulnerability in Intel FCS Server Software: Potential Denial of Service via Physical Access Multiple CSRF Vulnerabilities in W3 Eden Download Manager Plugin for WordPress Denial of Service Vulnerability in Intel(R) Media SDK Software Memory Leak Vulnerability in Linux Kernel's vsock_connect Function (VDB-211930) CSRF Vulnerability in WPChill Gallery PhotoBlocks Plugin <= 1.2.6 Nintendo Wi-Fi Network Adaptor WAP-001 Buffer Overflow Vulnerability Unauthenticated Post Manipulation Vulnerability in JumpDEMAND Inc. ActiveDEMAND Plugin Memory Leak Vulnerability in Linux Kernel's IPsec Component (VDB-211931) Weak Password Enforcement in BF-OS Version 3.x up to 3.83 File Path Manipulation Vulnerability in BF-OS v3.00 - v3.83: Unauthorized Access to Sensitive Resources Cross-Site Scripting (XSS) Vulnerability in Vesta v1.0.0-5 via handle_file_upload function Cross-Site Scripting (XSS) Vulnerability in Vesta v1.0.0-5 via generate_response function at /web/api/v1/upload/UploadHandler.php Cross-Site Scripting (XSS) Vulnerability in Vesta v1.0.0-5 via /web/api/v1/upload/UploadHandler.php Sensitive File Enumeration and Download Vulnerability in AirVelocity 1500 SNMP Credentials Disclosure Vulnerability in AirVelocity 1500 and Related Models Airspan AirVelocity 1500 Web Management UI Plaintext SNMP Credentials Vulnerability Root Command Injection Vulnerability in Airspan AirVelocity 1500 Software Stored Cross-Site Scripting Vulnerability in OAuth Client by DigitialPixies WordPress Plugin Remote Command Execution via SNMP in Airspan AirVelocity 1500 Software XSS Vulnerability in Airspan AirVelocity 1500 SNMP Community Field CSRF Vulnerability in Airspan AirVelocity 1500 Software Version 15.18.00.2511 Infinite Loop DoS Vulnerability in file-type Package Windows Shortcut Remote Path Vulnerability Subresource Integrity Cache Poisoning Vulnerability in Firefox < 103 Redirect Disclosure Vulnerability in Firefox < 103 via Performance API Firefox for Android URL Length Denial of Service Vulnerability Reflected Parameter Vulnerability in Firefox and Thunderbird Coordinate Mismatch Vulnerability in CSS Overflow and Transform Interaction CSRF Vulnerability in OAuth Client by DigitalPixies WordPress Plugin Memory Corruption Vulnerability in Firefox < 103 Sensitive SSH Key Exposure in JetBrains TeamCity Build Parameter Injection Vulnerability in JetBrains TeamCity Input Field Sanitization Vulnerability SSL/TLS Renegotiation Vulnerability DOM-based Cross-Site Scripting (XSS) Vulnerability in Web Interface Uncontrolled Resource Consumption Vulnerability in Western Digital My Cloud Devices Path Traversal Vulnerability in Western Digital My Cloud Devices Arbitrary Share Creation and Sensitive Data Exfiltration Vulnerability in Western Digital My Cloud Devices Denial of Service Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi Devices Memory Leak in Linux Kernel's j1939_session_destroy Function (VDB-211932) Buffer Overflow Vulnerability in Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi Devices Impersonation Vulnerability in Western Digital My Cloud Devices Local Privilege Escalation Vulnerability in Trend Micro Apex One and Worry-Free Business Security Agents Stack Buffer Overflow Vulnerability in Insyde InsydeH2O with Kernel 5.0 through 5.5 SMM Callout Vulnerability in InsydeH2O Firmware Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Intel Compute Elements Firmware CSV Injection Vulnerability in Contact Form 7 Database Addon WordPress Plugin Unauthenticated Cache Deletion Vulnerability in MailOptin Plugin Stored XSS Vulnerability in AS – Create Pinterest Pinboard Pages Plugin <= 1.0 for WordPress Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in ideasToCode Enable SVG, WebP & ICO Upload Plugin <= 1.0.1 for WordPress Unquoted Search Path Vulnerability in JustSystems JUST Online Update for J-License CSRF Vulnerability in Metagauss Download Plugin <= 2.0.4 Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Max Foundry MaxButtons Plugin <= 9.2 for WordPress Alpine Press Alpine PhotoTile for Pinterest Plugin <= 1.3.1 Authenticated Stored XSS Vulnerability Potential Privilege Escalation Vulnerability in Intel (R) SPS Firmware Insecure Default Variable Initialization in Intel NUC BIOS Firmware: Potential Denial of Service Vulnerability Critical Use After Free Vulnerability in Linux Kernel's IPsec Component (VDB-211934) Stored Cross-Site Scripting Vulnerability in PukiWiki Versions 1.3.1 to 1.5.3 Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software Unauthenticated Access to ProfileGrid User Profiles and Communities Heap Out-of-Bounds Read Vulnerability in OpenImageIO RLA Format Parser Stored Cross-Site Scripting (XSS) Vulnerability in PluginlySpeaking Easy Org Chart Plugin <= 3.1 for WordPress Authenticated Stored XSS Vulnerability in Liam Gladdy / Thirty8 Digital Culture Object Plugin <= 4.0.1 for WordPress Unauthenticated Reflected XSS Vulnerability in Webpsilon ULTIMATE TABLES Plugin <= 1.6.5 CSRF Vulnerability in SEO Scout Plugin Allows Unauthorized Settings Modification Reflected File Download (RFD) Vulnerability in Django FileResponse Critical Use After Free Vulnerability in Linux Kernel Ethernet Handler (VDB-211935) Firmware Manipulation Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) Title: Multiple LOGO! Series Vulnerability Allows Remote Code Execution Vulnerability: Unauthenticated Remote IP Address Manipulation in LOGO! Devices Vulnerability in LOGO! Series PLCs Allows Memory Content Retrieval Apache Calcite Avatica JDBC Driver HTTP Client Class Instantiation Vulnerability WHA Crossword Plugin <= 1.1.10 WordPress Multiple Authenticated Stored XSS Vulnerabilities Intel(R) Support Android Application Incorrect Default Permissions Vulnerability Multiple Stored Cross-Site Scripting Vulnerabilities in IPFire Web User Interface Improper Access Control in Intel QATzip Software: Local Privilege Escalation Vulnerability Denial of Service Vulnerability in Linux Kernel's BlueZ Component (VDB-211936) Vulnerability: Privilege Escalation via Local Access in Intel(R) NUC Boards and Kits Buffer Overflow Vulnerability in Intel(R) NUC BIOS Firmware Allows Privilege Escalation via Local Access Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Simon Ward MP3 jPlayer Plugin <= 2.7.3 for WordPress Privilege Escalation Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools WordPress Options Change Vulnerability in Biplob Adhikari's Tabs Plugin <= 3.6.0 Rank Math SEO Plugin SSRF Vulnerability in WordPress Insecure Inherited Permissions in Intel Wireless Adapter Driver Installation Software for Intel NUC Kits & Mini PCs Authenticated Stored XSS Vulnerability in PluginlySpeaking Floating Div Plugin <= 3.0 for WordPress CSRF Vulnerability in YooMoney ЮKassa для WooCommerce Plugin <= 2.3.0 Uncontrolled Search Path Vulnerability in Intel(r) NUC Kit Wireless Adapter Driver Installer Nintendo Wi-Fi Network Adaptor WAP-001: OS Command Injection Vulnerability Denial of Service Vulnerability in Intel Ethernet Network Controllers and Adapters Authenticated Stored Cross-Site Scripting (XSS) Vulnerabilities in WHA Word Search Puzzles Game Plugin <= 2.0.1 for WordPress Unquoted search path vulnerability in Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 Unauthenticated Firmware Modification Vulnerability in CMS8000 Devices Authenticated Arbitrary Code Execution in Soflyy Import any XML or CSV File to WordPress Plugin <= 3.6.7 Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress CSRF Vulnerability in YDS Support Ticket System Plugin for WordPress CSRF Vulnerability in WordPlus Better Messages Plugin GitLab CE/EE Vulnerability: Branch Creation CPU Exhaustion Totalsoft Event Calendar – Calendar plugin <= 1.4.6 WordPress Authenticated Reflected Cross-Site Scripting (XSS) Vulnerability Privilege Escalation Vulnerability in Intel(R) NUC Pro Software Suite Denial of Service Vulnerability in Intel(R) AMT and Intel(R) Standard Manageability Firmware Contest Gallery Plugin <= 17.0.4 Authenticated SQL Injection Vulnerability Privilege Escalation Vulnerability in Intel(R) Aptio* V UEFI Firmware Integrator Tools Privilege Escalation Vulnerability in Intel(R) QAT Drivers for Linux Uncontrolled Search Path Vulnerability in Intel(R) Battery Life Diagnostic Tool Software Sensitive Information Exposure Vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars Critical Use After Free Vulnerability in Linux Kernel Bluetooth Component (VDB-211944) Path Traversal Vulnerability in Intel NUC Kit Wireless Adapter Driver Installer CSRF Vulnerability in TeraWallet – For WooCommerce Plugin Integer Overflow Vulnerability in vmwgfx Driver Allows Privilege Escalation and DoS Untrusted Search Path Vulnerability in Device Software Manager Installer CSRF Vulnerability in David Cole Simple SEO WordPress Plugin Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in amCharts: Charts and Maps Plugin <= 1.4 for WordPress CVE-2022-36407 Azure SQL Data Source Privilege Escalation Vulnerability in Devolutions Remote Desktop Manager Authentication Bypass Vulnerability in Zoho ManageEngine SupportCenter Plus API Vulnerability in Zoho ManageEngine ADSelfService Plus Allows Brute-Force Attack and Password Reset on IDM Applications Elevation of Privilege Breakout Vulnerability in Scooter Beyond Compare 4.2.0 through 4.4.2 before 4.4.3 DLL Hijacking Vulnerability in Scooter Beyond Compare Uninstaller Vulnerability: Privilege Escalation in Intel Ethernet 500 Series Controller Drivers for VMware 3D Tag Cloud Plugin <= 3.8 WordPress Vulnerability: Multiple Stored XSS via CSRF Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite Race Condition Vulnerability in Lester 'GaMerZ' Chan WP-PostRatings Plugin <= 1.89 Stack Overflow Vulnerability in OpenHarmony-v3.1.2 and Prior Versions: Potential DoS Attack on Network Devices CSRF Vulnerability in Nikola Loncar Easy Appointments Plugin <= 3.11.9 Unrestricted Access Control Vulnerability in Beaver Builder Plugin <= 2.5.4.3 for WordPress Unrestricted Access Control Vulnerability in About Rentals Plugin for WordPress Stage Rock Convert Plugin <= 2.11.0 WordPress Admin+ Cross-Site Scripting (XSS) Vulnerability Command Execution Vulnerability in Netgear Orbi Satellite RBS750 4.6.8.5 Vulnerability: NIC Interface Reset/Crash via Netback Arbitrary Code Execution via File Upload in Rocket TRUfusion Enterprise Cross-site Scripting (XSS) Vulnerability in Amasty Blog Pro 2.10.3 Plugin for Magento 2 XSS Vulnerability in Amasty Blog Pro 2.10.3 Plugin for Magento 2 VNCServerAuthenticator Authentication Bypass Vulnerability in OSU Open Source Lab VNCAuthProxy Remote Identity Manipulation Vulnerability in Hazelcast and Hazelcast Jet Weak File Permissions Vulnerability in ASUS System Control Interface 3 and AsusSwitch.exe Privilege Escalation and File Manipulation Vulnerability in ASUS System Control Interface Insecure Token Storage and Exposure in Pulp Ansible's Remote Collection Reachable Assertion Vulnerability in Frrouting frr-bgpd 8.3.0: Potential DoS via Malicious BGP Open Packets Unauthorized Application Launch and Bypass in Zebra Enterprise Home Screen 4.1.19 Unauthorized Application Installation Vulnerability in Zebra Enterprise Home Screen 4.1.19 Unrestricted Physical Connection Vulnerability in Zebra Enterprise Home Screen 4.1.19 Remote Code Execution Vulnerability in Atos Unify OpenScape SBC, Branch, and BCF HTML Injection Vulnerability in Webmin before 1.997 Chia Network CAT1 Standard 1.0.0 Inflation Vulnerability SMM Memory Corruption Vulnerability in InsydeH2O with Kernel 5.0 through 5.5 Arm Mali GPU Kernel Driver Vulnerability: Memory Disclosure and Buffer Overflow Remote Code Execution Vulnerability in Obsidian 0.14.x and 0.15.x Mitel MiCollab Server-Side Request Forgery (SSRF) Vulnerability Arbitrary Code Execution Vulnerability in Mitel MiCollab Web Conferencing Component Mitel MiCollab Client API Authorization Bypass Vulnerability Improper Authorization Controls in Mitel MiCollab Client API: User Profile Modification Vulnerability Command Injection Vulnerability in TOTOLink A3600R V4.1.2cu.5182_B20201102 via /cstecgi.cgi Command Injection Vulnerability in TOTOLink A720R V4.1.5cu.532_B20210610 via /cstecgi.cgi Command Injection Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via setTracerouteCfg Function Command Injection Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via host_time Parameter Memory Leak Vulnerability in Linux Kernel's BPF Component (VDB-211961) Command Injection Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 Firmware UploadFirmwareFile Function Command Injection Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via hostName Parameter in setOpModeCfg Function Stack Overflow Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via lang Parameter in setLanguageCfg Function Stack Overflow Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via setTracerouteCfg Command Parameter Stack Overflow Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via sPort Parameter in setIpPortFilterRules Function Stack Overflow Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via pppoeUser Parameter Stack Overflow Vulnerability in TOTOLINK A3700R V9.1.2u.6134_B20201202 via setDiagnosisCfg Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via EditMacList.d Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via Asp_SetTimingtimeWifiAndLed Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via SetAPWifiorLedInfoById Function Denial of Service Vulnerability in Redis Crash Report Function (VDB-211962) Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via SetAP5GWifiById Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via SetMacAccessMode Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via SetMobileAPInfoById Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via Edit_BasicSSID_5G Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via WlanWpsSet Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via AddMacList Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via AddWlanMacList Function Stack Overflow Vulnerability in H3C B5 Mini B5MiniV100R005 via Edit_BasicSSID Function Command Injection Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via host_time Parameter Stack Overflow Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via setTracerouteCfg Command Parameter Command Injection Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via setDiagnosisCfg Function Command Injection Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via lang Parameter in setLanguageCfg Function Stack Overflow Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via pppoeUser Parameter Stack Overflow Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via setDiagnosisCfg Function Command Injection Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via hostName Parameter in setOpModeCfg Function Command Injection Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 Firmware Upload Function Command Injection Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 Stack Overflow Vulnerability in TOTOLINK N350RT V9.3.5u.6139_B20201216 via sPort Parameter in setIpPortFilterRules Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via EnableIpv6 Function Use After Free Vulnerability in Linux Kernel's nilfs_new_inode Function (VDB-211992) Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via EditMacList Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via UpdateIpv6Params Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via AddMacList Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003: SetAPWifiorLedInfoById Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via edditactionlist Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via addactionlist Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via SetMobileAPInfoById Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via Edit_BasicSSID_5G Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via Asp_SetTimingtimeWifiAndLed Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via DEleteusergroup Function Ceph Privilege Escalation via Ceph-crash.service Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via EditWlanMacList Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via UpdateSnat Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via UpdateWanParams Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via UpdateMacClone Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via Edit_BasicSSID Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via EDitusergroup Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via SetMacAccessMode Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via AddWlanMacList Function Stack Overflow Vulnerability in H3C Magic NX18 Plus NX18PV100R003 via SetAPInfoById Function Command Injection Vulnerability in H3C GR3200 MiniGR1B0V100R014 via DelL2tpLNSList Param Command Injection Vulnerability in H3C GR2200 MiniGR1A0V100R014 Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via EditApAdvanceInfo Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via edditactionlist Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via WanModeSetMultiWan Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via addactionlist Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006: ap_version_check Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via debug_wlan_advance Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via EditWlanMacList Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via AddWlanMacList Function Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via DEleteusergroup Function Arbitrary Administrator Account Addition Vulnerability in cskefu v7.0.1 MikroTik RouterOS v6.48.3 Denial of Service Vulnerability in /advanced-tools/nova/bin/netwatch Command Injection Vulnerability in D-Link Go-RT-AC750 Routers Static Default Credentials Vulnerability in D-Link GO-RT-AC750 Routers Buffer Overflow Vulnerability in D-Link Go-RT-AC750 Routers Authentication Bypass Vulnerability in D-Link GO-RT-AC750 Routers Arbitrary Web Script Execution in Jfinal CMS v5.1.0 via Crafted Payload in Post Title Field Multiple SQL Injection Vulnerabilities in Kensite CMS v1.0 via name and oldname Parameters Vulnerability: Heap Buffer Overflow in Vulkan in Google Chrome XSS Vulnerability in User Agent Parameters of rageframe2 2.6.37's info.php Page Remote Code Execution Vulnerability in Bolt CMS 5.1.12 and Below Cross-Site Scripting (XSS) Vulnerability in Syncovery 9 for Linux v9.47x and below Multiple Remote Code Execution Vulnerabilities in Syncovery 9 for Linux v9.47x and Below Privilege Escalation Vulnerability in Syncovery 9 for Linux v9.47x and below Sensitive Information Disclosure in ZK Framework's AuUploader Component ID Tampering Vulnerability in WeDayCare B.V Ouderapp v1.1.22 Heap Corruption Vulnerability in Google Chrome Layout Engine Arbitrary Data Manipulation Vulnerability in Edoc-doctor-appointment-system v1.0.1 SQL Injection Vulnerability in Edoc-doctor-appointment-system v1.0.1 SQL Injection Vulnerability in Edoc-doctor-appointment-system v1.0.1 SQL Injection Vulnerability in Edoc-doctor-appointment-system v1.0.1 CSRF Vulnerability in Edoc-doctor-appointment-system v1.0.1 Reflected Cross-Site Scripting (XSS) Vulnerability in Edoc-doctor-appointment-system v1.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in Edoc-doctor-appointment-system v1.0.1 Heap Buffer Overflow in Media Galleries in Google Chrome Arbitrary File Access and Remote Account Creation Vulnerability in Heartex - Label Studio Community Edition 1.5.0 and Earlier Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below - Data Theft Vulnerability Command Injection Vulnerability in Hytec Inter HWL-2511-SS v1.05 and Below Command Injection Vulnerability in Hytec Inter HWL-2511-SS v1.05 and Below Weak Root Account Hashing in Hytec Inter HWL-2511-SS v1.05 and Below Command Injection Vulnerability in Seiko SkyBridge MB-A100/A110 v4.2.0 and Below Arbitrary File Upload Vulnerability in Seiko SkyBridge MB-A100/A110 v4.2.0 and Below Hard-coded Root Passcode Vulnerability in Seiko SkyBridge MB-A100/A110 v4.2.0 and Below Command Injection Vulnerability in Seiko SkyBridge MB-A200 v01.00.04 and Below File System Bypass Vulnerability in Google Chrome (Chromium security severity: Medium) Seiko SkyBridge MB-A200 v01.00.04 and below: Multiple Hard-Coded Root Passcodes Vulnerability Segmentation Violation Vulnerability in XPDF v4.0.4 via AcroForm.cc:538 Arbitrary Code Execution Vulnerability in Rubyinstaller2 v3.1.2 and Below Arbitrary Code Execution via Incorrect Access Control in Rubyinstaller2 v3.1.2 and Below Arbitrary Code Execution Vulnerability in StrawberryPerl v5.32.1.1 and Below Arbitrary Code Execution via Incorrect Access Control in Wamp v3.2.6 and Below Command Injection Vulnerability in Rengine v1.3.0's Scan Engine Function Stack Overflow Vulnerability in Tenda AC9 V15.03.05.19 via /goform/setPptpUserList Stack Overflow Vulnerability in Tenda AC9 V15.03.05.19 via deviceList Parameter at /goform/setMacFilterCfg Use After Free Vulnerability in Google Chrome Extensions Stack Overflow Vulnerability in Tenda AC9 V15.03.05.19 via /goform/SetLEDCfg Time Parameter Stack Overflow Vulnerability in Tenda AC9 V15.03.05.19 via /goform/WanParameterSetting Remote Code Execution (RCE) Vulnerability in Sinsiu Sinsiu Enterprise Website System v1.1.1.0 Cross-Site Scripting (XSS) Vulnerability in Pagekit CMS v1.0.18 via Crafted Payload in Markdown Text Box CSRF Vulnerability Allows Unauthorized Addition of Admin in jizhicms v2.3.1 Critical SQL Injection Vulnerability in Jizhicms v2.3.1 CSRF Vulnerability in Wellcms 2.2.0 Use After Free Vulnerability in Feedback Service on Chrome OS Arbitrary File Upload Vulnerability in Online Ordering System v2.3.2 SQL Injection Vulnerability in Online Ordering System v2.3.2 via user_email Parameter at /admin/login.php Arbitrary File Upload Vulnerability in Garage Management System v1.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS V5.7.97 at /dede/co_do.php Buffer Overflow Vulnerability in Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE's getsinglepppuser Function Buffer Overflow Vulnerability in Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE's addDhcpRule Function Buffer Overflow Vulnerability in Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE's httpd Binary Buffer Overflow Vulnerability in Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE's httpd Binary Buffer Overflow Vulnerability in D-Link DAP1650 v1.04 Firmware's fileaccess.cgi Program Use After Free Vulnerability in Chrome OS Accessibility Arbitrary File Deletion Vulnerability in kkFileView v4.0.0 SQL Injection Vulnerability in Mapper v4.0.0 to v4.2.0 via ids Parameter in selectByIds Function SQL Injection Vulnerability in Mingsoft MCMS 5.2.8 via /mdiy/model/delete URI Omnibox Content Hiding Vulnerability in Google Chrome for Android Cross-Site Scripting (XSS) Vulnerability in BlogEngine v3.3.8.0's /blogengine/api/posts Component Eclipse TCF Debug Interface Vulnerability: Unauthenticated Remote Root Access InnoSilicon A10 a10_20200924_120556 Remote Code Execution (RCE) Vulnerability in setPlatformAPI Function InnoSilicon T3T+ t2t+_soc_20190911_151433.swu Remote Code Execution Vulnerability Unauthenticated Password Manipulation Vulnerability in Canaan Avalon ASIC Miner SQL Injection Vulnerability in Yimioa v6.1 via orderbyGET Parameter SQL Injection Vulnerability in Ywoa v6.1 via /oa/setup/checkPool?database SQL Injection Vulnerability in Clinic's Patient Management System v1.0 Cross-Origin Data Leakage Vulnerability in Google Chrome Extensions Hardcoded Root Password Vulnerability in TOTOLINK A720R V4.1.5cu.532_B20210610 Hardcoded Root Password Vulnerability in TOTOLINK A800R V4.1.2cu.5137_B20200730 Hardcoded Root Password Vulnerability in TOTOLINK A950RG V4.1.2cu.5204_B20210112 Hardcoded Root Password Vulnerability in TOTOLINK N600R V4.3.0cu.7647_B20210106 Hardcoded Root Password Vulnerability in TOTOLINK A860R V4.1.2cu.5182_B20201027 Hardcoded Root Password Vulnerability in TOTOLINK A3000RU V4.1.2cu.5185_B20201128 Hardcoded Root Password Vulnerability in TOTOLINK A810R Routers Arq Backup Vulnerability: Reversible Encryption of Backup Encryption Passwords Unauthenticated Network Reset Vulnerability in D-link DIR-816 A2_v1.10CNB04.img Critical Use After Free Vulnerability in Axiomatic Bento4's mp42hls Component (VDB-212002) Buffer Overflow Vulnerability in D-link DIR-816 and DIR-878 Routers NULL Pointer Dereference Vulnerability in Samsung Electronics mTower v0.3.0 and Earlier NULL Pointer Dereference Vulnerability in Samsung Electronics mTower v0.3.0 and Earlier Null Pointer Dereference Vulnerability in Axiomatic Bento4's AP4_StsdAtom Function (VDB-212003) Remote Code Execution via Command Injection in Teleport 9.3.6 Arbitrary Admin User Creation Vulnerability in ZKTeco ZKBioSecurity V5000 3.0.5_r ZKteco ZKBioSecurity V5000 4.1.3 SQL Injection Vulnerability in /baseOpLog.do Component SQL Injection Vulnerability in Garage Management System v1.0 via id parameter at /print.php Persistent XSS Vulnerability in Garage Management System v1.0 via brand_name Parameter at /brand.php Unauthenticated Access Control Vulnerability in Garage Management System v1.0 Stored XSS Vulnerability in Garage Management System v1.0 Allows Arbitrary Code Execution via Crafted Payload in Name Parameter Critical Heap-Based Buffer Overflow Vulnerability in Axiomatic Bento4 (CVE-2021-212004) Unauthenticated Command Execution in InfluxDB (CVE-2021-39224) Local File Disclosure Vulnerability in Telos Alliance Omnia MPX Node Global Buffer Overflow in PKUVCL davs2 v1.6.205 via parse_sequence_header() Remote Code Execution Vulnerability in QEMU's of_dpa_cmd_add_l2_flood Hardware Emulation Critical Heap-Based Buffer Overflow Vulnerability in Axiomatic Bento4's avcinfo Component (VDB-212005) Cross-Site Scripting (XSS) Vulnerability in Library Management System v1.0 NULL Pointer Dereference Vulnerability in xhyve Commit dfbe09b Critical Use After Free Vulnerability in Axiomatic Bento4 (VDB-212006) Stack Buffer Overflow in xhyve commit dfbe09b via pci_vtrnd_notify() NULL Pointer Dereference Vulnerability in xhyve Commit dfbe09b Blind SSRF Vulnerability in Gluu Oxauth before v4.4.1 Cross-Site Scripting (XSS) Vulnerability in Password Manager for IIS 2.0 via ResultURL Parameter Remote Code Execution (RCE) Vulnerability in Garage Management System 1.0 Stored Cross Site Scripting (XSS) Vulnerability in Garage Management System 1.0 Remote SQL Injection Vulnerability in Hospital Information System Version 1.0 Allows for Authentication Bypass Critical Heap-Based Buffer Overflow Vulnerability in Axiomatic Bento4 (VDB-212007) Privilege Escalation Vulnerability in PCProtect Endpoint Arbitrary File Download Vulnerability in Novel-Plus v3.6.2 Hard-coded JWT Key in Novel-Plus v3.6.2 Allows Unauthorized User Session Creation SQL Injection Vulnerability in Simple Task Scheduling System v1.0 SQL Injection Vulnerability in Simple Task Scheduling System v1.0 SQL Injection Vulnerability in Simple Task Scheduling System v1.0 CVE-2022-36677 SQL Injection Vulnerability in Simple Task Scheduling System v1.0 SQL Injection Vulnerability in Simple Task Scheduling System v1.0 Memory Leak Vulnerability in Axiomatic Bento4's mp4edit Component (VDB-212008) SQL Injection Vulnerability in Simple Task Scheduling System v1.0 SQL Injection Vulnerability in Simple Task Scheduling System v1.0 SQL Injection Vulnerability in Simple Task Scheduling System v1.0 SQL Injection Vulnerability in Simple Task Scheduling System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 Arbitrary File Deletion Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 Memory Leak Vulnerability in Axiomatic Bento4's AP4_AvccAtom::Create Function (VDB-212009) SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 Critical Heap-Based Buffer Overflow Vulnerability in Axiomatic Bento4's mp42hevc Component (VDB-212010) SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Library Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Ingredients Stock Management System v1.0 SQL Injection Vulnerability in Library Management System v1.0 at /student/bookdetails.php SQL Injection Vulnerability in Library Management System v1.0 Critical SQL Injection Vulnerability in SourceCodester eLearning System 1.0 (VDB-212014) SQL Injection Vulnerability in Library Management System v1.0 via id parameter at /staff/bookdetails.php SQL Injection Vulnerability in Library Management System v1.0 via id parameter at /staff/studentdetails.php SQL Injection Vulnerability in Library Management System v1.0 via Section Parameter SQL Injection Vulnerability in Library Management System v1.0 via Section Parameter at /staff/lab.php SQL Injection Vulnerability in Library Management System v1.0 via name parameter at /admin/search.php SQL Injection Vulnerability in Library Management System v1.0 SQL Injection Vulnerability in Library Management System v1.0 via ok parameter at /admin/history.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sanitization Management System 1.0 SQL Injection Vulnerability in Library Management System v1.0 at /admin/modify1.php SQL Injection Vulnerability in Library Management System v1.0 via Textbook Parameter at /admin/modify.php SQL Injection Vulnerability in Library Management System v1.0 via title parameter at /librarian/history.php SQL Injection Vulnerability in Library Management System v1.0 via M_Id parameter at /student/dele.php SQL Injection Vulnerability in Library Management System v1.0 via bookId Parameter at /staff/delete.php SQL Injection Vulnerability in Library Management System v1.0 via RollNo Parameter SQL Injection Vulnerability in Library Management System v1.0 via M_Id Parameter at /librarian/del.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sanitization Management System 1.0 SQL Injection Vulnerability in Library Management System v1.0 SQL Injection Vulnerability in Library Management System v1.0 via RollNo Parameter SQL Injection Vulnerability in Library Management System v1.0 SQL Injection Vulnerability in Library Management System v1.0 via M_Id Parameter at /admin/del.php SQL Injection Vulnerability in Library Management System v1.0 via RollNo Parameter SQL Injection Vulnerability in Library Management System v1.0 via bookId Parameter at /admin/delete.php Clickjacking Vulnerability in Jitsi-2.10.5550 Web UI Critical Remote Authentication Bypass Vulnerability in SourceCodester Sanitization Management System 1.0 (VDB-212017) Cross-Site Scripting (XSS) Vulnerability in LibreNMS v22.6.0 via print-customoid.php Cross-Site Scripting (XSS) Vulnerability in LibreNMS v22.6.0 via oxidized-cfg-check.inc.php Cross-Site Scripting (XSS) Vulnerability in Razor v0.8.0 via uploadchannel() Function Cross-Site Scripting (XSS) Vulnerability in PicUploader v2.6.3 via /master/index.php Command Injection Vulnerability in RPi-Jukebox-RFID v2.3.0 via /htdocs/utils/Files.php Misconfiguration in Fedora CoreOS Allows Unauthorized Booting of Older Versions SQL Injection Vulnerability in Clinic's Patient Management System v1.0 via /pms/update_user.php?id= Out-of-Bounds Write Vulnerability in png2webp v1.0.4 via w2p Function SQL Injection Vulnerability in Expense Management System v1.0 D-Link DIR845L A1 Authentication Vulnerability via AUTHORIZED_GROUP=1 Command Injection Vulnerability in DIR845L A1 v1.00-v1.03 via /htdocs/upnpinc/gena.php SQL Injection Vulnerability in Online Food Ordering System v1.0 via /dishes.php?res_id= Interface Inlining Vulnerability in Eclipse Openj9 HTTP Request Smuggling Vulnerability in Apache HTTP Server 2.4.54 and Earlier Versions Heap Buffer Overflow Vulnerability in Tcg2MeasureGptTable() Function in EDK2 Heap Buffer Overflow Vulnerability in EDK2's Tcg2MeasurePeImage() Function EDK2 CreateHob() Function Integer Overflow Vulnerability Privilege Escalation Vulnerability in IBM AIX and VIOS Privileged User File Upload Vulnerability in IBM Cloud Pak for Data 4.5 and 4.6 CSRF Vulnerability in Advanced Import WordPress Plugin Allows Arbitrary Plugin Installation and Activation Unauthorized Access to Sensitive Information in IBM QRadar User Behavior Analytics Privilege Escalation Vulnerability in IBM InfoSphere Information Server 11.7 XML External Entity Injection (XXE) Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Man-in-the-Middle Vulnerability in IBM Robotic Process Automation 21.0.0-21.0.2 HTTP Header Injection Vulnerability in IBM Security Verify Access 10.0.0.0 - 10.0.4.0 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Security (CP4S) 1.10.0.0 and 1.10.2.0 Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) and IBM QRadar Suite Software Cross-Site Scripting (XSS) Vulnerability in Worker Nickname Input Unauthenticated OS Command Injection in PROSCEND Industrial Cellular Router Unauthenticated Access to Recorded Calls in Avdor CIS Phone Call Recorder WiseConnect - ScreenConnect Session Code Brute Force Vulnerability Pal Electronics Systems - PalGate Authorization Bypass Vulnerability FireFlow Reflected Cross-Site Scripting (RXSS) Vulnerability in AlgoSec Elsight Halo Web Panel Remote Code Execution Vulnerability D-Link G Integrated Access Device Information Disclosure & Authorization Bypass Vulnerability DLINK DSL-224 Router: Remote Command Execution via NTP Configuration Interface webvendome SQL Injection in DocNumber Parameter Heap-based Buffer Overflow in Slic3r libslic3r 1.3.0 and Master Commit b1a5500 BIOS Firmware Vulnerability in Intel NUC 10 Performance Kits and Mini PCs: Local Privilege Escalation Unserializing Vulnerability in Starter Templates by Kadence WP WordPress Plugin Authenticated Stored XSS vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 for WordPress Critical Unauthenticated Plugin Settings Change & Data Deletion Vulnerabilities in WP Shop Plugin <= 3.9.6 Denial of Service Vulnerability in Intel(R) SPS Firmware Undisclosed Traffic Vulnerability in BIG-IP Virtual Server CSRF Vulnerability Exploiting Stored XSS in CallRail Phone Call Tracking Plugin Denial of Service Vulnerability in Intel Ethernet 500 Series Controller Drivers for VMware CSRF Vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder Plugin Jira Server and Data Center Template Injection Vulnerability Information Disclosure Vulnerability in Atlassian Jira Service Management Server and Data Center (CVE-2021-26084) Reflected Cross-Site Scripting (RXSS) Vulnerability in Atlassian Jira Server and Data Center (CVE-2021-26084) Server-Side Request Forgery (SSRF) Vulnerability in Atlassian Jira Align Privilege Escalation: MasterUserEdit API Allows Modification of User Roles to Super Admin Arbitrary Code Execution in Atlassian Bitbucket Server and Data Center Wireless Network Brute Force Vulnerability in MR2600 Router v1.0.18 and Earlier SDM600 File Permission Validation Vulnerability Charm by Samsung: ReleaseAlarm PendingIntent Hijacking Vulnerability Title: SDM600 API Web Services Authorization Validation Vulnerability Charm by Samsung: PendingIntent Hijacking Vulnerability in cancelAlarmManager Path Traversal Vulnerability in Samsung Notes Prior to Version 4.3.14.39: Unauthorized File Access Improper Access Control Vulnerability in Cameralyzer Allows Unauthorized External Storage Access Privilege Escalation via Package Name Manipulation in Game Optimizing Service Sensitive Information Exposure in Game Launcher v6.0.07 and earlier: Local Attacker Access to App Data Arbitrary File Access Vulnerability in Samsung Internet Browser (prior to version 17.0.7.34) through Implicit Intent Hijacking Charm by Samsung Unprotected Provider Vulnerability Intent Redirection Vulnerability in Samsung Email (prior to version 6.1.70.20) Enables Sensitive Information Retrieval Galaxy Wearable Implicit Intent Hijacking Vulnerability: Exposing Sensitive Information SQL Injection Vulnerability in Samsung Checkout Allows Unauthorized Access to IAP Information SDM600 Endpoint Denial of Service Vulnerability Samsung Update Setup DLL Hijacking Vulnerability Heap-based Overflow Vulnerability in libSDKRecognitionText.spensdk.samsung.so Library Heap-based Overflow Vulnerability in prepareRecogLibrary Function Heap-based Overflow Vulnerability in libSDKRecognitionText.spensdk.samsung.so Library Heap-based Overflow Vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so Library Heap-based Overflow Vulnerability in libSDKRecognitionText.spensdk.samsung.so Library Heap-based Overflow Vulnerability in ConstructDictionary Function Title: MTP Driver Use After Free Vulnerability Enables Malicious Actions (SMR Sep-2022 Release 1) Improper Authorization Vulnerability in setDualDARPolicyCmd: Local Permanent Denial of Service Critical Use After Free Vulnerability in sdp_mm_set_process_sensitive Function Privilege Escalation Vulnerability in SDM600 Software Path Traversal Vulnerability in CallBGProvider: Arbitrary File Overwrite with Phone UID Improper Access Control Vulnerability in Samsung Pass: Unauthorized Data Access on Unlocked Devices Local Unauthorized Access to Internal Application Data in Video Editor Intent Redirection Vulnerability in Photo Editor: Exposing Sensitive Information Unauthenticated Out-of-Bounds Read Vulnerability in libapexjni.media.samsung.so Memory Access Fault Exploit: Use After Free Vulnerability in iva_ctl Driver Unauthorized Emergency Call Initiation Vulnerability in Telecom Application Unauthorized Access to Internal Application Data in Photo Editor Heap-based Overflow Vulnerability in GetCorrectDbLanguageTypeEsPKc() Function XSS Vulnerability in SmartTagPlugin Prior to Version 1.2.21-6 SDM600 Endpoint Denial of Service Vulnerability Heap-based Overflow Vulnerability in LoadEnvironment Function of libSDKRecognitionText.spensdk.samsung.so Library Custom Permission Misuse Vulnerability in SystemUI: Unauthorized Access to Protected Functions Heap-based Overflow Vulnerability in libSDKRecognitionText.spensdk.samsung.so Library Heap-based Overflow Vulnerability in GetCorrectDbLanguageTypeEsPKc Function Improper Access Control and Intent Redirection in Samsung Email: Unauthorized File Access and Privileged Execution Group Sharing Vulnerability: Unauthorized Access to Device Information Device Identification Vulnerability in Broadcaster in Group Sharing Improper Access Control Vulnerability in Editor Lite 4.0.40.14: Unauthorized Access to Sensitive Information Bluetooth Device MAC Address Leakage in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 Improper Access Control Vulnerability in ContactsDumpActivity MTransferNotificationManager Implicit Intent File Access Vulnerability NotiCenterUtils Pending Intent Hijacking Vulnerability in Samsung Pay SpayNotification Pending Intent Hijacking Vulnerability Bluetooth Device MAC Address Leakage in GalaxyStoreBridgePageLinker Unauthorized Access to Device IMEI and Serial Number in Waterplugin prior to 2.2.11.22040751 Broadcast Intent Vulnerability in SaWebViewRelayActivity of Waterplugin (version 2.2.11.22081151) Allows Unauthorized File Access Unauthorized Access to UPI Payment Account List in Samsung Pass (prior to version 4.0.04.10) Information Disclosure Vulnerability in FaqSymptomCardViewModel in Samsung Members Find My Mobile Local Information Disclosure Vulnerability Double Refcount Drop Vulnerability in Linux Kernel CSRF Vulnerability in WPQA Builder WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Webmin and Usermin's Read Mail Module Jenkins Git Client Plugin: SSH Host Key Verification Bypass Vulnerability Jenkins Git Plugin CSRF Vulnerability Allows Unauthorized Build Triggering and Commit Manipulation Unauthenticated Remote Code Execution in Jenkins Git Plugin Unauthenticated Information Disclosure in Jenkins Git Plugin 4.11.3 and Earlier Timing Vulnerability in Jenkins GitHub Plugin CSRF Vulnerability in Jenkins External Monitor Job Type Plugin Allows Unauthorized External Job Runs CSRF Vulnerability in Jenkins Job Configuration History Plugin Allows Unauthorized Configuration Modifications Vulnerability: Unauthorized Access to Credentials in Jenkins HashiCorp Vault Plugin Arbitrary File Upload Vulnerability in Jenkins Deployer Framework Plugin SQL Injection Vulnerability in HTML Forms WordPress Plugin Arbitrary File Existence Check Vulnerability in Jenkins Deployer Framework Plugin Vulnerability: Unauthorized Access to Deployment Logs in Jenkins Deployer Framework Plugin Unauthenticated File Pattern Matching Vulnerability in Jenkins rhnpush-plugin Plugin Jenkins rpmsign-plugin Plugin 0.5.0 and earlier - Permission Check Bypass in Form Validation Method Arbitrary File Write Vulnerability in Jenkins CLIF Performance Testing Plugin Vulnerability: Unauthorized Enumeration of Compuware Configurations and Credentials in Jenkins Compuware Topaz Utilities Plugin Vulnerability: Unauthorized Enumeration of Compuware Configurations and Credentials in Jenkins Vulnerability: Unauthorized Enumeration of Compuware Configurations and Credentials in Jenkins Compuware Xpediter Code Coverage Plugin Vulnerability: Unauthorized Enumeration of Compuware Configurations and Credentials in Jenkins Compuware ISPW Operations Plugin Unrestricted Execution Vulnerability in Jenkins Compuware ISPW Operations Plugin Stored Cross-Site Scripting Vulnerability in Popup Maker WordPress Plugin Unrestricted Execution Vulnerability in Jenkins Compuware zAdviser API Plugin Unencrypted Storage of Passwords in Jenkins HTTP Request Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Dynamic Extended Choice Parameter Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Repository Connector Plugin 2.2.0 and earlier Jenkins Repository Connector Plugin 2.2.0 and earlier - File Path Existence Disclosure Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Maven Metadata Plugin CSRF Vulnerability in Jenkins OpenShift Deployer Plugin Allows Unauthorized URL Access Unauthenticated Remote Code Execution in Jenkins OpenShift Deployer Plugin Jenkins OpenShift Deployer Plugin CSRF Vulnerability Allows File Path Checking and SSH Key Upload Jenkins OpenShift Deployer Plugin 1.2.0 and earlier - Missing Permission Check Vulnerability Sensitive Information Disclosure in DeepL Pro API Translation Plugin for WordPress Jenkins Lucene-Search Plugin Vulnerability: Unauthorized Access to Job Information and Database Reindexing Jenkins Openstack Heat Plugin CSRF Vulnerability: Unauthorized URL Connection Unauthenticated Remote URL Connection Vulnerability in Jenkins Openstack Heat Plugin Jenkins Openstack Heat Plugin 1.5 and earlier: File Path Existence Disclosure Vulnerability Jenkins Files Found Trigger Plugin Allows Unauthorized File Path Checking Jenkins Android Signing Plugin 2.2.5 and earlier - Permission Check Bypass in Form Validation Method Jenkins Google Cloud Backup Plugin CSRF Vulnerability Allows Unauthorized Manual Backups Vulnerability: Unauthorized Manual Backup Request in Jenkins Google Cloud Backup Plugin Jenkins Buckminster Plugin 1.1.1 and Earlier File Path Existence Disclosure Vulnerability Jenkins Coverity Plugin 1.11.4 and Earlier: Credential Enumeration Vulnerability Jenkins Coverity Plugin CSRF Vulnerability Allows Unauthorized Access to Stored Credentials Jenkins Coverity Plugin 1.11.4 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Lucene-Search Plugin Unauthenticated Access to API Keys in Zoho ManageEngine Suite Zoom Rooms Installer for Windows Local Privilege Escalation Vulnerability Insecure Key Generation in Zoom Rooms for macOS: Local Denial of Service Vulnerability Zoom Rooms for macOS: Local Privilege Escalation Vulnerability Zoom Rooms for macOS: Local Privilege Escalation Vulnerability Path Traversal Vulnerability in Zoom for Android Clients (Versions < 5.13.0) Allows Unauthorized Access to Application Data Zoom Rooms Installer for Windows Local Privilege Escalation Vulnerability Path Traversal Vulnerability in FileOrbis File Management System (Version 10.6.3 and earlier) Local Privilege Escalation Vulnerability in Zoom Rooms for Windows Installers Critical Vulnerability in WhatsApp Allows Remote Code Execution via Video Call Vulnerability: Insecure TLS Version Usage in HHVM's stream Extension Out-of-Bound Address Loading Vulnerability in DexLoader's get_stringidx_fromdex() Function Critical Vulnerability in Syncee WordPress Plugin Allows Account Takeover Arbitrary File Write Vulnerability in SSZipArchive Versions 2.5.3 and Older Java Deserialization Vulnerability in Scala 2.13.x before 2.13.9 RollBack Attack: Exploiting Remote Keyless Entry (RKE) Vulnerability in Mazda Vehicles Denial of Service Vulnerability in nfqnl_mangle in Linux Kernel Stack Buffer Overflow in FastStone Image Viewer 7.5 due to Unsafe Parsing of PNG tRNS Chunk DOM XSS Vulnerability in Veritas NetBackup OpsCenter Privilege Escalation Vulnerability in Veritas NetBackup OpsCenter CDE Plugin Content Injection Vulnerability Java Classloader Manipulation Vulnerability in Veritas NetBackup OpsCenter Unauthenticated Remote Code Execution in Veritas NetBackup OpsCenter Hard-coded Credential Vulnerability in Veritas NetBackup OpsCenter Unauthenticated Remote Information Disclosure Vulnerability in Veritas NetBackup OpsCenter OpsCenter User Account Creation and Modification Vulnerability Privilege Escalation Vulnerability in Veritas NetBackup Client Arbitrary Command Execution Vulnerability in Veritas NetBackup Client SolarWinds Platform Deserialization of Untrusted Data Vulnerability SolarWinds Platform Deserialization Vulnerability Post-Auth Code Injection Vulnerability in Sophos Firewall Webadmin (Versions Older than 19.5 GA) SolarWinds Platform Privilege Escalation via Improper Input Validation Orion Platform SQL Injection Vulnerability Command Injection Vulnerability in SolarWinds Platform Allows Remote Code Execution Title: SolarWinds Platform Command Injection Vulnerability SolarWinds Platform Deserialization Vulnerability Stored and Dom-based XSS Vulnerability in QoE Application Input Field Insecure Direct Object Reference (IDOR) Vulnerability in SolarWinds Platform 2022.3 and Previous Versions Allows Unauthorized Access and Modification of Nodes Multiple Reflected Cross-Site Scripting (XSS) Vulnerabilities in WS_FTP Server Administrative Web Interface CSRF Vulnerability in In Progress WS_FTP Server prior to version 8.7.3 XML External Entity (XXE) Disclosure Vulnerability in AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000) Vulnerability: Password Leakage in Ansible's amazon.aws.ec2_instance Module Arbitrary Code Execution via APP File Processing in AVEVA Edge 20.0 Build: 4201.2111.1802.0000 SP2 Remote Code Execution Vulnerability in Ivanti Avalanche 6.3.2.3490 Remote Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490 Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490 Arbitrary Code Execution Vulnerability in Ivanti Avalanche 6.3.2.3490 Remote Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490 Remote Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490 Remote Code Execution Vulnerability in Ivanti Avalanche 6.3.2.3490 Arbitrary Code Execution Vulnerability in Ivanti Avalanche 6.3.2.3490 Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490 Local Privilege Escalation Vulnerability in Lenovo HardwareScanPlugin and Lenovo Diagnostics Authentication Bypass Vulnerability in Ivanti Avalanche 6.3.2.3490 Arbitrary Code Execution Vulnerability in Ivanti Avalanche 6.3.3.101 Arbitrary File Read Vulnerability in Ivanti Avalanche 6.3.3.101 Authentication Bypass Vulnerability in Ivanti Avalanche (ZDI-CAN-15919) Remote Denial of Service Vulnerability in Veritas NetBackup Privilege Escalation Vulnerability in Veritas NetBackup Remote Code Execution Vulnerability in Veritas NetBackup Arbitrary File Write Vulnerability in Veritas NetBackup Remote Command Execution Vulnerability in Veritas NetBackup Remote Command Execution Vulnerability in Veritas NetBackup Local Privilege Escalation Vulnerability in Lenovo HardwareScanPlugin and Lenovo Diagnostics Arbitrary File Write Vulnerability in Veritas NetBackup Arbitrary Content Write Vulnerability in Veritas NetBackup Remote Command Execution Vulnerability in Veritas NetBackup Remote Command Execution Vulnerability in Veritas NetBackup Arbitrary File Read Vulnerability in Veritas NetBackup Arbitrary Directory Creation Vulnerability in Veritas NetBackup Remote Information Gathering Vulnerability in Veritas NetBackup Remote Code Execution and Server-Side Request Forgery in Veritas NetBackup Stack-based Buffer Overflow Vulnerability in Veritas NetBackup Remote File Read Vulnerability in Veritas NetBackup TOCTOU Vulnerability in Lenovo Vantage SystemUpdate Plugin Allows Arbitrary File Deletion Remote File Read Vulnerability in Veritas NetBackup Excessive Instruction Interception Vulnerability in Diag-Router Module Privilege Escalation Vulnerability in SystemUI Module Allows Malicious Applications to Hijack Windows and Run in the Background Permission Escalation Vulnerability in AOD Module Allows Unauthorized File Access OOBE Bypass Vulnerability in Settings Application: Impact on Availability Argument Injection Vulnerability in Settings Application Network Module Permission Control Vulnerability: Impact on Service Availability Chinadrm Module Out-of-Bounds Read Vulnerability: Impact on Availability Vulnerability: Bypassing Update Package Verification in Recovery Module Vulnerability: Local Code Execution via Vagrant Executable in JetBrains IntelliJ IDEA Lenovo Vantage SystemUpdate Plugin Privilege Elevation Vulnerability Email Address Validation Vulnerability in JetBrains IntelliJ IDEA Insufficient Protection from Packet Capture Replay in Mendix SAML Denial-of-Service Vulnerability in Unified Automation OPC UA C++ Demo Server 1.7.6-537 Denial-of-Service Vulnerability in Unified Automation OPC UA C++ Demo Server Privilege Escalation Vulnerability in Symantec Endpoint Detection and Response (SEDR) Appliance Privilege Escalation Vulnerability in Symantec Endpoint Protection (Windows) Agent Security Control Bypass Vulnerability in Symantec Endpoint Protection HP PC BIOS Vulnerability: Privilege Escalation and Code Execution Risk Local Denial of Service Vulnerability in Lenovo Vantage HardwareScan Plugin Apache Geode JMX over RMI Deserialization Vulnerability Apache Geode JMX over RMI Deserialization Vulnerability Apache Geode Deserialization Vulnerability in REST API Remote Code Execution Vulnerability in Zoho ManageEngine Suite Improper Privilege Management Vulnerability in McAfee Security Scan Plus (MSS+) Allows for Local Privilege Escalation and LOLBin Attack Client Authentication Bypass in Erlang/OTP SSL, TLS, and DTLS Arbitrary Java JVM Option Injection in Ahsay AhsayCBS 9.1.4.0 Stored Cross-site Scripting (XSS) Vulnerability in ISAMS 22.2.3.2: Title Field for Groups Vulnerability: Remote Access Server (RAS) 4.5.0 and Prior's Web Portal Accepts Malicious Firmware Packages Arbitrary Code Execution via Weak Permissions in Grommunio Gromox PAM Module Out-of-Bounds Read Vulnerability in FRRouting BGP Daemon SSRF Vulnerability in dotCMS 5.x-22.06 TempFileAPI Denial of Service (DoS) Vulnerability in dotCMS 5.x-22.06 Race Condition Vulnerability in FRRouting (FRR) 8.3 Allows Remote Code Execution and Information Disclosure Potential Cross Site Scripting Vulnerability in Ruby on Rails X-Forwarded-Host Header Overwrite Vulnerability in Zimbra Collaboration Suite Arbitrary File Upload and Remote Code Execution in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 CSRF Token Bypass in Zimbra Collaboration Suite Webmail Component Reflected XSS Vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 Heap-based Buffer Overflow in tcprewrite's get_ipv6_next Function Heap-based Buffer Overflow in tcprewrite's get_l2len_protocol() Function Heap-based Buffer Overflow in parse_mpls function of Tcpreplay v4.4.1 Use After Free Vulnerability in Vim's qf_update_buffer Function (VDB-212324) Denial-of-Service Vulnerability in Poppler 22.07.0: Incomplete Patch of CVE-2018-20662 Denial of Service Vulnerability in Poppler 22.07.0 Denial of Service Vulnerability in Poppler 22.07.0: Reachable Object::getString Assertion Failure in markObject Command Injection Vulnerability in TRENDnet TEW733GR v1.03B01 via /htdocs/upnpinc/gena.php Buffer Overflow Vulnerability in D-Link Go-RT-AC750 Routers Vulnerability: Command Injection in D-Link GO-RT-AC750 Routers Command Injection Vulnerability in D-Link Go-RT-AC750 Routers Arbitrary Code Injection Vulnerability in Subrion CMS 4.2.1 Admin Panel Login Field Improper Authorization in GitLab CE/EE: Unauthorized Ownership Takeover in Downstream Pipelines Directory Traversal Vulnerability in FLIR AX8 Thermal Sensor Cameras (Version 1.46.16 and below) FLIR AX8 Thermal Sensor Cameras: Remote Command Injection Vulnerability Insecure Design Vulnerability in FLIR AX8 Thermal Sensor Cameras: Unauthorized Access to SQLite Users Database FLIR AX8 Thermal Sensor Cameras XSS Vulnerability Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via UpdateDDNS Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via UpdateWanParamsMulti Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006: UpdateMacCloneFinal Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via UpdateSnat Function Double-Free Memory Vulnerability in Linux Kernel's Intel GVT-g Graphics Driver Command Injection Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via UpdateOne2One Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006: UpdateWanLinkspyMulti Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via UpdateWanModeMulti Function Stack Overflow Vulnerability in H3C GR-1200W MiniGRW1A0V100R006 via switch_debug_info_set Function Stack Overflow Vulnerability in TOTOLink A7000R V9.1.0u.6115_B20201022 via setDiagnosisCfg Function Command Injection Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 Firmware UploadFirmwareFile Function Stack Overflow Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 via pppoeUser Parameter Command Injection Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 via lang Parameter Command Injection Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 via hostName Parameter in setOpModeCfg Function Web Stories Plugin for WordPress: Server-Side Request Forgery Vulnerability Stack Overflow Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 via setTracerouteCfg Command Parameter Command Injection Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 Command Injection Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 via host_time Parameter Command Injection Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 via ip Parameter in setDiagnosisCfg Function Stack Overflow Vulnerability in TOTOLINK A7000R V9.1.0u.6115_B20201022 via sPort Parameter at addEffect Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via AddWlanMacList Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via Asp_SetTimingtimeWifiAndLed Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via SetMobileAPInfoById Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via SetAP5GWifiById Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via EditMacList Function Stored XSS Vulnerability in Sophos Firewall Webadmin Import Group Wizard Stack Overflow Vulnerability in H3C H200 H200V100R004 via Edit_BasicSSID Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via EditWlanMacList Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via SetAPWifiorLedInfoById Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via AddMacList Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via Edit_BasicSSID_5G Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via UpdateWanParams Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via EnableIpv6 Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via SetAPInfoById Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via UpdateIpv6Params Function Stack Overflow Vulnerability in H3C H200 H200V100R004 via UpdateSnat Function Post-Auth Read-Only SQL Injection Vulnerability in Sophos Firewall API Controller (Versions < 19.5 GA) Stack Overflow Vulnerability in H3C H200 H200V100R004 via UpdateMacClone Function Syslog-ng Configuration Wizard Injection Vulnerability in Securonix Snypr 6.4 Vulnerability: Insecure Access Control and Authentication in patrickfuller Post-Auth Read-Only SQL Injection Vulnerability in Sophos Firewall User Portal (Versions Older than 19.5 GA) SQL Injection Vulnerability in BlueCMS 1.6 admin/article.php (Line 132) SQL Injection Vulnerability in BlueCMS 1.6 admin/model.php (Line 55) SQL Injection Vulnerability in BlueCMS 1.6 admin/area.php (Line 132) Unauthenticated Arbitrary File Disclosure in Carel pCOWeb HVAC BACnet Gateway 2.1.0 Title: D-Link DIR-816 A2_v1.10CNB04.img Command Injection Vulnerability in /goform/form2userconfig.cgi Command Injection Vulnerability in D-link DIR-816 A2_v1.10CNB04.img via /goform/NTPSyncWithHost Unauthenticated Network Initialization Vulnerability in D-Link DIR-816 A2_v1.10CNB04.img Command Injection Vulnerability in D-Link DIR-816 A2_v1.10CNB04.img via /goform/SystemCommand Code Injection Vulnerability in Sophos Firewall Allows Remote Code Execution Command Injection Vulnerability in D-Link DIR-816 A2_v1.10CNB04 and DIR-878 DIR_878_FW1.30B08.img Unauthenticated Reboot Vulnerability in D-link DIR-816 Router Buffer Overflow Vulnerability in D-link DIR-816 A2_v1.10CNB04.img via /goform/form2Wan.cgi Stored Cross-Site Scripting (XSS) Vulnerability in PayMoney 3.3 Ticket Reply Functionality SQL Injection Vulnerability in Loan Management System 1.0 Allows Unauthorized Access as Administrator Persistent Cross Site Scripting Vulnerability in Loan Management System version 1.0 Critical SQL Injection Vulnerability in SourceCodester Online Medicine Ordering System 1.0 (VDB-212346) Client Side Remote Code Execution (RCE) Vulnerability in PayMoney 3.3: Reply Ticket Function Allows Malicious File Upload Excessive MFA TOTP Submission Brute Force Vulnerability in PlexTrac Platform Unrestricted Brute Force Authentication Vulnerability in PlexTrac Platform Username Enumeration via HTTP Response Times in PlexTrac Authentication Provider Command Injection Vulnerability in WAVLINK WL-WN575A3 RPT75A3.V4300.201217 adm.cgi Heap-Buffer Overflow Vulnerability in bash's parameter_transform Function Stored XSS Vulnerability in Online Diagnostic Lab Management System 1.0 Unauthenticated Access Vulnerability in Online Diagnostic Lab Management System 1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System 1.0 XSS Vulnerability in Artica Proxy 4.30.000000 via password parameter in /fw.login.php Remote Code Execution (RCE) Vulnerability in SPIP 3.1.13 through 4.1.2 via _oups Parameter Weak Password Vulnerability in RuoYi v3.8.3 Management System Remote Code Execution Vulnerability in Claroline 13.5.7 and Prior Versions Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Medicine Ordering System 1.0 Privilege Escalation via Arbitrary Creation of Privileged User in Claroline 13.5.7 and Prior Cross Site Scripting (XSS) Vulnerability in Claroline 13.5.7 and Prior via SVG File Upload Cross Site Scripting (XSS) Vulnerability in Claroline 13.5.7 and Prior Weak Password Policy and Unsalted Hashing Vulnerability in Bminusl IHateToBudget v1.5.7 Weak Password Policy and Unsalted Hashing in Inoda OnTrack v3.4 Arbitrary Code Execution via Incorrect Access Control in Msys2 v20220603 and Below Arbitrary Code Execution Vulnerability in gvim 9.0.0000 Installer Stack Buffer Overflow in Tenda AC15 Firmware V15.03.05.18 HTTPD Server Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below Wi-Fi Password Removal Vulnerability Disputed Vulnerability: Alleged Use of a Broken or Risky Cryptographic Algorithm in HireVue Hiring Platform V1.0 SQL Injection Vulnerability in 72crm 9.0 Task Calendar View Arbitrary File Upload Vulnerability in 72crm 9.0 Piwigo 12.3.0 Cross Site Scripting (XSS) Vulnerability in /search/1940/created-monthly-list Shell File Upload Vulnerability in Garage Management System 1.0's manage_website.php SQL Injection Vulnerability in EMS 6.2 System of Thai Basic Education Commission's School Information Query Interface Session Deletion Delay Vulnerability in LemonLDAP::NG XML External Entity (XXE) Vulnerability in DDMAL MEI2Volpiano 0.8.2 Remote Code Execution (RCE) Vulnerability in CuppaCMS 1.0 LFI Vulnerability in CuppaCMS v1.0 Component cuppa/api/index.php Incorrect Access Control Vulnerability in Chipolo ONE Bluetooth Tracker (2020) iOS App Version 4.13.0 Unquoted Service Path Vulnerability in IOBit IOTransfer V4 SQL Injection Vulnerability in JFinal CMS 5.1.0 via /jfinal_cms/system/user/list SQL Injection Vulnerability in Event Monster WordPress Plugin SQL Injection Vulnerability in JFinal CMS 5.1.0 SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/advicefeedback/list SQL Injection Vulnerability in JFinal CMS 5.1.0 SQL Injection Vulnerability in Final CMS 5.1.0 SQL Injection Vulnerability in JFinal CMS 5.1.0 SQL Injection Vulnerability in JFinal CMS 5.1.0 SQL Injection Vulnerability in JFinal CMS 5.1.0 SQL Injection Vulnerability in JFinal CMS 5.1.0 Code Injection Vulnerability in froxlor/froxlor prior to 0.10.39 SQL Injection Vulnerability in JFinal CMS 5.1.0 via /jfinal_cms/system/role/list Type Confusion Vulnerability in V8 Allows Remote Heap Corruption Buffer Overflow Vulnerability in Netgear N300 Wireless Router (wnr2000v4-V1.0.0.70) via uhttpd Buffer Overflow Vulnerability in Netgear Nighthawk AC1900 Router Firmware Buffer Overflow Vulnerability in Netgear Nighthawk AC1900 Router Firmware Remote Code Execution Vulnerability in ZLMediaKit Server Cross Site Scripting (XSS) Vulnerability in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 Cross Site Scripting (XSS) Vulnerability in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 USB HID Protocol Dissector Denial of Service Vulnerability in Wireshark 3.6.0 to 3.6.8 on Windows HTTP Response Splitting Vulnerability in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 Cross Site Scripting (XSS) Vulnerability in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 HTTP Response Splitting Vulnerability in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 Cross Site Scripting (XSS) Vulnerability in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 Vulnerability: IFRAME Injection via currentRequest Parameter in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 Cross Site Scripting (XSS) Vulnerability in MDaemon Technologies SecurityGateway for Email Servers 8.5.2 via Blacklist Endpoint Cross Site Scripting (XSS) Vulnerability in Craft CMS 4.2.0.1 - BaseElementSelectInput.js Stored Cross-Site Scripting (XSS) Vulnerability in Craft CMS 4.2.0.1 via /admin/settings/fields page Cross Site Scripting (XSS) Vulnerability in Craft CMS 4.2.0.1 via src/helpers/Cp.php OPUS Protocol Dissector Crash Vulnerability in Wireshark 3.6.0 to 3.6.8 Stored Cross Site Scripting (XSS) in Craft CMS 4.2.0.1 /admin/myaccount Cross Site Scripting (XSS) Vulnerability in Craft CMS 4.2.0.1 Drafts Persistent Cross-Site Scripting (XSS) Vulnerability in Crime Reporting System 1.0 Cross Site Scripting (XSS) Vulnerability in DolphinPHP 1.5.1 via Background System Configuration Management TP-Link Tapo C310 1.3.0 - Unauthorized Access to RTSP Video Feed via Default Credentials Prototype Pollution Vulnerability in stealjs steal 2.2.4 via requestedVersion in npm-convert.js Prototype Pollution Vulnerability in stealjs steal 2.2.4 via packageName variable in npm-convert.js ReDoS Vulnerability in stealjs steal 2.2.4 via babel.js OpenAPI Viewer Clickjacking Vulnerability in GitLab CE/EE Regular Expression Denial of Service (ReDoS) Vulnerability in stealjs steal 2.2.4 via main.js input variable ReDoS Vulnerability in stealjs steal 2.2.4 via source and sourceWithComments Variable in main.js Prototype Pollution Vulnerability in stealjs steal 2.2.4 via optionName Variable in main.js Prototype Pollution Vulnerability in stealjs steal 2.2.4 via Alias Variable in Babel.js Prototype Pollution Vulnerability in Babel.js extend Function BIOS Tamper Detection Bypass Vulnerability in ThinkPad T14s Gen 3 and X13 Gen3 Critical SQL Injection Vulnerability in seccome Ehoney (VDB-212411) NULL Pointer Dereference and Application Crash in GNOME Nautilus 42.2 via Pasted ZIP Archive Buffer Overflow Vulnerability in Tenda AX12 V22.03.01.21_CN Vulnerability: Weak Authentication Scheme in Shinken Monitoring Version 2.4.3 Path Traversal Vulnerability in Shirne CMS 1.2.0: Arbitrary File Read via /static/ueditor/php/controller.php Critical SQL Injection Vulnerability in seccome Ehoney (VDB-212412) Weak Password Recovery Mechanism for Forgotten Password Vulnerability in Modbus Communication Modbus TCP Integer Underflow Vulnerability in Modicon Controllers Buffer Overflow Vulnerability in EcoStruxure Control Expert Software (V15.1 HF001 and prior) RollBack Attack: Exploiting Remote Keyless Entry Vulnerability in Honda Vehicles Cross-Site Scripting (XSS) Vulnerability in OX App Suite before 7.10.6-rev30 via Upsell Trigger XSS Vulnerability in OX App Suite through 7.10.6 via XHTML CDATA Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.6 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.6 Critical SQL Injection Vulnerability in seccome Ehoney (VDB-212413) Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.6 Uncontrolled Resource Consumption in OX App Suite through 7.10.6 via Large Location Request Parameter Uncontrolled Resource Consumption in OX App Suite through 7.10.6 via Large Request Body SSRF Vulnerability in OX App Suite 7.10.6 Infinite Recursion Vulnerability in graphql-go (aka GraphQL for Go) through 0.8.0 Improper API Access Control Vulnerability in Archer Platform 6.8 to 6.11 P3 HTML Injection Vulnerability in Archer Platform 6.x before 6.11 P3 Reflected XSS Vulnerability in Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) Critical SQL Injection Vulnerability in seccome Ehoney (CVE-2021-212414) Crash Vulnerability in Sangoma Asterisk through 19.6.0 Arbitrary File Manipulation and Privilege Escalation in Docker Desktop for Windows BIOS Firmware Vulnerability in Intel NUC Devices Enables Local Information Disclosure Themes Awesome History Timeline Plugin <= 1.0.5 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) Quartus(R) Prime Software Critical SQL Injection Vulnerability in SourceCodester Web-Based Student Clearance System Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in WHA Crossword Plugin <= 1.1.10 for WordPress Gaussian Format Orientation Out-of-Bounds Write Vulnerability in Open Babel 3.1.1 and master commit 530dbfa3 Use-After-Free Vulnerability in Foxit PDF Reader 12.0.1.12430 Arbitrary SQL Command Execution in Exment and Laravel-Admin BIOS Firmware Vulnerability in Intel NUC 11 Pro Kits and Boards: Local Privilege Escalation Authenticated Stored XSS Vulnerability in WHA's Word Search Puzzles Game Plugin <= 2.0.1 for WordPress BIOS Firmware Vulnerability in Intel(R) NUC Allows Privilege Escalation via Local Access Netgear Orbi Router RBR750 4.6.8.5 Access Control Command Execution Vulnerability Blossom Recipe Maker Plugin <= 1.0.7 Authenticated Stored XSS Vulnerabilities Fullworks Meet My Team Plugin <= 2.0.5 Authenticated Stored XSS Vulnerability Critical Remote Code Execution Vulnerability in Redis Fork/Port on Windows Uncontrolled Search Path Vulnerability in Intel(R) QAT Drivers for Windows Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Add Shortcodes Actions And Filters Plugin <= 2.0.9 for WordPress BIOS Firmware Vulnerability: Privilege Escalation via Local Access in Intel(R) Processors Unrestricted Access Control in PHP Crafts Accommodation System Plugin BIOS Firmware Vulnerability in Intel(R) NUC Kits: Potential Privilege Escalation via Local Access Arbitrary File Upload Vulnerability in EC-CUBE Product Image Bulk Upload Plugin Trend Micro Security 2021 and 2022 (Consumer) Out-Of-Bounds Read Information Disclosure Vulnerability Out-Of-Bounds Read Information Disclosure Vulnerability in Trend Micro Security 2021 and 2022 (Consumer) Arbitrary Code Execution via PDF-XChange Editor's submitForm Method (ZDI-CAN-17142) Improper Access Controls in seccome Ehoney's /api/public/signup Endpoint (VDB-212417) Remote Code Execution Vulnerability in PDF-XChange Editor (ZDI-CAN-17144) Remote Code Execution Vulnerability in PDF-XChange Editor via J2K File Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via WMF Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via Malicious EMF Files Remote Code Execution Vulnerability in PDF-XChange Editor via J2K File Parsing (ZDI-CAN-17628) Remote Code Execution Vulnerability in PDF-XChange Editor via Crafted JPG Files Remote Code Execution Vulnerability in PDF-XChange Editor via Crafted JPG Files Remote Code Execution Vulnerability in PDF-XChange Editor via ICO File Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via Crafted JPG Files Remote Code Execution Vulnerability in PDF-XChange Editor (ZDI-CAN-17633) BIND 9 Resolver Crash Vulnerability with Stale Cache and Stale Answers Remote Code Execution Vulnerability in PDF-XChange Editor via Malicious EMF Files Remote Code Execution Vulnerability in PDF-XChange Editor via JP2 File Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via PNG Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via EMF Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via EMF Parsing Arbitrary Code Execution via PDF-XChange Editor's saveAs Method (ZDI-CAN-17527) Arbitrary Code Execution via Doc Object Handling in PDF-XChange Editor (ZDI-CAN-17727) Arbitrary Code Execution via AcroForms in PDF-XChange Editor (ZDI-CAN-17726) Remote Code Execution Vulnerability in PDF-XChange Editor Buffer Overflow Vulnerability in PDF-XChange Editor Allows Remote Code Execution Memory Read Vulnerability in PHOENIX CONTACT Automationworx Software Suite PDF-XChange Editor Remote Code Execution Vulnerability Buffer Overflow Vulnerability in PDF-XChange Editor Allows Remote Code Execution Buffer Overflow Vulnerability in PDF-XChange Editor Allows Remote Code Execution PDF-XChange Editor Remote Code Execution Vulnerability Remote Code Execution Vulnerability in PDF-XChange Editor via PNG Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via JPC File Parsing Remote Code Execution Vulnerability in Foxit PDF Editor 11.1.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Editor 11.1.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Editor 11.1.1.53537 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Remote Unauthenticated Access to Sensitive Backup Files Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Reader (ZDI-CAN-17110) Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 (ZDI-CAN-17327) Arbitrary Code Execution Vulnerability in Foxit PDF Reader 11.2.1.53537 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.2.53575 Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.2.2.53575 Remote Code Execution Vulnerability in Foxit PDF Reader 11.2.2.53575 (ZDI-CAN-17516) Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.2.2.53575 Cross-Site Scripting Vulnerability in WP Best Quiz WordPress Plugin Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.2.2.53575 Arbitrary Code Execution via AcroForms in Foxit PDF Reader 11.2.2.53575 Improper Handling of Requests Vulnerability in Apache Traffic Server Privilege Escalation Vulnerability in Zimbra's Sudo Configuration Denial of Service Vulnerability in OpenStack Nova with SR-IOV Configuration Input Verification Vulnerability in Huawei CV81-WDM FW Versions 01.70.49.29.46: Potential for DoS Attacks Bypassing Trust and Open Project Dialog in JetBrains Rider before 2022.2: Local Code Execution Vulnerability LDAP Authentication Bypass Vulnerability in YugabyteDB 2.6.1 Stack-based Buffer Overflow Vulnerability in ADM WebDAV Implementation Bypassing External Authorization Check in GitLab CE/EE Insecure Encryption of Web Connection Passwords in Apache OpenOffice Insecure Encryption of Master Key in Apache OpenOffice Critical Stored XSS Vulnerability in AFS Analytics Plugin <= 4.18 Authenticated Stored XSS vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 for WordPress Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in Christian Salazar's add2fav Plugin <= 1.0 for WordPress CSRF Vulnerability in Mickey Kay's Better Font Awesome Plugin for WordPress Cross-Site Scripting Vulnerability in Aficio SP 4210N Firmware Title: WPChill Gallery PhotoBlocks Plugin <= 1.2.6 - Multiple Authenticated Stored XSS Vulnerabilities Insufficient Control Flow Management in Intel(R) IPP Cryptography Software: Potential Information Disclosure Vulnerability Title: Account Generation DoS and Brute Force Login Vulnerability CSRF Vulnerability in Vinoj Cardoza's Captcha Code Plugin <= 2.7 for WordPress Title: Authenticated Reflected XSS Vulnerability in Better Delete Revision Plugin for WordPress Stack-Based Buffer Overflow Vulnerability in Uniwill SparkIO.sys Driver 1.0 via IOCTL 0x40002008 Vulnerability: Overlapping Memory Blocks in Ittiam libmpeg2's impeg2_mc_fullx_fully_8x8 RollBack Attack: Exploiting Remote Keyless Entry (RKE) Vulnerability in Nissan, Kia, and Hyundai Vehicles Lenovo Consumer Notebook BIOS Vulnerability: Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in Silverstripe CMS 4.11.0 Directory Traversal Vulnerability in Payara Server, Payara Micro, and Payara Server Embedded Directory Traversal Vulnerability in Neo4j APOC (Awesome Procedures on Cypher) External Parties Can Access Sensitive Files and Directories in OpenNebula on Linux Command Injection Vulnerability in OpenNebula Core on Linux Allows Remote Code Inclusion Unrestricted File Upload Vulnerability in OpenNebula Core on Linux PowerDNS Recursor Denial of Service Vulnerability XSS Vulnerability in Silverstripe Framework 4.11 via JavaScript Payload in Href Attribute Vulnerability in LCFC BIOS for Lenovo Consumer Notebooks Allows Unauthorized Enumeration of EC Commands XSS Vulnerability in Silverstripe Framework via Href Attribute of a Link Reflected Cross-site Scripting (XSS) Vulnerability in dotCMS Core through 22.06 Heap-based Buffer Over-read/Overflow in zlib's inflate() Function via Large Gzip Header Extra Field Insecure Permissions in Apache ShenYu Admin Allows Unauthorized Password Modification Response Header Truncation Vulnerability in Apache HTTP Server 2.4.55 Improper TLS Certificate Validation in Splunk Web for Ingest Actions to Amazon S3 Information Leakage Vulnerability in Splunk Enterprise Dashboards Zip File Crash Vulnerability in Splunk Enterprise and Universal Forwarder Hard-coded SMI Handler Credential Vulnerability in LCFC BIOS for Lenovo Consumer Notebooks LCFC BIOS Vulnerability: Unauthorized Access to SMI Data on Lenovo Consumer Notebooks Riskless Uncle Making (RUM) Vulnerability in Go Ethereum (geth) 1.10.21 Invalid Free Vulnerability in Exim before 4.96 Heap-based Buffer Overflow in Exim's host_name_lookup Function Buffer Overflow and Excess Allocation Vulnerability in Softing OPC UA C++ SDK Integer Overflow and Buffer Overflow Vulnerability in Keccak XKCP SHA-3 Reference Implementation Unrestricted Email Invitation Vulnerability in Discourse 2.8.7 Retbleed: Side-Channel Attack Exploiting Return Address Predictions in Ampere Altra Devices Vulnerability in LCFC BIOS for Lenovo Consumer Notebooks: Abnormal Peripheral Functionality via Exposed EC Interface Cross-Site Scripting (XSS) Vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 Stored XSS Vulnerability in Upstream Works Agent Desktop for Cisco Finesse Cross-Site Request Forgery Vulnerability in Becustom WordPress Plugin (Versions up to 1.0.5.2) Authentication Bypass Vulnerability in ForgeRock Inc. Access Management CSRF Vulnerability Allows Unauthorized Deletion of Posts Critical SQL Injection Vulnerability in owncast/owncast (prior to 0.0.13) Denial-of-Service Vulnerability in Rockwell Automation Logix Controllers Stored Cross-Site Scripting Vulnerability in Evaluate WordPress Plugin Insecure Password Requirements in GitHub Repository thorsten/phpmyfaq prior to 3.1.8 Improper Permissions Check Allows Unauthorized Access to Private Snippets in GitLab GitLab CE/EE Denial of Service Vulnerability via Crafted CI Job Artifact Zip File Prototype Pollution Vulnerability in mishoo UglifyJS 3.13.2 via DEFNODE in ast.js Regular Expression Denial of Service (ReDoS) Vulnerability in webpack loader-utils 2.0.0 SQL Injection Vulnerability in Mia-Med: before 1.0.0.58 Prototype Pollution Vulnerability in parseQuery.js in webpack loader-utils 2.0.0 Prototype Pollution Vulnerability in grunt-karma 4.0.1 via key Variable Regular Expression Denial of Service (ReDoS) Vulnerability in webpack loader-utils 2.0.0 Prototype Pollution Vulnerability in beautify-web js-beautify 1.13.7 via options.js Vulnerability: Man-in-the-Middle Attack on OpenVPN Connect Configuration Profile Downloads Prototype Pollution Vulnerability in tschaub gh-pages 3.1.0 via util.js partial Variable Prototype Pollution Vulnerability in enable function in mockery.js Prototype Pollution Vulnerability in copy function in dom.js in xmldom package Prototype pollution vulnerability in resolveShims function of browserify-shim 3.8.15 via k variable in resolve-shims.js Arbitrary File Download Vulnerability in Booster for WooCommerce WordPress Plugin ReDoS Vulnerability in kangax html-minifier 4.0.0 Prototype Pollution Vulnerability in resolveShims function of browserify-shim 3.8.15 Prototype Pollution Vulnerability in resolveShims function of browserify-shim 3.8.15 CSRF Vulnerability in Booster for WooCommerce WordPress Plugin SQL Injection Vulnerability in Plugin's delete_entries Parameter Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.8 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.8 Remote Code Execution (RCE) Vulnerability in SmartRG SR506n and SR510n Routers via Ping Host Feature Header Injection Vulnerability in DAST Analyzer: Unvalidated Custom Request Headers Cross-Site Scripting (XSS) Vulnerability in Miniblog.Core v1.0's /blog/edit Component SQL Injection Vulnerability in WPSmartContracts WordPress Plugin Remote Reboot Vulnerability in Hitachi Kokusai Electric Network Products Directory Traversal Vulnerability in Hitachi Kokusai Electric Network Products OWM Weather WordPress Plugin SQL Injection Vulnerability Critical Unrestricted File Upload Vulnerability in Yunjing CMS (VDB-212500) Directory Traversal Vulnerability in Zentao Demo15 Allows Remote Information Disclosure Information Leak Vulnerability in Amanda 3.5.1's calcsize SUID Binary Allows Directory Existence Disclosure Privilege Escalation Vulnerability in Amanda 3.5.1: Exploiting SUID Binary for Root Access Privilege Escalation Vulnerability in Amanda 3.5.1: Exploiting the runtar SUID Program Privilege Escalation in Enlightenment: Exploiting Mishandling of /dev/.. Pathnames Authentication Bypass and Man-in-the-Middle Vulnerability in Tesla Model 3's Phone Key Authentication Critical Unrestricted File Upload Vulnerability in easyii CMS (VDB-212501) Vulnerability: Hardcoded Encryption Key Exposure in Patterson Dental Eaglesoft 21 Command Injection Vulnerability in JetNexus/EdgeNexus ADC 4.2.8 Management Portal CSRF Vulnerability in JetNexus/EdgeNexus ADC 4.2.8 Management Portal Orchard CMS 1.10.3 Cross Site Scripting (XSS) Vulnerability Allows Admin Account Takeover Stored Cross Site Scripting (XSS) in PyroCMS 3.9 Allows Full Admin Account Takeover Arbitrary HTTP Header Injection and XSS Reflection Vulnerability in Project Wonder WebObjects CSRF Vulnerability in ftcms 2.1 Allows Unauthorized Requests XSS Vulnerability in FTCMS 2.1 poster.PHP Allows Injection of Malicious JavaScript Code GraphQL-Java Denial of Service Vulnerability Remote Code Execution Vulnerability in SourceCodester Train Scheduler App 1.0 Grub2 Font Code Out-of-Bounds Write Vulnerability Cross-Site Request Forgery Vulnerability in Restaurant Menu Plugin for WordPress Arbitrary Code Execution Vulnerability in Pebble Templates 3.1.5 Infinite Loop Vulnerability in libjpeg Commit 281daa9 Segmentation Fault Vulnerability in libjpeg Commit 281daa9 Segmentation Fault Vulnerability in libjpeg: Denial of Service via Crafted File Privilege Escalation Vulnerability in IObit Malware Fighter v9.2 for Microsoft Windows Improper Restriction of Excessive Authentication Attempts in Maarch RM 2.8.3 Authenticated SQL Injection Vulnerability in Maarch RM 2.8 Statistics Page Allows Complete Database Disclosure Broken Access Control Vulnerability in Maarch RM 2.8.3: Unauthenticated Access to Document Previews XSS Vulnerability in Genesys PureConnect Interaction Web Tools Chat Service Remote Command Execution (RCE) Vulnerability in Phicomm Routers Remote Command Execution (RCE) Vulnerability in Phicomm Routers (FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2) Version 3.0.1.17 Remote Command Execution (RCE) Vulnerability in Phicomm Routers (FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2) v3.0.1.17 Remote Command Execution (RCE) Vulnerability in Phicomm Routers (FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2) Version 3.0.1.17 Heap Buffer Overflow in fdkaac v1.0.3 via __interceptor_memcpy.part.46 Vulnerability: Password Hash Disclosure in Craft CMS Anti-CSRF Tokens Cleartext Password Disclosure in WeCube Platform 3.2.2 Terminal Plugins Configuration Multiple CSV Injection Vulnerabilities in WeCube Platform 3.2.2 DOM XSS Vulnerability in WeCube Platform Plugin Database Execution Page SQL Injection Vulnerability in Library Management System 1.0 Cross Site Scripting (XSS) Vulnerability in Simple Online Book Store System 1.0 Null Pointer Dereference in mod_wstunnel of lighttpd 1.4.65 Allows for Denial of Service Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via formSetVirtualSer Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23: Exploiting the time parameter in setSmartPowerManagement function Persistent Database Connections on Deleted Users in Remote Desktop Manager 2022.3.7 and Below Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via list parameter in fromSetRouteStatic function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via formSetQosBand Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via page Parameter in fromNatStaticSetting Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via page Parameter in fromAddressNat Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via saveParentControlInfo Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via fromWizardHandle Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via fromDhcpListClient Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via formSetClientState Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23: formWifiWpsOOB Index Parameter Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via speed_dir Parameter Unencrypted Password Vulnerability in Devolutions Remote Desktop Manager and Devolutions Server Command Injection Vulnerability in Tenda AC1206 V15.03.06.23 via mac Parameter Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via startIp Parameter in formSetPPTPServer Function Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 Firewall Configuration Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via fromSetSysTime Function Multiple Stack Overflow Vulnerabilities in Tenda AC1206 V15.03.06.23 Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via PPPOEPassword Parameter Stack Overflow Vulnerability in Tenda AC1206 V15.03.06.23 via fromSetIpMacBind Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via fromSetIpMacBind Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1: formSetQosBand Function via list Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via Timezone Parameter Keycloak Vulnerability: Path Traversal via Double URL Encoding Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via ddnsEn Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via ProvinceCode Parameter in formSetProvince Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via fromSetRouteStatic Function Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via formSetVirtualSer's list Parameter Stack Overflow Vulnerability in Tenda AX1803 v1.0.0.1 via shareSpeed Parameter Cross-Site Scripting (XSS) Vulnerability in node-red-dashboard Cross Site Scripting (XSS) Vulnerability in Interway a.s WebJET CMS 8.6.896 Hardcoded Root Password Vulnerability in Mutiny 7.2.0-10788 Torguard VPN 4.8 Vulnerability: Unauthorized Information Dumping without Admin Privileges Buffer Overflow Vulnerability in TOTOLINK A860R V4.1.2cu.5182_B20201027 via Cstecgi.cgi Critical Heap-Based Buffer Overflow in Axiomatic Bento4 5e7bb34 (VDB-212563) Buffer Overflow Vulnerability in TOTOLINK A860R V4.1.2cu.5182_B20201027 downloadfile.cgi Hard Coded Root Password Vulnerability in TOTOLINK A860R V4.1.2cu.5182_B20201027 Buffer Overflow Vulnerability in TOTOLINK A860R V4.1.2cu.5182_B20201027 infostat.cgi Command Injection Vulnerability in TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi Critical Heap-Based Buffer Overflow Vulnerability in Axiomatic Bento4 (CVE-2021-212564) Hardcoded Blank Password Vulnerability in Bilde2910 Hauk v1.6.1 Buffer Overrun Vulnerability in X.509 Certificate Name Constraint Checking Pre-Authentication Command Injection Vulnerability in TP-Link M7350 V3 Firmware Version 190531 Remote Code Execution (RCE) Vulnerability in Tenhot TWS-100 V4.0-201809201424 Router Device Out of Bounds Write Vulnerability in Solid Edge (All Versions < SE2022MP9) Unrestricted File Write Vulnerability in Apache Ivy 2.4.0 to 2.5.0 Vulnerability: Directory Traversal in Apache Ivy Local Privilege Escalation in device-mapper-multipath via UNIX Domain Sockets ClearPass OnGuard macOS Agent Privilege Escalation Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability ClearPass Policy Manager Guest User Interface Denial-of-Service Vulnerability Aruba Networks AP Management Protocol Buffer Overflow Vulnerability Aruba Networks AP Management Protocol Buffer Overflow Vulnerability Aruba Networks AP Management Protocol Buffer Overflow Vulnerability Aruba Networks AP Management Protocol Buffer Overflow Vulnerability Aruba Networks AP Management Protocol Buffer Overflow Vulnerability Critical SQL Injection Vulnerability in Tim Campus Confession Wall (VDB-212611) Aruba InstantOS and ArubaOS 10 Unauthenticated Buffer Overflow Vulnerability Aruba InstantOS and ArubaOS 10 Unauthenticated Buffer Overflow Vulnerability Aruba InstantOS and ArubaOS 10 Web Management Interface Stored XSS Vulnerability Aruba InstantOS and ArubaOS 10 Authenticated Command Injection Vulnerability Aruba InstantOS and ArubaOS 10 Unauthenticated DoS Vulnerability Aruba InstantOS and ArubaOS 10 Unauthenticated DoS Vulnerability Aruba InstantOS and ArubaOS 10 Web Management Interface Reflected XSS Vulnerability Aruba Networks AP Management Protocol (PAPI) Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability Arbitrary File Overwrite Vulnerability in Web Interface ArubaOS 7xxx Series Controllers Boot Sequence Arbitrary Code Execution Vulnerability ArubaOS 7xxx Series Controllers Boot Sequence Arbitrary Code Execution Vulnerability ArubaOS Command Line Interface Authenticated Path Traversal Vulnerability Allows Arbitrary File Deletion ArubaOS Bootloader Denial of Service Vulnerability ArubaOS Bootloader Integrity Compromise on 7xxx Series Controllers ArubaOS Configuration Vulnerability: Sensitive Information Disclosure from ESSIDs ArubaOS Command Line Interface Buffer Overflow Vulnerability ArubaOS Command Line Interface XML Entity Injection Vulnerability ArubaOS Command Line Interface Authenticated Command Injection Vulnerability Authentication Bypass Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator Aruba EdgeConnect Enterprise Orchestrator Authentication Bypass Vulnerabilities Aruba EdgeConnect Enterprise Orchestrator Remote Command Execution Vulnerability Lack of Access Controls in Aruba AirWave Management Platform Lack of Access Controls in Aruba AirWave Management Platform Lack of Access Controls in Aruba AirWave Management Platform Aruba EdgeConnect Enterprise API Denial-of-Service Vulnerability SQL Injection Vulnerability in GullsEye Terminal Operating System Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Reflected Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Aruba EdgeConnect Enterprise Software HPE OneView Global Dashboard (OVGD) Open Redirect Vulnerability Data Authenticity Verification Vulnerability in HPE Nimble Storage Arrays Privilege Escalation Vulnerability in HPE Nimble Storage Arrays Unauthorized Access to GitLab CI/CD Configuration Variables Local Disclosure Vulnerability in HPE Nimble Storage Hybrid Flash Arrays and Secondary Flash Arrays Unauthorized Access Vulnerability in NetBatch-Plus Software Title: Remote Authentication Bypass Vulnerability in HPE OfficeConnect Network Switches Local Unauthorized Data Injection Vulnerability in HPE Superdome Flex and Superdome Flex 280 Servers Remote Directory Traversal Vulnerability in HPE OfficeConnect 1820 and 1850 Switch Series HPE OneView for VMware vCenter Vulnerability: Username and Password Disclosure Critical Unauthenticated Java Deserialization Vulnerability in Serviceguard Manager Critical Pre-Authentication Memory Corruption Vulnerability in HPE Serviceguard Critical Unauthenticated Server Side Request Forgery Vulnerability in HPE Serviceguard Manager Local Information Disclosure Vulnerability in HPE Superdome Flex and Superdome Flex 280 Servers Authorization Bypass Vulnerability in Jeg Elementor Kit Plugin for WordPress Remote Host Header Injection and URL Redirection Vulnerabilities in HPE FlexFabric 5700 Switch Series Reflected Cross-Site Scripting (XSS) Vulnerability in iHistorian Data Display of WorkstationST (<v07.09.15) HTTP Response Splitting Vulnerability in WorkstationST (v07.09.15) AM Gateway Challenge-Response Dialog Exploiting the DirectX Graphics Kernel for Privilege Escalation Windows Group Policy Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability NEGOEX Remote Code Execution Vulnerability Exploiting the Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability SharePoint Server Remote Code Execution Vulnerability PowerPoint Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft PowerPoint Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Windows Kernel Privilege Escalation Vulnerability PPTP DoS Vulnerability in Windows OS Windows Kerberos RC4-HMAC Privilege Escalation Vulnerability Kerberos Privilege Escalation Vulnerability in Windows Vulnerability in Azure Arc-enabled Kubernetes Clusters and Azure Stack Edge Devices Windows Common Log File System Driver Privilege Escalation Vulnerability Open Redirect Vulnerability in eolinker apinto-dashboard (VDB-212633) Windows DWM Core Library Privilege Escalation Vulnerability Windows Defender Privilege Escalation Vulnerability Microsoft Endpoint Configuration Manager Spoofing Vulnerability: Exploiting Trust in System Communications Windows Local Session Manager (LSM) Denial of Service Vulnerability: Disrupting System Functionality Windows Mixed Reality Developer Tools Information Disclosure Vulnerability: Exposing Sensitive Data Windows Group Policy Privilege Escalation Vulnerability ADCS Elevation of Privilege Vulnerability LSASS Denial of Service Vulnerability: Disrupting Local Security Authority Subsystem Service Certificate Services Security Feature Bypass in Windows Active Directory Hyper-V Privilege Escalation Vulnerability in Windows Critical SQL Injection Vulnerability in IBAX go-ibax (CVE-2021-212634) Windows DHCP Client Privilege Escalation Vulnerability Windows Event Logging Service Denial of Service Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Windows WLAN Service Privilege Escalation Vulnerability Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Windows Win32k Privilege Escalation Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Critical SQL Injection Vulnerability in IBAX go-ibax (CVE-2021-212635) Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Group Policy Privilege Escalation Vulnerability Windows Group Policy Preference Privilege Escalation Vulnerability Windows Group Policy Preference Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Memory Leak Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Windows Local Session Manager (LSM) Denial of Service Vulnerability: Disrupting System Functionality Windows Group Policy Preference Privilege Escalation Vulnerability Critical SQL Injection Vulnerability in IBAX go-ibax (CVE-2021-212636) Pervasive Windows PPTP Remote Code Execution Vulnerability Unveiling the Microsoft Office Spoofing Vulnerability: A Cloak for Cyber Attacks Windows Resilient File System Privilege Escalation Vulnerability Faxploit: Remote Code Execution Vulnerability in Windows Fax Service Print Spooler Privilege Escalation Vulnerability in Windows Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability SharePoint Server Remote Code Execution Vulnerability SharePoint Server Remote Code Execution Vulnerability Critical SQL Injection Vulnerability in IBAX go-ibax (CVE-2021-212637) Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Raw Image Extension RCE Vulnerability Edge of Danger: Remote Code Execution Vulnerability in Microsoft Edge (Chromium-based) .NET Core and Visual Studio Denial of Service Vulnerability: Exploiting Software to Overwhelm and Disable Systems WSL2 Kernel Privilege Escalation Vulnerability Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows LSA Elevation of Privilege Vulnerability StorSimple 8000 Series Elevation of Privilege Vulnerability AV1 Video Extension RCE Vulnerability Critical SQL Injection Vulnerability in IBAX go-ibax (VDB-212638) Code Execution Vulnerability in Visual Studio Code Telemetry Elevation of Privilege Vulnerability Windows Kernel Privilege Escalation Vulnerability Netlogon RPC Privilege Escalation Vulnerability DFS Information Disclosure Vulnerability in Windows Windows DHCP Client Information Leakage Vulnerability Windows Storage Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows ALPC Privilege Escalation Vulnerability in Windows Cross-Site Scripting (XSS) Vulnerability in eolinker apinto-dashboard (VDB-212639) Windows USB Serial Driver Data Exposure Vulnerability Microsoft WDAC OLE DB Provider for SQL Server RCE Vulnerability Windows Portable Device Enumerator Service Security Bypass Vulnerability Windows Server Registry Information Disclosure Vulnerability Windows Workstation Service Privilege Escalation Vulnerability IKE Protocol Denial of Service Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Cross-Site Scripting (XSS) Vulnerability in eolinker apinto-dashboard Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Windows Secure Channel DoS Vulnerability Domain Admin Privilege Escalation Vulnerability in Active Directory Domain Services Windows Security Support Provider Interface Information Disclosure Vulnerability CD-ROM File System Driver Remote Code Execution Vulnerability in Windows Windows Server Service Privilege Escalation Vulnerability Exposed User Account Information Vulnerability Pervasive Windows PPTP Remote Code Execution Vulnerability Exploiting the Microsoft Office Remote Code Execution Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Authorization Bypass Vulnerability in Jeg Elementor Kit Plugin for WordPress Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Graphics Component Privilege Escalation Vulnerability SharePoint Server Remote Code Execution Vulnerability Session Fixation Vulnerability in Apache Airflow Versions 2.2.4 - 2.3.3 Privilege Escalation Vulnerability in Intel(R) EMA Software CVE-2022-38057 Authenticated Plugin Setting Change Vulnerability in WP Shamsi Plugin <= 4.1.1 CSRF Vulnerability in Access Code Feeder Plugin for WordPress Double Free Vulnerability in Bluetooth HCI: Inconsistent Error Handling Privilege Escalation Vulnerability in OpenStack Kolla Git Master 05194e7618 CSV Injection Vulnerability in Export Post Info Plugin <= 1.2.0 for WordPress CSRF Vulnerability in Metagauss Download Theme Plugin Social Login WP Plugin CSRF Vulnerability Permission Bypass Vulnerability in OpenHarmony-v3.1.2 and Prior Versions Privilege Escalation Vulnerability in OpenStack oslo.privsep Library OS Command Injection Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 Unauthenticated Event Deletion Vulnerability in Totalsoft Event Calendar Plugin Title: Authenticated Stored XSS Vulnerability in Apasionados Export Post Info Plugin <= 1.1.0 for WordPress Default Credentials Vulnerability in CMS8000 Devices: A Gateway to Unauthorized Access and Patient Data Breach Incomplete Fix CVE-2019-13238: Remote Resource Consumption Vulnerability in Axiomatic Bento4 Privilege Escalation Vulnerability in Pop-up Plugin <= 1.1.5 for WordPress Heap Buffer Overflow in ADMesh Master Commit 767a105 and v0.98.4 Authenticated Persistent XSS vulnerability in Awesome Support plugin <= 6.0.7 for WordPress Critical SQL Injection Vulnerability in VeronaLabs WP Statistics Plugin CSRF Vulnerability Exploiting Stored XSS in Mantenimiento Web Plugin <= 0.13 on WordPress Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software CSRF Vulnerability in WP OnlineSupport Essential Plugin Popup Anything Command Injection Vulnerability in Movable Type XMLRPC API Critical Cross-Site Request Forgery (CSRF) Vulnerability in Backup Scheduler Plugin for WordPress Reflected Cross-Site Scripting Vulnerability in Exment and Laravel-Admin Permission Bypass Vulnerability in OpenHarmony-v3.1.2 and Prior Versions BIOS Firmware Vulnerability: Privileged User Information Disclosure via Local Access CSRF Vulnerability in Read more By Adam Plugin for WordPress CSRF Vulnerability in Shortcodes Ultimate Plugin Allows Unauthorized Settings Change BIOS Firmware Vulnerability in Intel Processors: Potential Information Disclosure via Local Access Directory Traversal Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 Stored Cross-Site Scripting Vulnerability in Exment (PHP8 and PHP7) Remote Denial of Service Vulnerability in Axiomatic Bento4's Mp4Tag Component (VDB-212666) Intel(R) Software Guard Extensions Vulnerability: Local Privileged User Information Disclosure Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in All in One SEO Plugin <= 4.2.3.1 for WordPress CentreCOM AR260S V2 Firmware Telnet Function OS Command Injection Vulnerability CSRF Vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce Plugin NULL Pointer Dereference Vulnerability in vmwgfx Driver in Linux Kernel Use-After-Free Vulnerability in Foxit PDF Reader 12.0.1.12430 Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Intel(R) NUC 11 Compute Elements BIOS Firmware Remote Denial of Service Vulnerability in Axiomatic Bento4 (VDB-212667) Remote Code Execution Vulnerability in CMS800 Device Uncontrolled Search Path Vulnerability in Intel(R) NUC Chaco Canyon BIOS Update Software Denial of Service Vulnerability in Intel(R) Converged Security and Management Engine Firmware Insecure Inherited Permissions in Intel(R) NUC Software Studio Service Installer: Privilege Escalation Vulnerability WordPress Options Change Vulnerability in Biplob Adhikari's Accordions Plugin Information Disclosure Vulnerability in Asus RT-AX82U Router's Configuration Service Directory Creation Vulnerability in Serv-U Web Client Versions 15.3.0 to 15.3.1 Disclosure of Sensitive Information through Detailed Technical Error Messages SolarWinds Platform Deserialization of Untrusted Data Vulnerability Stored Cross-Site Scripting Vulnerability in EU Cookie Law for GDPR/CCPA WordPress Plugin Authenticated Reflected Cross-Site Scripting Vulnerability in Database Performance Analyzer (DPA) 2022.4 and Older Releases SolarWinds Platform Deserialization of Untrusted Data Vulnerability Heap Memory Dump Disclosure Vulnerability Server Response Header Disclosure Vulnerability Content-Length Processing Vulnerability: Exploiting HTTP Request Smuggling and XSS Exposed HTTP Methods Vulnerability Hard-coded Database Credentials in Le-yan Personnel and Salary Management System Hard-coded AES Key in Juiker App Allows Unauthorized Decryption and Tampering SQL-Injection Vulnerability in OAKlouds Portal's Meeting Room Insufficient Authentication in UPSMON Pro Login Function Memory Leak Vulnerability in Axiomatic Bento4's mp4encrypt Component (VDB-212678) Path Traversal Vulnerability in UPSMON PRO Allows Unauthorized Access to System Files Insecure Storage of User Passwords in UPSMON PRO Configuration File Cleartext Transmission of Sensitive Data in UPSMON PRO Code Injection Vulnerability in Secomea GateManager Administrator Interface Unintended System State Modification Vulnerability in Secomea SiteManager's Debug Tool FTP Agent modules in Secomea SiteManager Vulnerability: Exploiting Trust in Client Arbitrary File Upload Vulnerability in Keysight Sensor Management Server (SMS) Remote Memory Leak Vulnerability in Axiomatic Bento4's mp4edit Component (VDB-212679) Remote Code Execution Vulnerability in com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() Method Open Redirect Vulnerability in RStudio Connect Command Injection Vulnerability in Linksys MR8300 Router during DDNS Service Registration Sensitive SSH Key Exposure in JetBrains TeamCity (pre-2022.04.3) Customer Reviews for WooCommerce Plugin <= 5.3.5 Authenticated Broken Access Control Vulnerability Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 allows unauthorized users to change plugin settings Uncontrolled Search Path Vulnerability in Intel Compiler for Windows Analytify Plugin <= 4.2.2 CSRF Vulnerability Uninitialized Pointer Vulnerability in Triangle Microworks IEC 61850 and 60870-6 Libraries Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in RD Station Plugin for WordPress Memory Leak Vulnerability in Axiomatic Bento4's mp4decrypt Component (VDB-212680) Arbitrary File Upload Vulnerability in Squirrly SEO Plugin for WordPress Unauthenticated Access to Sales Report Email in Zorem WooCommerce Plugin Deserialization Vulnerability in Delta Electronics InfraSuite Device Master Heap Out-of-Bounds Write Vulnerability in OpenImageIO v2.3.19.0 Processing RLE Encoded BMP Images CSRF Vulnerability in gVectors Team wpForo Forum Plugin XSS Vulnerability in Silverstripe Framework 4.11: Execution of Javascript Payload in Versioned History Compare View Cross-Site Scripting (XSS) Vulnerability in Silverstripe Framework 4.11 (Issue 2 of 3) Cross-Site Scripting (XSS) Vulnerability in Silverstripe Framework 4.11 (Issue 3 of 3) SQL Injection Vulnerability in Silverstripe Framework (Version 4.11) Exposure of Vault Secrets in HashiCorp Consul Template Memory Leak Vulnerability in Axiomatic Bento4's mp4decrypt Component (VDB-212681) Varnish Cache Server Assertion and Automatic Restart Vulnerability Segmentation fault vulnerability in wolfSSL when resuming TLS 1.3 sessions Vulnerability: Denial of Service in TLS 1.2 Handshake Excessive Memory Allocation Vulnerability in Samsung mTower (CVE-2021-XXXX) Remote Command Injection Vulnerability in Kratos SpectralNet NB 1.7.5 and Earlier Memory Leak Vulnerability in Axiomatic Bento4's mp4decrypt Function (VDB-212682) Unrestricted NOR Flash Memory Remapping Vulnerability on Gumstix Overo SBC Reflected Cross-Site Scripting (XSS) Vulnerability in F-Secure Policy Manager Drag and Drop Spoof Vulnerability in F-Secure SAFE Browser for Android and iOS Denial of Service Vulnerability in WithSecure (Issue 3/5) Arbitrary File Write Vulnerability in F-Secure Policy Manager Denial of Service Vulnerability in F-Secure Endpoint Protection Nintex Workflow Plugin 5.2.2.30 for SharePoint XSS Vulnerability Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4: Remote Unauthenticated Login Bypass and Password Reset Remote Memory Leak Vulnerability in Axiomatic Bento4's mp4mux Component (VDB-212683) Insecure Umask Configuration in Apache Airflow Prior to 2.3.4 Integer Overflow in Xpdf JBIG2 Decoder (CVE-2021-30860) XSS Vulnerability in ServiceNow San Diego Patch 3: Exploiting the Name Field in Performance Analytics Dashboard Creation Privilege Escalation via Incorrect Privileges in YSoft SAFEQ 6 Installer Package ECDSA Signature Spoofing Vulnerability: Triggering Memory Leak and Resource Exhaustion EdDSA Signature Spoofing Vulnerability: Triggering Memory Leak and Resource Exhaustion in Target Resolver Reflect File Download Vulnerability in JetBrains Ktor before 2.1.0 Uncontrolled Resource Consumption Vulnerability in GitLab CE/EE Authentication Provider Selection Vulnerability in JetBrains Ktor Vulnerability: Unprivileged Access to Freed Memory in Arm Mali GPU Kernel Driver Improper Access Control Allows Unauthorized Access to Private Issue Titles in Gitea Improper Access Control Vulnerability in Portal for ArcGIS: Remote URL Reading Reflected XSS Vulnerability in Esri Portal for ArcGIS 10.8.1 and Below Unauthenticated Access to Arbitrary URLs in Esri Portal for ArcGIS Reflected XSS Vulnerability in Esri Portal for ArcGIS 10.9.1: Remote Code Execution via Crafted Links Stored Cross Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS Improper Authorization Vulnerability in GitLab CE/EE: Unauthorized Emoji Setting on Internal Notes Stored Cross Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS Configurable Apps HTML Injection Vulnerability in Esri Portal for ArcGIS 10.9.0 and Below Stored Cross Site Scripting (XSS) Vulnerability in Esri Portal for ArcGIS Critical Code Injection Vulnerability in Esri Portal for ArcGIS 10.8.1 and Below Improper Encryption of System Property in Esri Portal for ArcGIS 10.8.1 Allows Local User to Read Sensitive Information Reflected Cross-Site Scripting Vulnerability in Esri ArcGIS Server Versions 10.9.1 and Below Path Traversal Vulnerability in Esri ArcGIS Server Versions 10.9.1 and Prior: Remote Attackers Can Overwrite Internal Directory Unvalidated Redirect Vulnerability in Esri ArcGIS Server 10.9.1 and Below Reflected Cross-Site Scripting Vulnerability in Esri ArcGIS Server Services Directory Remote File Download Vulnerability in Esri ArcGIS Server Web Services Authentication Bypass Vulnerability in GitLab Package Registries Cross Site Scripting (XSS) Vulnerability in ArcGIS Server Versions 10.8.1 and 10.7.1 Unvalidated Redirect Vulnerability in Esri Portal for ArcGIS Quick Capture Web Designer Path Traversal Vulnerability in Esri ArcGIS Server: Unauthorized File Access and Information Disclosure Unhonored Protections in Esri Portal for ArcGIS 10.8.1 and Below: Server-Side Request Forgery (SSRF) Vulnerability Reflected XSS Vulnerability in Esri Portal for ArcGIS Versions 10.8.1 and 10.7.1 Directory Traversal Vulnerability in Esri Portal for ArcGIS Versions 10.9.1 and Below Reflected XSS Vulnerability in Esri Portal for ArcGIS 10.9.1 and Below Reflected XSS Vulnerability in Esri Portal for ArcGIS Versions 10.8.1 and 10.7.1 Unvalidated Redirect Vulnerability in Esri Portal for ArcGIS 11 and Below: Simplifying Phishing Attacks Reflected XSS Vulnerability in Esri Portal for ArcGIS Versions 10.9.1 and Below Off-by-one Error in Systemd's format_timespan() Function Leads to Denial of Service Vulnerability Reflected HTML Injection Vulnerability in Esri Portal for ArcGIS 10.9.1 and Below Unhonored Protections in Esri Portal for ArcGIS 10.9.1 and Below: Server-Side Request Forgery (SSRF) Vulnerability Unhonored Protections in Esri Portal for ArcGIS 10.8.1 and Below: Server-Side Request Forgery (SSRF) Vulnerability Integer Overflow Vulnerability in Mapbox's gl-native Library Stored Cross-Site Scripting Vulnerability in Donations via PayPal WordPress Plugin Remote Injection of Arbitrary Web Script or HTML in Quest KACE Systems Management Appliance (SMA) through 12.1 Buffer Overflow Vulnerability in The Isle Evrima Server (Version 0.9.88.07) Allows Remote Code Execution Use-After-Free Vulnerability in Xpdf 4.04's JBIG2Stream::close() Function Out-of-Bounds Write Vulnerability in w3m 0.5.3's checkType Function Stack Overflow Vulnerability in XPDF Commit ffaf11c Heap-Buffer Overflow Vulnerability in XPDF Commit ffaf11c Heap-Buffer Overflow Vulnerability in XPDF Commit ffaf11c Stored Cross-Site Scripting Vulnerability in Beautiful Cookie Consent Banner WordPress Plugin Floating Point Exception (FPE) Vulnerability in XPDF Commit ffaf11c Heap-Buffer Overflow Vulnerability in XPDF Commit ffaf11c Segmentation Violation Vulnerability in XPDF Commit ffaf11c Segmentation Violation Vulnerability in XPDF Commit ffaf11c Segmentation Violation Vulnerability in XPDF Commit ffaf11c Global-Buffer Overflow Vulnerability in XPDF Commit ffaf11c Heap-Buffer Overflow Vulnerability in XPDF Commit ffaf11c Heap-Buffer Overflow Vulnerability in XPDF Commit ffaf11c Stored Cross-Site Scripting Vulnerability in WP Admin UI Customize WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Nagios XI v5.8.6 System Settings Multiple Cross-Site Scripting (XSS) Vulnerabilities in Nagios XI before v5.8.7 at auditlog.php Cross-Site Scripting (XSS) Vulnerability in Nagios XI v5.8.6 via MTR Component v1.0.4 Critical SQL Injection Vulnerability in Huaxia ERP 2.3 User Management Component (VDB-212792) SQL Injection Vulnerability in Nagios XI v5.8.6 via mib_name Parameter Cross-Site Scripting (XSS) Vulnerability in Nagios XI v5.8.6 via System Performance Settings Page Cross-Site Scripting (XSS) Vulnerability in Nagios XI CCM 3.1.5 via ajax.php SQL Injection Vulnerability in Interview Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in TastyIgniter v3.5.0 D-Link DIR 819 v1.06 Local File Inclusion (LFI) Vulnerability Huaxia ERP Retail Management Component Information Disclosure Vulnerability SQL Injection Vulnerability in Interview Management System v1.0 SQL Injection Vulnerability in Apartment Visitor Management System v1.0 Arithmetic Exception DoS Vulnerability in Leptonica Library (v1.79.0) SQL Injection Vulnerability in School Activity Updates with SMS Notification v1.0 SQL Injection Vulnerability in School Activity Updates with SMS Notification v1.0 SQL Injection Vulnerability in School Activity Updates with SMS Notification v1.0 Critical SQL Injection Vulnerability in Centreon's Contact Groups Form (VDB-212794) SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/article/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/article/list_approve SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/comment/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/contact/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/foldernotice/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/folderrollpicture/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/friendlylink/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/imagealbum/list Stored Cross-Site Scripting Vulnerability in Video Thumbnails WordPress Plugin SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/image/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/site/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/videoalbum/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /admin/video/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /system/department/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /system/menu/list SQL Injection Vulnerability in JFinal CMS 5.1.0 via /system/role/list Stored Cross-Site Scripting Vulnerability in Font Awesome 4 Menus WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in SLiMS Senayan Library Management System v9.4.2 Search Function Multiple Server-Side Request Forgeries in SLiMS Senayan Library Management System v9.4.2 Cross-Site Scripting Vulnerability in Cuppa CMS v1.0 Arbitrary File Upload Vulnerability in Cuppa CMS v1.0 File Manager Authentication Bypass Vulnerability in UCMS v1.6.0 via Cookie Poisoning Server-Side Request Forgery (SSRF) Vulnerability in Appsmith v1.7.11 Allows Attackers to Access AWS Internal Metadata Endpoint Elasticsearch Plugin in Appsmith v1.7.11 Allows Unauthorized Access to AWS/GCP Internal Metadata Endpoint Stored Cross-Site Scripting Vulnerability in WP Page Builder WordPress Plugin Path Traversal Vulnerability in Onedev v7.4.14 Allows Unauthorized File Access SQL Injection Vulnerability in Online Leave Management System v1.0 SQL Injection Vulnerability in Online Leave Management System v1.0 SQL Injection Vulnerability in Online Leave Management System v1.0 Arbitrary File Upload Vulnerability in AeroCMS v0.0.1 via /admin/profile.php Heap-Buffer Overflow Vulnerability in LIEF Commit 5d1d643 Segmentation Violation Vulnerability in LIEF Commit 5d1d643 Command Injection Vulnerability in TOTOLink A700RU V7.4cu.2313_B20191024 Stack Overflow Vulnerability in Tenda AC18 Router v15.03.05.19 and v15.03.05.05 Stored Cross-Site Scripting Vulnerability in reCAPTCHA WordPress Plugin Stack Overflow Vulnerability in Tenda AC18 Router v15.03.05.19 and v15.03.05.05 Stack Overflow Vulnerability in Tenda AC18 Router v15.03.05.19 and v15.03.05.05 via /goform/PowerSaveSet Endpoint Stack Overflow Vulnerability in Tenda AC18 Router v15.03.05.19 and v15.03.05.05 Stack Overflow Vulnerability in Tenda AC18 Router v15.03.05.19 and v15.03.05.05 Stack Overflow Vulnerability in Tenda AC18 Router v15.03.05.19 and v15.03.05.05 Stored Cross-Site Scripting Vulnerability in External Media WordPress Plugin Arbitrary File Upload Vulnerability in Event Management System v1.0 Buffer Overflow Vulnerability in Tenda AC15 and AC18 WiFi Routers Buffer Overflow Vulnerability in Tenda AC15 and AC18 WiFi Routers CSRF Vulnerability in Shopxian CMS 3.0.0 Allows Unauthorized Deletion of Columns Stored Cross-Site Scripting Vulnerability in Fancier Author Box WordPress Plugin Vulnerability: Information Disclosure in OpenWrt HTTP Request Handling Stack Overflow Vulnerability in XPDF v4.04 and Earlier: Catalog::countPageTree() in Catalog.cc Stored XSS Vulnerability in Vtiger CRM v7.4.0 Email Template Modules Unauthenticated Remote Access Vulnerability in MobaXterm Hardcoded Password Leakage Vulnerability in MobaXterm before v22.1 Cross-Site Scripting (XSS) Vulnerability in Safe Software FME Server v2021.2.5 and v2022.0.0.2 and Below Stored Cross-Site Scripting Vulnerability in Google Forms WordPress Plugin Path Traversal Vulnerability in Safe Software FME Server v2021.2.5 and v2022.0.0.2 Lack of Server-Side Validation in Safe Software FME Server v2021.2.5 and Below XML External Entity (XXE) Vulnerability in Safe Software FME Server v2021.2.5 and v2022.0.0.2 and Below Denial of Service Vulnerability in Poppler 22.08.0 Stored Cross-Site Scripting Vulnerability in Kwayy HTML Sitemap WordPress Plugin Privilege Escalation Vulnerability in Suprema BioStar 2 v2.8.16 Deserialization Vulnerability in ThinkPHP v6.0.13 via League\Flysystem\Cached\Storage\Psr6Cache Component Local Area Network (LAN) Information Disclosure Vulnerability in Daikin SVMPC1 and SVMPC2 CSRF Vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl Plugin iFrame Injection Vulnerability in Eyes of Network Web Application Cross-Site Scripting Vulnerabilities in Eyes of Network Web Application Cross-Site Request Forgery Vulnerability in Eyes of Network Web Application Stored Cross-Site Scripting Vulnerability in Seed Social WordPress Plugin Remote Code Execution Vulnerability in Apache Airflow Docker Provider Unauthenticated User Data Export Vulnerability in Netic User Export Add-on for Atlassian Jira Arbitrary Command Injection Vulnerability in Aviatrix Gateway Session ID Attack Vulnerability in Apache IoTDB 0.13.0 Stored Cross-Site Scripting Vulnerability in Uji Countdown WordPress Plugin Unauthenticated Access to Internal Database Structure in Apache IoTDB Grafana-Connector 0.13.0 Vulnerability: Denial of Service in FTP Server Undocumented Command Exploit in FortiTester CLI Cross-Site Scripting (XSS) Vulnerability in FortiDeceptor Management Interface [CWE-79] Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 Fortinet FortiNAC Unauthorized Administrative Operations Vulnerability Cross-site Scripting (XSS) Vulnerabilities in Fortinet FortiNAC Portal UI before 9.4.1 Improper Access Control Vulnerability in FortiManager and FortiAnalyzer Privilege Escalation Vulnerability in Fortinet FortiOS and FortiProxy HTML Injection Vulnerability in FortiSOAR 7.0.0 - 7.0.3 and 7.2.0 Stored Cross-Site Scripting Vulnerability in WPUpper Share Buttons WordPress Plugin Improper Access Control Allows Remote Modification of Interface Settings in FortiOS FortiADC Malformed Request Bypass Vulnerability Improper Input Validation in IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 Arbitrary Command Execution Vulnerability in IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 Improper Access Control in IBM Navigator Mobile Android App (CVE-2021-XXXX) XML External Entity Injection (XXE) Vulnerability in IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 Stored Cross-Site Scripting Vulnerability in Analytics for WP WordPress Plugin Cross-Site Scripting Vulnerability in IBM Business Automation Workflow Weak Cryptographic Algorithms in IBM Spectrum Control 5.4: A Potential Threat to Sensitive Data Resonant-Frequency Attack: Denial of Service Vulnerability in Seagate STDT4000100 5400 RPM Hard Drives Denial of Service Vulnerability in Asus RT-AX82U Router's Configuration Service CentreCOM AR260S V2 Firmware: Remote Command Execution via Hard-Coded Telnet Credentials DLL Hijacking Vulnerability in HP Support Assistant's Fusion Launcher Privilege Escalation Vulnerability in HP Factory Preinstalled Images on Windows 10 Versions 20H2 and Earlier Apache XML Graphics Batik 1.14 - Server-Side Request Forgery (SSRF) Vulnerability Arbitrary OS Command Execution via Serial Connection in SmaCam CS-QR10 and CS-QR20 Stored Cross-Site Scripting Vulnerability in Login for Google Apps WordPress Plugin Remote Unauthenticated Information Disclosure in Mailform Pro CGI 4.3.1 and Earlier Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InCopy Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InCopy Versions 17.3 and Earlier: Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InCopy Versions 17.3 and Earlier: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InCopy Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe InCopy Allows Memory Disclosure Arbitrary Code Execution Vulnerability in Adobe Illustrator Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Unauthenticated SSRF Vulnerability in RHACM Console API Endpoint Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Memory Disclosure Heap-based Buffer Overflow Vulnerability in Adobe Animate Allows Arbitrary Code Execution Adobe Animate Multiple Versions Out-of-Bounds Read Vulnerability Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Heap-based Buffer Overflow Vulnerability in Adobe InDesign Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Code Execution Out-of-Bounds Read Vulnerability in Adobe InDesign Allows Code Execution Arbitrary Code Execution Vulnerability in Adobe ColdFusion Arbitrary File System Read Vulnerability in Adobe ColdFusion Use After Free Vulnerability in Google Chrome Allows Remote Code Execution Use of Hard-coded Credentials Vulnerability in Adobe ColdFusion Allows Unauthorized Service Manipulation Arbitrary Code Execution Vulnerability in Adobe ColdFusion Adobe ColdFusion Path Traversal Vulnerability Adobe ColdFusion Path Traversal Vulnerability Arbitrary File System Write Vulnerability in Adobe ColdFusion Use After Free Vulnerability in Adobe Bridge Allows Memory Disclosure Adobe Photoshop Uninitialized Pointer Vulnerability Adobe Photoshop Uninitialized Pointer Vulnerability Use After Free Vulnerability in Adobe Photoshop Allows Memory Disclosure Out-of-Bounds Read Vulnerability in Adobe Photoshop Allows Code Execution Undocumented Configuration Interface Vulnerability in WAGO Unmanaged Switch (852-111/000-001) Firmware Version 01 Adobe Photoshop Out-of-Bounds Read Vulnerability Out-of-Bounds Read Vulnerability in Adobe Photoshop Allows Code Execution Heap-based Buffer Overflow Vulnerability in Adobe Photoshop Heap-based Buffer Overflow Vulnerability in Adobe Photoshop Use After Free Vulnerability in Adobe Photoshop Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Adobe Illustrator Out-of-Bounds Read Vulnerability in Adobe Illustrator Allows Code Execution Use After Free Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.13.0 and Earlier Webmin 2.001 xterm/index.cgi Cross Site Scripting Vulnerability Adobe Dimension 3.4.5 Out-of-Bounds Read Vulnerability Adobe Dimension 3.4.5 Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Dimension 3.4.5 Allows Arbitrary Code Execution Adobe Dimension 3.4.5 Out-of-Bounds Read Vulnerability Use After Free Vulnerability in Adobe Dimension 3.4.5 Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Dimension 3.4.5 Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Dimension 3.4.5 Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Dimension 3.4.5 Allows Arbitrary Code Execution Use After Free Vulnerability in Adobe Dimension 3.4.5 Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Cross-Site Scripting (XSS) Vulnerability in phpipam Import Preview Handler Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader FreshTomato 2022.5 HTTPD Update.cgi Directory Traversal Arbitrary File Read Vulnerability Netgear Orbi Router RBR750 4.6.8.5 Hidden Telnet Service Command Execution Vulnerability Vulnerability: Lack of Code Obfuscation and Debug Information in CMS8000 Device CSRF Vulnerability in Kraken.io Image Optimizer Plugin for WordPress Sensitive Information Exposure Vulnerability in Ernest Marcinko Ajax Search Lite Plugin <= 4.10.3 Use-After-Free Vulnerability in Linux Kernel's vmwgfx Driver Allows Privilege Escalation and DoS Cleartext Transmission Vulnerability in Netgear Orbi Router RBR750 4.6.8.5 Allows Disclosure of Sensitive Information Stack-based Buffer Overflow in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 HTTPD Downfile.cgi Functionality Notification ID Brute-Force Vulnerability in Workreap WordPress Theme Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in NOTICE BOARD Plugin <= 1.1 for WordPress Broken Access Control Vulnerability in WPML Multilingual CMS Premium Plugin <= 4.5.10 Allows Unauthorized Users to Modify Plugin Settings XSS Vulnerability in Silverstripe Framework 4.11: Crafted Return URL on /dev/build or /Security/login Request Reflected XSS Vulnerability in ServiceNow Logout Functionality Insufficient Protection of Global Private Key in Siemens Industrial Controllers and Software Insecure File Permissions in CoreShield One-Way Gateway Software (All versions < V2.2) Allow Local Privilege Escalation Critical Reflected Cross-Site Scripting (XSS) Vulnerability in CRM Perks Forms WordPress Plugin CSRF Vulnerability in NextGEN Gallery Plugin Allows Thumbnail Alteration Decryption Key Vulnerability: Unauthorized Access to Sensitive Data CSRF Vulnerability in Showing URL in QR Code WordPress Plugin CSRF Vulnerability in Customer Reviews for WooCommerce Plugin XSLT Error Handling Vulnerability Allows Origin Spoofing Inherited Permissions Vulnerability in Thunderbird and Firefox Silent Audio Recording Vulnerability in Firefox for Android Zero-length Array Write Vulnerability in Firefox < 104 Data Race Vulnerability in PK11_ChangePW Function Memory Corruption Vulnerabilities in Firefox ESR, Thunderbird, and Firefox Memory Corruption Vulnerabilities in Firefox and Thunderbird SQL Injection Vulnerability in WP User Merger WordPress Plugin Reflected Cross-site Scripting (XSS) Vulnerability in Mega HOPEX 15.2.0.6110 Mega HOPEX 15.2.0.6110 Link-Manipulation Vulnerability Arbitrary File Upload and Directory Traversal Vulnerability in AgeVolt Portal AgeVolt Portal Directory Traversal Vulnerability SQL Injection Vulnerability in logrocket-oauth2-example Stored Cross-site Scripting (XSS) Vulnerability in EasyVista 2020.2.125.3 and 2022.1.109.0.03 SQL Injection Vulnerability in WP User Merger WordPress Plugin SQL Injection Vulnerability in EasyVista 2020.2.125.3 and 2022.1.109.0.03 Unprotected Against Brute-Force Attacks in EasyVista Versions 2020.2.125.3 and 2022.1.109.0.03 SQL Injection Vulnerability in EasyVista 2020.2.125.3 and 2022.1.109.0.03 RSA-OAEP Decryption Denial of Service Vulnerability in Rhonabwy 0.9.99 through 1.1.x before 1.1.7 Heap-Buffer Overflow Vulnerability in LIEF Commit 365a16a via print_binary() Function Vulnerability: Reachable Assertion Abort in LIEF commit 365a16a via BinaryStream.hpp Segmentation Violation Vulnerability in LIEF Commit 365a16a CSRF Vulnerability in Find and Replace All WordPress Plugin SQL Injection Vulnerability in Wedding Planner v1.0: Exploitable Booking ID Parameter in /admin/budget.php Buffer Overflow Vulnerability in Tenda_TX9pro V22.03.02.10 via httpd/SetNetControlList Component Command Injection Vulnerability in TOTOLINK A810R V5.9c.4050_B20190424 via downloadFile.cgi Component Unauthenticated Download of XLIFF Translation Files in Liferay Portal and Liferay DXP Vulnerability: Cross-Site Request Forgery in VR Calendar Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in UCMS v1.6.0 Import Function Segmentation Violation Vulnerability in Assimp's XFileImporter::CreateMeshes Heap-Buffer Overflow Vulnerability in tinyexr Commit 0647fb3 via rleUncompress Component Title: Client-side Code Injection: Unveiling the Cross-site Scripting (XSS) Vulnerability Stack Overflow Vulnerability in GPAC v2.1-DEV-rev232-gfcaa01ebb-master when Processing ISOM_IOD Remote Command Execution Vulnerability in FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078: Ping Function Privilege Escalation Vulnerability in Micro-Star International Co., Ltd MSI Center 1.0.50.0 Heap-buffer-overflow in bfd_getl32 function in GNU Binutils before 2.40 Remote Code Execution (RCE) Vulnerability in TOTOLINK-720R v4.1.5cu.374 via setdiagnosicfg Function Remote Code Execution (RCE) Vulnerability in TOTOLINK-720R v4.1.5cu.374 via setTracerouteCfg Function Multiple SQL Injection Vulnerabilities in Archery v1.4.5 to v1.8.5 via binlog2sql Interface Parameters SQL Injection Vulnerability in Archery v1.7.0 to v1.8.5 via Checksum Parameter in Report Module SQL Injection Vulnerability in Archery v1.7.5 to v1.8.5 via the where Parameter at /archive/apply Ceph RGW Denial of Service Vulnerability SQL Injection Vulnerability in Archery v1.4.0 to v1.8.5 via ThreadIDs Parameter in create_kill_session Interface Multiple SQL Injection Vulnerabilities in Archery v1.8.3 to v1.8.5 via start_time and stop_time Parameters in my2sql Interface SQL Injection Vulnerability in Archery v1.4.0 to v1.8.5 via ThreadIDs Parameter in kill_session Interface Remote Code Execution Vulnerability in Valine v1.4.18 via Crafted POST Request Unauthenticated Access to DNS Server in Zyxel NBG7510 Firmware Command Injection Vulnerability in Zyxel ZyWALL/USG Series Firmware Stored Cross-Site Scripting Vulnerability in 404 to Start WordPress Plugin Stored XSS Vulnerability in Jeesns v2.0.0 /weibo/list Component Reflected XSS Vulnerability in Academy Learning Management System (v5.9.1 and earlier) via Search Parameter Buffer Overflow Vulnerability in Linksys E1200 v1.0.04: Exploiting ej_get_web_page_name Static Default Credential Vulnerability in Trendnet TEW733GR v1.03B01 Static Default Credential Vulnerability in D-Link DIR845L v1.00-v1.03 SQL Injection Vulnerability in Comic Book Management System WordPress Plugin Heap Buffer Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - DoS via lan Parameter Heap Buffer Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - DoS via MACAddr Parameter Buffer Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - DoS via formSetPicListItem Function Heap Buffer Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - Exploiting formEmailTest Function Heap Buffer Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - Exploiting formEmailTest Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - DoS via authIPs Parameter Heap Buffer Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - Denial of Service via hostname parameter Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - formDelAd Function Vulnerability in libpng 1.6.38: Segmentation Fault and Denial of Service in png_setup_paeth_row() Function Stack Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - DoS via adPushUID Parameter Buffer Overflow Vulnerability in Tenda M3 V1.0.0.12(4856) - formSetGuideListItem Function Buffer Overflow Vulnerability in 10-Strike Network Inventory Explorer v9.3 via Add Computers Function SQL Injection Vulnerability in Interview Management System v1.0 Insecure Permissions in ProcessMaker User Profile Page Allows User Escalation to Administrators SQL Injection Vulnerability in Floating Chat Widget WordPress Plugin Zalando Skipper v0.13.236 SSRF Vulnerability Arbitrary File Write Vulnerability in Watchdog Antivirus v1.4.158 Vulnerability: Unauthorized Access to Sage 300 Credentials and SQL Database Uncontrolled Search Path Vulnerability in Trellix Agent for Windows SQL Injection Vulnerability in Church Management System v1.0 SQL Injection Vulnerability in Church Management System v1.0 Information Leak Vulnerability in Teleport v3.2.2, v3.5.6-rc6, and v3.6.3-b2 via /user/get-role-list Web Interface SQL Injection Vulnerability in Visual Email Designer for WooCommerce WordPress Plugin Memory Leak Vulnerability in Mplayer SVN-r38374-13.0.1 via vf.c and vf_vo.c Arbitrary File Deletion Vulnerability in Wacom Driver 6.3.46-1 for Windows and Lower SQL Injection Vulnerability in Church Management System v1.0 via id parameter at /admin/edit_event.php SQL Injection Vulnerability in Garage Management System v1.0 Vulnerability: PHP Object Injection in Betheme WordPress Theme (up to version 26.5.1.4) SQL Injection Vulnerability in Garage Management System v1.0 DLL Hijacking Vulnerability in Watchdog Anti-Virus v1.4.158 Path Traversal Vulnerability in SmartVista Cardgen v3.28.0 Allows Unauthorized File Access Arbitrary File Listing and Download Vulnerability in SmartVista Cardgen v3.28.0 Multiple SQL Injection Vulnerabilities in SmartVista SVFE2 v2.2.22 SQL Injection Vulnerability in SmartVista SVFE2 v2.2.22 via UserForm:j_id90 Parameter SQL Injection Vulnerability in SmartVista SVFE2 v2.2.22 via voiceAudit:j_id97 Parameter SQL Injection Vulnerability in SmartVista SVFE2 v2.2.22 SQL Injection Vulnerability in SmartVista SVFE2 v2.2.22 via UserForm:j_id90 Parameter Stored Cross-Site Scripting Vulnerability in Livemesh Addons for Elementor WordPress Plugin Remote Code Execution (RCE) Vulnerability in Doufox v0.0.4 via Edit File Page Insufficient Firmware Validation in Patlite NH-FB v1.46 and Below Allows Injection of Malicious Code SQL Injection Vulnerability in Nortek Linear eMerge E3-Series Cross-Site Scripting (XSS) and Local Session Fixation Vulnerability in Nortek Linear eMerge E3-Series High Severity Use After Free Vulnerability in Google Chrome Browser History DLL Hijacking Vulnerability in Genymotion Desktop v3.2.1 Allows Privilege Escalation and Arbitrary Code Execution Multiple SQL Injection Vulnerabilities in Hospital Management System v1.0 Login Page Arbitrary File Write Vulnerability in Casdoor v1.97.3 via fullFilePath Parameter Cross-Site Scripting (XSS) Vulnerability in Markdown-Nice v1.8.22 via Crafted Payload in Community Posting Field Relion Update Package Signature Validation Vulnerability Apache XML Graphics Batik 1.14 Server-Side Request Forgery (SSRF) Vulnerability OS Command Injection vulnerability in Apache Airflow Pinot Provider SQL Injection Vulnerability in WP User Merger WordPress Plugin Title: Remote Unauthenticated Insecure Deserialization Vulnerability in Unsupported VMware Hyperic Server 5.8.6 Authentication Bypass Vulnerability in Unsupported VMware Hyperic Server 5.8.6 Remote Insecure Deserialization Vulnerability in Unsupported VMWare Hyperic Agent 5.8.6 Unencoded XSS Payload Vulnerability in HCL Digital Experience Information Disclosure Vulnerability in HCL Domino: Unauthorized Access to User Attributes Vulnerability: Lack of Controls for Non-Master Operators in BigFix WebUI Remote Code Execution and Administrative Privilege Escalation Vulnerability in HCL Commerce with Elasticsearch Open Redirect Vulnerability in Feedback Action on Manager Page Clear Text Disclosure of SMTP Sensitive Data in BigFix Notification Service Windows Vulnerability: Insecure Encryption of Operator Credentials Workload Identity Token Information Disclosure Vulnerability Unauthenticated Cross Site Request Forgery (CSRF) Vulnerability in HCL XPages Applications Local Privilege Escalation Vulnerability in HCL Workload Automation URL Redirection Vulnerability in HCL Digital Experience Jenkins Git Plugin Credential Masking Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Job Configuration History Plugin Unencrypted Storage of RabbitMQ Password in Jenkins CollabNet Plugins Plugin Unconditional SSL/TLS Certificate and Hostname Validation Disabling in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and Earlier Use-After-Free and Code Execution Vulnerability in Crow HTTP Applications Uninitialized Stack Memory Disclosure in Crow HTTP Applications Missing Permission Check in SoundRecorder Service Allows Elevation of Privilege in Contacts Service Token Garbage Collection Vulnerability in HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 Missing Permission Check in SoundRecorder Service Allows Elevation of Privilege in Contacts Service Camera Driver Vulnerability: Out of Bounds Write Leading to Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Face Detect Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Face Detect Driver: Local Denial of Service in Kernel Potential Denial of Service Vulnerability in WLAN Driver GPU Driver Vulnerability: Out-of-Bounds Write Leading to Local Denial of Service in Kernel GPU Driver Vulnerability: Out-of-Bounds Write Leading to Local Denial of Service in Kernel Cell Service Vulnerability: Missing Permission Check Enables Local Denial of Service Missing Permission Check in Contacts Service: Local Denial of Service Vulnerability Local Denial of Service Vulnerability in Music Service: Missing Permission Check Critical SQL Injection Vulnerability in SourceCodester Sanitization Management System (VDB-213012) Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Missing Permission Check in Contacts Service: Local Denial of Service Vulnerability Missing Permission Check in Contacts Service: Local Denial of Service Vulnerability Missing Permission Check in Contacts Service: Local Denial of Service Vulnerability Bluetooth Service Vulnerability: Local Denial of Service without Execution Privileges Potential Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in Messaging Service: Missing Permission Check Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure via Missing Permission Check Code Injection Vulnerability in froxlor/froxlor prior to 0.10.38.2 Memory Corruption Vulnerability in Camera Driver: Local Denial of Service Exploit Unauthenticated Access to Provider in Messaging Service Allows Unauthorized Contact Service Access Missing Permission Check in Messaging Service Allows Elevation of Privilege in Contacts Service Insufficient Validation in Armoury Crate Service's Logging Function Allows System File Overwrite Unauthenticated User Avatar Download Vulnerability in GitLab Permission Bypass Vulnerability in OpenHarmony-v3.1.1 and Prior Versions Allows LAN Attackers to Control Camera Service Heap Overflow Vulnerability in OpenHarmony-v3.1.2 and Prior Versions: Exposing Network Sensitive Information CSV Injection vulnerability in Nakashima Masahiro WP CSV Exporter Max Foundry Button Plugin MaxButtons Plugin <= 9.2 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in SEO Redirection Plugin Allows Deletion of 404 Errors and Redirection History IBM CICS TX 11.1 Standard and Advanced Remote Reverse Tabnabbing Vulnerability Insufficient Session Expiration in IBM Cognos Command Center 10.2.4.1 Server-Side Request Forgery (SSRF) Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Cross-Site Scripting (XSS) Vulnerability in IBM Robotic Process Automation for Cloud Pak Information Disclosure Vulnerability in IBM Robotic Process Automation 21.0.1 and 21.0.2 SOAPAction Spoofing Vulnerability in IBM WebSphere Application Server Sensitive Credential Information Exposure in IBM DataStage on Cloud Pak for Data Remote Code Execution Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 HTTPD Shell.cgi CSRF Vulnerability in StylemixThemes Motors Plugin Off-by-one Read/Write Vulnerability in QEMU's SDHCI Device Path Traversal through HTML Injection in Gravitee API Management before 3.15.13 Cross-Site Scripting (XSS) Vulnerability in Silverstripe Framework and Asset Modules Integer Overflow Vulnerability in One Identity syslog-ng DOM-based Cross-site Scripting (XSS) Vulnerability in jgraph/drawio prior to 20.5.2 Symlink Vulnerability in Docker Desktop for Windows Allows File Overwrite Directory Traversal and File Enumeration Vulnerability in Qaelum DOSE SnapCenter versions prior to 4.7 Vulnerability: Missing Content Security Policy (CSP) Implementation Authentication Bypass Vulnerability in OnCommand Insight Data Warehouse Component Denial of Service (DoS) Vulnerability in StorageGRID Command Injection Vulnerability in Foreman Heap-Based Buffer Overflow in Rockwell Automation ThinManager ThinServer Improper Access Control Vulnerability in Rockwell Automation FactoryTalk VantagePoint Denial of Service Vulnerability in Rockwell Automation FactoryTalk Alarm and Events Service Arbitrary Java Code Execution Vulnerability in Apache OpenOffice Denial of Service Vulnerability in snakeYAML YAML Parser Critical Authentication Bypass Vulnerability in Click Studios Passwordstate and Passwordstate Browser Extension Chrome (VDB-216244) Denial of Service Vulnerability in snakeYAML YAML Parser Denial of Service Vulnerability in snakeYAML YAML Parser Denial of Service Vulnerability in snakeYAML YAML Parser Patch Released to Address Multi-Factor Authentication Bypass Vulnerability Cross-Site Scripting Vulnerability in Micro Focus Operations Bridge Manager and Containerized User Enumeration Vulnerability in Micro Focus Filr (Versions Prior to 4.3.1.1) Sensitive Information Exposure in Micro Focus GroupWise Web Unauthorized Administrative Actions Vulnerability in Micro Focus ZENworks 2020 Update 3a and Prior Versions NetIQ iManager Cross-Site Scripting (XSS) Vulnerability Authorization Bypass Vulnerability in Click Studios Passwordstate and Passwordstate Browser Extension Privilege Escalation Vulnerability in Trend Micro HouseCall Unauthenticated Access to Imaging Records in Canon Medical Informatics Vitrea Vision 7.7.76.1 Vulnerability: Replay Attack on Renault ZOE 2021 Remote Keyless System Vulnerability: Denial of Service in Wind River VxWorks 6.9 and 7 during IP Radius Access Procedure Remote Authorization Bypass in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 Cleartext Password Retrieval Vulnerability in Transtek Mojodat FAM 2.4.6 Cross-Site Scripting (XSS) Vulnerability in Click Studios Passwordstate and Passwordstate Browser Extension Chrome (VDB-216246) Data Leakage Vulnerability in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 Remote Code Injection Vulnerability in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 Remote Code Execution Vulnerability in Zoho ManageEngine Products Vulnerability: Lack of Immutable Root of Trust in Hardware allows for Arbitrary Code Execution Privilege Escalation Vulnerability in Elastic Endpoint Security and Elastic Endgame for Windows Privilege Escalation Vulnerability in Elastic Endpoint Security for Windows Privilege Escalation Vulnerability in Elastic Endpoint Security for Windows Kibana Server Crash Vulnerability (CVE-2022-38900) Open Redirect Vulnerability in Kibana Allows Arbitrary Website Redirection Critical SQL Injection Vulnerability in Maxon ERP (VDB-213039) Integer Overflow in Poppler's JBIG2 Decoder (CVE-2022-38171) Escalation of Privilege Vulnerability in Intel Battery Life Diagnostic Tool Software Firmware Vulnerability in Intel(R) FPGA Products: Local Privilege Escalation via Improper Input Validation Outdated Bluetooth Pairing Mechanisms in Nokia FastMile 5G Receiver: PIN and LTK Retrieval Vulnerability Insecure Direct Object Reference Vulnerability in Airties Smart Wi-Fi Unauthenticated Plugin Installation and Activation Vulnerability in Car Dealer WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Weave GitOps Enterprise before 0.9.0-rc.5 Deadlock vulnerability in MariaDB's compress_write function Exotel-Py Package Backdoor Vulnerability Directory Traversal Vulnerability in Zaver (CVE-2020-12-15) Gitea through 1.17.1: Vulnerability in Repo Cloning during Migration Function Host Header Injection Vulnerability in Feehi CMS 2.1.1: Exploiting Password Reset Emails Arbitrary Plugin Installation and Activation Vulnerability in Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress Plugin Blind Cross-Site Scripting Vulnerability in Zkteco BioTime < 8.5.3 Build:20200816.447 Vulnerability: Incorrect Access Control and XSS Exploit in Zkteco BioTime PDF Generator Vulnerability: Incorrect Access Control and XSS Exploit in Zkteco BioTime SQL Injection Vulnerability in ywoa v6.1 via backend/oa/visual/exportExcel.do Interface Arbitrary Plugin Installation and Activation Vulnerability in WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript Errors, File Permissions, Transients, Error Log WordPress Plugin SQL Injection Vulnerability in AeroCMS 0.1.1 via author parameter Unrestricted Access to Admin Dashboard in PHPGurukul Blood Donor Management System 1.0 Stored XSS Vulnerability in FiberHome AN5506-02-B vRP2521's auth_settings Component Dapr Dashboard Incorrect Access Control Vulnerability Arbitrary Plugin Installation and Activation Vulnerability in Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress Plugin Hard Coded Root Password Vulnerability in TOTOLINK T6 V4.1.5cu.709_B20210518 Arbitrary Command Execution Vulnerability in TOTOLINK T6 V4.1.5cu.709_B20210518's cstecgi.cgi Buffer Overflow Vulnerability in TOTOLINK T6 V4.1.5cu.709_B20210518 via cstecgi.cgi Command Injection Vulnerability in TOTOLINK T6 V4.1.5cu.709_B20210518 via cstecgi.cgi Buffer Overflow Vulnerability in Tenda RX9_Pro V22.03.02.10 via httpd/setMacFilterCfg Arbitrary Plugin Installation and Activation Vulnerability in Block Bad Bots WordPress Plugin Buffer Overflow Vulnerability in Tenda RX9_Pro V22.03.02.10 via httpd/setIPv6Status Buffer Overflow Vulnerability in Tenda RX9_Pro V22.03.02.10 via httpd/SetNetControlList SQL Injection Vulnerability in School Activity Updates with SMS Notification v1.0 SQL Injection Vulnerability in School Activity Updates with SMS Notification v1.0 Hitachi Ops Center Analyzer Windows Local File Read/Write Vulnerability XML External Entity (XXE) Vulnerability in Güralp MAN-EAM-0003 3.2.4: Local File Disclosure via cgi-bin/xmlstatus.cgi Linksys AX3200 1.1.00 - Authenticated OS Command Injection via Diagnostics Traceroute Unrestricted File Upload Vulnerability in EspoCRM version 7.1.8 CSV Injection in Create Contacts in EspoCRM 7.1.8: Remote Command Execution via Malicious CSV Payloads Cross-Site Scripting (XSS) Vulnerability in EspoCRM 7.1.8 Import Feature Missing Secure Flag in EspoCRM version 7.1.8 allows for Cookie Capture via MITM Attack Remote Code Execution Vulnerability in V8 Engine in Google Chrome Divide By Zero Vulnerability in MPlayer Project mencoder SVN-r38374-13.0.1 Out-of-bounds Read Vulnerability in The MPlayer Project's read_meta_record() Function Buffer Overflow Vulnerability in MPlayer Project's libmpdemux/asfheader.c Buffer Overflow Vulnerability in MPlayer Project's gen_sh_video() Function Buffer Overflow Vulnerability in MPlayer Project's mov_build_index() Function Buffer Overflow Vulnerability in MPlayer Project's mov_build_index() Function Use After Free Vulnerability in Speech Recognition in Google Chrome Divide By Zero Vulnerability in MPlayer Project's demux_open_avi() Function Memory Corruption Vulnerability in MPlayer Project mplayer SVN-r38374-13.0.1 via free_mp_image() Function Buffer Overflow Vulnerability in MPlayer Project's libaf/af.c:639 Buffer Overflow Vulnerability in MPlayer Project's libmpdemux/mpeg_hdr.c Buffer Overflow Vulnerability in MPlayer Project's mp_unescape03() Function Divide By Zero Vulnerability in The MPlayer Project's demux_avi_read_packet Function Buffer Overflow Vulnerability in MPlayer Project's libmpdemux/aviheader.c Arbitrary Code Execution via SQL Injection in rttys versions 4.0.0-4.0.2 Arbitrary Code Execution via SQL Injection in Ehoney version 2.0.0 Use After Free Vulnerability in Web Workers in Google Chrome Information Disclosure Vulnerability in Free5gc v3.2.1 AMF Malfunction Caused by Malformed NAS Messages in Free5gc v3.0.5 Firmware Header Modification Denial of Service Vulnerability in D-Link Devices Arbitrary Code Execution Vulnerability in Garage Management System v1.0 SQL Injection Vulnerability in School Activity Updates with SMS Notification v1.0 WebCodecs Use After Free Vulnerability in Google Chrome Code-Execution Backdoor Vulnerability in d8s-urls Python Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-archives for Python: Democritus-Strings Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-json Python Package (Version 0.1.0) Potential Code-Execution Backdoor in d8s-math Python Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-grammars for Python Potential Code-Execution Backdoor in d8s-netstrings Python Package (Version 0.1.0) Potential Code-Execution Backdoor in d8s-xml Python Package (Version 0.1.0) Potential Code-Execution Backdoor in d8s-python Package (Version 0.1.0) Distributed on PyPI Type Confusion Vulnerability in V8 Allows Remote Heap Corruption Segmentation Violation Vulnerability in Nginx NJS v0.7.7 Heap Buffer Overflow in Crashpad in Google Chrome on Android Prior to 107.0.5304.106: Remote Sandbox Escape Vulnerability Improper Input Validation in decode-uri-component 0.2.0 leads to DoS Vulnerability Arbitrary Script Injection in Liferay Digital Experience Platform 7.3.10 SP3 Document and Media Module Cross-site Scripting (XSS) Vulnerability in Liferay Digital Experience Platform 7.3.10 SP3 Blog Module Arbitrary Post Access Vulnerability in WP FullCalendar WordPress Plugin File Upload Vulnerability in Pagekit 1.0.18: Exploiting Storage Feature for Malicious File Upload Stored Cross-Site Scripting Vulnerability in WP OAuth Server Plugin BluePage CMS 3.9 - MySQL Injection via Insufficiently Sanitized Cookie Value BluePage CMS v3.9 User-Agent MySQL Injection Vulnerability Null Pointer Dereference Vulnerability in XPDF 4.04 FoFiType1C.cc:2393 Arbitrary HTML Injection in BlueSpiceCustomMenu Extension: Cross-Site Scripting (XSS) Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in fetch_net_file_upload Function of baijiacmsV4 v4.1.4 Global Overflow in readelf in ToaruOS 2.0.1: Remote Code Execution Vulnerability Arbitrary Address Read Vulnerabilities in ToaruOS 2.0.1's readelf Privilege Escalation Vulnerability in NiterForum 2.5.0-beta SEGV Vulnerability in PBC's pbc_wmessage_integer Function CSRF Vulnerability in WP OAuth Server WordPress Plugin XSS Vulnerability in Common User Interface Component Firmware Modification Vulnerability on Netgear WPN824EXT WiFi Range Extender Firmware Downgrade Vulnerability on Netgear WPN824EXT WiFi Range Extender Reflected Cross-Site Scripting Vulnerability in WP Affiliate Platform Plugin (Versions up to 6.3.9) Stored Cross-Site Scripting Vulnerability in WP Affiliate Platform Plugin Predictable Device IDs in ieGeek IG20 hipcam RealServer V1.0 Allow Remote Access Stored XSS Vulnerability in ThemeKraft Post Form Plugin Arbitrary Script Injection Vulnerability in Movable Type A-Form Plugin Intel(R) Arc(TM) Graphics Cards A770 and A750 Limited Edition: Local Access Denial of Service and Information Disclosure Vulnerability Broken Access Control Vulnerability in WPML Multilingual CMS Premium Plugin <= 4.5.10 Allows Unauthorized Users to Change Translation Job Status DOM-based Cross-Site Scripting Vulnerability in EC-CUBE 4 Series Heap Overflow Vulnerability in HwAirlink Module Configuration Defects in Secure OS Module: A Threat to Data Confidentiality Configuration Defects in Secure OS Module: A Threat to Data Confidentiality Cross-Site Request Forgery Vulnerability in WP Affiliate Platform Plugin Heap Overflow Vulnerability in HwAirlink Module Allows Unauthorized Process Control Permissions Out-of-Bounds Read Vulnerability in HwAirlink Module: Risk of Information Leakage Fingerprint Module Service Logic Errors: Phone Lock Bypass Vulnerability BT Hfp Client Module Use-After-Free (UAF) Vulnerability Kernel Space Data Verification Vulnerability Critical Vulnerability in Facial Recognition Module: Data Confidentiality at Risk Kernel Space Data Bypass Vulnerability in HIPP Module Configuration Defects in Secure OS Module: A Threat to System Availability Configuration Defects in Secure OS Module: A Threat to Data Confidentiality Configuration Defects in Secure OS Module: A Threat to System Availability CSRF Vulnerability in 3dprint WordPress Plugin Configuration Defects in Secure OS Module: A Threat to System Availability Configuration Defects in Secure OS Module: A Threat to Data Confidentiality Configuration Defects in Secure OS Module: A Threat to Data Confidentiality Configuration Defects in Secure OS Module: A Threat to System Availability Configuration Defects in Secure OS Module: A Threat to Data Confidentiality Configuration Defects in Secure OS Module: A Threat to System Availability Configuration Defects in Secure OS Module: A Threat to System Availability Configuration Defects in Secure OS Module: A Threat to Data Confidentiality HISP Module Out-of-Bounds Read Vulnerability Improper Reference Count Update in AOD Module: A Threat to Data Integrity, Confidentiality, and Availability Unauthenticated PHP Object Injection in Cooked Pro WordPress Plugin iAware Module Vulnerability: Automatic Execution of Malicious Apps on System Startup Path Traversal Vulnerability in Number Identification Module: Risk of Data Disclosure Double Free Vulnerability in Storage Module: Memory Double Free Exploitation Critical Buffer Overflow Vulnerability in Video Framework Jeopardizes Confidentiality and Integrity MPTCP Module Memory Leak Vulnerability MPTCP Module Memory Leak Vulnerability Race Condition Vulnerability in MPTCP Module Leading to Device Restart Location Module Privilege Escalation Vulnerability NFC Module Bundle Serialization/Deserialization Vulnerability WLAN Module Permission Verification Vulnerability: Potential Impact on WLAN Functionality by Third-Party Apps Prototype Pollution in Visioweb.js 1.10.6: Exploiting XSS on Client System Vulnerability in HwChrService Module Allows Disclosure of User Network Information Kernel Space Data Bypass Vulnerability in HISP Module Improper Input Validation Vulnerability in Huawei Aslan Children's Watch Authenticated Attacker Exploits OS Credential Vulnerability: Impact on Confidentiality, Integrity, and Availability Unencrypted Sensitive Parameter Access in SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - Version 430 BOE AdminTools/BOE SDK Information Disclosure Vulnerability Account Takeover Vulnerability in M-Files Hubshare: JavaScript Injection in PDF Upload Cross-Site Scripting (XSS) Vulnerability in M-Files Hubshare before 3.3.10.9 Unauthenticated Access to Restricted PDF Files in M-Files Hubshare Unauthenticated File Upload Vulnerability in PDFtron WebviewerUI Webhook Secret Token Exposure Vulnerability in GitLab Critical Cross-Site Scripting Vulnerabilities Found in Application's Key Features U-Office Force Login Open Redirect Vulnerability U-Office Force Download Path Traversal Vulnerability U-Office Force Download Path Traversal Vulnerability Insufficient Filtering in U-Office Force Bulletin Function Allows for XSS Attack Insufficient Filtering in U-Office Force PrintMessage Function Allows for XSS Attack Insufficient Filtering of Special Characters in U-Office Force UserDefault Page: XSS Vulnerability Insufficient Filtering in U-Office Force Forum Allows for Stored XSS Attack NULL Pointer Dereference Vulnerability in telnetd Inadequate Authorization in Smart eVision Database Query Function Infrared Transceiver USB Driver Vulnerability: Denial of Service and System Crash Inadequate Authorization in smart eVision Allows Unauthorized Access to Sensitive Information Insufficient Authorization in Smart eVision Allows Unauthorized Acquisition of Session IDs Improper Privilege Management Vulnerability in Smart eVision Path Traversal Vulnerability in Smart eVision's File Acquisition Function Allows Unauthorized Access and File Manipulation Path Traversal Vulnerability in Smart eVision's Report API Allows Unauthorized Access and File Download Stored Cross-Site Scripting (XSS) Vulnerability in Smart eVision's POST Data Parameter Insufficient Filtering in Agentflow BPM File Upload Function Allows Arbitrary Code Execution Agentflow BPM File Download Path Traversal Vulnerability Improper Authentication in Agentflow BPM Enterprise Management System Allows Arbitrary Account Privilege Escalation Inadequate Filtering in aEnrich's a+HRD Allows for SSRF and Command Injection Attacks Arbitrary Web Script Injection in MonsterInsights WordPress Plugin Path Traversal Vulnerability in aEnrich a+HRD Log Read Function Allows Unauthorized File Downloads Insufficient User Input Validation in aEnrich a+HRD API Parameter Allows for SQL Injection Improper Validation in aEnrich a+HRD Login Function Allows Unauthenticated Remote Attackers to Bypass Authentication and Execute Arbitrary Commands Unauthenticated Physical Attackers Can Access Sensitive User Information via Juiker App's Debug Logs Hidden Functionality Vulnerability in Multiple Buffalo Network Devices Arbitrary File Upload Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 Uninitialized Memory Disclosure in glibc's syslog Function Buffer Overflow Vulnerability in Freeciv Modpack Installer Utility XSS Vulnerability in ServiceNow UI Page assessment_redirect URL Manipulation Vulnerability in OTRS Allows for JavaScript Execution Stored JavaScript Execution in OTRS via Customer URL and External Data Sources Unverified 3rd Party Package Exploit: Remote Code Execution in Template Toolkit Email Bombing Vulnerability: Potential Denial of Service (DoS) Exploit Insufficient Filtering in Heimavista Rpage Allows for XSS Attack Insufficient Filtering for Special Characters in Cowell Enterprise Travel Management System Allows XSS Attack Inadequate Filtering in RAVA Certificate Validation System Allows SSRF Attack for Network Topology Discovery Insufficient Validation in RAVA Certificate Validation System Allows Remote SQL Injection Insufficient Filtering in RAVA Certificate Validation System Allows Remote Command Execution Path Traversal Vulnerability in RAVA Certification Validation System Allows Unauthorized Access to System Files Path Traversal Vulnerability in ChangingTech MegaServiSignAdapter Component Stored Cross-Site Scripting Vulnerability in Easy Form Builder WordPress Plugin Improper Input Validation in ChangingTech MegaServiSignAdapter Component Allows Remote Registry Modification and System Takeover Out-of-bounds Read Vulnerability in ChangingTech MegaServiSignAdapter Component Privilege Escalation Vulnerability in SICAM TOOLBOX II (All versions < V07.10) Buffer Overflow Vulnerability in Open5GS UPF Vulnerability: Zigbee Frame Replay Attack Causes TRÅDFRI Bulb Factory Reset Zigbee Frame Malformation Vulnerability: Disruption of TRÅDFRI Gateway and Lighting Control SQL Injection Vulnerability in ZTE MF286R Phonebook Interface ZTE MF286R Buffer Overflow Vulnerability Allows for Denial of Service Attacks SQL Injection Vulnerability in ZTE ZAIP-AIE: Leakage of Table Content Time-based attacks in API key validation function in Clerk WordPress plugin before 4.0.0 ZTE PON OLT Products Access Control Vulnerability: Unauthorized Remote Device Access Unauthorized Access Vulnerability in ZTE Mobile Phones Allows Malicious Application Overwrite Stored XSS Vulnerability in ZTE Mobile Internet Products via SQL Injection Command Injection Vulnerability in ZTE MF286R: Arbitrary Command Execution Unauthenticated Access Vulnerability in ZTE Mobile Phones Allows Unauthorized Application Interface Invocation Unauthorized Access Vulnerability in ZTE Mobile Phones Allows Malicious App to Delete System Files Reflected Cross-Site Scripting in Helloprint WordPress Plugin Missing Permission Check in Messaging Service Allows Elevation of Privilege in Contacts Service Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Missing Permission Check in Network Service: Local Escalation of Privilege Vulnerability Possible Out of Bounds Read Vulnerability in mlog Service Stored Cross-Site Scripting Vulnerability in Add Comments WordPress Plugin Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Power Management Service Vulnerability: Missing Permission Check Allows Unauthorized Setup Power Management Service Vulnerability: Unauthorized Setup Access Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Power Management Service Vulnerability: Unauthorized Setup Access Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Power Management Service Vulnerability: Unauthorized Setup Access Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Use After Free vulnerability in Linux Kernel allows Privilege Escalation Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Power Management Service Vulnerability: Missing Permission Check Allows Unauthorized Setup Power Management Service Vulnerability: Unauthorized Setup without Execution Privileges Missing Permission Check in Gallery Service: Local Denial of Service Vulnerability Missing Permission Check in Contacts Service: Local Denial of Service Vulnerability Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Missing Permission Check in Soundrecorder Service Allows for Privilege Elevation Missing Permission Check in Music Service: Elevation of Privilege Vulnerability Missing Permission Check in Music Service: Elevation of Privilege Vulnerability Privilege Escalation and Unauthorized Access in iubenda WordPress Plugin Missing Permission Check in Music Service: Elevation of Privilege Vulnerability Missing Permission Check in Music Service: Elevation of Privilege Vulnerability Local Denial of Service Vulnerability in Music Service: Missing Permission Check Local Denial of Service Vulnerability in Music Service: Missing Permission Check Local Denial of Service Vulnerability in Music Service: Missing Permission Check Local Denial of Service Vulnerability in Music Service: Missing Permission Check Out of Bounds Write Vulnerability in sprd_sysdump Driver Leading to Local Denial of Service in Kernel Critical Vulnerability: Local Information Disclosure Exploit in Messaging Service Out of Bounds Write Vulnerability in sprd_sysdump Driver Leading to Local Denial of Service in Kernel Local Privilege Escalation Vulnerability in Network Service Unrestricted File Upload Vulnerability in User Registration WordPress Plugin Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service in Kernel Out of Bounds Write Vulnerability in Face Detect Driver: Local Denial of Service in Kernel Insecure Certificate Validation in Rapid7 Nexpose and InsightVM Update Server Out of Bounds Write Vulnerability in Face Detect Driver: Local Denial of Service in Kernel Memory Corruption Vulnerability in Camera Driver: Local Denial of Service Exploit Camera Driver Vulnerability: Out of Bounds Write Leading to Local Denial of Service in Kernel Local Denial of Service Vulnerability in WLAN Driver Race Condition in Audio Driver Leads to Local Denial of Service Vulnerability Vulnerability: XML External Entity (XXE) Attack in Apache Calcite 1.22.0 Fixed-length heap-based buffer vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17276) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17284) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17289) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17292) Out of Bounds Read Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17296) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17485) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17493) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17494) Parasolid and Simcenter Femap Multiple Versions Out of Bounds Read Vulnerability (ZDI-CAN-17496) Uninitialized Pointer Access Vulnerability in Parasolid and Simcenter Femap Uninitialized Pointer Access Vulnerability in Parasolid and Simcenter Femap Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17513) Parasolid and Simcenter Femap Multiple Versions Out-of-Bounds Write Vulnerability (ZDI-CAN-17733) SQL Injection Vulnerability in Dokan WordPress Plugin (Versions before 3.7.6) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17735) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17736) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17740) Parasolid and Simcenter Femap Multiple Versions Out of Bounds Read Vulnerability (ZDI-CAN-18187) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-18188) Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-18192) Parasolid and Simcenter Femap Multiple Versions Out of Bounds Read Vulnerability (ZDI-CAN-18196) Parasolid and Simcenter Femap Out of Bounds Read Vulnerability (ZDI-CAN-17745) Vulnerability: Improper Handling of Partial HTTP Requests Leading to Slowloris Attacks Offline Access Scope Vulnerability in Keycloak Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 Spoofing Vulnerability in IBM WebSphere Application Server and Web Server Plug-ins AIX Kernel Denial of Service Vulnerability Denial of Service Vulnerability in IBM AIX and VIOS Privileged User Information Disclosure Vulnerability in IBM Security Guardium 11.4 Man-in-the-Middle Information Disclosure Vulnerability in IBM Spectrum Virtualize Proxy Credentials Exposure in IBM Robotic Process Automation Upgrade Logs Vulnerability: Improper Access Control in Motorola e20 Bootloader Function Double Free Vulnerability in libdwarf 0.4.1's _dwarf_exec_frame_instr in dwarf_frame.c Stored XSS in Process Overview in mbsupport openVIVA c2 20220101 Buffer Overflow Vulnerability in wolfSSL TLS 1.3 Handshake Unvalidated params_len in BlueZ before 5.59 allows sensitive information disclosure Denial of Service Vulnerability in BlueZ before 5.59 Webvendome - Internal Server IP and Full Path Disclosure Vulnerability Authenticated Remote Code Execution in College Management System v1.0 CRLF Injection in URLRequest Headers College Management System v1.0 - SQL Injection Vulnerability GLPI Reports Plugin Reflected Cross-Site Scripting (RXSS) Vulnerability Tardis 2000 Privilege Escalation Vulnerability Open Redirect Vulnerability in Moodle Plugin - SAML Auth Authentication Bypass Vulnerability in EXFO BV-10 Performance Endpoint Unit Undocumented Privileged User Vulnerability in EXFO BV-10 Performance Endpoint Unit Misconfigured Permissions in EXFO BV-10 Performance Endpoint Unit System Configuration File Unpatched Rumpus FTP Server 9.0.7.1 Vulnerable to Reflected Cross-Site Scripting (RXSS) Race Condition in TLB Handling Leads to Stale TLB Entries in Linux Kernel TLB Flush Mishandling Vulnerability in x86 KVM Subsystem Cross-Site Scripting (XSS) Vulnerability in Jetpack CRM WordPress Plugin Denial of Service Vulnerability in Linux Kernel's nf_tables_api.c Information Disclosure Vulnerability in CheckUser Extension for MediaWiki Insufficient Validation in GrowthExperiments Extension Leads to Site Unavailability Arbitrary JavaScript Injection Vulnerability in LISTSERV 17 Web Interface Unintended File Access Vulnerability in Blackboard Learn 1.10.1 Remote Code Execution Vulnerability in HelpSystems Cobalt Strike through 4.7 Dubbo Hessian-lite Deserialization Vulnerability Vulnerability: Server UUID Spoofing in immudb Client SDKs Unfiltered Cluster Filtering in HashiCorp Consul and Consul Enterprise Improper Signature Verification in Dendrite Matrix Homeserver Grafana Authentication Cookie Leakage Vulnerability Incorrect Parsing of Multiple Modes in matrix-appservice-irc Channel Confusion Vulnerability in matrix-appservice-irc Unauthenticated Remote Code Execution in Onedev Git Server Remote Code Execution via Docker Socket Mount in OneDev Cross-Site Scripting (XSS) vulnerability in OneDev allows session hijacking and potential arbitrary code execution Unauthenticated File Disclosure Vulnerability in Onedev Polynomial Time Complexity Issue in cmark-gfm's Autolink Extension Leading to Denial of Service Arbitrary File Upload Vulnerability in Listingo WordPress Theme Vulnerability: Unprotected Internal Paths in Nextcloud Android App Local Webservice Exposure Vulnerability in Nextcloud Server Vulnerability: Privacy Breach in Nextcloud Talk Allows Viewing Last Video Frame Out-of-Bounds Read Vulnerability in go-cvss Module User Account Takeover Vulnerability in Combodo iTop Directory Listing Vulnerability in Tauri Framework (CVE-2021-XXXX) Insecure Password Reset Token Generation in Combodo iTop Unsanitized Output in CSV File Creation Vulnerability Predictable Random Number Generation in Fastly's Compute@Edge JavaScript Runtime Authentication Bypass Vulnerability in Bifrost Middleware Package Stored Cross-Site Scripting Vulnerability in Broken Link Checker WordPress Plugin Cross-site scripting (XSS) vulnerability in SFTPGo WebClient prior to version 2.3.5 Path Traversal Vulnerability in McWebserver Minecraft Mod OpenID Connect Vulnerability in Dex Instances OS Command Injection in Arr-pm RPM Reader/Writer Library (CVE-2021-XXXX) User Session Object Manipulation Vulnerability in Parse Server User Profile Text Payload Vulnerability Authentication Bypass by Spoofing in python-jwt (CVE-2021-12345) Username Enumeration Vulnerability in vantage6 User Blocking Vulnerability in Grafana Versions Prior to 9.1.8 and 8.5.14 Unauthenticated User Can Remove Error Logs in ActiveCampaign for WooCommerce WordPress Plugin Exposure of Sensitive Information in FHIR Works on AWS Authz-Smart Authentication Bypass in Parse Server for Facebook and Spotify Incomplete Quote JavaScript Error in Discourse Improper Authorization Verification in Tuleap GitLab Repository Integration Cookie-based Account Persistence Vulnerability in GLPI Improperly Formed Beacon Events Vulnerability in Matrix Javascript SDK Insecure Hash Algorithm Verification in syslabs/sif (CVE-2021-12345) Arvados Prior to 2.4.3 PAM Authentication Bypass Vulnerability Bypassing Source Image Domain Allowlist in netlify-ipx (CVE-2021-XXXX) Race condition vulnerability in BIND 9 resolvers with stale-answer-enable and stale-answer-client-timeout options Storage XSS Vulnerability in MyGraph 1.0.3 and Earlier Allows Remote Code Execution Vulnerability: Unauthorized Port Enumeration in Discourse Block Spamming Attack Vulnerability in Frontier Ethereum Compatibility Layer Command Line Injection Vulnerability in NuProcess (Versions 1.2.0+) Buffer Overflow Vulnerability in PJSIP Parser, PJMEDIA RTP Decoder, and PJMEDIA SDP Parser Arbitrary Command Execution via User-Provided `sudo` Binary in Mist Improper Key Forwarding in matrix-android-sdk2 Protocol Confusion Vulnerability in matrix-android-sdk2 Allows Spoofing of Messages and Key Backups Improper Key Forwarding in Matrix Javascript SDK Allows Message Spoofing SQL Injection Vulnerability in BuddyBadges WordPress Plugin Insecure Verification Flow in Matrix JavaScript SDK Prior to Version 19.7.0 Protocol Confusion Vulnerability in Matrix Javascript SDK Allows Spoofing of Messages Impersonation Attack Vulnerability in matrix-rust-sdk and matrix-sdk-crypto Git Local Clone Vulnerability: Exposure of Sensitive Information via Symbolic Links Impersonation Attack Vulnerability in matrix-nio Prior to Version 0.20 Protocol Confusion Vulnerability in Matrix iOS SDK Allows Spoofing of Messages Arbitrary Code Execution Vulnerability in Orckestra C1 CMS Message Forgery Vulnerability in Matrix iOS SDK Mailcow Mailserver Suite Prior to 2022-09: Swagger API Template Spoofing Vulnerability Denial of Service Vulnerability in Jadx Prior to 1.4.5 CSRF Vulnerability in WP OAuth Server Plugin Allows Secret Regeneration Arbitrary Heap Write Remote Code Execution in Git Shell (CVE-2022-22932) Arbitrary File Read Vulnerability in Twig Template Engine GLPI Login Page Content Injection Vulnerability Authentication Bypass in `@next-auth/upstash-redis-adapter` Vulnerability in Nheko Desktop Client: Man-in-the-Middle Attack via Malicious Secrets MyBB Forum Software Mail Settings Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in isolated-vm Library (CVE-2021-XXXX) Authentication Bypass Vulnerability in Bifrost Middleware (Versions prior to 1.8.8-release) CSRF Vulnerability: Unauthorized Actions on Website Insecure Media Transmission Vulnerability in PJSIP SRTP Implementation Vulnerability: Unauthorized Modification of Custom Parameter Set (CPS) Files Arbitrary HTML Injection Vulnerability in DiscoTOC Denial of Service Vulnerability in Traefik's HTTP/2 Connection Management Denial of Service Vulnerability in Flux Versions Prior to 0.35.0 Default Flyte Admin Configuration Allows Public Access via Default Password Buffer Overflow Vulnerability in LoRaMac-node (Versions prior to 4.7.0) Improper ID Type Input Validation in Saleor GraphQL Mutations SSRF Vulnerability in GLPI Allows Unauthorized Access Cross-Site Scripting (XSS) Vulnerability in GLPI Istio Control Plane Crash Vulnerability via Publicly Exposed Kubernetes Webhook Service Cross-Site Scripting (XSS) Vulnerability in discourse-chat Plugin Hardcoded Credential Vulnerability in FOXMAN-UN and UNEM Products Regular Expression Denial of Service in dparse versions before 0.5.2 Remote Denial of Service Vulnerability in Fat Free CRM Uninitialized Data Leak Vulnerability in FreeRDP Clients Uninitialized Data Disclosure Vulnerability in FreeRDP Clients CodeIgniter 4.2.7 Cookie Security Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in ZoneMinder's Log Viewer Arbitrary Code Execution Vulnerability in Jupyter Core (CVE-2021-32736) Insecure Transmission of CSRF Tokens in tiny-csrf Denial of Service Vulnerability in fastify via Malicious Content-Type Header ZoneMinder API Exposes Database Log Contents to Unauthorized Users Unencrypted CORBA Communication Vulnerability CSRF Bypass Vulnerability in ZoneMinder ZoneMinder Log Injection Vulnerability Sensitive URLs Exposed in Slack Morphism Debug Logs Buffer Overflow Vulnerability in Azure RTOS USBX Unbounded Request Length Vulnerability in conduit-hyper Cross-Site Scripting Vulnerability in KnowageLabs / Knowage-Server Arbitrary File Read Vulnerability in MelisAssetManager Arbitrary PHP Code Execution Vulnerability in MelisCms Arbitrary PHP Code Execution Vulnerability in MelisFront Bypassing SAML Authentication in Passport-SAML IDOR Vulnerability in Directorist WordPress Plugin Allows Password Manipulation Bypassing SAML Authentication in Node SAML Library Cross-Site Scripting (XSS) Vulnerability in sra-admin Version 1.1.1 Vulnerability: Cross-Guild Log Channel Exploitation in Ree6 SQL Injection Vulnerability in Ree6 Moderation Bot Exposure of Installation Token in ghinstallation v1 Arbitrary File Read Vulnerability in Gin-vue-admin (CVE-2021-XXXX) Improper Input Validation in Grafana Invitations: Unauthorized Organization Access Information Leakage in Grafana Forget Password Functionality Timing Attack Vulnerability in GoCD Server API Access Token Validation Vulnerability: Symmetric Key Leakage in GoCD Configuration Vulnerability: Impersonation and Information Disclosure in GoCD Remote Code Execution Vulnerability in GoCD Versions Prior to 21.1.0 Dataease Prior to 1.15.2 Deserialization Vulnerability Denial of Service Vulnerability in Parse Server User Enumeration via Improper Restriction of Excessive Authentication Attempts in Kirby CMS User Enumeration Vulnerability in Kirby Content Management System Out-of-Bound Read Vulnerability in FreeRDP's ZGFX Decoder Component Out-of-Bound Read Vulnerability in FreeRDP Division by Zero Vulnerability in FreeRDP Out-of-Bound Data Read Vulnerability in FreeRDP Buffer Overflow Vulnerability in FreeRDP GitHub Actions Runner Docker Command Injection Vulnerability Vulnerability: Field-Level Access Control Bypass in Keystone 6 SQL Injection Vulnerability in GLPI API REST User_Token Arbitrary URL Injection in Grafana Snapshot Cross-Site Scripting Vulnerability in BaserCMS Management System Code Injection Vulnerability in kartverket/github-workflows' run-terraform Workflow Vulnerability: Code Injection in Azure CLI (versions prior to 2.40.0) Race Condition Vulnerability in Grafana Authentication Middleware Information Exposure Vulnerability in Nextcloud Server Cross-Site Scripting Vulnerability in Essential Real Estate WordPress Plugin Denial of Service Vulnerability in Nextcloud Server Arbitrary HTML Injection Vulnerability in Nextcloud Desktop Client Notifications Arbitrary HTML Injection Vulnerability in Nextcloud Desktop Client Arbitrary HTML Injection Vulnerability in Nextcloud Desktop Client Insecure TLS Certificate Trust in Nextcloudcmd CLI Utility Insufficient Authorization Check in Synapse Homeserver Permission Bypass Vulnerability in Hertzbeat Versions 1.20 and Prior Stored Cross-Site Scripting Vulnerability in user_oidc Plugin for Nextcloud Insecure Transmission of Sensitive Information in user_oidc v1.2.0 and earlier Reflected Cross-Site Scripting Vulnerability in FlatPM WordPress Plugin Authorization Bypass in OpenFGA's `streamed-list-objects` Endpoint Authorization Bypass Vulnerability in OpenFGA Versions Prior to 0.2.4 Authorization Bypass Vulnerability in OpenFGA Versions Prior to 0.2.4 Integer Under/Overflow in Azure RTOS FileX Fault Tolerant Feature Buffer Overflow in Azure RTOS USBX USB DFU UPLOAD Functionality Path Traversal File Upload Vulnerability in Gin-vue-admin (CVE-2021-12345) User Display Name Overload Vulnerability in Nextcloud Server Path Traversal Vulnerability in FreeRDP HTML and Script Injection Vulnerability in Twisted Web VHost Arbitrary File Copy Vulnerability in Tasks.org Android App Stored Cross-Site Scripting Vulnerability in Welcart e-Commerce WordPress Plugin XSS vulnerability in Dependency-Track frontend versions before 4.6.1 Clear text logging of API keys in Dependency-Track prior to version 4.6.0 Authorization Bypass Vulnerability in OpenFGA Versions Prior to 0.2.5 Multiple Top Level Elements Vulnerability in xmldom Incorrect `is_static` Parameter in SputnikVM Custom Precompiles Improper Authentication Vulnerability in Discourse Patreon Plugin Vulnerability: Account Takeover via Unscoped Invitation Links in Discourse Snowboard Framework Prototype Pollution Vulnerability in Winter CMS Parameter Circumvention Vulnerability in Metabase Metabase Custom GeoJSON Map URL Redirect Vulnerability Stored Cross-Site Scripting Vulnerability in Team Members WordPress Plugin Vulnerability: Password Reset Bypass in Metabase SSO H2 Database Remote Code Execution Vulnerability in Metabase Unsaved SQL Query Auto-Execution Vulnerability in Metabase Information Disclosure: Credentials Exposure in Nextcloud Server Server-side Template Injection in Pimcore Prior to Version 10.5.9 Authentication Bypass in DataHub Metadata Service (GMS) Arbitrary File Write Vulnerability in QTIWorks Engine Denial of Service Vulnerability in Eclipse Californium Vulnerability: Unauthorized Authentication in phpCAS Library Cross-Site Scripting Vulnerability in Easy Video Player WordPress Plugin Vulnerability: Unauthorized Access to Debug Panel in GLPI Update Script HTML Injection Vulnerability in GLPI Authenticated User Account Information Code Injection Vulnerability Stored Malicious Code Vulnerability in GLPI Room Hijacking Vulnerability in Synapse Homeserver GLPI RSS Feed Injection Vulnerability GLPI Mailto Link Injection Vulnerability Size_t Overflow in allocate_structures Function in sysstat (Versions 9.1.16 to 12.7.1) Leading to Remote Code Execution Topic Title Exposure Vulnerability Remote Code Execution (RCE) Vulnerability in Fluentd via Specially Crafted JSON Payloads Improper Handling of Exceptional Conditions in Wire Web-App Denial of Service (DoS) Vulnerability in Muhammara and Hummus PDF Modules Vulnerability: Inlining of NODE_ENV to development in Keystone CMS Blind SSRF Vulnerability in KubeVela's VelaUX APIServer Reentrancy Vulnerability in OpenZeppelin Contracts (Versions 3.2.0 - 4.4.0) Insecure Invitation Handling in Discourse Denial of Service vulnerability in @fastify/websocket XWiki OIDC Authentication Bypass and Group Mapping Vulnerability Impersonation Vulnerability in Istio 1.15.x Branch Block parsing bug in lnd nodes before version v0.15.4 can cause degraded state and potential loss of funds Critical Path Traversal Vulnerability in lanyulei ferry's API Wasmtime Pooling Allocator Virtual Memory Mapping Vulnerability Wasmtime Prior to 2.0.2: Pooling Instance Allocator Bug Allows Heap Snapshot Leakage Buffer Overflow Vulnerability in Wasmtime's C API Implementation Vulnerability: Container Breakouts in Vela Server and Vela Worker Remote Code Execution via Prototype Pollution in Parse Server Unintentional Disclosure of Secret in aliyun-oss-client (Fixed in v0.8.1) Cross-site Scripting (XSS) vulnerability in tasklists plugin for GLPI (Kanban) prior to 2.0.3 Unauthenticated Network Access Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition Path Traversal Vulnerability in lanyulei ferry (VDB-213447) MySQL Server Denial of Service Vulnerability Oracle Solaris Kernel Denial of Service Vulnerability Vulnerability in Oracle MySQL Shell: Unauthorized Data Access Vulnerability in Oracle MySQL Shell: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Installer: Unauthorized Data Access and Partial Denial of Service Oracle Access Manager Authentication Engine Unauthenticated Access Vulnerability Vulnerability in Oracle PeopleSoft Enterprise Common Components: Unauthorized Data Access and Modification Critical Data Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Oracle Transportation Management Business Process Automation Partial Denial of Service Vulnerability Critical Remote Code Execution Vulnerability in Activity Log Plugin MySQL Server Denial of Service Vulnerability Oracle Transportation Management Business Process Automation Unauthorized Access Vulnerability Oracle Access Manager Admin Console Unauthenticated Access Vulnerability Oracle Solaris Filesystem Vulnerability: Unauthorized Hang and Crash Exploit Java VM Unauthorized Read Access Vulnerability in Oracle Database Server Cross-Site Scripting Vulnerability in SourceCodester Sanitization Management System (VDB-213449) Oracle Transportation Management Product Vulnerability: Unauthorized Data Access and Manipulation Oracle VM VirtualBox Prior to 6.1.40 Windows Vulnerability: Unauthorized Takeover Oracle VM VirtualBox Prior to 6.1.38 Vulnerability: High Privileged Takeover Oracle VM VirtualBox Prior to 6.1.38 Vulnerability: Unauthorized Access to Critical Data Oracle VM VirtualBox Prior to 6.1.40 VRDP Vulnerability Oracle VM VirtualBox Prior to 6.1.40 VRDP Vulnerability Oracle VM VirtualBox Prior to 6.1.40 VRDP Vulnerability Vulnerability in Oracle VM VirtualBox Prior to 6.1.40 Allowing Takeover Oracle Web Applications Desktop Integrator Upload Vulnerability Java VM Component Denial of Service Vulnerability in Oracle Database Server Cross-Site Scripting (XSS) Vulnerability in ForU CMS (CVE-2021-213450) Critical Unrestricted Upload Vulnerability in jerryhanjj ERP Excessive Authentication Attempts Vulnerability in GitHub Repository kareadita/kavita prior to 0.6.0.3 Unauthenticated User Can Manipulate Shipping Methods in Welcart e-Commerce WordPress Plugin Critical SQL Injection Vulnerability in eolinker goku_lite Critical SQL Injection Vulnerability in eolinker goku_lite (VDB-213454) Cross-Site Scripting (XSS) Vulnerability in Sourcecodester Simple Cashiering System Cross-Site Scripting (XSS) Vulnerability in sanluan PublicCMS Tab Handler (CVE-2021-213456) Insecure Permissions Vulnerability in ManyDesigns Portofino 5.3.2 (VDB-213457) Critical SQL Injection Vulnerability in tholum crm42 Critical SQL Injection Vulnerability in tsruban HHIMS 2.1: Remote Code Execution via Patient Portrait Handler Remote Memory Leak in GPAC SVG Parser (VDB-213463) Arbitrary HTML Injection in BlueSpiceUserSidebar Extension: Targeted XSS Vulnerability Vulnerability in Session Hash Handler in drogon up to 1.8.1 allows for Remote Attack Unpatched Hitachi Vantara Pentaho Business Analytics Server Vulnerability: Inability to Disable Scripting Capabilities in CDE Plugin Unrestricted Access to Sensitive System Information in Directorist WordPress Plugin Arbitrary Text Injection Vulnerability in Kiali Cross-Site Scripting (XSS) Vulnerability in gnuboard5's FAQ Key ID Handler (VDB-213540) Out-of-Bounds Read Vulnerability in ffmpeg's QuickTime RPZA Video Encoder (VDB-213543) Out-of-Bounds Read Vulnerability in ffmpeg's QuickTime Graphics Video Encoder (CVE-2021-213544) Pathname Traversal Vulnerability in Ultimate Member Plugin up to 2.5.0 Critical Vulnerability in Vesta Control Panel: Local Argument Injection in sed Handler (VDB-213546) Cross Site Scripting (XSS) Vulnerability in emlog's admin/article_save.php Insecure Temporary File Vulnerability in OpenKM up to 6.3.11 (VDB-213548) Critical Integer Overflow Vulnerability in LibTIFF (CVE-2021-213549) Critical SQL Injection Vulnerability in matrix-appservice-irc (CVE-2021-213550) Critical SQL Injection Vulnerability in Pingkon HMS-PHP (CVE-2021-213551) Critical SQL Injection Vulnerability in Pingkon HMS-PHP Data Pump Metadata Component (VDB-213552) Critical Heap-Based Buffer Overflow Vulnerability in Axiomatic Bento4 (CVE-2021-213553) Cross-Site Scripting (XSS) Vulnerability in NukeViet CMS Data URL Handler Critical Path Traversal Vulnerability in MZ Automation libiec61850 up to 1.4 (VDB-213556) Use-After-Free Vulnerability in Linux Kernel MCTP Functionality Cross-Site Request Forgery Vulnerability in NodeBB up to 2.5.7 Vulnerability in NagVis up to 1.9.33: Incorrect Type Conversion in checkAuthCookie Reflected Cross-Site Scripting Vulnerability in SAP GUI for HTML within Fiori Launchpad XML External Entity (XEE) Vulnerability in Sophos Mobile Managed On-Premises: SSRF and Code Execution Unauthenticated Script Execution Vulnerability in SAP BusinessObjects BI LaunchPad SAP GRC Access Control Emergency Access Management Vulnerability Arbitrary Directory Traversal Vulnerability in SAP Manufacturing Execution (Versions 15.1-15.3) Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author v9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Reflected XSS Vulnerability in WSO2 Enterprise Integrator 6.4.0 Management Console SQL Injection Vulnerability in Icegram Express WordPress Plugin (<= 5.5.1) Reflected XSS Vulnerability in WSO2 Enterprise Integrator 6.4.0 Management Console Improper Access Control in Italtel NetMatch-S CI 5.2.0-20211008: Unauthorized Page Access and System Configuration Modification Arbitrary File Upload Vulnerability in Italtel NetMatch-S CI 5.2.0-20211008 Multiple Reflected/Stored XSS Vulnerabilities in Italtel NetMatch-S CI 5.2.0-20211008 Open Redirect Vulnerability in NOKIA 1350 OMS R14.2 Login Page via next HTTP GET Parameter Multiple OS Command Injection Vulnerabilities in NOKIA 1350 OMS R14.2 Clear-text Administrator Password Vulnerability in NOKIA 1350 OMS R14.2 Multiple SQL Injection Vulnerabilities in NOKIA 1350 OMS R14.2 OS Command Injection Vulnerability in NOKIA NFM-T R19.9 VM Manager WebUI Multiple OS Command Injection Vulnerabilities in NOKIA 1350 OMS R14.2 Arbitrary File Upload Vulnerability in Booking Calendar WordPress Plugin Unprotected Storage of Credentials in NOKIA NFM-T R19.9 Sensitive Information Exposure in Application Log Files SQL Injection Vulnerability in NOKIA NFM-T R19.9 VM Manager WebUI Use-after-free vulnerability in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10 Server-side JavaScript Injection in Appsmith: Remote Code Execution via List Widget's currentItem Property Denial of Service Vulnerability in sign_pFwInfo in Samsung mTower through 0.3.0 NULL Pointer Dereference in aes256_encrypt in Samsung mTower through 0.3.0 Stored Cross-Site Scripting Vulnerability in Checkout for PayPal WordPress Plugin Denial of Service Vulnerability in sign_pFwInfo in Samsung mTower through 0.3.0 Heap-based Buffer Overflow in PSPP 1.6.2's read_bytes_internal Function Heap-based Buffer Overflow in PSPP 1.6.2: read_string Function Vulnerability Remote Code Execution and API Endpoint Access Vulnerability in FileCloud Versions 20.2 and Later Stored XSS Vulnerability in PrimeKey EJBCA Allows Privilege Escalation XML Stanza Message Correction Vulnerability in Gajim 1.4.7 Heap-Based Buffer Over-Read Vulnerability in COVESA dlt-daemon NULL Pointer Dereference in COVESA dlt-daemon Remote File Inclusion and Absolute Path Traversal Vulnerability in Systematic FIX Adapter (ALFAFX) 2.4.0.25 Stored XSS Vulnerability in Cotonti Siena 0.9.20 Forum Post Stored Cross-Site Scripting Vulnerability in Flowplayer Video Player WordPress Plugin Stored XSS Vulnerability in Cotonti Siena 0.9.20 via Direct Message (DM) Integer Overflow and Heap Overflow in pxa3xx_gcu_write Stack-based Buffer Overflow in Lotus 1-2-3 Allows Arbitrary Code Execution via Crafted Worksheet Directory Junction Vulnerability in Smart Switch PC (Version 4.3.22083) Allows Arbitrary Directory Deletion Directory Junction Vulnerability in Samsung Kies Prior to Version 2.6.4.22074 Arbitrary Code Execution Vulnerability in Smart Switch PC Prior to Version 4.3.22083_3 Use After Free Vulnerability in NFC Driver Allows for Malicious Actions AT_Distributor Log Disclosure Vulnerability Unauthorized Read Access Vulnerability in knox_vpn_policy Service Stored Cross-Site Scripting Vulnerability in Videojs HTML5 Player WordPress Plugin Unauthorized Read Access Vulnerability in mum_container_policy Service Improper Access Control Vulnerability in CocktailBarService Heap-based Overflow Vulnerability in makeContactAGIF in libagifencoder.quram.so Library Use After Free Vulnerability in perf-mgr Driver: Memory Access Fault Exploit IOMMU Vulnerability: Unauthorized Access to Secure Memory in SMR Oct-2022 Release 1 Arbitrary Device Connection Vulnerability in FACM Application Local Access Control Vulnerability in imsservice Application Improper Access Control Vulnerability in FactoryCameraFB's CameraTestActivity Arbitrary File Write Vulnerability in AtBroadcastReceiver in FactoryCamera Implicit Intent Hijacking Vulnerability in UPHelper Library Stored Cross-Site Scripting Vulnerability in WP Stripe Checkout WordPress Plugin Improper Access Control Vulnerability in QuickShare: Unauthorized Access to Sensitive Information via Implicit Broadcast Unprotected Receiver in AtBroadcastReceiver in FactoryCamera: Unauthorized Video Recording Vulnerability Unauthorized Use of JavaScript Interface API in Android Dynamic Lockscreen Intent Redirection Vulnerability in Samsung Account: Unauthorized Access to Content Providers Improper Access Control Vulnerability in SmartThings WifiSetupLaunchHelper Improper Access Control Vulnerability in SmartThings ContentsSharingActivity Improper Access Control Vulnerability in RegisteredEventMediator.kt SmartThings Improper Access Control Vulnerability in SmartThings CloudNotificationManager Improper Access Control Vulnerability in GedSamsungAccount.kt SmartThings Improper Access Control Vulnerability in SmartThings CloudNotificationManager.java Stored Cross-Site Scripting Vulnerability in Responsive Lightbox2 WordPress Plugin Improper Access Control Vulnerability in SmartThings CloudNotificationManager.java Improper Access Control Vulnerability in SmartThings CloudNotificationManager.java Bluetooth Device MAC Address Leakage in ShareLive (prior to version 13.2.03.5) Unauthorized Bookmark Addition in Samsung Internet Secret Mode Unauthorized Logout Vulnerability in Samsung Account (prior to version 13.5.0) Unauthorized Logout Vulnerability in Samsung Account (prior to version 13.5.0) Sensitive Information Exposure in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 Improper Access Control Vulnerability in ProfileSharingAccount in Group Sharing Improper Access Control Vulnerability in Samsung Checkout: Unauthorized Access to Sensitive Information via Implicit Intent Broadcast Improper Authorization Vulnerability in CallBGProvider Prior to SMR Nov-2022 Release 1 Cross-Site Scripting (XSS) Vulnerability in Frappe's Search Component (VDB-213560) Arbitrary Code Execution Vulnerability in DualOutFocusViewer Exynos Modems SIB12 PDU Processing Vulnerability: Out-of-Bounds Memory Read Heap Overflow Vulnerability in libsmat.so Library Privilege Escalation Vulnerability in StorageManagerService IImsService Access Control Vulnerability: Unauthorized Access to Call Information Improper Access Control Vulnerability in BootCompletedReceiver_CMCC Allows Unauthorized Device Information Access Improper Access Control Vulnerability in IpcRxServiceModeBigDataInfo in RIL Improper Access Control Vulnerability in clearAllGlobalProxy in MiscPolicy Improper Access Control Vulnerability in GalaxyWatch4Plugin: Unauthorized Access to Wearable Device Information Unvalidated File Upload Vulnerability in Motors WordPress Plugin Improper Authorization in Samsung Billing: Unauthorized Access to Sensitive Information Heap Overflow Vulnerability in parse_pce Function in libsavsaudio.so in Editor Lite 4.0.41.3 and Earlier Versions Improper Access Control in Samsung Pass: Unauthenticated Access via Keep Open Feature Information Exposure Vulnerability in FmmBaseModel in Galaxy Buds Pro Manage Improper Access Control Vulnerability in ContactListStartActivityHelper in Phone App Contact Group Information Exposure Vulnerability in Phone App Contacts App Vulnerability: Unauthorized Access to Sensitive Information via Implicit Intent Kernel Address Information Exposure Vulnerability IIccPhoneBook Access Control Vulnerability in SMR Dec-2022 Release 1 S Pen Gesture Authentication Bypass Vulnerability in Samsung WindowManagerService Escalation of Privilege Vulnerability in HPSFViewer (Remediated) Improper Access Control Vulnerability in Nice Catch Allows Unauthorized Access to Secure Folder Toast Contents Exynos Baseband Vulnerability: Remote Network Traffic Encryption Disabling Exynos Baseband Vulnerability: Unauthorized Access to Sensitive Information via Emergency Call RCS Call Access Control Vulnerability Allows Unauthorized Access to Incoming Call Number Local Access to Network Access Identifier via Log in Samsung Settings Exploiting Implicit Intent Hijacking Vulnerability in Telecom App: Unauthorized Access to Sensitive Information SecTelephonyProvider Access Control Vulnerability Samsung Decoding Library Integer Overflow Vulnerability Out-of-Bounds Write Vulnerability in Samsung Video Thumbnail Decoding Library Arbitrary File Creation Vulnerability in Samsung Gear IconX PC Manager Stored Cross-Site Scripting Vulnerability in Photospace Gallery Plugin for WordPress Improper Access Control Vulnerability in Samsung Pass: Unauthorized Data Access via Pop-up View Samsung Pass Vulnerability: Unauthorized Access via Improper Exception Handling Insufficient Permissions Vulnerability in setSecureFolderPolicy Allows Unauthorized Setting Changes in Secure Folder Unauthorized Access to User Profiles in Persona Manager Unauthorized Access to DLNA Device Information in Samsung DisplayManagerService Improper Access Control Vulnerability in Android Calendar App Allows Unauthorized Access to Sensitive Information Cross-Site Scripting (XSS) Vulnerability in SourceCodester Sanitization Management System Excessive Authentication Attempts Vulnerability in GitHub Repository kareadita/kavita prior to 0.6.0.3 Feed Access Token Vulnerability Deserialization Vulnerability in Apache Linkis <=1.2.0 with MySQL Connector/J: Remote Code Execution Insecure Direct Object References (IDOR) Vulnerability in FortiMail Remote Code Execution Vulnerability in FortiNAC Versions 9.4.2 and Below OS Command Injection Vulnerability in Fortinet FortiADC Improper Certificate Validation Vulnerability in FortiOS and FortiProxy FortiEDR CollectorWindows Privilege Escalation Vulnerability Insecure Direct Object Reference vulnerability in TeraWallet WordPress Plugin (up to version 1.4.3) allows unauthorized wallet manipulation Cross-Site Scripting (XSS) Vulnerability in FortiManager and FortiAnalyzer OS Command Injection Vulnerability in Fortinet FortiWeb Unauthenticated Code Execution Vulnerability in Fortinet FortiNAC Privilege Escalation Vulnerability in Fortinet FortiNAC XML External Entity (XXE) Vulnerability in Fortinet FortiNAC Vulnerability: Partial Rule Set Bypass in OWASP ModSecurity Core Rule Set (CRS) Partial Rule Set Bypass in OWASP ModSecurity Core Rule Set (CRS) for HTTP Multipart Requests ModSecurity Core Rule Set (CRS) Response Body Bypass Vulnerability Vulnerability: Response Body Bypass in OWASP ModSecurity Core Rule Set (CRS) Privilege Escalation via Unquoted Path Vulnerability in Panini Everest Engine 2.0.4 Denial of Service Vulnerability Caused by Malformed X.509 Certificate Policy Constraint Unauthenticated User Group Export Vulnerability in Netic Group Export Add-on for Atlassian Jira Critical SQL Injection Vulnerability in MonikaBrzica scm (VDB-213698) Segmentation Fault Vulnerability in WASM3 v0.5.0 via op_Select_i32_srs in m3_exec.h Unauthenticated Access to Unpublished Content Pages in Liferay Portal SQL Injection Vulnerability in School Activity Updates with SMS Notification v1.0 Arbitrary File Upload Vulnerability in Online Pet Shop Web App v1.0 Arbitrary File Upload Vulnerability in Online Pet Shop Web App v1.0 Critical SQL Injection Vulnerability in MonikaBrzica scm (VDB-213699) Arbitrary Code Execution via File Upload Vulnerability in Instantdeveloper RD3 22.0.8500 Command Injection Vulnerability in RaspAP 2.8.0 - 2.8.7 Command Injection Vulnerability in RaspAP 2.8.0 - 2.9.2 via entity POST Parameters Cross-Site Scripting (XSS) Vulnerability in Centreon 22.04.0 via Crafted Payload in Service>Templates Service_Alias Parameter Default Credentials Vulnerability in Fighting Cock Information System 1.0 Arbitrary Option Deletion Vulnerability in DPD Baltic Shipping WordPress Plugin Stored Cross-Site Scripting Vulnerability in WooCommerce Shipping WordPress Plugin Arbitrary Code Execution via XSS in FeehiCMS-2.1.1 Admin Login Page Arbitrary Code Execution via XSS Vulnerability in FeehiCMS-2.1.1's Article Title Field Arbitrary Code Execution via Cross Site Scripting (XSS) in FeehiCMS-2.1.1 Privilege Escalation via Cross Site Scripting (XSS) in Things Board 3.4.1 Command Injection Vulnerability in Intelbras WiFiber 120AC inMesh (Before 1-1-220826) Heap-Buffer Overflow in SWFTools commit 772e55a via readU8 in /lib/ttf.c Heap-Use-After-Free Vulnerability in SWFTools Commit 772e55a Cross-Site Scripting (XSS) Vulnerability in Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi Parental Control Module Arbitrary Code Execution via Export in Typora 1.38 Title: Denial of Service Vulnerability in librtmp's ireader media-server due to Use After Free (UAF) Issue Command Injection Vulnerability in QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) Command Injection Vulnerability in Microchip Technology (Microsemi) SyncServer S650 Regular Expression Denial of Service in Sqlalchemy Mako Lexer Class SQL Injection Vulnerability in SourceCodester Simple Task Managing System v1.0 via bookId Parameter at board.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Task Managing System v1.0 via newTask.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Task Managing System v1.0 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Simple Task Managing System v1.0 via newProjectValidation.php SQL Injection Vulnerability in SourceCodester Simple Task Managing System v1.0 via bookId parameter at changeStatus.php SQL Injection Vulnerability in Simple Task Managing System v1.0 - Arbitrary Code Execution and Information Disclosure XSS Vulnerability in Rawchen Blog-SSM v1.0 via 'notifyInfo' Parameter File Upload Vulnerability in Rawchen Blog-ssm v1.0: Arbitrary Command Execution and Privilege Escalation via /uploadFileList Component Bypassing Permission Checks in Rawchen Blog-SSM v1.0 via /adminGetUserList Component Remote Code Execution Vulnerability in Rawchen blog-ssm v1.0 Arbitrary SMS Sending Vulnerability in Donation Button WordPress Plugin SQL Injection Vulnerability in Centreon v20.10.18 via Escalation Name Parameter Cross-Site Scripting (XSS) Vulnerability in Centreon v20.10.18 via Escalation Name Parameter Reflected Cross-Site Scripting (XSS) Vulnerability in Flatpress v1.2.1 Remote Code Execution (RCE) Vulnerability in Flatpress v1.2.1 Upload File Function SQL Injection Vulnerability in Sourcecodester Theme Park Ticketing System 1.0: Unauthorized Information Disclosure Cross-Site Scripting (XSS) Vulnerability in Donation Button WordPress Plugin Arbitrary File Upload Vulnerability in ZFile v4.1.1 Privilege Escalation Vulnerability in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL Improper Restriction of Excessive Authentication Attempts in WBCE CMS Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15: Exploiting /bin/httpd via formSetVirtualSer Function Buffer Overflow Vulnerability in Tenda AC21 V16.03.08.15: Exploiting /bin/httpd, formSetQosBand Function Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15: Exploiting /bin/httpd via fromSetSysTime Function Cross-Site Scripting (XSS) Vulnerability in GitLab CE/EE Work Item Title Field Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15: Exploiting bin/httpd's formSetFirewallCfg Function Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15: Exploiting /bin/httpd, formSetDeviceName Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15: Exploiting /bin/httpd's setSmartPowerManagement Function Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15 via /bin/httpd, saveParentControlInfo Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15: Exploiting /bin/httpd, setSchedWifi Buffer Overflow Vulnerability in Tenda AC21 V 16.03.08.15 via /bin/httpd, form_fast_setting_wifi_set Buffer Overflow Vulnerability in Tenda AC21 V16.03.08.15: Exploiting /bin/httpd via fromSetWifiGusetBasic Function Zipbomb File Upload Vulnerability in Octopus Deploy Leads to Denial of Service Stack Overflow Vulnerability in Aspire E5-475G BIOS Firmware: Exploiting FpGui Module for Arbitrary Code Execution and Privilege Escalation Path Traversal Vulnerability in Hertz v0.3.0 via normalizePath Function Open Redirect Vulnerability in Labstack Echo v4.8.0's Static Handler Component Allows SSRF Password Enumeration Vulnerability in OpenCRX Arbitrary File Write Vulnerability in Simple College Website v1.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Simple College Website v1.0 Remote File Inclusion (RFI) Vulnerability in Simple College Website v1.0 Allows Arbitrary Code Execution Code Injection Vulnerability in Octopus Deploy Offline Package Creation Denial of Service Vulnerability in libtiff TIFFReadDirectory Function SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 via id parameter at /admin/update_currency.php SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 Stored Cross-Site Scripting Vulnerability in Image Hover Effects WordPress Plugin Command Injection Vulnerability in Tenda i9 v1.0.0.8(3828) Firmware Buffer Overflow Vulnerability in Tenda i9 v1.0.0.8(3828) via formWifiMacFilterSet Function Buffer Overflow Vulnerability in Tenda i9 v1.0.0.8(3828) via formwrlSSIDset Function Buffer Overflow Vulnerability in Tenda i9 v1.0.0.8(3828) via formSetAutoPing Function Buffer Overflow Vulnerability in Tenda i9 v1.0.0.8(3828) via formwrlSSIDget Function Buffer Overflow Vulnerability in Tenda i9 v1.0.0.8(3828) via formWifiMacFilterGet Function Buffer Overflow Vulnerability in Tenda i9 v1.0.0.8(3828) via set_local_time Function Buffer Overflow Vulnerability in Tenda i9 v1.0.0.8(3828) via formexeCommand Function Insecure Permissions Vulnerability in TOTOLINK A3002R's /bin/boa Binary Critical Remote Code Execution Vulnerability in Simple History Plugin Buffer Overflow Vulnerability in TOTOLINK A3002R Router's /bin/boa Hardcoded Root Account Vulnerability in TOTOLINK A3002R Firmware Buffer Overflow Vulnerability in TOTOLINK A3002R Router's /bin/boa Binary via Hostname Parameter SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 Critical SQL Injection Vulnerability in Hospital Management Center (VDB-213786) SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 SQL Injection Vulnerability in Online Banking System v1.0 via cust_id Parameter Path Traversal Vulnerability in mojoPortal v2.7 Allows Unauthorized File Access Privilege Escalation and Command Execution Vulnerability in Clash for Windows v0.19.9 Arbitrary Command Execution Vulnerability in Apache Airflow Example Dags CSRF Vulnerability in Advanced Order Export For WooCommerce Plugin Use-After-Free Vulnerability in Foxit PDF Reader 12.0.1.12430 Cross-Site Request Forgery Vulnerability in Hospital Management Center's appointment.php (VDB-213787) Race Condition Vulnerability in WP-Polls Plugin <= 2.76.0 on WordPress CSRF Vulnerability in a3rev Software Page View Count Plugin Allows Settings Reset CSRF Vulnerability in Seriously Simple Podcasting Plugin Allows Unauthorized Settings Change Use-After-Free Vulnerability in Linux Kernel's vmwgfx Driver Allows Privilege Escalation and DoS Lenovo SMI Set BIOS Password Vulnerability: Local Access Information Leak Exploit Smart USB Protection SMI Handler Information Leak Vulnerability in Lenovo Models SMI Handler Information Leak Vulnerability in Lenovo Models Lenovo WMI SMI Handler Buffer Overflow Vulnerability Hermes Bytecode Generation Integer Conversion Vulnerability Remote Code Execution via Unverified Rollback Package in Trend Micro Apex One and Apex One as a Service Clients Cross-Site Request Forgery Vulnerability in FeehiCMS's Post My Comment Tab (VDB-213788) Origin Validation Error Vulnerability in Trend Micro Apex One and Apex One as a Service Allows Local Denial-of-Service Attack Interception and Decoding Vulnerability in Trend Micro Apex One and Apex One as a Service Local Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Agents Local Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Servers Authentication Bypass Vulnerability in Trend Micro Apex One and Apex One as a Service Potential Remote Code Execution (RCE) Vulnerability in Apache Karaf LDAP Data Source URI Apache XML Graphics Batik 1.14 - Server-Side Request Forgery (SSRF) Vulnerability TLS Certificate Validation Vulnerability in Industrial Edge Management (All versions < V1.5.1) Jettison XML/JSON Parser Vulnerability: Denial of Service (DOS) via Stack Overflow Critical SQL Injection Vulnerability in Sports Club Management System 119 Jettison XML/JSON Parser Vulnerability: Denial of Service (DOS) via Out of Memory Crash Xstream XML Parser Vulnerability: Denial of Service (DOS) via Stack Overflow Woodstox XML Parser Vulnerability: Denial of Service (DOS) via DTD Stack Overflow Invalid Vulnerability Report for JXPath CSRF Vulnerability in Booster for WooCommerce WordPress Plugin Invalid Vulnerability Report for JXPath CSRF Vulnerability in Booster for WooCommerce WordPress Plugin Desigo PXM and PXG3 Series Improper OS Command Validation Vulnerability Desigo PXM and PXG3 Web Application File Read Vulnerability Arbitrary JavaScript Code Execution Vulnerability in Desigo PXM and PXG Devices Cross-Site Request Forgery (CSRF) Vulnerability in Desigo PXM and PXG Devices Missing Authentication for Critical Function in GitHub Repository Cross-Site Request Forgery (CSRF) Vulnerability in Desigo PXM and PXG Devices Desigo PXM and PXG3 Embedded Browser URI Scheme Interaction Vulnerability Vulnerability: Arbitrary JavaScript Code Execution in Desigo PXM and PXG Devices Reflected Cross-Site Scripting (XSS) Vulnerability in VIDEOJET Multi 4000 URL Handler JavaScript Code Injection in VIDEOJET Multi 4000 Web Interface Identity Engine Metadata Overwrite Vulnerability Vulnerability: Unauthorized Access and Intellectual Property Theft in Foresight GC3 Launch Monitor 1.3.15.68 Denial of Service Vulnerability in Knot Resolver before 5.5.3 OS Command Injection Vulnerability in Apache Airflow Pig Provider Authenticated User Denial-of-Service Vulnerability in Mattermost Playbooks Plugin Reflective Cross-Site Scripting (XSS) Vulnerability in SAUTER Controls moduWeb Firmware Version 2.7.1 Ali Khallad's Contact Form By Mega Forms Plugin <= 1.2.4 Authenticated Stored XSS Vulnerability CSRF Vulnerability in wpForo Forum Plugin <= 2.0.9 on WordPress Unauthenticated Stored XSS Vulnerability in Awesome Filterable Portfolio Plugin <= 1.9.7 for WordPress Unauthenticated Sensitive Information Disclosure in Customer Reviews for WooCommerce Plugin Title: Authenticated Stored XSS Vulnerability in PCA Predict Plugin <= 1.0.3 for WordPress Privilege Escalation Vulnerability in Intel(R) oneAPI DPC++/C++ Compiler and Intel C++ Compiler Classic CSRF Vulnerability in StandaloneTech TeraWallet Plugin Allows Unauthorized Settings Change Directory Traversal Vulnerability in EC-CUBE 3 and 4 Series UEFI Secure Boot Settings Modification Vulnerability in Acer Notebook Devices Arbitrary File Upload Vulnerability in wpForo Forum Plugin <= 2.0.9 on WordPress Stack-Based Buffer Overflow in Bentley Systems MicroStation Connect Unauthenticated Remote Code Execution via Database Backup Function in Delta Electronics InfraSuite Device Master Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce Cross-Site Scripting (XSS) Vulnerability in Digital Alert Systems DASDEC Software via Host Header IDOR Vulnerability in wpForo Forum Plugin Allows Unauthorized Marking of Forum Posts as Solved/Unsolved IDOR Vulnerability in wpForo Forum Plugin Allows Unauthorized Post Manipulation Improper Access Control in Intel(R) SUR Software: Local Privilege Escalation Vulnerability Vulnerability in Moodle Quiz Web Services Allows Bypass of Sequential Navigation Xylus Themes WP Smart Import Plugin XSS Vulnerability Cross-Site Request Forgery Vulnerability in Permalink Manager Lite Plugin for WordPress Data Exposure Vulnerability in Intel DCM Software: Potential Privilege Escalation via Local Access GS Testimonial Slider Plugin <= 1.9.6 Authenticated Stored XSS Vulnerabilities Tabs Plugin <= 3.7.1: Multiple Authenticated Stored XSS Vulnerabilities Better Messages Plugin <= 1.9.10.69 Authenticated Subscriber+ Messaging Block Bypass Vulnerability Authenticated File Manipulation Vulnerability in XplodedThemes WPide Plugin <= 2.6 for WordPress CSRF Vulnerability in SedLex FavIcon Switcher Plugin Allows Unauthorized Settings Change Insecure Default Settings in SVG Support Plugin for WordPress Allow for Malicious Code Execution OS Command Injection Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 OS Command Injection Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 Vulnerability: Nonce Token Leakage and Missing Authorization in SearchWP Premium Plugin <= 4.2.5 on WordPress Denial of Service Vulnerability in Moxa SDS-3008 Series Industrial Ethernet Switch 2.1 Session Hijacking Vulnerability in SICAM P850 and P855 (All versions < V3.10) Title: Denial of Service Vulnerability in SIMATIC HMI Comfort Panels and KTP Basic Panels Session Impersonation Vulnerability in IBM DataPower Gateway CSRF Vulnerability in 3DPrint WordPress Plugin Allows File Archive Creation and Sensitive Data Leakage Session Impersonation Vulnerability in IBM MQ Appliance 9.2 and 9.3 Improper Access Controls in IBM Sterling B2B Integrator Standard Edition Improper Permission Controls in IBM Sterling B2B Integrator Standard Edition 6.1.x AIX TCP/IP Kernel Extension Denial of Service Vulnerability Private Key Exposure in IBM Spectrum Protect Plus Denial of Service Vulnerability in IBM InfoSphere Information Server 11.7 Denial of Service Vulnerability in IBM MQ for HPE NonStop 8.1.0 Remote Code Injection Vulnerability in CERT Software Unauthenticated Deletion of Arbitrary Users in Registration Forms WordPress Plugin Default Credentials Vulnerability in MegaRAC Arbitrary Address Write Vulnerability during PEI Phase in S3 Resume Boot Mode HTML Injection Vulnerability in CERT/CC VINCE Software Prior to 1.50.4 Cross-Origin Data Leakage in Google Chrome's Paint Implementation (CVE-2022-12345) Vulnerability: Privilege Escalation and Firmware Backdoor in AMI Aptio 5.x HTML Injection Vulnerability in CERT/CC VINCE Software Prior to 1.50.4 AMI Megarac Vulnerability: Weak Password Hashes for Redfish & API Default Credentials Vulnerability in MegaRAC Privilege Escalation and Firmware Backdoor Vulnerability in OverClockSmiHandler Module Arbitrary Code Execution and Memory Manipulation Vulnerability in S3Resume2Pei Module Hardcoded Credentials Vulnerability in BD Totalys MultiProcessor Arbitrary File Manipulation via Crafted Project Package Import in ICONICS/Mitsubishi Electric GENESIS64 Denial of Service Vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 and R04/08/16/32/120ENCPU Network Part Firmware Denial of Service Vulnerability in Mitsubishi Electric GOT2000 Series FTP Servers Predictable Seed in PRNG Vulnerability in Mitsubishi Electric MELSEC iQ-F and iQ-R Series Clickjacking Vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 and GT25 Models and GT SoftGOT2000 Mitsubishi Electric Corporation GOT2000 Series GT27 and GT25 Authentication Bypass Vulnerability Stored Cross-Site Scripting Vulnerability in Simple:Press WordPress Plugin Arbitrary Code Execution Vulnerability in Gridea Version 0.9.3 Arbitrary File Disclosure Vulnerability in Zettlr Version 2.3.0 Arbitrary Command Execution Vulnerability in Joplin Version 2.8.8 Missing sqlite3_free in createDB function leads to denial of service vulnerability in Samsung TizenRT Denial of Service Vulnerability in Samsung TizenRT through 3.0_GBM (and 3.1_PRE) Stored Cross-Site Scripting Vulnerability in Simple:Press WordPress Plugin Missing sqlite3_close in createDB function leads to denial of service vulnerability in Samsung TizenRT Missing X509_free in cyassl_connect_step2 leads to information disclosure in Samsung TizenRT Authenticated Command Injection in Hirschmann BAT-C2 Web Server (BSECV-2022-21) Buffer Overflow Vulnerability in NTFS-3G Allows Code Execution Authenticated Stored XSS Vulnerability in Messaging Functionality: Privilege Escalation and Account Compromise Authenticated Stored XSS Vulnerability in User Profile Data Fields Authenticated Stored XSS Vulnerability in Upload and Download Functionality Reflected Cross-Site Scripting Vulnerability in Simple:Press WordPress Plugin (Versions up to 6.8) Unauthenticated Reflected XSS Vulnerability in Barcode Generation Functionality Critical CSRF Vulnerability Allows Account Hijacking and Unauthorized Deletion Unauthenticated User Enumeration Vulnerability Session Fixation Vulnerability CSV Injection Vulnerability in Data Export Functionality Authenticated Information Disclosure Vulnerability Exposing Unsalted User Passwords Server-Side Request Forgery Vulnerability Exposes Backend Server to Unauthorized Endpoint Interactions Vulnerability: Weak Screen-Unlock Passcode Allows Privileged Shell Access Insecure Inherited Permissions in Crestron AirMedia for Windows Leading to Privilege Escalation Predictable /tmp Pathname Vulnerability in Singular Path Traversal Vulnerability in Simple:Press WordPress Plugin Allows Arbitrary File Deletion and Potential Remote Code Execution Multiple SQL Injection Vulnerabilities in Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus Denial of Service Vulnerability in FRRouting (FRR) through 8.4 Integer Overflow Vulnerability in libxml2 XML Parser XML Entity Definition Corruption Leading to Double-Free Vulnerability Server-Side Request Forgery Vulnerability in Canto Cumulus through 11.1.3 Denial of Service (DoS) Vulnerability in ECi Printanista Hub Login Form Race Condition and Use-After-Free Vulnerability in Linux Kernel's EFI Capsule Loader Unauthenticated Database File Access Vulnerability Arbitrary Directory Deletion Vulnerability Arbitrary File Modification Vulnerability in Simple:Press WordPress Plugin (Versions up to 6.8) Rate my Post – WP Rating System Plugin <= 3.3.4 Authenticated Race Condition Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Fatcat Apps Analytics Cat Plugin <= 1.0.9 on WordPress Server-Side Request Forgery (SSRF) Vulnerability in GiveWP – Donation Plugin and Fundraising Platform Potential XSS Risk and Page Load Failure in Recursive Rendering of Mustache Template Helpers with User Input Critical Remote Code Execution Vulnerability in Moodle 1.9 Backup File Restoration SQL Injection Vulnerability in User Browse List Administration Page Group Filtering Vulnerability in H5P Activity Attempts Report Stored XSS vulnerability in OpenKM 6.3.11 via javascript substring in A element Denial of Service Vulnerability in FRRouting bgpd through 8.4 Insecure Direct Object References (IDOR) Vulnerability in LISTSERV 17 Web Interface iFrame Injection Vulnerability in Quiz and Survey Master Plugin for WordPress (Versions up to 8.0.4) Heap-Based Buffer Over-Read in libConfuse 3.3: cfg_tilde_expand Vulnerability Cross-Site Scripting (XSS) Vulnerability in SysAid Help Desk (before 22.1.65) Cross-Site Scripting (XSS) Vulnerability in SysAid Help Desk Password Services Module (FR# 67241) Cross-Site Scripting (XSS) Vulnerability in SysAid Help Desk (before 22.1.65) via Linked SRs Field (FR# 67258) Cross-Site Scripting (XSS) Vulnerability in SysAid Help Desk (before 22.1.65) via Asset Dashboard (FR# 67262) Input Validation Bypass Vulnerability in Quiz and Survey Master Plugin for WordPress Arbitrary Code Execution Vulnerability in OASES 8.8.0.2 via Open Print Folder Menu CSV Injection Vulnerability in Appointment Hour Booking Plugin for WordPress Arbitrary File Upload Vulnerability in mojoPortal v2.7 Allows Remote Code Execution via Crafted PNG File SQL Injection Vulnerability in Intern Record System v1.0: Arbitrary Code Execution and Sensitive Information Disclosure Arbitrary Code Execution via Cross Site Scripting (XSS) in Intern Record System v1.0 Vulnerability: iFrame Injection in Appointment Hour Booking Plugin for WordPress SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 Arbitrary Request Injection Vulnerability in Z-BlogPHP <= 1.7.2 Cross-Site Scripting (XSS) Vulnerability in AjaXplorer 4.2.3 via Crafted SVG File Upload XSS Vulnerability in kfm through 1.4.7 via Crafted GET Request to /kfm/index.php CAPTCHA Bypass Vulnerability in Appointment Hour Booking Plugin for WordPress Arbitrary Code Execution via Language Parameter in Elite CRM v1.2.11 Buffer Overflow Vulnerability in Flipper Zero NFC Component Arbitrary Code Execution via Cross-Site Scripting (XSS) in ouqiang gocron Race Condition Vulnerability in GitLab CE/EE Allows Email Forgery and Account Takeover Arbitrary Code Execution via Cross Site Scripting (XSS) Vulnerability in FeehiCMS 2.1.1 Unsecured Management Interface in Red Hat Single Sign-On for OpenShift Container Images Allows Code Deployment and Information Access SQL Injection Vulnerability in Wedding Planner v1.0: Exploitable Booking Parameter in /admin/client_assign.php SQL Injection Vulnerability in Wedding Planner v1.0 via id parameter at /admin/feature_edit.php SQL Injection Vulnerability in Wedding Planner v1.0 via id parameter at /admin/select.php SQL Injection Vulnerability in WoWonder Social Network Platform v4.1.2 via offset parameter at requests.php?f=load-my-blogs Zip Slip Vulnerability in Chamilo v1.11 File Upload Function Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in FeehiCMS v2.1.1 Single Page Comment Box Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter Stored Cross-Site Scripting Vulnerability in Paytium WordPress Plugin Code Execution Backdoor in d8s-urls 0.1.0 Potential Code-Execution Backdoor Found in d8s-html Python Package (Version 0.1.0) Potential Code-Execution Backdoor in democritus-networking Package (d8s-asns for Python) Code-execution backdoor vulnerability in democritus-networking package (version 0.1.0) distributed with d8s-domains for Python on PyPI Potential Code-Execution Backdoor in d8s-mpeg Python Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-ip-addresses Python Package Unauthenticated PHP Object Injection in WP Custom Admin Interface WordPress Plugin Code-execution backdoor vulnerability in d8s-utility for Python (PyPI) version 0.1.0 Code-execution backdoor vulnerability in democritus-networking package (version 0.1.0) distributed with d8s-pdfs for Python on PyPI Potential Code-Execution Backdoor Found in d8s-strings Python Package (Version 0.1.0) Denial of Service Vulnerability in Oracle JDK and OpenJDK HTML Injection Vulnerability in Softr v2.0 Account Name Field Persistent XSS Vulnerability in Employee Performance Evaluation System v1.0 Buffer Overflow Vulnerability in AP4_MemoryByteStream::WritePartial Function in Bento4 v1.6.0-639 Memory Leak Vulnerability in Bento4 v1.6.0-639: AP4_StdcFileByteStream::Create in mp42ts Server Crash Vulnerability in Mattermost: Exploiting Autoresponder Messages Cross-Site Scripting (XSS) Vulnerability in mxGraph v4.2.2 via setTooltips() Function Absolute Path Traversal Vulnerability in ZZCMS 2022: Unauthorized Access to Sensitive Information Full Path Disclosure Vulnerability in ZZCMS 2022 via /admin/index.PHP?_server SQL Injection Vulnerability in ZZCMS 2022 via /admin/sendmailto.php?tomail=&groupid= SQL Injection Vulnerability in ZZCMS 2022 via keyword parameter at /admin/baojia_list.php Authenticated User Denial-of-Service Vulnerability in Mattermost API Endpoint Improper Restriction of Operations Vulnerability in CODESYS Control Heap Data Leak Vulnerability in Tinyproxy iKuai OS v3.6.7 Authenticated Remote Code Execution (RCE) Vulnerability Arbitrary File Upload Vulnerability in Return Refund and Exchange For WooCommerce WordPress Plugin (<= 4.0.9) Cross Site Scripting Vulnerability in Phpgurukul Blood Donor Management System 1.0 Arbitrary PHP Webshell Upload Vulnerability in Clinic's Patient Management System v1.0 CSV Injection Vulnerability in ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 Command Injection Vulnerability in TOTOLINK A860R V4.1.2cu.5182_B20201027 via /cgi-bin/downloadFile.cgi Null Pointer Dereference Vulnerability in Linux Kernel Inadequate Encryption Strength in CODESYS Development System V3: Unauthorized Access and Code Manipulation Nordic Semiconductor NRF5340-DK DT100112 Denial of Service (DoS) Vulnerability User Enumeration Vulnerability in Laravel 8.x through 9.x SQL Injection Vulnerability in Wedding Planner v1.0 SQL Injection Vulnerability in Wedding Planner v1.0: Exploitable Booking Parameter in /admin/client_edit.php SQL Injection Vulnerability in Wedding Planner v1.0 via id parameter at /package_detail.php Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) - Arbitrary Code Execution via Crafted Backup File Multiple Cross-Site Scripting (XSS) Vulnerabilities in ProcessWire v3.0.200 via Search Users and Search Pages Function Cross-Site Request Forgery (CSRF) vulnerability found in ProcessWire v3.0.200 Cross Site Request Forgery (CSRF) Vulnerability in ThinkCMF Version 6.0.7 Allows Injection of Super Administrator into Administrative Users SQL Injection Vulnerability in WP User WordPress Plugin Authentication Bypass Vulnerability in NPS before v0.26.10 Authenticated Remote Code Execution (RCE) Vulnerability in Wazuh Active Response Endpoint SQL Injection Vulnerability in JoomSport WordPress Plugin (<= 5.2.8) WLAN Host Vulnerability: Transient DOS via Improper Input Validation Bluetooth Host Buffer Over-read Vulnerability in A2DP Streaming Reachable Assertion Vulnerability in Modem: Transient DOS via Downlink Data Indication Message Modem Vulnerability: DNS Hostname Buffer Over-read Leading to Information Disclosure Double Free Vulnerability in Core: Memory Corruption during HLOS Address Mapping Cross Carrier Scheduling Vulnerability in Modem Configuration: Transient DOS Exploit Critical SQL Injection Vulnerability in Hostel Searching Project (VDB-213844) Buffer Overflow Vulnerability in EVS Vocoder during Voice Call Buffer Over-read Vulnerability in WLAN Firmware Leads to Transient Denial-of-Service (DoS) WLAN Firmware Vulnerability: Transient Denial of Service (DOS) through Uncontrolled Resource Consumption Buffer Overflow Vulnerability in WLAN Firmware Processing CCKM IE in Reassoc Response Frame Double Free Vulnerability in Video Player when Playing 3GP Clip with Invalid Metadata Atoms Stack-based buffer overflow vulnerability in Core leading to memory corruption. Stack-Based Buffer Overflow: A Memory Corruption Vulnerability in Core Core Vulnerability: Information Disclosure via Buffer Overread Core Vulnerability: Information Disclosure via Buffer Overread Critical SQL Injection Vulnerability in Student Attendance Management System Stack-Based Buffer Overflow Vulnerability in Core: Memory Corruption Exploit Transient Denial of Service Vulnerability in Modem: Improper Authorization Double Free Vulnerability in Linux Networking: Exploiting Memory Corruption Kernel Indirect Branch Misprediction Vulnerability Buffer Over-read Vulnerability in Modem's SetNativeHandle RTP Service Unintended Information Leakage in Linux Networking Firmware: A Side Channel Analysis Vulnerability Transient Denial of Service (DoS) Vulnerability in WLAN Processing PEER ID Populated by TQM Kernel Memory Corruption Vulnerability in Root Process Mapping Request Cross-Site Scripting (XSS) Vulnerability in Student Attendance Management System WLAN Initialization Vulnerability: Integer Overflow Leading to Memory Corruption WLAN Memory Corruption Vulnerability via Incorrect Type Cast in WMI_SCAN_SCH_PRIO_TBL_CMDID Message WLAN Integer Overflow Vulnerability in WMI Command Transmission USB QMI Request Vulnerability: Transient Denial of Service through Untrusted Pointer Dereference in Core Audio Array Index Out-of-Bounds Vulnerability Buffer Over-read Vulnerability in WLAN Packet Transmission Vulnerability: Transient Denial of Service (DOS) in Modem due to Improper Authentication AVRCP Response Memory Corruption Vulnerability in Bluetooth HOST Modem Vulnerability: Transient Denial of Service (DoS) via Reachable Assertion Array Index Out of Bounds Vulnerability in Automotive Android OS Webhook Secret Token Leakage Vulnerability in GitLab Buffer Overflow Vulnerability in Linux Kernel Firmware Loading Improper Parsing of mailto URLs in xdg-mail Configuration Allows for Malicious File Attachment Insecure Storage Path in Autoptimize WordPress Plugin Stored XSS Vulnerability in Photo Gallery by 10Web WordPress Plugin SQL Injection Vulnerability in Cryptocurrency Widgets Pack WordPress Plugin Arbitrary Code Execution Vulnerability in User Post Gallery WordPress Plugin Improper Pre-configured Password Vulnerability in Zyxel LTE3301-M209 Firmware Cross-Site Scripting (XSS) Vulnerability in Zyxel ZyWALL/USG Series Firmware URL Formatting Vulnerability in Apache Airflow 2.3.0 through 2.3.4 MITRE CALDERA before 4.1.0 XSS Vulnerability in Operations Tab and Debrief Plugin MITRE CALDERA before 4.1.0 XSS Vulnerability in Operations Tab and Debrief Plugin Unauthorized File Access Vulnerability in IBM Spectrum Scale 5.1 Directory Traversal Vulnerability in IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems Restore Operation Arbitrary Code Execution Vulnerability in IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 Arbitrary File Upload Vulnerability in JobBoardWP WordPress Plugin SQL Injection Vulnerability in IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 Authentication Bypass Vulnerability in IBM Maximo Asset Management 7.6.1.1-7.6.1.3 Denial of Service in strongSwan Revocation Plugin via Crafted Certificate Unauthorized Access Vulnerability in EcoStruxure Power Commission (Versions prior to V2.25) Insecure Communication and Hashing Vulnerability in WAVLINK Quantum D4G (WN531G3) Firmware Session Takeover Vulnerability in WAVLINK Quantum D4G (WN531G3) Firmware M31G3.V5030.200325 Unauthenticated Remote Command Execution in WAVLINK Quantum D4G (WN531G3) Firmware M31G3.V5030.200325 Remote Command Execution in pfSense pfBlockerNG through 2.1.4_27 via HTTP Host Header Reflected JavaScript Code Injection Vulnerability in Zabbix Frontend Arbitrary Command Execution Vulnerability in Tacitine Firewall Insecure Design in Tacitine Firewall Web-Based Management Interface Allows Unauthorized Information Disclosure Insecure File Inclusion Vulnerability in InPost Gallery WordPress Plugin Session Fixation Vulnerability in Tacitine Firewall Web-Based Management Interface Cross-Site Scripting Vulnerability in SCALANCE X-Series Devices: Risk of Session Hijacking CSRF Vulnerability in gVectors Team wpForo Forum Plugin Allows Topic Deletion Rittal CMC III Locks Vulnerability: Cloning Access Cards for Control Cabinet Breach Crafter Studio OS Command Execution via FreeMarker SSTI Vulnerability Groovy Sandbox Bypass Vulnerability in Crafter Studio of Crafter CMS Arbitrary Code Execution via JT File Parsing in Ansys SpaceClaim 2022 R1 Arbitrary Code Execution via JT File Parsing in Ansys SpaceClaim 2022 R1 Arbitrary Code Execution via X_B File Parsing in Ansys SpaceClaim 2022 R1 Arbitrary Code Execution via SKP File Parsing in Ansys SpaceClaim 2022 R1 Dalli Meta Protocol Handler: Injection Vulnerability (VDB-214026) Arbitrary Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 (ZDI-CAN-17308) Arbitrary Code Execution via X_B File Parsing in Ansys SpaceClaim 2022 R1 Remote Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 via X_B File Parsing Remote Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 via X_B File Parsing Arbitrary Code Execution via X_B File Parsing in Ansys SpaceClaim 2022 R1 Remote Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 via X_B File Parsing (ZDI-CAN-17540) Remote Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 via X_B File Parsing Arbitrary Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 (ZDI-CAN-17558) Arbitrary Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 (ZDI-CAN-17563) Remote Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 via X_B File Parsing (ZDI-CAN-17565) Critical Path Traversal Vulnerability in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0 Arbitrary Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 (ZDI-CAN-17838) Arbitrary Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 (ZDI-CAN-17844) Arbitrary Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 (ZDI-CAN-17846) Arbitrary Code Execution via X_B File Parsing in Ansys SpaceClaim 2022 R1 Arbitrary Code Execution Vulnerability in Ansys SpaceClaim 2022 R1 (ZDI-CAN-18351) Heap-based Buffer Overflow in NIKON NIS-Elements Viewer 1.2100.1483.0 Remote Code Execution Vulnerability in NIKON NIS-Elements Viewer 13.2.0.21165 via ND2 File Parsing Arbitrary Code Execution via PSD File Parsing in NIKON NIS-Elements Viewer Remote Code Execution Vulnerability in NIKON NIS-Elements Viewer 1.2100.1483.0 via TIF Image Parsing Remote Code Execution Vulnerability in NIKON NIS-Elements Viewer 1.2100.1483.0 Resource Allocation Vulnerability in davidmoreno onion (VDB-214028) Arbitrary Code Execution via PSD Image Parsing in NIKON NIS-Elements Viewer Arbitrary Code Execution via BMP Image Parsing in NIKON NIS-Elements Viewer Remote Code Execution Vulnerability in NIKON NIS-Elements Viewer 1.2100.1483.0 via TIF Image Parsing Remote Code Execution Vulnerability in NIKON NIS-Elements Viewer 1.2100.1483.0 via TIF Image Parsing Apache Shiro Authentication Bypass Vulnerability in RequestDispatcher Forwarding or Including Stored Cross-site Scripting (XSS) Vulnerability in LibreNMS GitHub Repository CSRF Vulnerability in Rate my Post – WP Rating System Plugin CPO Shortcodes Plugin <= 1.5.0 Authenticated Stored XSS Vulnerability Lack of Authorization Checking in KDiskMark before 3.1.0 for D-Bus Methods Use-After-Free Vulnerability in libexpat's doContent Function Cryptographic Vulnerabilities in Fortinet FortiNAC: Decryption and Message Forgery Exploits Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiNAC Command Injection Vulnerability in Fortinet FortiNAC Insufficiently Protected Credentials Vulnerability in Fortinet FortiNAC Command Injection Vulnerability in FortiADC and FortiDDoS Account Re-Enablement and XSS Vulnerability in Admin User Overview Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiOS Versions 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9, and 7.0.0 - 7.0.3 Denial of Service Vulnerability in Fortinet FortiClient (Windows) Fortinet FortiClient Windows Vulnerability: Unauthorized Code Execution via Crafted Request Double Free Vulnerability in Fortinet FortiWeb 7.0.0-7.0.3: Unauthorized Code Execution Authentication Bypass via Alternate Path/Channel in Fortinet FortiOS, FortiProxy, and FortiSwitchManager Credential Exposure Vulnerability in Intel(R) DCM Software CSRF Vulnerability in Creative Mail Plugin for WordPress CSRF Vulnerability in Creative Mail Plugin for WordPress Cross-site Scripting (XSS) Vulnerability in librenms/librenms prior to 22.10.0 Arbitrary Script Injection Vulnerability in BookStack Versions Prior to v22.09 Information Disclosure Vulnerability in Moxa SDS-3008 Series Industrial Ethernet Switch 2.1 CSRF Vulnerability in WP Sunshine Sunshine Photo Cart Plugin Cleartext Transmission Vulnerability in Moxa SDS-3008 Series Industrial Ethernet Switch 2.1 Allows for Sensitive Information Disclosure Stored Cross-Site Scripting (XSS) Vulnerability in News Announcement Scroll Plugin <= 8.8.8 on WordPress Multiple Cross-Site Scripting (XSS) Vulnerabilities in SEO Redirection Plugin <= 8.9 on WordPress Unauthorized Access to Sensitive Data in WP Engine Advanced Custom Fields (ACF) Stored Cross-Site Scripting (XSS) Vulnerability in 3com – Asesor de Cookies para normativa española Plugin <= 3.4.3 Cross-Site Scripting (XSS) Vulnerability in Quiz And Survey Master Plugin <= 7.3.10 on WordPress Critical Cross-Site Scripting (XSS) Vulnerability in Dario Curvino Yasr – Yet Another Stars Rating Plugin <= 3.1.2 Insufficient Session Expiration in LibreNMS GitHub Repository Server-Side Request Forgery (SSRF) vulnerability in Multiple WordPress Plugins Directory Traversal Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 Allows Arbitrary File Deletion Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce Authentication Bypass Vulnerability in AliveCor Kardia App version 5.17.1-754993421 and prior on Android Phoronix-Test-Suite: XSS Vulnerability in phoromatic_r_add_test_details.php Apache SOAP RPCRouterServlet XML External Entity Reference File Read Vulnerability Out-of-bounds Read Vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows Out-of-bounds Read Vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows Local Information Disclosure Vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows Privilege Escalation Vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows Stored XSS Vulnerability in PrimeKey EJBCA 7.9.0.2 Community: Exploiting End Entity Section for Privilege Escalation Reflected XSS Vulnerability in NOKIA 1350OMS R14.2 Multiple Relative Path Traversal Vulnerabilities in NOKIA 1350OMS R14.2 Reflected XSS Vulnerability in NOKIA 1350OMS R14.2 Absolute Path Traversal Vulnerability in NOKIA 1350OMS R14.2 Multiple SAN URI Values Bypass Vulnerability in HashiCorp Consul and Consul Enterprise Unauthenticated Remote Code Execution Vulnerability in D-Link DIR-2150 4.0.1 Routers Unauthenticated Remote Code Execution Vulnerability in D-Link DIR-2150 4.0.1 Routers Unauthenticated Remote Command Execution in D-Link DIR-2150 4.0.1 Routers Arbitrary Command Execution in D-Link DIR-2150 4.0.1 Routers via Dreambox Plugin PHP Uploader Arbitrary File Upload Vulnerability RSA Padding Misconfiguration in PingID Adapter for PingFederate: Bypassing Offline MFA PingID RADIUS PCV Adapter Vulnerability: MFA Bypass Cross-Site Request Forgery (CSRF) Vulnerability in PingFederate Local Identity Profiles '/pf/idprofile.ping' Endpoint PingID Desktop Vulnerability: PIN Bypass Exploit Arbitrary File Read Vulnerability in UniSharp Laravel-Filemanager (CVE-2022-XXXX) Vulnerability: Expensive Calculation in Diffie-Hellman Key Agreement Protocol Excessive Memory Consumption Vulnerability in Bento4 1.6.0-639 Buffer Over-read Vulnerability in Bento4 NULL Pointer Dereference in AP4_DescriptorListWriter::Action Insufficient Filtering for Special Characters in Ragic Report Generation Page Allows for Reflected XSS Attack Insufficient Filtering in Realtek GPON Router Allows Command Injection Attacks Insufficient Filtering of Special Characters in Mail SQR Expert Allows Remote Command Execution Local File Inclusion Vulnerability in Mail SQR Expert System Cross-Site Scripting and Cache Poisoning Vulnerability in Apache Traffic Server Stored Cross-Site Scripting Vulnerability in IBM Aspera Faspex 5.0.6 DLL Search Order Hijacking Vulnerability in IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 XML External Entity Injection (XXE) Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Credential Recovery Vulnerability in IBM UrbanCode Deploy Command Injection Vulnerability in IBM InfoSphere DataStage 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Open Redirect Vulnerability in Apache Airflow 2.3.0 through 2.3.4 Denial of Service Vulnerability in JasPer 3.0.6 via Reachable Assertion in inttobits Function Actian Zen PSQL Vulnerability: Unauthorized Access to Database via Security File Removal Denial of Service Vulnerability in Samsung mTower through 0.3.0 Denial of Service Vulnerability in Samsung mTower through 0.3.0 NULL Pointer Dereference Vulnerability in TEE_MACCompareFinal Function in Samsung mTower Denial of Service Vulnerability in Samsung mTower through 0.3.0 Denial of Service Vulnerability in Samsung mTower through 0.3.0 Memory Allocation DoS Vulnerability in Samsung mTower through 0.3.0 Arbitrary Command Execution Vulnerability in Snyk CLI and IDE Plugins Command-Injection Vulnerability in Mitel MiVoice Connect Edge Gateway SQL Injection Vulnerability in Modern Campus Omni CMS 10.2.4 Information Disclosure Vulnerability in stex_queuecommand_lck in Linux Kernel Insufficient Random Number Generation (RNG) in Profanity 1.60 Allows Theft of Ethereum Vanity Addresses Authenticated Command Injection Vulnerability in Zoho ManageEngine ServiceDesk Plus XML External Entity (XXE) Vulnerability in Zoho ManageEngine ServiceDesk Plus versions 13010 and prior: Information Disclosure Risk Zoho ManageEngine ServiceDesk Plus: Validation Bypass Vulnerability Exposes Sensitive Data via Report Module Privilege Escalation Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP and SupportCenter Plus NULL Pointer Dereference in AP4_StszAtom::GetSampleSize NULL Pointer Dereference in AP4_StszAtom::WriteFields Arbitrary File Upload Vulnerability in Interspire Email Marketer 6.5.0 Stored Cross-Site Scripting (XSS) Vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 Stack Buffer Overflow Vulnerability in mIPC Camera Firmware 5.3.1.2003161406: Exploiting Unlimited strcpy on User Input via Locale File Locale File Shell Injection Vulnerability in mIPC Camera Firmware 5.3.1.2003161406 Remote Code Execution Vulnerability in Roxy Fileman 1.4.6 via .phar Upload Vulnerability: Account Takeover via Incorrect Access Control in OcoMon 4.0RC1 Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15: Remote Code Execution Vulnerability Code Execution Backdoor in d8s-urls for Python 0.1.0 Code-execution backdoor vulnerability in d8s-uuids for Python (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-domains for Python (PyPI) version 0.1.0 Potential Code-Execution Backdoor Found in d8s-dates Python Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-dicts Python Package (Version 0.1.0) Code-Execution Backdoor in d8s-ip-addresses Python Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-urls Python Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-pdfs Python Package (Version 0.1.0) Zammad 5.2.1 Incorrect Access Control Vulnerability Improper Access Control in Zammad 5.2.1 Allows Unauthorized Ticket Modifications SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in CodeIgniter <=3.1.13 via where_in() Function SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 via system\database\DB_query_builder.php or_where_not_in() Function SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in CodeIgniter <=3.1.13 via like() Function in DB_query_builder.php SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in B.C. Institute of Technology CodeIgniter <=3.1.13 SQL Injection Vulnerability in NdkAdvancedCustomizationFields v3.5.0: Unauthenticated Data Exfiltration Cross Site Scripting (XSS) Vulnerability in NdkAdvancedCustomizationFields 3.5.0 via createPdf.php Cross-Site Scripting (XSS) Vulnerability in NdkAdvancedCustomizationFields v3.5.0 Server-side request forgery (SSRF) vulnerability in NdkAdvancedCustomizationFields 3.5.0 via rotateimg.php Vulnerability: Router Login Bypass and Administrator Password Exposure Stored Cross Site Scripting (XSS) Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) Password Exposure Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) Stored Cross Site Scripting (XSS) Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) Command Injection Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) Stored Cross-Site Scripting (XSS) Vulnerability in ThinkCMF 6.0.7 Slideshow Management Stack Overflow Vulnerability in Tenda AC15 V15.03.05.19 via fromAddressNat Function Stack Overflow Vulnerability in Tenda AC15 Router V15.03.05.19 via /goform/fast_setting_wifi_set Endpoint Stack Overflow Vulnerability in Tenda AC18 Router's /goform/fast_setting_wifi_set Stack Overflow Vulnerability in Tenda W20E Router V15.11.0.6: Remote Code Execution and Denial of Service Stack Overflow Vulnerability in Tenda AC15 Router V15.03.05.19 - /goform/SetNetControlList Stack Overflow Vulnerability in Tenda AC18 Router V15.03.05.19 via /goform/SetNetControlList/ Request Stack Overflow Vulnerability in Tenda AC15 and AC18 Router V15.03.05.19: /goform/NatStaticSetting Stack Overflow Vulnerability in Tenda AC15 and AC18 Routers' setSmartPowerManagement Function Heap Overflow Vulnerabilities in Tenda AC15 and AC18 Routers V15.03.05.19 Stack Overflow Vulnerability in Tenda W20E Router V15.11.0.6 Stack Overflow Vulnerability in Tenda W20E Router V15.11.0.6 Stack Overflow Vulnerability in Tenda W20E Router V15.11.0.6 Stack Overflow Vulnerability in Tenda AC15 and AC18 Routers V15.03.05.19: fromDhcpListClient Function Vulnerability in iPXE: Information Exposure through Discrepancy in TLS Host Header Injection Vulnerability in Parallels Remote Application Server v18.0 Web Client Dolibarr ERP & CRM <=15.0.3 Eval Injection Vulnerability SQL Injection Vulnerability in Sourcecodester Simple E-Learning System 1.0 Heap Overflow Vulnerability in Tenda AX1803 v1.0.0.1's GetParentControlInfo Function Heap Overflow Vulnerability in Tenda AX1803 v1.0.0.1's GetParentControlInfo Function Stack Overflow Vulnerability in Tenda ax1803 v1.0.0.1: Remote Code Execution (RCE) via fromAdvSetMacMtuWan Functions SQL Injection Vulnerability in Exam Reviewer Management System 1.0 via 'id' Parameter Remote Code Execution (RCE) Vulnerability in Exam Reviewer Management System 1.0 Cross Site Scripting (XSS) Vulnerability in kkFileView v4.1.0 via 'errorMsg' Parameter Critical SQL Injection Vulnerability in rickxy Stock Management System (VDB-214322) Command Injection Vulnerability in SolarView Compact 6.00 via network_test.php Memory Leaks in Bento4 1.6.0 via mp4fragment Memory Allocation Vulnerability in Bento4 v1.6.0-639 Leading to Denial of Service File Upload Vulnerability in DedeCMS 5.7.98 Background SQL Injection Vulnerability in SourceCodester Best Student Result Management System 1.0 Deserialization Vulnerability in Phpok 6.1 via framework/phpok_call.php Cross-Site Scripting (XSS) Vulnerability in rickxy Stock Management System AMF Denial of Service Vulnerability in Open5GS 2.4.10 and Earlier User Enumeration Vulnerability in Nedi Web UI Login ReDoS Vulnerability in Pygments SmithyLexer Regular Expression Denial of Service (ReDoS) in PyPA Setuptools Denial of Service Vulnerability in PyPA Wheel 0.37.1 and Earlier Denial of Service Vulnerability in Python Charmers Future 0.18.2 and Earlier Cross-Site Request Forgery Vulnerability in rickxy Stock Management System (VDB-214331) Insufficient Mitigation of Repeated Failed Access Attempts in Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Canteen Management System (VDB-214359) Cross Site Scripting (XSS) vulnerability in ETAP Safety Manager 1.0.0.32 Remote Code Execution Vulnerability in Lewei_Cam Firmware Version 2.0.10 Improper Neutralization of User-Supplied Input in GitLab EE Allows Creation of Malicious README Page Arbitrary File Upload Vulnerability in DedeCMS V5.7.99 via /dede/file_manage_control.php Denial of Service (DOS) Vulnerability in LIEF v0.12.1 MachO BinaryParser Denial of Service (DOS) Vulnerability in LIEF v0.12.1 Arbitrary File Upload Vulnerability in Zoo Management System v1.0 Arbitrary File Upload Vulnerability in Zoo Management System v1.0 SQL Injection Vulnerability in Online Leave Management System v1.0 via /leave_system/classes/Master.php?f=delete_leave_type SQL Injection Vulnerability in Online Leave Management System v1.0 via /leave_system/classes/Master.php?f=delete_designation SQL Injection Vulnerability in Online Leave Management System v1.0 via /leave_system/classes/Master.php?f=delete_application Command Execution Vulnerability in XXL-JOB 2.2.0 Background Tasks Title: Critical SQL Injection Vulnerability in Versions 16.0.1 and 16.0.2: Risk of Unauthorized Data Access and Persistent Compromise Cross Site Scripting (XSS) Vulnerability in dutchcoders Transfer.sh 1.4.0 Arbitrary File Upload Vulnerability in Zoo Management System v1.0 SQL Injection Vulnerability in Online Pet Shop Web App v1.0 by oretnom23 SQL Injection Vulnerability in Online Pet Shop Web App v1.0 via /pet_shop/classes/Master.php?f=delete_sub_category,id SQL Injection Vulnerability in Online Pet Shop Web App v1.0 via /pet_shop/classes/Master.php?f=delete_category,id Vulnerability: Password Disclosure in Secustation Products Stack Overflow Vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11: compare_parentcontrol_time SQL Injection Vulnerability in Dairy Farm Shop Management System 1.0 SQL Injection Vulnerability in Dairy Farm Shop Management System 1.0 Denial of Service Vulnerability in D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 Use-After-Free Vulnerability in Linux Kernel (CVE-2021-1234) Apache Airflow Spark Provider OS Command Injection Vulnerability Apache InLong Deserialization Remote Code Execution Vulnerability HTML Base Element Injection Vulnerability Cache Inconsistency Vulnerability in Firefox and Thunderbird (ARM64) Cookie Injection Vulnerability in Firefox ESR, Thunderbird, and Firefox FeaturePolicy Bypass: Device Permission Leakage in Firefox ESR, Thunderbird, and Firefox SSRF Vulnerability in GitHub Repository Appsmithorg/Appsmith prior to 1.8.2 Thread-Unsafe URL Parser Vulnerability in Firefox ESR, Thunderbird, and Firefox Stack-buffer overflow vulnerability in Firefox for Android graphics driver during startup Memory Corruption Vulnerabilities in Firefox ESR 102.2 and Firefox 104 Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) Vulnerabilities in WP Page Builder Plugin <= 1.2.6 on WordPress Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi Software Stored Cross-Site Scripting Vulnerability in DIAEnergie (versions prior to v1.9.01.002) through PostEnergyType API Buffalo Network Devices Authentication Bypass Vulnerability SQL Injection Vulnerability in DIAEnergie (versions prior to v1.9.01.002) Critical Reflected Cross-Site Scripting (XSS) Vulnerability in 2kb Amazon Affiliates Store Plugin <=2.1.5 on WordPress OS Command Injection Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 IP Spoofing Vulnerability in AIOS WordPress Plugin Privilege Escalation Vulnerability in Intel(R) HDMI Firmware Update Tool for NUC Improper Access Control in Intel(R) QAT Drivers for Windows: Privilege Escalation Vulnerability Incomplete Cleanup in Intel(R) IPP Cryptography Software: Potential Information Disclosure via Local Access Path Traversal Vulnerability in Pilz Products: 'Zip-Slip' Arbitrary File Writes Path Traversal Vulnerability in Pilz PASvisu Server Vulnerability in JetBrains IntelliJ IDEA Installer: EXE Search Order Hijacking Sensitive Password Logging Vulnerability in JetBrains TeamCity Authentication Bypass Vulnerability in Wiesemann&Theis ComServer Series Unauthenticated File Deletion Vulnerability in Trend Micro Mobile Security for Enterprise 9.8 SP5 ETIC Telecom Remote Access Server (RAS) 4.5.0 and Prior: Malicious File Upload Vulnerability Transient Execution Information Disclosure Vulnerability Integer Overflow Vulnerability in QML QtScript Reflect API of Qt Project Qt 6.3.2 Stack-based Buffer Overflow in WTViewerE and WTViewerEfree DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability Unauthenticated SQL Injection in Joy Of Text Lite WordPress Plugin DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Stack-Based Buffer Overflow Vulnerabilities in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 DetranCLI Command Parsing Stack-Based Buffer Overflow Vulnerabilities in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Stack-Based Buffer Overflow in 'no gre index' Command Template Stack-based Buffer Overflow in DetranCLI Command Parsing Functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability Stack-based Buffer Overflow in DetranCLI Command Parsing Functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability Arbitrary File Deletion Vulnerability in Images Optimize and Upload CF7 WordPress Plugin DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability Stack-based Buffer Overflow in DetranCLI Command Parsing Functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability Arbitrary Post Deletion Vulnerability in Royal Elementor Addons WordPress Plugin DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability DetranCLI Stack-Based Buffer Overflow in 'wlan filter mac address' Command Template Arbitrary Title Creation Vulnerability in Royal Elementor Addons WordPress Plugin DetranCLI Command Parsing Functionality Stack-Based Buffer Overflow Vulnerability Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word NuGet Client Privilege Escalation Vulnerability Windows COM+ Event System Service Elevation of Privilege Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks SharePoint Server Remote Code Execution Vulnerability SharePoint Server Remote Code Execution Vulnerability SharePoint Server Remote Code Execution Vulnerability Pervasive Windows PPTP Remote Code Execution Vulnerability JPEG File Processing Vulnerability in Lepton Image Compression Tool Leads to Denial-of-Service Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Visual Studio Code Sensitive Data Exposure Vulnerability Exposed Secrets: Microsoft Office Information Disclosure Vulnerability Pervasive PPTP Vulnerability: Remote Code Execution on Windows Windows ALPC Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Critical Remote Code Execution Vulnerability in Microsoft ODBC Driver Windows Mark of the Web Bypass Vulnerability Stored XSS Vulnerability in Kiwi Test Plan: Exploiting UI Redressing, Clickjacking, and History Page Disabling Windows EFS Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Azure RTOS GUIX Studio Exploiting the Windows Graphics Component for Remote Code Execution Kerberos Denial of Service Vulnerability in Windows Windows Resilient File System (ReFS) Privilege Escalation Vulnerability Windows HID Information Disclosure Vulnerability Critical Vulnerability: NPS RADIUS Protocol Denial of Service Exploit Windows HTTP.sys Privilege Escalation Vulnerability Windows NAT DoS Vulnerability Arbitrary File Download Vulnerability in Wholesale Market for WooCommerce WordPress Plugin Exposed Secrets: Microsoft Word Information Disclosure Vulnerability Word RCE Vulnerability: A Remote Code Execution Risk in Microsoft Word SharePoint Server Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel .NET Framework Information Leakage Vulnerability Unauthenticated Information Disclosure Vulnerability in Microsoft Business Central Arbitrary File Download Vulnerability in SMSA Shipping for WooCommerce WordPress Plugin Print Spooler Privilege Escalation Vulnerability in Windows Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data PowerShell Remote Code Execution: A Critical Security Vulnerability Windows Fax Compose Form Elevation of Privilege Vulnerability Microsoft Exchange Server Spoofing Vulnerability: A Gateway for Impersonation Attacks Microsoft Exchange Server Spoofing Vulnerability: Exploiting Email Authentication Arbitrary File Download Vulnerability in Wholesale Market for WooCommerce WordPress Plugin Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Pervasive Windows PPTP Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Code Execution Vulnerability in Visual Studio Code Azure CycleCloud Privilege Escalation Vulnerability Windows Group Policy Privilege Escalation Vulnerability Pervasive Windows PPTP Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability: A Critical Security Threat Arbitrary Log Download Vulnerability in Wholesale Market for WooCommerce WordPress Plugin PPTP DoS Vulnerability in Windows OS Windows Mark of the Web Bypass Vulnerability Windows Win32k Privilege Escalation Vulnerability Windows ALPC Elevation of Privilege Vulnerability Hyper-V Privilege Escalation Vulnerability in Windows Windows Digital Media Receiver Privilege Escalation Vulnerability Windows DWM Core Library Privilege Escalation Vulnerability Exposed Secrets: NPS RADIUS Protocol Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data BitLocker Security Feature Bypass: A Critical Vulnerability in Data Encryption Stored Cross-Site Scripting Vulnerability in Eventify™ WordPress Plugin Windows ALPC Elevation of Privilege Vulnerability Windows Overlay Filter Privilege Escalation Vulnerability Windows Overlay Filter Privilege Escalation Vulnerability Exposed Secrets: Microsoft Word Information Disclosure Vulnerability Excel Security Feature Bypass Vulnerability Excel Data Leakage Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Windows Win32k Privilege Escalation Vulnerability Unrestricted File Size Limit Vulnerability in tooljet/tooljet <1.27 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability: Exploiting System Privileges Windows Bind Filter Driver Privilege Escalation Vulnerability Critical Elevation of Privilege Vulnerability Discovered in Microsoft Edge (Chromium-based) Update PPTP DoS Vulnerability in Windows OS Windows Scripting Languages RCE Vulnerability Exploiting Visual Studio Remote Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in Quizlord WordPress Plugin Windows Sysmon Privilege Escalation Vulnerability Windows Graphics Component Privilege Escalation Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server CNG Key Isolation Service Privilege Escalation Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Dynamics NAV and Dynamics 365 Business Central (On Premises) Windows Scripting Languages RCE Vulnerability OS Command Injection Vulnerability in Apache Airflow Hive Provider Stored XSS Vulnerability in Ezoic Plugin <= 2.8.8 on WordPress Allows Unauthenticated Plugin Settings Change SQL Injection Vulnerability in DIAEnergie (versions prior to v1.9.01.002) CSRF Vulnerability in OptinlyHQ Optinly Plugin Unauthenticated Plugin Settings Modification Vulnerability in Modula Plugin <= 2.6.9 on WordPress CSRF Vulnerability Leading to Stored XSS in Shortcodes Ultimate Plugin <= 5.12.0 Arbitrary Code Execution Vulnerability in Zutty before 0.13 via DECRQSS Stored XSS in MITRE CALDERA 4.1.0 via app.contact.gist leading to arbitrary command execution on agents Cross-Site Scripting Vulnerability in Superio WordPress Theme Arbitrary Code Execution Vulnerability in D-Link Routers via lighttpd Service Privilege Escalation via Insecure OpenSSL Configuration in Windscribe Privilege Escalation Vulnerability in Centreon's Poller Resource Configuration Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18225) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18282) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18283) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18284) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18286) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18339) Stored Cross-Site Scripting Vulnerability in Editorial Calendar WordPress Plugin Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18340) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18341) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18342) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18343) Directory Traversal Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 Allows Arbitrary File Deletion iQ Block Country Plugin <= 1.2.18 WordPress Vulnerability: Block Bypass Insufficient URL Verification in OndiskPlayerAgent Allows Remote Code Execution Fixed Password Vulnerability in Kyungrinara(ERP Solution) Allows Unauthorized Access and Data Theft Cookie Path Remote Code Execution Vulnerability Quarkus Dev UI Config Editor Vulnerability: Remote Code Execution via Drive-By Localhost Attacks Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Stack-based Overflow and Dangling Pointer Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author v9 Unauthenticated SQL Injection in IWS WordPress Plugin Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Stack-based Overflow Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 SQL Injection Vulnerability in Bitcoin / AltCoin Payment Gateway Plugin for WooCommerce & Multivendor Store/Shop WordPress Plugin Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Author - version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Viewer v9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer 9 Stored Cross-Site Scripting Vulnerability in Image Optimizer, Resizer and CDN WordPress Plugin Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Memory Management Vulnerability in SAP 3D Visual Enterprise Viewer v9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer v9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Vulnerability: PHP Object Injection in Stop Spammers Security WordPress Plugin Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer - Version 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer 9 Remote Code Execution Vulnerability in SAP 3D Visual Enterprise Viewer v9 Deserialization of Untrusted Data Vulnerability in SAP BusinessObjects BI Platform SAP Commerce Login Page Manipulation Vulnerability SAP GUI Remote Code Execution Vulnerability User-controlled input vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430 Unauthenticated URL Redirection Vulnerability in SAP Biller Direct Insufficient Input Validation in SAP Financial Consolidation 1010 Allows Unauthorized Session Alteration Insecure Encryption and Information Disclosure in SAP Customer Data Cloud (Gigya) Mobile App for Android Null Pointer Dereference in mailimap_mailbox_data_status_free in libetpan Insecure Random Number Generator in SAP Customer Data Cloud (Gigya) Android App: Predictable Random Numbers Vulnerability Arbitrary Code Execution via Memory Management Vulnerabilities in SAP 3D Visual Enterprise Author and Viewer Remote File Read Vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform Remote File Deletion Vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform Insufficient URL Validation in SAP NetWeaver ABAP Server and ABAP Platform Allows for User Redirection to Malicious Sites Cloudflow Local File Inclusion Vulnerability: Exposing Confidential Information Unauthenticated File Upload Vulnerability in Cloudflow Use-after-free vulnerability in dvb_demux_open and dvb_dmxdev_release in Linux kernel through 5.19.10 Symlink Following Vulnerability in buildah Allows Information Disclosure Stack-based Buffer Overflow in md2roff 1.9 via Markdown File XML External Entity (XXE) Vulnerability in OpenText Archive Center Administration Use-after-free vulnerability in mm/mremap.c in Linux Kernel before 5.13.3 due to missing rmap lock during PUD move Code Injection Vulnerability in MiVoice Connect Director Database Component Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.367 - 2.369 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Anchore Container Image Scanner Plugin XML External Entity (XXE) Vulnerability in Jenkins Compuware Common Configuration Plugin 1.0.14 and Earlier CSRF Vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and Earlier Vulnerability: Unauthorized Connection to Attacker-Specified Webserver in Jenkins NS-ND Integration Performance Publisher Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin Path Disclosure Vulnerability in Buildah Jenkins Build-Publisher Plugin 1.22 and earlier: Unauthorized Access to Server and Build Information Arbitrary File Replacement Vulnerability in Jenkins Build-Publisher Plugin Jenkins Build-Publisher Plugin CSRF Vulnerability Allows Arbitrary File Replacement Information Disclosure Vulnerability in Jenkins Rundeck Plugin 3.6.11 and Earlier Unprotected Access to Jenkins Rundeck Plugin Webhook Endpoint Arbitrary File Read Vulnerability in Jenkins WildFly Deployer Plugin CSRF Vulnerability in Jenkins Security Inspector Plugin Allows Unauthorized Report Manipulation Remote Code Execution Vulnerability in Jenkins DotCi Plugin 2.40.00 and Earlier Unauthenticated Build Triggering Vulnerability in Jenkins DotCi Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins DotCi Plugin 2.40.00 and Earlier Unauthenticated Deletion Vulnerability in Popup Manager WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Walti Plugin 1.0.1 and Earlier XML External Entity (XXE) Vulnerability in Jenkins RQM Plugin 2.8 and Earlier Vulnerability: Information Disclosure and Lamp Manipulation in Jenkins extreme-feedback Plugin Unvalidated Hostname Vulnerability in Jenkins SmallTest Plugin Unvalidated Hostname in Jenkins View26 Test-Reporting Plugin Allows Man-in-the-Middle Attacks Cross-Site Request Forgery (CSRF) Vulnerability in Jenkins Worksoft Execution Manager Plugin Vulnerability: Unauthorized Access to Jenkins Credentials via Worksoft Execution Manager Plugin Unencrypted Storage of BigPanda API Key in Jenkins BigPanda Notifier Plugin Unmasked API Key Vulnerability in Jenkins BigPanda Notifier Plugin CSRF Vulnerability in Jenkins SCM HttpClient Plugin Allows Unauthorized Credential Capture Unauthenticated Arbitrary Popup Creation and Stored XSS Vulnerability in Popup Manager WordPress Plugin Vulnerability: Unauthorized Access to Jenkins SCM HttpClient Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Apprenda Plugin 2.2.0 and earlier Vulnerability: Enumeration of Credentials ID in Jenkins CONS3RT Plugin Jenkins CONS3RT Plugin 1.0.0 CSRF Vulnerability Allows Unauthorized Access to Stored Credentials Unauthenticated Remote Code Execution in Jenkins CONS3RT Plugin Unencrypted Storage of Cons3rt API Token in Jenkins CONS3RT Plugin Insufficient Input Validation in SAP Financial Consolidation 1010 Allows Script Injection SAP SQL Anywhere 17.0 Denial of Service Vulnerability Default Password Vulnerability in ABB RCCMD: Exploiting Common or Default Usernames and Passwords Unauthenticated Script Injection in SAP Financial Consolidation (Version 1010) Sensitive Data Exposure in SAP Solution Manager (Diagnostic Agent) Version 7.20 Script Injection Vulnerability in SAP NetWeaver AS Java (HTTP Provider Service) - Version 7.50 Missing Authentication Check in SAP Business Objects Business Intelligence Platform (Web Intelligence) Allows Unauthorized Modification of Restricted Data Source Information Unrestricted Scope of RFC Function Module in SAP BASIS Versions 731-791 DOM Cross-Site Scripting (XSS) Vulnerability in SAP Commerce Webservices 2.0 File Upload Vulnerability in SAP Business Objects Platform Privilege Escalation through Unauthorized Transaction Code Execution in SAP Business Planning and Consolidation NULL Pointer Dereference Vulnerability in Linux Kernel's io_files_update_with_index_alloc Unauthenticated Access to JNDI Interface in SAP NetWeaver PI 7.50 Unauthenticated Remote Code Execution via JNDI in SAP NetWeaver Process Integration (PI) 7.50 Improper Input Sanitization in SAP Sourcing and CLM Allows for Malicious Website Redirection SAP Disclosure Management 10.1 Misconfigured Application Endpoints Vulnerability Unauthenticated User Redirect Vulnerability in SAP Solution Manager (Enterprise Search) Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Linux Kernel MPTCP Protocol NULL Pointer Dereference Vulnerability Null Pointer Dereference Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Use-after-free vulnerability in CGM_NIST_Loader.dll allows code execution Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization Divide by Zero Vulnerability in JT2Go and Teamcenter Visualization Stack Exhaustion Vulnerability in JT2Go and Teamcenter Visualization Race Condition and NULL Pointer Dereference Vulnerability in Linux Kernel's L2TP Implementation Privilege Escalation Vulnerability in IBM AIX and VIOS Session Invalidation Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Origin Resource Sharing (CORS) Vulnerability in IBM Robotic Process Automation 21.0.0-21.0.4 Cross-Site Request Forgery Vulnerability in IBM Db2U 3.5, 4.0, and 4.5 Cross-Site Request Forgery (CSRF) Vulnerability in IBM Db2U 3.5, 4.0, and 4.5 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 Blind Site-to-Site Request Forgery Vulnerability in Satellite Server Memory Corruption Vulnerability in SubassemblyComposer.exe Autodesk FBX SDK 2020 and Prior: Out-Of-Bounds Read Vulnerability Exploiting Use-After-Free Vulnerability in Autodesk FBX SDK 2020 via Malicious FBX File Autodesk FBX SDK 2020 Out-Of-Bounds Write Vulnerability Memory Corruption Vulnerability in SubassemblyComposer.exe Memory Corruption Vulnerability in DesignReview.exe via Malicious PCT File Memory Corruption Vulnerability in SubassemblyComposer.exe Memory Corruption Vulnerability in SubassemblyComposer.exe Memory Corruption Vulnerability in DesignReview.exe GitLab User Agent Regex Denial of Service Vulnerability Memory Corruption Vulnerability in DesignReview.exe Stored Cross-Site Scripting Vulnerability in Moxa SDS-3008 Series Industrial Ethernet Switch 2.1 Stored Cross-Site Scripting Vulnerability in Moxa SDS-3008 Series Industrial Ethernet Switch 2.1 Stored Cross-Site Scripting Vulnerability in Moxa SDS-3008 Series Industrial Ethernet Switch 2.1 Uncontrolled Search Path Vulnerability in Intel(R) Network Adapter Installer Software Stored Cross-Site Scripting (XSS) Vulnerability in Ezoic Plugin <= 2.8.8 on WordPress TLS Certificate Auth Method CRL Loading Vulnerability Exposure of Sensitive Information via Inconsistent Handling of Internal URIs in Squid Proxy Buffer Over-read Vulnerability in libntlmauth in Squid 2.5 through 5.6 Veritas Desktop Laptop Option (DLO) Application Login Page Reflected XSS Vulnerability JSS Memory Leak Vulnerability: Low-Effort DoS Vector Vulnerability: Unauthorized Access to Network File System via Veritas System Recovery (VSR) Arbitrary Code Execution via Desktop Notification Escape Sequence in Kitty Internationalized URLs Denial of Service Vulnerability Integer Overflow Vulnerability in VideoLAN VLC Media Player Arbitrary Script Upload Vulnerability in Mitel MiCollab Web Conferencing Component CWE-319: Cleartext Transmission of Sensitive Information Vulnerability in Fortinet FortiOS and FortiProxy Path Traversal Vulnerability in Fortinet FortiOS Versions 6.4.11 and Below Sensitive Information Exposure Vulnerability in Fortinet FortiProxy and FortiOS Cross-site Scripting (XSS) Vulnerability in Fortinet FortiOS and FortiProxy Unauthenticated Access to Redis and MongoDB Instances in FortiPresence Infrastructure Server [CWE-306] Uncontrolled Resource Consumption Vulnerability in FortiRecorder Login Authentication Mechanism Cross-Site Scripting (XSS) Vulnerability in FortiOS Versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 Relative Path Traversal Vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager Stored Cross-Site Scripting (XSS) Vulnerability in FortiPortal Management Interface Privilege Escalation Vulnerability in Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5 Image Tampering Vulnerability in OpenStack Glance Signature Forgery Vulnerability in secp256k1-js Package Buffer Overflow Vulnerability in Intel(R) C++ Compiler Classic Remote File Inclusion Vulnerability in registerFont() Function in Dompdf Arbitrary Command Execution Vulnerability in Zimbra Collaboration (ZCS) NGINX Configuration XSS Vulnerability in Zimbra Collaboration (ZCS) 9.0 via onerror Attribute Reflected XSS Vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 Heap Buffer Overflow in GPU Allows Remote Sandbox Escape in Google Chrome Reflected XSS Vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 Arbitrary File Upload Vulnerability in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 Unauthenticated Application Enumeration Vulnerability in Argo CD v2.4.12 and Below SQL Injection Vulnerability in Online Leave Management System v1.0 Stored XSS Vulnerability in Garage Management System v1.0 via createCategories.php Remote Code Execution (RCE) Vulnerability in qmpass/leadshop v1.4.15 via GET Method Reflected Cross-Site Scripting (XSS) Vulnerability in Keycloak's 'oob' OAuth Endpoint Reflected Cross-Site Scripting (XSS) Vulnerability in Metro UI v4.4.0 to v4.5.0 SQL Injection Vulnerability in Online Pet Shop Web App v1.0 SQL Injection Vulnerability in Online Pet Shop Web App v1.0 Arbitrary File Upload Vulnerability in Online Leave Management System v1.0 GitLab CE/EE Vulnerability: Cross Site Request Forgery (CSRF) Exploit via Malicious Project Code-execution backdoor vulnerability in d8s-yaml package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-utility package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-json package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-archives package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-domains package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-html package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-utility package (PyPI) version 0.1.0 Code-Execution Backdoor Found in d8s-pdfs Python Package (Version 0.1.0) Title: Linux Kernel GPU i915 Driver TLB Flush Vulnerability SQL Injection Vulnerability in OcoMon v4.0 via cod Parameter at download.php SQL Injection Vulnerability in OcoMon v4.0 via cod parameter at showImg.php Cross-Site Scripting (XSS) Vulnerability in TotalJS Commit 8c2c8909 Command Injection Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) Multiple Command Injection Vulnerabilities in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) Hard-coded Blowfish Key Vulnerability in Sage 300 (Version 2022) Hard-coded Credentials in Sage 300 Global Search Feature Allow Unauthorized Access Hard-coded Blowfish Key Vulnerability in Sage 300 Web Screens Arbitrary File Read Vulnerability in Welcart e-Commerce WordPress Plugin Hard-coded Blowfish Key Vulnerability in Sage 300 (2022) Server-Side Request Forgery (SSRF) Vulnerability in OpenRefine <= v3.5.2: Unauthorized Access and Sensitive File Disclosure SQL Injection Vulnerability in OpenCart 3.x Newsletter Custom Popup Denial of Service (DoS) Vulnerability in org.ini4j BasicProfile Class Arbitrary File Upload Vulnerability in Church Management System v1.0 SQL Injection Vulnerability in Online Pet Shop Web App v1.0 SQL Injection Vulnerability in Online Pet Shop Web App v1.0 Integer Overflow Vulnerability in pcre2test: Denial of Service and Unspecified Impacts via Negative Input Heap-based Buffer Overflow in Vim/Vim 9.0.0946 and Below: Exploiting CTRL-W gf in Substitute Command Expression SSRF Vulnerability in perfSONAR v4.4.5 and Prior: Unauthorized Data Access and Server-Side Request Forgery Cross-Site Request Forgery (CSRF) Vulnerability in perfSONAR v4.x <= v4.4.5 Insecure Default in Liferay Portal v7.0.0 - v7.4.2: User Enumeration Vulnerability Stack Overflow Vulnerability in Acer Altos W2000h-W570h F4 R01.03.0018's RevserveMem Component SQL Injection Vulnerability in Online Tours & Travels Management System v1.0 Arbitrary Folder Creation Vulnerability in BlogEngine.NET v3.3.8.0 Arbitrary Code Execution Vulnerability in BlogEngine.NET v3.3.8.0 via Crafted PNG File Upload Memory Leak Vulnerability in Bento4 v1.6.0-639 via AP4_Processor::Process function in mp4encrypt binary Unfiltered HTML Injection in WordPress Filter Gallery Plugin Stack Overflow Vulnerability in Nasm v2.16's Ndisasm Component Segmentation Violation Vulnerability in Bento4 v1.6.0-639 mp4fragment Component Memory Leak Vulnerability in Bento4 v1.6.0-639 via AP4_SttsAtom::Create function in mp42hls Segmentation Violation Vulnerability in Bento4 v1.6.0-639's mp4decrypt Memory Leak Vulnerability in Bento4 v1.6.0-639 via AP4_AtomFactory::CreateAtomFromStream Function in mp4split Memory Leak Vulnerability in Bento4 v1.6.0-639's AP4_AvcFrameParser::Feed Function Heap Overflow Vulnerability in Bento4 v1.6.0-639 via AP4_BitReader::ReadBits function in mp4mux Heap Overflow Vulnerability in Bento4 v1.6.0-639 via AP4_Atom::TypeFromString function in mp4tag Unauthorized Merging of Crafted MRs Vulnerability in GitLab Heap Overflow Vulnerability in Bento4 v1.6.0-639 via AP4_BitReader::ReadBit Function in mp4mux Cross-Site Scripting (XSS) Vulnerability in xzs v3.8.0 - /admin/question/edit - Title Field Reflected Cross-Site Scripting (XSS) Vulnerability in EyesOfNetwork Web Interface v5.3 Reflected Cross-Site Scripting (XSS) Vulnerability in EyesOfNetwork Web Interface v5.3 Reflected Cross-Site Scripting (XSS) Vulnerability in EyesOfNetwork Web Interface v5.3 Stored XSS Vulnerability in OpenWRT LuCI Version git-22.140.66206-02913be via /system/sshkeys.js Unauthenticated Access to Administrative Panel in OXHOO TP50 OXH1.50 Remote Code Execution Vulnerability in Billing System Project v1.0 via /php_action/createProduct.php SQL Injection Vulnerability in Billing System Project v1.0 QEMU Out-of-Bounds Read Vulnerability in QXL Display Device Emulation SQL Injection Vulnerability in Billing System Project v1.0 via id parameter at /phpinventory/editcategory.php Cross-Site Scripting (XSS) Vulnerabilities in ReQlogic v11.3 Cross-Site Scripting (XSS) Vulnerability in PicUploader v2.6.3 via setStorageParams function in SettingController.php Header Injection Vulnerability in phpIPAM v1.5.0 via /admin/subnets/ripe-query.php Cacti 1.2.21 XSS Vulnerability in graphs_new.php Cross-Site Scripting (XSS) Vulnerability in CodeIgniter 1.0 Record Management System Access Control Vulnerability in Record Management System's /Admin/dashboard.php OpenShift OAuth Endpoint Content Spoofing Vulnerability Expression Language Injection vulnerability in Hitachi Replication Manager: before 8.8.5-02 allows Code Injection Quarkus CORS Filter Bypass for Simple GET and POST Requests Arbitrary Privilege Escalation in 74cmsSE v3.12.0 Cross-Site Scripting (XSS) Vulnerability in 74cmsSE v3.12.0 via /apiadmin/notice/add Title Field Reflected Cross-Site Scripting (XSS) Vulnerability in RPCMS v3.0.2 Search Function Cross-Site Request Forgery (CSRF) Vulnerability in RPCMS v3.0.2 Allows Arbitrary Password Changes Critical CSRF Vulnerability in RPCMS v3.0.2 Allows Unauthorized Administrator Account Creation Server-Side Request Forgery (SSRF) Vulnerability in WeBid <=1.2.2 Allows Remote File Read Insecure Direct Object References (IDOR) Vulnerability in DevExpress ASP.NET Web Forms Build v19.2.3 Flawed CSRF and Authorization Check in WP OAuth Server Plugin Allows Arbitrary Client Deletion Buffer Overflow Vulnerability in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Buffer Overflow Vulnerability in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Buffer Overflow Vulnerability in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Buffer Overflow Vulnerability in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Buffer Overflow Vulnerability in Tenda AC1900 AP500(US)_V1_180320(Beta) Firmware Buffer Overflow Vulnerability in Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 Cross-Site Request Forgery (CSRF) Vulnerability in WAYOS LQ_09 22.03.17V Privilege Escalation via Race Condition in Netskope Client Service Server-Side Request Forgery (SSRF) Vulnerability in ClipperCMS 1.3.3 Server-Side Request Forgery (SSRF) Vulnerability in iCMS v7.0.16 Server-Side Request Forgery (SSRF) Vulnerability in ClipperCMS 1.3.3 SQL Injection Vulnerability in Billing System Project v1.0 via id parameter at /phpinventory/editbrand.php SQL Injection Vulnerability in Contest Gallery WordPress Plugin Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in EyouCMS V1.5.9 Arbitrary File Upload Vulnerability in Billing System Project v1.0 Root Access Vulnerability on TP-Link Tapo C200 V1 Devices via UART Pins SQL Injection Vulnerability in Contest Gallery WordPress Plugin Arbitrary File Upload Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Open Source SACCO Management System v1.0 SQL Injection Vulnerability in Open Source SACCO Management System v1.0 Stack Overflow in setLanguageCfg function of TOTOLINK NR1800X V9.1.0u.6279_B20210910 Command Injection Vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via UploadFirmwareFile Function SQL Injection Vulnerability in Contest Gallery WordPress Plugin Authenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via UploadCustomModule File Parameter Authenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via sPort/ePort Parameter in setIpPortFilterRules Function Unauthenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via main Function Authenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via setTracerouteCfg Command Parameter Authenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via setParentalRules Function Parameters Command Injection Vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via OpModeCfg Function Authenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via setDiagnosisCfg Function Authenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via pppoeUser Parameter in setOpModeCfg Function Authenticated Stack Overflow in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via setSmsCfg Function's text Parameter SQL Injection Vulnerability in Contest Gallery WordPress Plugin SQL Injection Vulnerability in Open Source SACCO Management System v1.0 SQL Injection Vulnerability in Open Source SACCO Management System v1.0 Arbitrary File Upload Vulnerability in Online Diagnostic Lab Management System v1.0 Arbitrary File Upload Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Open Source SACCO Management System v1.0 SQL Injection Vulnerability in Open Source SACCO Management System v1.0 Arbitrary File Upload Vulnerability in Online Tours & Travels Management System v1.0 Arbitrary File Upload Vulnerability in Wedding Planner v1.0 Arbitrary File Upload Vulnerability in Wedding Planner v1.0 SQL Injection Vulnerability in Contest Gallery Pro WordPress Plugin Hard-coded Cryptographic Keys in TP-Link AX10v1 V1_211117 Web App Client Vulnerability Replay Attack Vulnerability in TP-Link AX10v1 V1_211117 Allows Unauthorized Admin Access Broken Session Control Vulnerability in DevHub 0.102.0 Remote Code Execution (RCE) Vulnerability in GetSimple CMS v3.3.16 via admin/theme-edit.php Local File Inclusion Vulnerability in MobSF v0.9.2 and Below SQL Injection Vulnerability in Contest Gallery WordPress Plugin Integer Overflow Vulnerability in GNU oSIP v5.3.0: osip_body_parse_header Component SQL Injection Vulnerability in Garage Management System v1.0 Server-Side Request Forgery (SSRF) Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer Local Privilege Escalation via Temporary File in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer on Linux Stored XSS Vulnerability in John West Slideshow SE Plugin <= 2.5.5 Stored Cross-Site Scripting Vulnerability in DIAEnergie (versions prior to v1.9.01.002) through PutLineMessageSetting API Denial of Service Vulnerability in lighttpd 1.4.56 through 1.4.66 Stored Cross Site Scripting (XSS) Vulnerability in TIBCO Spotfire Software Open Redirect Vulnerability in TIBCO Nimbus Web Client SQL Injection Vulnerability in Contest Gallery WordPress Plugin TIBCO Nimbus Statement Set Upload Denial of Service Vulnerability Remote Code Execution Vulnerability in TIBCO JasperReports Server XSS Vulnerability in TIBCO JasperReports Server Stored Cross Site Scripting (XSS) Vulnerability in TIBCO JasperReports Server Hawk Console Component Privilege Escalation Vulnerability Stored XSS Vulnerability in TIBCO EBX and TIBCO Product and Service Catalog Stored XSS Vulnerability in TIBCO EBX Add-ons Server Component Cross-Site Scripting (XSS) Vulnerability in TIBCO BusinessConnect UI Component Crash Vulnerability in LINE iOS Client 12.17.0 and Earlier via Invalid Shared Key in Group Chat SQL Injection Vulnerability in Contest Gallery WordPress Plugin Unauthenticated SQL Injection Vulnerability in EyesOfNetwork (EON) Local File Inclusion Vulnerability in EyesOfNetwork (EON) through 5.3.11 Access-Control Vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 Allows Unauthorized Backup Prevention and Arbitrary Email Sending Gradle Enterprise 2022.3 through 2022.3.3 Credential-Exposure Vulnerability Malicious Script Injection Vulnerability in rphone Module Kernel Server Vulnerability: Out-of-Bounds Read Exploit Out-of-Bounds Write Vulnerability in MPTCP Module Allows Root Privilege Escalation Insufficient Authentication Vulnerability in Huawei Band Products: Spoofing and Unauthorized Connection SQL Injection Vulnerability in Contest Gallery WordPress Plugin HW_KEYMASTER Module Vulnerability: Unverified Data Read Leading to Out-of-Bounds Access HW_KEYMASTER Module Vulnerability: Unverified Data Read Leading to Out-of-Bounds Access Configuration Defects in Security Module: A Threat to System Availability Array Out-of-Bounds Read Vulnerability in Storage Maintenance and Debugging Module Out-of-Bounds Read Vulnerability in Kernel Module: Potential Memory Overwriting Out-of-Bounds Read Vulnerability in Kernel Module: Potential Memory Overwriting Data Truncation Vulnerability in Communication Framework Module Uncaught Exceptions in Home Screen Module: A Potential Threat to Stability Critical Vulnerability in Home Screen Module: Data Integrity at Risk Vulnerability in ArkCompiler's DFX Unwind Stack Module Allows for Interface Calling Exploitation SQL Injection Vulnerability in Contest Gallery WordPress Plugin Authentication Bypass Vulnerability in Smartphone Setup Wizard Impacts Availability Path Traversal Vulnerability in Backup Module Allows Unauthorized Access to System Files Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Inconsistent Serialization and Deserialization Vulnerability Allows Unauthorized Startup of Components Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Data Confidentiality Vulnerability in System Service: Incorrect Return Values SQL Injection Vulnerability in Contest Gallery WordPress Plugin Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Fingerprint Trusted Application Vulnerabilities: Heap Overflow, Out-of-Bounds Read, and Null Pointer Privilege Escalation via Weak Permissions and Self-Protection Driver Bypass in Check Point ZoneAlarm Extreme Security Invalid S3 or GCS URLs in Nomad job artifact stanza can cause client agent crashes Directory Traversal Vulnerability in ETIC Telecom Remote Access Server (RAS) API CSRF Vulnerability in Asgaros Forum Plugin <= 2.2.0 Better Messages Plugin 1.9.10.68 on WordPress: Authenticated SSRF Vulnerability SQL Injection Vulnerability in Contest Gallery WordPress Plugin Denial of Service Vulnerability in Intel(R) EMA Configuration Tool and Intel(R) MC Software Arbitrary HTML Injection in BlueSpiceDiscovery Skin of BlueSpice Stored Cross-Site Scripting (XSS) Vulnerability in Shareaholic Similar Posts Plugin <= 3.1.6 Out-of-Bounds Read Vulnerability in Bentley Systems MicroStation Connect Credential Exposure in Intel(R) ON Event Series Android Application Store Locator Plugin XSS via CSRF Vulnerability in WordPress CSV Injection vulnerability in Kaushik Kalathiya Export Users Data CSV Authenticated Remote Code Execution Vulnerability in BIG-IP iControl REST Interface Unauthenticated Error Log Disclosure Vulnerability in Media Library Assistant Plugin Missing Authorization vulnerability in SedLex Image Zoom SQL Injection Vulnerability in Contest Gallery WordPress Plugin CSRF Vulnerability in SeoSamba for WordPress Webmasters Plugin Improper Access Control in Intel(R) QAT Drivers for Windows: Potential Information Disclosure Vulnerability Vulnerability: Cross-Site Request Forgery (CSRF) in BIG-IP and BIG-IQ through iControl SOAP Critical Vulnerability: Sensitive Data Exposure in Villatheme ALD Plugin for WooCommerce Memory Resource Utilization Vulnerability in BIG-IP Virtual Servers Unencrypted Data-over-Sound Vulnerability in AliveCor's KardiaMobile EKG Device Uncontrolled Search Path Element Vulnerability in Intel(R) NUC P14E Laptop Element Software Unauthenticated Access to Delta Electronics InfraSuite Device Master Allows Retrieval of Administrative Passwords SQL Injection Vulnerability in Contest Gallery and Contest Gallery Pro WordPress Plugins CSRF Vulnerability in PeepSo Community Plugin CSRF Vulnerability in Media Library Folders Plugin for WordPress CSRF Vulnerability in Zorem Advanced Shipment Tracking for WooCommerce Plugin Cleartext Transmission Vulnerability in Haas Controller Version 100.20.000.1110 Stored Cross-Site Scripting (XSS) Vulnerability in Pop-Up Chop Chop Plugin <= 2.1.7 on WordPress Heap-based Buffer Overflow in OpenImageIO TIFF Image Parser SQL Injection Vulnerability in Contest Gallery WordPress Plugin Rymera Web Co Wholesale Suite Plugin <= 2.1.5 - Stored XSS Vulnerability Arbitrary OS Command Execution Vulnerability in Nadesiko3 (PC Version) v3.3.61 and Earlier Stored XSS Vulnerability in Accessibility Plugin <= 1.0.3 on WordPress Unauthenticated Privilege Escalation in Delta Electronics InfraSuite Device Master Local Code Execution via Out-of-Bounds Read in V-Server v4.0.12.0 and Earlier Insufficient Control Flow Management in Intel(R) IPP Cryptography Software: Potential Information Disclosure Vulnerability Vulnerability: Improper Authentication in HEIDENHAIN Controller TNC 640 Heap Out of Bounds Read Vulnerability in OpenImageIO v2.3.19.0 SQL Injection Vulnerability in Contest Gallery WordPress Plugin Stored Cross-Site Scripting Vulnerability in DIAEnergie (versions prior to v1.9.01.002) through SetPF API Quiz And Survey Master Plugin Bypass Vulnerability Daikin SVMPC1 and SVMPC2 Vulnerability: Unauthorized Access and Control Authentication Bypass Vulnerability in Ghost Foundation Ghost 5.9.4 Newsletter Subscription Functionality Phone Orders for WooCommerce Plugin <= 3.7.1 WordPress Plugin Sensitive Data Exposure Vulnerability Arbitrary File Creation Vulnerability in Delta Electronics InfraSuite Device Master Insecure Inherited Permissions in Intel(R) VTune(TM) Profiler Software: Local Privilege Escalation Vulnerability Intel Unison Software Vulnerability: Privileged User Denial of Service via Local Access SQL Injection Vulnerability in Contest Gallery WordPress Plugin Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization Use-after-free vulnerability in JT2Go and Teamcenter Visualization allows for code execution Stack-based Buffer Overflow Vulnerability in JT2Go and Teamcenter Visualization Multiple Vulnerabilities in SICAM P850 and P855 Devices Local Privilege Escalation via DLL Loading in EcoStruxure Operator Terminal Expert and Pro-face BLUE Path Traversal Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE Project File Loading Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE Local Privilege Escalation via SGIUtility Component in EcoStruxure Operator Terminal Expert and Pro-face BLUE Group Access Token Persistence Vulnerability in GitLab EE Path Traversal Vulnerability in SGIUtility Component Allows Local Privilege Escalation SQL Injection Vulnerability in EcoStruxure Operator Terminal Expert and Pro-face BLUE User Deactivation Bypass Vulnerability in Apache Airflow Buffer Overflow Vulnerability in Linux Kernel's ieee80211_bss_info_update Function Arbitrary Code Execution Vulnerability in Raiden MAILD Mail Server Website Insufficient Input Filtering in Raiden MAILD Mail Server Website Mail Field Leads to XSS Attack Bosch IP Camera Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Jolokia Cross-Site Scripting Vulnerability in Forma LMS version 3.1.0 and Earlier SQL Injection Vulnerability in Forma LMS 3.1.0 and Earlier Privilege Escalation and Remote Code Injection Vulnerability in Forma LMS 3.1.0 and Earlier Heap Out of Bounds Read Vulnerability in OpenImageIO Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Viszt Péter's Integration for Szamlazz.hu & WooCommerce and Csomagpontok és szállítási címkék WooCommerce-hez Plugins Out-of-Bound Memory Read and Write Vulnerability in OpenHarmony-v3.1.2 and Prior Versions Insecure Inherited Permissions in Intel(R) NUC P14E Laptop Element Software: Privilege Escalation Vulnerability Unauthenticated User Creation and Privilege Escalation in Delta Electronics InfraSuite Device Master Intel In-Band Manageability Software Vulnerability: Local Privilege Escalation via Improper Access Control Authorization Bypass Vulnerability in Polylang Theme and Plugin Translation Vulnerability: Improper Access Control in Intel(R) Retail Edge Mobile iOS Application Undisclosed Requests Vulnerability in BIG-IP Advanced WAF/ASM Security Policy Configuration Unauthenticated Access to Appointment Hour Booking Plugin in WordPress Uncontrolled Search Path Vulnerability in Intel(R) Quartus(R) Prime Pro Edition Software SSL Key Import Vulnerability in BIG-IP and BIG-IQ Systems Unauthenticated Access to SedLex Traffic Manager in Versions up to 1.4.5 Information Disclosure Vulnerability in VISAM VBASE Automation Base User Enumeration Vulnerability in Ghost Foundation Ghost 5.9.4 Login Functionality Privilege Escalation Vulnerability in Intel(R) QAT Drivers for Windows Remote Code Execution Vulnerability in rxvt-unicode Perl Background Extension Insecure Inherited Permissions in Intel(R) NUC Pro Software Suite Installation Software Stored Cross-Site Scripting Vulnerability in DIAEnergie (versions prior to v1.9.01.002) via PutShift API Stored Cross-Site Scripting Vulnerability in DIAEnergie (versions prior to v1.9.01.002) through InsertReg API SQL Alchemy Connector Subquery Access Control Bypass in Apache Superset Remote Code Execution Vulnerability in Apache XML Graphics Batik Remote Code Execution Vulnerability in Badaso Version 2.6.3 Arbitrary Local File Access in Browsershot version 3.57.2 Authenticated External Attacker Can Access Sensitive User Data in Relatedcode's Messenger v7bcd20b Unauthenticated Access to Chats in Relatedcode's Messenger Arbitrary Code Execution Vulnerability in Markdownify v1.4.1 Unauthenticated Bypass of Length Restrictions in Demon Image Annotation Plugin for WordPress Arbitrary File Disclosure Vulnerability in Markdownify 1.4.1 Remote Code Execution Vulnerability in Badaso Version 2.6.0 Arbitrary Local File Disclosure in Frappe Version 14.10.0 Prototype Pollution Vulnerability in deep-object-diff v1.1.0 Prototype Pollution Vulnerability in fastest-json-copy v1.0.1 Memory Exhaustion Vulnerability in Regular Expression Compilation NUL Value Exploitation: Malicious Environment Variable Manipulation on Windows HTTP/2 Server Memory Growth Vulnerability Unmarshal Vulnerability: Potential Denial of Service Attacks Integer and Buffer Overflow Vulnerabilities in QEMU's ACPI Error Record Serialization Table (ERST) Device Vulnerability: Unrestricted Access to Windows Device Files via os.DirFS and http.Dir MaxBytesHandler Vulnerability: Request Smuggling Attack via Incomplete Body Consumption Path Traversal Vulnerability in filepath.Clean on Windows HTTP/2 HPACK Decoder Denial of Service Vulnerability Vulnerability: Large Handshake Records Causing Panics in Crypto/TLS Denial of Service Vulnerability in net/http and mime/multipart Libraries Denial of Service Vulnerability in DecodeConfig via Malformed TIFF Image Privilege Escalation Vulnerability in Avast and AVG Antivirus SQL Injection Vulnerability in IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 Clear Text Storage of User Credentials in IBM Maximo Mobile 8.7 and 8.8 Remote Denial of Service Vulnerability in IBM InfoSphere Information Server 11.7 Sensitive Information Disclosure in IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 Cross-Site Scripting (XSS) Vulnerability in IBM Business Process Manager Unspecified Vulnerability in IBM Spectrum Scale Container Native Storage Access Container Namespace Escape Vulnerability in IBM Storage Scale Container Native Storage Access IBM Storage Scale Container Native Storage Access Vulnerability Container Escape Vulnerability in IBM Spectrum Scale Container Native Storage Access Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit Physical Access Vulnerability in IBM Robotic Process Automation 20.12 through 21.0.6 NGINX Worker Memory Corruption Vulnerability Vulnerability in ngx_http_mp4_module Allows Worker Process Crash or Memory Disclosure Vulnerability in NGINX Plus: Local Memory Corruption via Specially Crafted HLS Files Privilege Escalation via Time-of-Check Time-of-Use Vulnerability in Trend Micro Apex One Vulnerability Protection Local Privilege Escalation Vulnerability in Trend Micro Apex One Forced Browsing Vulnerability in Trend Micro Apex One: Privilege Escalation and Agent Group Modification Improper Certification Validation Vulnerability in Trend Micro Apex One Agents Registry Permissions Vulnerability in Trend Micro Apex One DLP Module Allows Bypass of Anti-Tampering Mechanisms Privilege Escalation Vulnerability in Trend Micro Apex One Agents Use After Free Vulnerability in Google Chrome Camera Capture Arbitrary OS Command Execution in Jhead 3.06.0.1 via JPEG Filename and -rgt50 Option Arm Mali GPU Kernel Driver Vulnerability: Improper GPU Processing Operations Leading to Memory Access Heap Corruption via UI Interactions in Lacros Graphics on Chrome OS and Lacros prior to 108.0.5359.71 Relative Path Traversal Vulnerability in NOKIA NFM-T R19.9 Absolute Path Traversal Vulnerability in NOKIA NFM-T R19.9 VM Manager WebUI Multiple Reflected XSS Vulnerabilities in NOKIA NFM-T R19.9 Network Element Manager Remote Code Execution via Debugger in NOKIA AMS 9.7.05 HTMLUserTextField Exposes Hidden User Vulnerability User Name Leakage in MediaWiki Rollback Operation IP Address Reassignment Vulnerability in MediaWiki Improper Access Control in Intel(R) Connect M Android App: Local Privilege Escalation Vulnerability Use After Free Vulnerability in Google Chrome Extensions Memory Resource Utilization Vulnerability in BIG-IP and BIG-IQ Improper Permission Assignment in Intel(R) QAT Drivers for Windows Allows Information Disclosure Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Versions 00.00.01a and Prior SQL Injection Vulnerability in DIAEnergie (versions prior to v1.9.01.002) SQL Injection Vulnerability in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 Unauthenticated WriteConfiguration Method Vulnerability in Delta Electronics InfraSuite Device Master Remote Code Execution Vulnerability in Nako3edit Editor Component of Nadesiko3 (PC Version) v3.3.74 and Earlier Deserialization Vulnerability in Delta Electronics InfraSuite Device Master Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master Remote Code Execution via Use After Free in Mojo in Google Chrome F5OS Directory Traversal Vulnerability Unrestricted Access Control Vulnerability in Permalink Manager Lite Plugin <= 2.2.20 on WordPress Improper Input Processing in TP-Link RE300 V1's tdpServer Leads to OneMesh DoS Vulnerability Kernel Mode Driver Vulnerability in Intel(R) OFU Software: Potential Privilege Escalation via Local Access Stored Cross-Site Scripting Vulnerability in Galleryape Gallery Images Ape Plugin <= 2.2.8 Unauthenticated Access to Sensitive Functions in WP Job Portal Undisclosed DNS Queries with DNSSEC Vulnerability in BIG-IP Soledad Premium Theme <= 8.2.5 WordPress XSS Vulnerability Arbitrary HTML Injection Vulnerability in BlueSpiceDiscovery Skin of BlueSpice Use After Free Vulnerability in Audio in Google Chrome Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form CSV Injection Vulnerability in ProfileGrid Plugin <= 5.1.6 on WordPress Open Babel 3.1.1 and master commit 530dbfa3 - Out-of-Bounds Write Vulnerability in CSR Format Title Functionality Heap-Based Buffer Overflow in OpenImageIO 2.3.19.0 PSD Thumbnail Resource Parsing Untrusted Search Path Vulnerability in Content Transfer Installer Arbitrary Website Access Vulnerability in Lemon8 App Session Spoofing Vulnerability in Kyocera Document Solutions MFPs and Printers Improper Access Control Vulnerability in GROWI Allows Unauthorized Download of Private Markdown Data High Severity Use After Free Vulnerability in Google Chrome Mojo Bypassing Appliance Mode Restrictions in BIG-IP Denial of Service Vulnerability in Intel(R) Connect M Android Application Kernel Stack Overflow Vulnerability in OpenHarmony-v3.1.4 and Prior Versions Unauthorized Error Injection Vulnerability in Intel(R) SGX and Intel(R) TDX for Intel(R) Xeon(R) Processors CSRF Vulnerability in Booster for WooCommerce Plugin <= 5.6.6 on WordPress Memory Resource Utilization Vulnerability in BIG-IP AFM Network Address Translation Policy Unauthorized Access Vulnerability in Kyocera Document Solutions MFPs and Printers Buffer Overflow Vulnerability in Intel QAT Driver for Linux High Severity Use After Free Vulnerability in Google Chrome Forms Undisclosed Input Vulnerability in BIG-IP Traffic Management Microkernel (TMM) Arbitrary HTML Injection in BlueSpiceFoundation Extension: XSS Vulnerability Fenced Frame Bypass Vulnerability in Google Chrome Unrestricted Object Instantiation in Amazon AWS Redshift JDBC Driver Bypassing Navigation Restrictions in Google Chrome's Popup Blocker Stored Cross-Site Scripting Vulnerability in Kyocera Document Solutions MFPs and Printers Cross-Site Scripting Vulnerability in TCBarrett WP Glossary Plugin <= 3.1.2 Undisclosed SIP Profile Vulnerability in BIG-IP Vulnerability: TMM Termination via Undisclosed Requests in BIG-IP 13.1.x Excessive File Permissions Vulnerability in F5OS Allows Local Attackers to Impact Controller Vulnerability: Denial of Service in bd process due to Attack Signature False Positive Mode OpenImageIO Stack-Based Memory Corruption Vulnerability Heap Buffer Overflow in OpenImageIO Project OpenImageIO v2.4.4.2 DDS Scanline Parsing Unauthenticated Access Control Vulnerability in WordPress LoginPress Plugin <= 1.6.2 Autofill Bypass Vulnerability in Google Chrome Unauthenticated Directory Traversal Vulnerability in Welcart eCommerce Plugin NULL Pointer Dereference in AP4_File::ParseStream Xpdf 4.04 - Crash in gfseek(_IO_FILE*, long, int) Vulnerability Xpdf 4.04 convertToType0 Crash Vulnerability Xpdf 4.04 XRef::fetch() Crash Vulnerability Excessive Memory Consumption Vulnerability in Bento4 1.6.0-639 Excessive Memory Consumption Vulnerability in Bento4 1.6.0-639 Memory Leak in AP4_StdcFileByteStream::Create() in Bento4 1.6.0-639 Race Condition and Use-After-Free Vulnerability in Linux Kernel's synclink_cs.c Race Condition and Use-After-Free Vulnerability in Linux Kernel's smscufx.c Spoofing Vulnerability in Google Chrome for iOS (CVE-2022-12345) Race Condition and Use-After-Free Vulnerability in roccat_report_event Function Uninitialized Pointer Reference Vulnerability in JTTK Library Vulnerability: Remote Code Execution in hsqldb (HyperSQL DataBase) via java.sql.Statement and java.sql.PreparedStatement Snakeyaml YAML Parser Vulnerability: Denial of Service (DOS) via Stack Overflow Linux Kernel NULL Pointer Dereference Vulnerability in slip.c EAP-PWD Vulnerability: Information Leakage in compute_password_element() Function Bypassing Downloads Restrictions via Crafted HTML Page in Google Chrome Null Pointer Dereference Vulnerability in FreeRADIUS EAP-SIM Supplicant Vulnerability: Denial of Service (DoS) in FreeRADIUS Unauthenticated Server Exploits Unterminated String Vulnerability in PostgreSQL Bypassing Filesystem Restrictions via Crafted HTML Page in Google Chrome on Windows Command Injection Vulnerability in Innovaphone AP Manager Out-of-bounds read vulnerability in Contiki-NG Bluetooth Low Energy Stack Tauri Incorrectly-Resolved Name Vulnerability Remote Code Execution (RCE) Vulnerability in Optica via Specially Crafted JSON Payloads Insecure Storage of Sensitive Information in ezplatform-graphql Out-of-Bound Data Read Vulnerability in FreeRDP Keyword Injection Vulnerability in Parse Server Prototype Pollution in Parse Server Cloud Code Webhook Target Endpoint CORS Vulnerability in Google Chrome on Android Prior to 108.0.5359.71 Heap out-of-bounds read vulnerability in TensorFlow's BaseCandidateSamplerOp function StackOverflowError in Netty 4.1.86.Final due to Infinite Recursion Vulnerability: Remote Code Execution via Nextcloud Desktop Client 3.6.0 Crash vulnerability in TensorFlow when ops receive differing number of inputs Zero Element Vulnerability in TensorFlow TensorFlow FusedResizeAndPadConv2D Large Tensor Overflow Vulnerability Overflow vulnerability in TensorFlow's `tf.raw_ops.ImageProjectiveTransformV2` when given a large output shape TensorFlow Crash Due to Size Mismatch During Broadcast Assignment in `tf.keras.losses.poisson` Unvalidated Input in `tf.image.generate_bounding_box_proposals` in TensorFlow Uncaught nullptr Exception in TensorFlow Pywrap Code Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome Vulnerability: Crash in TensorFlow's BCast::ToShape with large input Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.TensorListConcat` SQL Injection Vulnerability in Arches Web Platform Denial of Service Vulnerability in TensorFlow's `tf.raw_ops.TensorListResize` Buffer overflow vulnerability in TensorFlow Lite `CONV_3D_TRANSPOSE` operator TensorFlow Heap Out-of-Bounds Error in MirrorPadGrad with Oversized Input Paddings TensorFlow Crash Vulnerability due to `ThreadUnsafeUnigramCandidateSampler` Input Size Out-of-bounds Crash in TensorFlow's FractionMaxPoolGrad Empty inputs in `SparseFillEmptyRowsGrad` can cause TensorFlow to crash Rank 2 Input Check Failure in SdcaOptimizer Directory Traversal Vulnerability in Google Chrome (CVE-2022-12345) TensorFlow FractionalMaxPool Vulnerability Allows Heap Memory Access and Remote Code Execution Vulnerability: CHECK fail in tf.raw_ops.SparseMatrixNNZ when input sparse_matrix is not a matrix with a shape of rank 0 Out-of-bounds memory read vulnerability in TensorFlow's MakeGrapplerFunctionItem function Integer Overflow in Git's `git log` and `git archive` Unverified Message Injection Vulnerability in Element iOS Cross Site Scripting (XSS) Vulnerability in WsgiDAV with Directory Browsing Enabled SSRF Vulnerability in OpenSearch Notifications Plugin Overflow vulnerability in TensorFlow's `tf.raw_ops.ResizeNearestNeighborGrad` when given a large `size` input Vulnerability: CHECK fail in tf.raw_ops.PyFunc with non-UTF-8 bytestring input Vulnerability: Segfault in tf.raw_ops.CompositeTensorVariantToComponents Use After Free Vulnerability in Google Chrome Sign-In Out-of-bounds memory read vulnerability in TensorFlow's MakeGrapplerFunctionItem function Undefined conversion from `char` to `bool` in TensorFlow's tensor printing vulnerability Authentication Bypass Vulnerability in crewjam/saml Go Library (CVE-2021-12345) Discourse-calendar Plugin Vulnerability: Unauthorized Event Creation and Editing Timing Analysis Vulnerability in Zulip Server SCIM Bearer Token Validation HTTP Response Splitting vulnerability in Netty 4.1.83.Final to 4.1.86.Final Denial of Service Vulnerability in Heimdal's PKI Certificate Validation Library Arbitrary File Disclosure in OpenSearch Text Analyzer Configuration Incorrect Access Authorization in OpenSearch Data Streams Bypassing CORS Protection via Incorrect Content-Type in Fastify Use After Free Vulnerability in Live Caption in Google Chrome ZipSlip vulnerability in Lancet's fileutil package Unlimited Chat Message Length Denial of Service Vulnerability in Discourse Remote Code Execution (RCE) Vulnerability in `yiisoft/yii` before version 1.1.27 Privilege Escalation Vulnerability in Grails Spring Security Core Plugin Tailscale Windows Client Remote Code Execution Vulnerability Tailscale Client Vulnerability: DNS Rebinding Exploit for Peer API Access Unprotected Communication in Nextcloud Talk Android XWiki Platform Cross-Site Request Forgery (CSRF) Vulnerability Allows Unauthorized Tag Deletion and Renaming XWiki Platform Vulnerability: Eval Injection in AttachmentSelector.xml Authorization Bypass in User#setDisabledStatus Allows Unauthorized User to Enable/Disable Users Bypassing File System Restrictions via Crafted HTML Page in Google Chrome (CVE-2022-12345) Authorization Bypass Vulnerability in org.xwiki.platform:xwiki-platform-user-profile-ui XWiki Platform Icon-UI Macro Vulnerability: Arbitrary Code Execution XWiki Platform User Identifier SQL Injection Vulnerability XWiki Platform Password Storage Vulnerability Arbitrary Code Execution Vulnerability in XWiki Platform Information Disclosure Vulnerability in XWiki Platform Unfiltered Access to Hidden Information in XWiki Platform's `modifications` Rest Endpoint XWiki Platform Crafted XAR Package Import Vulnerability Flarum Discussion Platform XSS Vulnerability in Page Titles Vulnerability: Exposing Registry Credentials and Local Docker Socket via Malicious Buildpack in Knative.dev/func Use After Free Vulnerability in Google Chrome Accessibility Engine.IO Server Denial of Service Vulnerability Cross-site Scripting Vulnerability in GLPI Versions 10.0.0 - 10.0.5 Command Injection Vulnerability in Sourcegraph Gitserver Service Arbitrary Command Execution Vulnerability in Sourcegraph's Gitserver Title: Discourse Vulnerability: Unauthorized Access to Topic Notifications Exposes Sensitive Information RCE Vulnerability in super-xray 0.1-beta: Upgrade to 0.2-beta Information Disclosure Vulnerability in pgjdbc Cross-Site Scripting (XSS) Vulnerability in DHIS 2 File Upload Feature Privilege Escalation Vulnerability in DHIS 2 Authenticated Request Hijacking in DHIS 2 Bypassing Safe Browsing Warnings via Malicious File in Google Chrome Privilege Escalation Vulnerability in super-xray 0.2-beta Path Traversal Vulnerability in OroPlatform's FileManager::getTemporaryFileName Method Uncontrolled Connection Time in Synapse URL Preview Functionality Vulnerability: Untrusted Code Execution in Git GUI Insecure Temporary File Creation in MPXJ Library Remote Code Execution Vulnerability in Autolab's MOSS Functionality File Disclosure Vulnerability in Autolab's Remote Handin Feature Denial of Service (DoS) Vulnerability in Muhammara and Hummus Packages Local File Inclusion Vulnerability in super-xray Stored Cross-Site Scripting Vulnerability in Multi Step Form WordPress Plugin Insufficient Verification of Data Authenticity in BigBlueButton 2.4.3 and earlier versions leads to Denial of Service Ineffective User Bans in BigBlueButton Versions Prior to 2.4-rc-6 Incorrect Authorization for Setting Emoji Status in BigBlueButton Vulnerability in BigBlueButton Allows Attackers to Exploit Whiteboard Grace Period BigBlueButton 2.4 Release Candidate Subscription Poll Results Vulnerability Arbitrary URL Redirection Vulnerability in Opencast's Paella Authentication Page XStream Remote Denial of Service Vulnerability Dragonfly v0.3.0-SNAPSHOT XML External Entity (XXE) Attack Vulnerability Unvalidated Calendar Name Lengths Vulnerability in Nextcloud Server Unrestricted Password Length DoS Vulnerability in Nextcloud Server Stored Cross-Site Scripting Vulnerability in Sliderby10Web WordPress Plugin Vulnerability: Unauthenticated Download Access in Nextcloud Server Video Stream Leakage Vulnerability in Nextcloud Talk Android App NULL Pointer Dereference in BLE L2CAP Module of Contiki-NG Local Privilege Escalation in multipath-tools Local Privilege Escalation in multipath-tools 0.7.0 through 0.9.x before 0.9.2 Local Privilege Escalation via RealVNC VNC Server and VNC Viewer MSI Installer Repair Mode Privilege Escalation Vulnerability in Scada-LTS 2.7.1.1 Build 2948559113 OpenImageIO v2.3.19.0 TIFF String Field Out of Bounds Read Vulnerability Zoho CRM Lead Magnet Plugin <= 1.7.5.8 WordPress Vulnerability: Auth. (subscriber+) Arbitrary Options Update Vulnerability in Intel(R) DCM Software Allows Privilege Escalation via Network Access Stored Cross-Site Scripting Vulnerability in WP Social Sharing WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in Mantenimiento Web Plugin <= 0.13 on WordPress Stack-based Buffer Overflow in OpenImageIO v2.3.19.0 TGA File Format Parser Uncontrolled Search Path Element Vulnerability in Intel(R) VTune(TM) Profiler Software Unencrypted Data Leakage Vulnerability in BIG-IP with Intel QAT and AES-GCM/CCM Cipher Vulnerability: Privilege Escalation and Denial of Service in Intel(R) Arc(TM) Graphics Cards A770 and A750 Limited Edition Authentication Bypass Vulnerability in Weston Embedded uC-FTPs v 1.98.00 IIJ SmartKey Android App Information Disclosure Vulnerability CSRF Vulnerability in LearningTimes BadgeOS Plugin OpenImageIO Project OpenImageIO v2.3.19.0 Information Disclosure Vulnerability Sewio RTLS Studio Version 2.0.0 - 2.6.2 Excessive Payload Length Vulnerability Stored Cross-Site Scripting Vulnerability in Link Library WordPress Plugin Stored XSS via CSRF in Vinoj Cardoza 3D Tag Cloud Heap-Based Buffer Overflow in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 DELETE_FILE Command Memory Corruption Vulnerability in PowerISO PowerISO 8.3 VHD File Format Parsing Arbitrary Script Injection Vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and Earlier Stored Cross-Site Scripting Vulnerability in Permission Settings of baserCMS Versions Prior to 4.7.2 CSRF Vulnerability in ThemeFusion Avada Premium Theme Allows Arbitrary Plugin Installation/Activation Uncontrolled Search Path Vulnerability in Intel(R) DCM Software OpenImageIO Project OpenImageIO Denial of Service Vulnerability in DDS Native Tile Reading Stored Cross-Site Scripting Vulnerability in Login with Cognito WordPress Plugin Arbitrary HTML Injection Vulnerability in BlueSpiceSocialProfile Extension Arbitrary HTML Injection Vulnerability in BlueSpiceBookshelf Extension Arbitrary File Write and Delete Vulnerability in SonicJS through 0.6.0 Resource Exhaustion Vulnerability in FasterXML jackson-databind Resource Exhaustion Vulnerability in FasterXML jackson-databind: Lack of Check in BeanDeserializer._deserializeFromArray Remote Code Execution via SpringEL Injection in Apache Ambari Server Agent Blind SSRF Vulnerability in GitLab CE/EE: Local Address Connection via Malicious GitLab Runner Configuration D-Bus Invalid Type Signature Crash Vulnerability Inconsistent Array Length Vulnerability in D-Bus D-Bus File Descriptor Format Vulnerability Integer Overflow in lsr_translate_coords function of GPAC 2.1-DEV-rev490-g68064e101-master (VDB-214518) SQL Injection Vulnerability in Best Student Result Management System v1.0 Authenticated Local File Inclusion Vulnerability in Chamilo 1.11.16 Allows Unauthorized File Access X.509 Certificate Verification Buffer Overrun Vulnerability Arbitrary Code Execution Vulnerability in Wedding Planner v1.0 via users_profile.php Code-execution backdoor vulnerability in d8s-urls package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-asns package version 0.1.0 Code-execution backdoor vulnerability in d8s-ip-addresses package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-lists package (PyPI) version 0.1.0 Code-execution backdoor vulnerability in d8s-algorithms package (PyPI) version 0.1.0 Potential Code-Execution Backdoor Found in d8s-file-system Package (Version 0.1.0) Code-Execution Backdoor Found in d8s-networking Python Package (Version 0.1.0) Potential Code-Execution Backdoor Found in d8s-xml Package (Version 0.1.0) Code-execution backdoor vulnerability in d8s-asns package version 0.1.0 Title: Arbitrary Code Injection Vulnerability in Zemana Watchdog Anti-Malware and Zemana AntiMalware Local Privilege Escalation Vulnerability in wfshbr64.sys and wfshbr32.sys IOCTL Hexadecimal Branch Name Override Vulnerability in Gitlab EE/CE Command Injection Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) Stored Cross-Site Scripting (XSS) Vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 Arbitrary File Read Vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 Stack Overflow Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) via setRemoteWebManage Function Authorization Header Leak Vulnerability in DAST API Scanner Stack Overflow Vulnerability in Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) via setWanPpoe Function Remote SQL Injection Exploit: Bypassing Login and Uploading Shell in Online Diagnostic Lab Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in Online Examination System version 1.0 via index.php Insecure Direct Object Reference (IDOR) Vulnerability in Online Birth Certificate Management System v1.0 Persistent XSS Vulnerability in Online Birth Certificate Management System Version 1.0 Stored Cross-Site Scripting Vulnerability in Image Hover Effects Ultimate Plugin for WordPress CSRF Vulnerability in Online Birth Certificate Management System version 1.0 Cross Site Scripting (XSS) Vulnerability in Online Birth Certificate Management System version 1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 via /diagnostic/editcategory.php?id= Arbitrary Code Execution Vulnerability in Wedding Planner v1.0 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 CSRF Vulnerability in fromSysToolReboot Function Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 CSRF Vulnerability in fromSysToolRestoreSet Function Stack Overflow Vulnerability in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 via formWifiBasicSet Function Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2) Heap Overflow Vulnerability in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 Stack Overflow Vulnerability in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 Firmware Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 Vulnerability: Cross Site Request Forgery (CSRF) in TendaAteMode Function Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 Vulnerability: Cross Site Request Forgery (CSRF) in fromSysToolReboot Function Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2) Unrestricted File Upload Vulnerability in Backdrop CMS 1.22.0 Allows Remote Code Execution via 'themes' Stored Cross-Site Scripting (XSS) Vulnerability in Backdrop CMS 1.23.0 via 'Card' Content Stored Cross-Site Scripting (XSS) Vulnerability in Backdrop CMS 1.23.0 via Page Content Stored Cross-Site Scripting (XSS) Vulnerability in Backdrop CMS 1.23.0 via Post Content Stored XSS Vulnerability in Comment Feature of Backdrop CMS 1.23.0 SQL Injection Vulnerability in KLiK SocialMediaWebsite v1.0.1 via profile.php XSS Vulnerability in KLiK SocialMediaWebsite Version 1.0.1: Exploiting Forum Subject Input Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2) KLiK SocialMediaWebsite Version 1.0.1 XSS Vulnerability in Location Input Reply-Form SQL Injection Vulnerability in Online Shopping System Advanced 1.0 Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2) Arbitrary Web Script Injection Vulnerability in Liferay Portal and Liferay DXP Cross-site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Cross-site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Arbitrary Web Script Injection Vulnerability in Liferay Portal and Liferay DXP Cross-site Scripting (XSS) Vulnerability in Liferay Portal and Liferay DXP Arbitrary Code Injection through Cross-Site Scripting (XSS) in Liferay Portal 7.4.3.4-7.4.3.36 Cross-site scripting (XSS) vulnerability in Liferay Portal and Liferay DXP Arbitrary Web Script Injection Vulnerability in Liferay Portal and Liferay DXP Arbitrary Web Script Injection Vulnerability in Liferay Portal Search Module Cross Site Scripting (XSS) Vulnerability in Liferay Commerce Module Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2) Arbitrary SQL Command Execution in Liferay Portal and Liferay DXP SQL Injection Vulnerability in Liferay Portal and Liferay DXP SQL Injection Vulnerability in Liferay Portal 7.3.7 and Liferay DXP 7.3: Friendly URL Title Field Injection Zip Slip Vulnerability in Liferay Portal and Liferay DXP Allows File Manipulation via Elasticsearch Sidecar Plugin Excessive Resource Consumption Vulnerability in Liferay Portal and Liferay DXP Zip Slip Vulnerability in FileUtil.unzip in Liferay Portal and Liferay DXP: File Overwrite and Creation via Malicious Plugin Deployment Improper Permission Check in Asset Libraries Module in Liferay Portal and Liferay DXP Unauthenticated Access to Friendly URL History in Liferay Portal Improper Permission Check in Liferay Portal and Liferay DXP REST APIs Insecure Direct Object Reference (IDOR) Vulnerability in Liferay Portal and Liferay DXP Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2.2) Unauthenticated Access to Form Entries in Liferay Portal Missing SSL Certificate Validation in Liferay's Dynamic Data Mapping Module's REST Data Providers LDAP Credential Exposure in Liferay Portal and DXP Arbitrary Code Execution Vulnerability in Authenticated Mail Users' File Uploads to Public Folders Command Injection Vulnerability in Delta Electronics DVW-W02W2-E2 1.5.0.10 Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2.3) Command Injection Vulnerability in Delta Electronics DX-2100-L1-CN 2.42 via lform/net_diagnose Cross Site Scripting (XSS) Vulnerability in Delta Electronics DX-2100-L1-CN 2.42 via lform/urlfilter Arbitrary Code Execution Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Open Source SACCO Management System v1.0 via /sacco_shield/manage_payment.php Cross Site Scripting (XSS) Vulnerability in kkFileView 4.0 via Filecontroller.java Server-side request forgery (SSRF) vulnerability in kkFileView 4.0 via OnlinePreviewController.java Reflected Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin Insecure Permissions in TinyLab Linux-Lab and Cloud-Lab: Container Escape Vulnerability Arbitrary File Upload Vulnerability in 74cmsSE v3.13.0 Command Injection Vulnerability in D-Link COVR 1200,1203 v1.08 Predictable Seed Vulnerability in D-Link COVR 1200, 1202, 1203 v1.08 Stored Cross-Site Scripting Vulnerability in Chained Quiz WordPress Plugin Command Injection Vulnerability in D-Link COVR 1200,1202,1203 v1.08 Command Injection Vulnerability in D-Link COVR 1200, 1202, 1203 v1.08 Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stored Cross-Site Scripting Vulnerability in Chained Quiz Plugin for WordPress Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Stack Overflow Vulnerability in Tenda AC10 V15.03.06.23 Firmware Insecure Direct Object Reference Vulnerability in WHMCS SolusVM Module 1.4.1.2: Unauthorized Password and Hostname Modification Hard-coded Credentials in PCTechSoft PCSecure V5.0.8.xw Configuration Files Allow Unauthorized Admin Panel Access Cross-Site Request Forgery Vulnerability in Chained Quiz Plugin for WordPress Directory Traversal Vulnerability in Spectrum Spatial Analyst 20.01 SSRF Vulnerability in Spectrum Spatial Analyst 20.01 XSS Vulnerability in Hustoj 22.09.22 Admin Problem Judge Path Traversal Vulnerability in Lavalite 9.0.0 Allows Arbitrary File Read Access via XSRF-TOKEN Cookie Remote Code Execution (RCE) Vulnerability in Emlog Pro 1.6.0 Plugins Upload Cross-Site Request Forgery Vulnerability in Chained Quiz WordPress Plugin (Versions up to 1.3.2.4) Improper Access Control in User List Function Allows Privilege Escalation Insecure File Upload Vulnerability in Simple Exam Reviewer Management System v1.0 CSRF Vulnerability in Simple Exam Reviewer Management System v1.0 via Exam List Cross-Site Request Forgery Vulnerability in Chained Quiz Plugin for WordPress Stored Cross Site Scripting (XSS) Vulnerability in Simple Exam Reviewer Management System v1.0 via Exam List Insecure File Upload Vulnerability in Simple Exam Reviewer Management System v1.0 Cross Site Scripting (XSS) Vulnerability in TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n Cross Site Scripting (XSS) Vulnerability in PHPGurukul Hospital Management System V 4.0 via add-patient.php Cross Site Scripting (XSS) Vulnerability in PHPGurukul Hospital Management System V 4.0 OS Command Injection Vulnerability in Asus NAS-M25 SQL Injection Vulnerability in Open Source SACCO Management System v1.0 via /sacco_shield/manage_loan.php Critical SQL Injection Vulnerability in SourceCodester Canteen Management System (CVE-2021-214523) Command Injection Vulnerability in Netgear R6220 v1.1.0.114_1.0.1 Multiple Stored XSS Vulnerabilities in Jumpserver 2.10.0 <= version <= 2.26.0 Heap-Buffer-Overflow Vulnerability in jsonlint 1.0 via lexer Arbitrary Code Execution Vulnerability in Wedding Planner v1.0 via package_edit.php Unauthenticated Remote Code Execution in pgAdmin Server SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 Authentication Bypass Vulnerability in Tenda 11N Firmware V5.07.33_cn Template Management Module File Inclusion Vulnerability in UCMS 1.6 Stored XSS Vulnerability in Student Clearance System v.1.0: Arbitrary JavaScript Injection in Registration Form Stored XSS Vulnerability in Merchandise Online Store v.1.0: Arbitrary JavaScript Injection in Edit Account Form Critical SQL Injection Vulnerability in Merchandise Online Store v.1.0 Enables Unauthorized Admin Account Access Vertical Privilege Escalation Vulnerability in Merchandise Online Store v.1.0 Remote Privilege Escalation and Denial of Service Vulnerability in CODESYS v3 SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 SQL Injection Vulnerability in Dreamer CMS 4.0.01 CSRF Vulnerability in Doufox 0.0.4 Allows Unauthorized System Administrator Account Creation Cross-Site Scripting (XSS) Vulnerability in pfSense v2.5.2's browser.php Component Stored Cross-Site Scripting (XSS) Vulnerability in QlikView 12.60.2 QvsViewClient SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 HTTP Request Smuggling Vulnerability in Apache Tomcat Out-of-Bounds Array Access Vulnerability in NVIDIA GPU Display Driver for Linux Out-of-Bounds Array Access Vulnerability in NVIDIA GPU Display Driver for Linux Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux Stored Cross-Site Scripting Vulnerability in Simple Basic Contact Form WordPress Plugin NVIDIA vGPU Display Driver for Linux Guest D-Bus Configuration File Vulnerability Buffer Overrun Vulnerability in NVIDIA vGPU Software Buffer Overrun Vulnerability in NVIDIA vGPU Software Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux NVIDIA GPU Display Driver for Linux Kernel Mode Layer Vulnerability Integer Overflow Vulnerability in NVIDIA GPU Display Driver for Linux NVIDIA GPU Display Driver for Windows: Kernel Mode Vulnerability in DxgkDdiEscape Handler Critical Vulnerability in NVIDIA GPU Display Driver for Windows Allows Out-of-Bounds Read and Potential Code Execution Omniverse Kit: Remote Code Execution Vulnerability in USD Reference Applications Vulnerability in NVIDIA Trusted OS SMC Call Handler Allows Information Disclosure and Integrity Compromise Reflected Cross-Site Scripting in Booster for WooCommerce WordPress Plugin Stack-based Buffer Overflow Vulnerability in NVIDIA Linux Distributions: nvdla_emu_task_submit NVIDIA BMC IPMI Handler Buffer Overflow Vulnerability NVIDIA BMC IPMI Handler Buffer Overflow Vulnerability Buffer Overflow Vulnerability in NVIDIA BMC's libwebsocket NVIDIA BMC IPMI Handler Buffer Overflow Vulnerability NVIDIA BMC IPMI Handler Vulnerability: Unauthenticated Host Write Access to SPI Flash Vulnerability in NVIDIA DGX A100 SBIOS Allows Unauthorized Flash Access and Code Execution Vulnerability in NVIDIA DGX Station SBIOS Allows Unauthorized Flash Access and Code Execution NVIDIA BMC SPX REST API Memory Context Vulnerability Arbitrary Command Injection Vulnerability in NVIDIA BMC SPX REST API Information Disclosure Vulnerability in SourceCodester Book Store Management System 1.0 Path Traversal Vulnerability in NVIDIA BMC SPX REST Auth Handler Vulnerability in NVIDIA DGX A100 SBIOS: Out-of-Bounds Write and Code Execution Arbitrary File Access Vulnerability in NVIDIA BMC SPX REST API NVIDIA BMC IPMI Handler Buffer Overflow Vulnerability NVIDIA BMC Password Storage Vulnerability: Risk of Credentials Exposure Vulnerability in DGX A100 SBIOS: Pre-EFI Initialization (PEI) Phase SPI Flash Protection Disabling Vulnerability in DGX A100 SBIOS Bds: Code Execution, DoS, and Privilege Escalation Vulnerability in NVIDIA BMC IPMI Handler Allows Unauthorized File Upload and Download NVIDIA BMC IPMI Handler Vulnerability: Unauthorized User Enumeration and Information Disclosure Arbitrary Command Injection Vulnerability in NVIDIA BMC SPX REST API Critical Remote Code Execution Vulnerability in SourceCodester Book Store Management System 1.0 Arbitrary Command Injection Vulnerability in NVIDIA BMC SPX REST API Data Tampering Vulnerability in NVIDIA GeForce Experience Installer Privilege Escalation Vulnerability in NVIDIA GeForce Experience's NVContainer Component Denial of Service Vulnerability in Veritas NetBackup DiscoveryService SQL Injection Vulnerability in WP Statistics WordPress Plugin Denial of Service Vulnerability in Veritas NetBackup Primary Server XML External Entity (XXE) Injection Vulnerability in Veritas NetBackup Vulnerability: SQL Injection in Veritas NetBackup Primary Server Second-Order SQL Injection Vulnerability in Veritas NetBackup Primary Server (CVE-2022-42302) SQL Injection Vulnerability in Veritas NetBackup Primary Server Path Traversal Vulnerability in Veritas NetBackup DiscoveryService Local Access Denial of Service Vulnerability in Veritas NetBackup XML External Entity (XXE) Injection Vulnerability in Veritas NetBackup DiscoveryService Arbitrary File Deletion Vulnerability in Veritas NetBackup Xenstore Vulnerability: Guest-Controlled Crash and Memory Corruption Session Fixation Vulnerability in Tribal Systems Zenario CMS 9.3.57595 Orphaned Xenstore Nodes Vulnerability: Persistent Creation of Invalid Nodes Xenstore Memory Allocation DoS Vulnerability Xenstore Memory Allocation DoS Vulnerability Xenstore Memory Exhaustion Vulnerability Xenstore Memory Allocation DoS Vulnerability Xenstore Memory Exhaustion Vulnerability Xenstore Memory Allocation DoS Vulnerability Xenstore Memory Allocation DoS Vulnerability Xenstore Memory Allocation DoS Vulnerability Denial of Service (DoS) Vulnerability in Xenstore Unrestricted Upload Vulnerability in SourceCodester Event Registration System 1.0 (VDB-214590) Vulnerability: Access Rights Leakage in Xenstore Nodes of Deleted Domains Stack Exhaustion Vulnerability in Xenstore Xenstore: Arbitrary Creation of Nodes by Cooperating Guests Xenstore: Arbitrary Creation of Nodes by Cooperating Guests Integer Truncation Vulnerability in Oxenstored Arbitrary Node Creation Vulnerability in Xenstore Transactions Arbitrary Node Creation Vulnerability in Xenstore Transactions Unintended Memory Sharing Vulnerability in x86 Virtualization Deadlock Vulnerabilities in Linux netback Driver Triggered by Guest Actions Deadlock Vulnerabilities in Linux netback Driver Triggered by Guest Actions Cross-Site Scripting (XSS) Vulnerability in SourceCodester Event Registration System 1.0 Xenstore Crash Vulnerability via Soft Reset Unprotected RET Instruction: Exploitable Speculative Vulnerability in x86 32-bit SYSCALL Path Use-after-free vulnerability in x86 shadow plus log-dirty mode Unbounded and Unserialized Cache Control Vulnerability in x86/HVM Guests Unbounded and Unserialized Cache Control Vulnerability in x86/HVM Guests Arbitrary Pointer Dereference Vulnerability in x86 Shadow Paging Vulnerability: Mishandling of Guest SSBD Selection on AMD Hardware Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Cross-Site Scripting (XSS) Vulnerability in SourceCodester Canteen Management System Arbitrary File System Read Vulnerability in Adobe ColdFusion Arbitrary File System Read Vulnerability in Adobe ColdFusion Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Adobe Campaign Server-Side Request Forgery (SSRF) Vulnerability Allows Arbitrary File System Read Incorrect Authorization Vulnerability in Adobe Commerce: Information Exposure and Privilege Escalation Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Remote Account Theft Vulnerability in RushBet Version 2022.23.1-b490616d Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Incorrect Authorization Vulnerability in Adobe Experience Manager 6.5.14 and Earlier: Security Feature Bypass and Confidentiality Information Disclosure Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Arbitrary File Read Vulnerability in Welcart e-Commerce WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18344) Arbitrary File Existence Check Vulnerability in Welcart e-Commerce WordPress Plugin Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18346) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18347) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18402) Arbitrary Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18403) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18404) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18529) Arbitrary Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18630) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18631) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18648) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18649) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18650) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18651) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18652) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18653) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18654) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18655) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18657) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18658) Arbitrary Post Deletion Vulnerability in Workreap WordPress Theme Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18659) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18660) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18661) Remote Code Execution via U3D File Parsing in PDF-XChange Editor (ZDI-CAN-18662) Remote Code Execution Vulnerability in PDF-XChange Editor via U3D File Parsing (ZDI-CAN-18893) Remote Code Execution Vulnerability in PDF-XChange Editor via XPS File Parsing Remote Code Execution Vulnerability in PDF-XChange Editor (ZDI-CAN-18278) Remote Code Execution Vulnerability in PDF-XChange Editor via XPS File Parsing PDF-XChange Editor Remote Code Execution Vulnerability Remote Code Execution Vulnerability in PDF-XChange Editor (ZDI-CAN-18327) Authentication Bypass Vulnerability in Honeywell OneWireless Version 322.1 Buffer Overflow Vulnerability in PDF-XChange Editor Allows Remote Code Execution PDF-XChange Editor Remote Code Execution Vulnerability Remote Code Execution Vulnerability in PDF-XChange Editor (ZDI-CAN-18632) Arbitrary Code Execution Vulnerability in PDF-XChange Editor (ZDI-CAN-18892) Remote Code Execution Vulnerability in PDF-XChange Editor via Malicious EMF Files Arbitrary Code Execution via EMF Parsing Vulnerability in PDF-XChange Editor (ZDI-CAN-18367) Remote Code Execution Vulnerability in PDF-XChange Editor via Malicious EMF Files Remote Code Execution Vulnerability in PDF-XChange Editor via Malicious EMF Files Remote Code Execution via EMF Parsing in PDF-XChange Editor PDF-XChange Editor Remote Code Execution Vulnerability Remote Code Execution Vulnerability in PDF-XChange Editor via PGM File Parsing (ZDI-CAN-18365) Remote Code Execution Vulnerability in PDF-XChange Editor via JPC File Parsing PDF-XChange Editor Remote Code Execution Vulnerability Remote Code Execution Vulnerability in PDF-XChange Editor via JP2 File Parsing PDF-XChange Editor Remote Information Disclosure Vulnerability Remote Code Execution Vulnerability in PDF-XChange Editor Remote Code Execution Vulnerability in PDF-XChange Editor via TIF File Parsing (ZDI-CAN-18673) Remote Code Execution Vulnerability in PDF-XChange Editor via TIF File Parsing (ZDI-CAN-18676) Remote Code Execution Vulnerability in PDF-XChange Editor via TIF File Parsing (ZDI-CAN-18677) Remote Code Execution Vulnerability in PDF-XChange Editor via TIF File Parsing (ZDI-CAN-18700) Stored Cross-Site Scripting Vulnerability in WP Google Review Slider WordPress Plugin Remote Code Execution Vulnerability in PDF-XChange Editor via TIF File Parsing (ZDI-CAN-18686) Remote Code Execution Vulnerability in PDF-XChange Editor via TIF File Parsing (ZDI-CAN-18703) Remote Code Execution Vulnerability in PDF-XChange Editor via TIF File Parsing (ZDI-CAN-18716) Privilege Escalation via Poller Broker Configuration Modification in Centreon Privilege Escalation Vulnerability in Centreon's Poller Broker Configuration Modification Privilege Escalation Vulnerability in Centreon's Poller Broker Configuration Handling Privilege Escalation Vulnerability in Centreon's Contact Groups Configuration Privilege Escalation via Poller Broker Configuration Modification in Centreon Privilege Escalation Vulnerability in Centreon's Poller Broker Configuration Modification Stored Cross-Site Scripting Vulnerability in ImageInject WordPress Plugin Privilege Escalation Vulnerability in Tesla Vehicles: Exploiting Flaw in wowlan_config Handling Privilege Escalation Vulnerability in Tesla Vehicles via bcmdhd Driver (ZDI-CAN-17544) Uninitialized Memory Disclosure Vulnerability in Linux Kernel 6.0-rc2 (ZDI-CAN-18540) Arbitrary Code Execution Vulnerability in TP-Link TL-WR841N TL-WR841N(US)_V14_220121 Routers Cross-Site Request Forgery Vulnerability in IBM Business Automation Workflow IBM MQ Managed File Transfer Local Information Disclosure Vulnerability Unauthorized Access to Admin Functions in IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 Unspecified Vulnerability in IBM App Connect Enterprise Discovery Connector Nodes Exposing 3rd Party System Credentials Directory Traversal Vulnerability in Codeplex-Codehaus Exposure of First Tenant Owner Email Address in IBM Robotic Process Automation for Cloud Pak File Upload Vulnerability in Trusteer SDK for iOS and Android (IBM X-Force ID: 238535) Buffer Overflow Vulnerability in IBM App Connect Enterprise 11.0.0.8 - 11.0.0.19 and 12.0.1.0 - 12.0.5.0 Credential Recovery Vulnerability in HCL Launch Default Enablement of Anonymous User Access in Sametime 12 Allows Unauthorized User Directory Browsing and Internal Chat Creation HCL Compass Vulnerability: Cross-Origin Resource Sharing (CORS) Exploitation XML Injection Vulnerability in codehaus-plexus Insecure Storage of Credentials in BigFix Patch Management Download Plug-ins HCL Launch Vulnerability: Unsanitized HTML Injection Leading to XSS and Open Redirections Insufficient Warnings for Imported Fixlet Scripts Pose Security Vulnerability IVR Vulnerable to Man-in-the-Middle Attack: Risk of Information Disclosure with Privileged Network Access ASUS EC Tool Driver Privilege Escalation Vulnerability Remote Command Execution Vulnerability in Generex CS141 through 2.10 via Web Interface Authentication Bypass and Arbitrary File Upload Vulnerability in bingo!CMS v1.7.4.1 and Earlier WordPress Image Hover Effects Ultimate Plugin <= 9.7.1 Authenticated Options Change Vulnerability Remote Denial of Service Vulnerability in Kakao PotPlayer's MID File Handler (VDB-214623) Stored XSS Exploit via Broken Access Control in Traffic Manager Plugin <= 1.4.5 on WordPress Unrestricted Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. Stored Cross-Site Scripting (XSS) Vulnerability in Adeel Ahmed's IP Blacklist Cloud Plugin <= 5.00 Versions Authentication Bypass Vulnerability in OpenHarmony-v3.1.2 and Prior Versions: Exploiting Softbus_server Callback Handler Function Kernel Memory Pool Override Vulnerability in OpenHarmony-v3.1.2 and Prior Versions Privilege Escalation Vulnerability in Intel(R) OFU Software Kernel Mode Driver Unescaped String Property Vulnerability Vulnerability: Insecure Configuration of H2 Web Console in Prototype Mode Remote Code Execution (RCE) Vulnerability in Apache Flume JMS Source Permissive Input Validation Vulnerability in FortiGate SSL-VPN Web Portal Critical SQL Injection Vulnerability in Movie Ticket Booking System Relative Path Traversal Vulnerability in Fortinet FortiClient (Windows) Allows Unauthorized Code Execution HTTP Response Splitting Vulnerability in FortiWeb Versions 6.3.6 - 7.0.2 HTTP Response Splitting Vulnerability in Fortinet FortiOS and FortiProxy Unauthenticated Database Access Vulnerability in Fortinet FortiSOAR Arbitrary Directory Deletion Vulnerability in Fortinet FortiOS, FortiProxy, and FortiSwitchManager FortiOS and FortiProxy SSL-VPN Remote Code Execution Vulnerability Privilege Escalation via Crafted CLI Requests in Fortinet FortiOS and FortiProxy File System Information Disclosure Vulnerability in FortiAnalyzer Excessive Authentication Attempts Vulnerability in FortiSIEM Below 7.0.0 Critical SQL Injection Vulnerability in Movie Ticket Booking System (VDB-214625) OS Command Injection Vulnerability in FreshTomato 2022.5's httpd logs/view.cgi Functionality Cross-Site Scripting (XSS) Vulnerability in Galaxy Weblinks Gallery with Thumbnail Slider Plugin <= 6.0 Stored Cross-Site Scripting Vulnerability in User Group Management of baserCMS Versions Prior to 4.7.2 Missing Permission Validation Vulnerability in OpenHarmony-v3.1.2 and Prior Versions: Potential Privilege Escalation and DoS Cross-Site Scripting (XSS) Vulnerability in Movie Ticket Booking System OS Command Injection Vulnerability in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 m2m Binary via DOWNLOAD_CFG_FILE Command OS Command Injection Vulnerabilities in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 via M2M_CONFIG_SET Command OS Command Injection Vulnerabilities in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 through m2m's DOWNLOAD_AD Command OS Command Injection Vulnerabilities in Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 through m2m's DOWNLOAD_INFO Command Critical SSRF Vulnerability in All in One SEO Pro Plugin for WordPress Nako3edit OS Command Injection Vulnerability Arbitrary Code Execution Vulnerability in Api2Cart Bridge Connector Plugin <= 1.1.0 on WordPress Out of Bounds Write Vulnerability in Pixel Cellular Firmware Allows Remote Code Execution Heap Buffer Overflow in sms_SendMmCpErrMsg of sms_MmConManagement.c in Android Kernel Cross-Site Scripting (XSS) Vulnerability in Movie Ticket Booking System Possible Shell Command Execution in OEM_OnRequest of sced.cpp Out of Bounds Write Vulnerability in HexString2Value of util.cpp Out of Bounds Write Vulnerability in FacilityLock::Parse of simdata.cpp Out-of-bounds Write Vulnerability in ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria Out-of-Bounds Write Vulnerability in CallDialReqData::encodeCallNumber of callreqdata.cpp Out-of-bounds Write Vulnerability in ProtocolMiscBuilder::BuildSetSignalReportCriteria Out of Bounds Write Vulnerability in SimUpdatePbEntry::encode of simdata.cpp Out of Bounds Write Vulnerability in ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp Out of Bounds Write Vulnerability in ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp Out of Bounds Write Vulnerability in CallDialReqData::encode of callreqdata.cpp Cross-Site Scripting (XSS) Vulnerability in Movie Ticket Booking System Out-of-Bounds Read Vulnerability in StringsRequestData::encode of requestdata.cpp Out-of-Bounds Write Vulnerability in EmbmsSessionData::encode of embmsdata.cpp Out of Bounds Read Vulnerability in VsimOperationDataExt::encode of vsimdata.cpp Out of Bounds Write Vulnerability in ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp Out of Bounds Read Vulnerability in ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp Possible Out of Bounds Read in MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp Possible Out of Bounds Read in ProtocolSimBuilderLegacy::BuildSimGetGbaAuth Out of Bounds Read Vulnerability in MiscService::DoOemSetTcsFci of miscservice.cpp Out-of-bounds Write Vulnerability in BroadcastSmsConfigsRequestData::encode of smsdata.cpp Possible stack clash leading to memory corruption in CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp Cross-Site Scripting (XSS) Vulnerability in SourceCodester Canteen Management System Possible Use After Free Vulnerability in ServiceInterface::HandleRequest of serviceinterface.cpp Out of Bounds Write Vulnerability in encode of wlandata.cpp Out-of-Bounds Read Vulnerability in DoSetCarrierConfig of miscservice.cpp Possible Out of Bounds Write Vulnerability in fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp Out-of-bounds Read Vulnerability in sms_GetTpUdlIe of sms_PduCodec.c Possible Out of Bounds Write Vulnerability in fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp Out-of-bounds Write Vulnerability in ConvertUtf8ToUcs2 of radio_hal_utils.cpp Possible Remote Denial of Service Vulnerability in cd_SsParseMsg of cd_SsCodec.c Potential Local Information Disclosure Vulnerability in ffa_mrd_prot of shared_mem.c Android Kernel Vulnerability: A-235292841 Cross-Site Scripting (XSS) Vulnerability in SourceCodester Canteen Management System (VDB-214630) Out of Bounds Read Vulnerability in Pixel Firmware Permissive Memory Allocation Vulnerability in mmu_map_for_fw of gs_ldfw_load.c Out of Bounds Read Vulnerability in Pixel Firmware Integer Overflow in shared_metadata_init of SharedMetadata.cpp Allows for Local Privilege Escalation Privilege Escalation in trusty_ffa_mem_reclaim of shared-mem-smcall.c SQL Injection Vulnerability in MmsSmsProvider.java Allows Access to Restricted Tables Critical Remote Code Execution Vulnerability Discovered Critical Remote Code Execution Vulnerability Discovered Unprivileged Access Exploit: Elevation of Privilege Vulnerability Unintended Information Exposure: A Critical Vulnerability LDAP Injection Vulnerability in libsss_certmap of sssd Unprivileged Access Exploit: Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability Discovered Out of Bounds Write Vulnerability in phNxpNciHal_core_initialized of phNxpNciHal.cc Out of Bounds Read Vulnerability in fdt_path_offset_namelen of fdt_ro.c Improper Input Validation in AddAppNetworksFragment.getView() Allows for Misleading Network Add Requests User Email Information Leakage in GitLab Webhook Payload Stored Cross-Site Scripting Vulnerability in All-in-One Addons for Elementor WordPress Plugin Critical Remote Code Execution Vulnerability in C-DATA Web Management System Unquoted Windows Search Path Vulnerability in HIMA PC Based Software Allows Privilege Escalation SQL Injection Vulnerability in Nozomi Networks Guardian and CMC Allows Arbitrary SQL Query Execution Stored Cross-Site Scripting Vulnerability in WP-Ban WordPress Plugin Unauthenticated Update Vulnerability in Rapid7 Nexpose and InsightVM Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit Privilege Escalation: Unauthorized Configuration Changes in M-Files Web (Classic) Object Injection Vulnerability in Replyable WordPress Plugin CSRF Vulnerability in Bulk Delete Users by Email WordPress Plugin Reflected Cross-Site Scripting in Bulk Delete Users by Email WordPress Plugin SQL Injection Vulnerability in Plugin Logic WordPress Plugin Linux Kernel Traffic Control (TC) Subsystem Denial of Service Vulnerability Unauthenticated Arbitrary File Upload Vulnerability in WordPress Api2Cart Bridge Connector Plugin <= 1.1.0 Easy WP SMTP Plugin <= 1.5.1 Authenticated Remote Code Execution Vulnerability Privilege Assignment Vulnerability in M-Files Web Versions Before 22.5.11436.1 Use-after-free vulnerability in mm/rmap.c in the Linux kernel before 5.19.7 Arbitrary Web Script Injection Vulnerability in ServiceNow Employee Service Center and Service Portal Use-after-free vulnerability in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 Directory Traversal Vulnerability in Sangoma Asterisk Inadequate Permission Check for Embedded Images in Mahara Reflected Cross-site Scripting (XSS) Vulnerability in osTicket prior to 1.16.4 Stored Cross-Site Scripting (XSS) Vulnerability in Nice (formerly Nortek) Linear eMerge E3-Series Devices Unsanitized Input in SNMP MIB Walker Allows Arbitrary Code Execution Arbitrary JavaScript Code Execution via Reflected XSS in REDCap Alerts & Notifications Upload Feature Use-after-free vulnerability in Arm Mali GPU Kernel Driver allows for unauthorized access to freed memory Insecure Sudoers Configuration in Hashicorp Packer Privilege Escalation via Incorrect Default Permissions in NI LabVIEW CLI Installation Folder Use-After-Free Vulnerability in Linux Kernel 5.2 through 5.19.x Allows for Kernel Crash and Potential Code Execution Unrestricted Upload Vulnerability in FeMiner WMS (VDB-214760) Use-after-free vulnerability in Linux kernel 5.1 through 5.19.x before 5.19.16 in mac80211 stack BSS Handling Bug in Linux Kernel 5.1 through 5.19.x: Local Code Execution Vulnerability NULL Pointer Dereference DoS Vulnerability in Linux Kernel's mac80211 Stack Information Disclosure: Role Name Discovery in MISP before 2.4.164 Directory Traversal Vulnerability in Warpinator 1.2.14 Unrestricted Upload Vulnerability in SourceCodester Human Resource Management System 1.0 Replay Attack Vulnerability in django-mfa2 Improper Read Access Control Vulnerability in syngo Dynamics Application Server Improper Read Access Control Vulnerability in syngo Dynamics Application Server Improper Write Access Control Vulnerability in syngo Dynamics Application Server Improper Privilege Escalation in Apache ShenYu Admin Critical SQL Injection Vulnerability in House Rental System (VDB-214770) Prototype Pollution Vulnerability in deep-parse-json v1.0.2 SQL Injection Vulnerability in CandidATS version 3.0.0 CandidATS Version 3.0.0 XXE Vulnerability Allows Arbitrary File Reading Cross-Site Scripting (XSS) vulnerability in CandidATS version 3.0.0 allows cookie theft Cross-Site Scripting (XSS) vulnerability in CandidATS version 3.0.0 allows cookie theft via 'sortBy' parameter in 'ajax.php' resource. Cross-Site Scripting (XSS) vulnerability in CandidATS version 3.0.0 allows cookie theft Cross-Site Scripting (XSS) vulnerability in CandidATS version 3.0.0 allows cookie theft Critical SQL Injection Vulnerability in House Rental System Arbitrary User Cookie Theft Vulnerability in CandidATS Version 3.0.0 CSRF Vulnerability in CandidATS Version 3.0.0 Allows Privilege Escalation Cookie Theft Vulnerability in SalonERP Version 3.0.2 Memory Corruption Vulnerability in NPU Driver Enables Local Denial of Service in Kernel Local Denial of Service Vulnerability in WLAN Driver Buffer Overflow Vulnerability in Sensor Driver: Local Denial of Service in Kernel Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Unrestricted Upload Vulnerability in House Rental System Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Critical SQL Injection Vulnerability in Shaoxing Background Management System (VDB-214774) WLAN Driver Race Condition Vulnerability: Local Denial of Service Exploit WLAN Driver Race Condition Vulnerability: Local Denial of Service Exploit Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Memory Corruption Vulnerability in Camera Driver: Local Denial of Service Exploit Missing Permission Check in UscAIEngine Service Allows Unauthorized Setup Power Management Service Vulnerability: Unauthorized Setup Access Windows Manager Service Vulnerability: Missing Permission Check Allows Unauthorized Setup Local Denial of Service Vulnerability in WLAN Driver Critical SQL Injection Vulnerability in SourceCodester Human Resource Management System 1.0 (VDB-214775) Local Denial of Service Vulnerability in WLAN Driver Local Denial of Service Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Electromagnetic Fault Injection Vulnerability in LOGO! Series Devices Authentication Bypass Vulnerability in W&T ComServer Series XSS Vulnerability in W&T ComServer Series: Arbitrary Script Execution via Configuration Webpage Title Session ID Brute Force Vulnerability in W&T Comserver Series Improved Permission Validation Fixes Sensitive Location Information Leak in macOS Ventura 13 Code Signature Validation Vulnerability in macOS Cross-Site Scripting (XSS) Vulnerability in SourceCodester Human Resource Management System 1.0 Lock Screen Bypass Vulnerability Patched in macOS and iOS Updates Race Condition Vulnerability Fixed in macOS Ventura 13 Allowing Arbitrary Code Execution with Kernel Privileges Improved Data Protection in iOS 16.1 and iPadOS 16: Addressing App's Ability to Access Sensitive Location Information Code Signature Validation Bypass Vulnerability Arbitrary Code Execution via Maliciously Crafted Image in Apple Operating Systems Elevated Privileges Vulnerability Patched in iOS 15.7, iPadOS 15.7, and macOS Ventura 13 Root Privilege Escalation Vulnerability Fixed in Xcode 14.1 Memory Handling Vulnerability in Audio File Parsing User Interface Spoofing Vulnerability Information Disclosure Vulnerability in Dot Tech Smart Campus System Vulnerability Patched in iOS 15.7.1 and Other Operating Systems Arbitrary Code Execution Vulnerability in Apple Operating Systems Race Condition Vulnerability Patched in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Race Condition Vulnerability Fixed in iOS 16.1, iPadOS 16, and macOS Ventura 13 Logic Issue in macOS Ventura 13 Allows Accidental Addition of Participants to Shared Albums Remote Code Execution Vulnerability in Apple Operating Systems Memory Handling Vulnerability in macOS Ventura 13 Critical Authorization Bypass Vulnerability in Facepay 1.0 (VDB-214789) Memory Disclosure Vulnerability in USD File Processing Sandbox Restriction Bypass Vulnerability Certificate Validation Vulnerability in WKWebView Improved Logic Checks in macOS Ventura 13: Resolving User-Sensitive Data Access Vulnerability Improved Data Protection in macOS Ventura 13: Fixing App Access to User-Sensitive Data Vulnerability Patched: Logic Issue Allows Unauthorized File System Modification in macOS Ventura 13 Vulnerability: Logic Issue in State Management Leading to Sensitive Data Leakage Improved Data Protection in macOS Ventura 13: Addressing User Activity Tracking Vulnerability Improved Access Restrictions in macOS Big Sur 11.7, macOS Ventura 13, and macOS Monterey 12.6: Addressing Sensitive Location Information Access Vulnerability Critical Remote Code Injection Vulnerability in SpringBootCMS Template Management (VDB-214790) Memory Corruption Vulnerability in iOS, iPadOS, and macOS Ventura: Potential App Termination and Code Execution Gatekeeper Bypass Vulnerability in macOS Monterey, Big Sur, and Ventura Type Confusion Vulnerability in Apple Operating Systems and Safari Allows Arbitrary Code Execution Improved State Management Fixes Logic Issue in Apple Devices, Prevents Disclosure of Sensitive User Information File System Modification Vulnerability Use After Free Vulnerability Patched in macOS Ventura 13, iOS 16.1, iPadOS 16, and Safari 16.1 Arbitrary Code Execution Vulnerability in iOS and iPadOS Improved Memory Handling in macOS Ventura 13 Fixes Arbitrary Code Execution Vulnerability Use After Free Vulnerability in iOS, iPadOS, and macOS Allows Arbitrary Code Execution Dangling Pointer Vulnerability in X.Org Allows for Privilege Elevation and Remote Code Execution Memory Handling Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Race Condition Vulnerability Fixed in iOS 16.1, iPadOS 16, and macOS Ventura 13 Race Condition Vulnerability Fixed in iOS 16.1, iPadOS 16, and macOS Ventura 13 macOS Ventura 13 Patched Out-of-Bounds Read Vulnerability Allowing Arbitrary Code Execution Vulnerability: Unauthorized Access to Mail Folder Attachments via Temporary Directory URL Parsing Vulnerability Camera Data Leakage Vulnerability in macOS Ventura 13 Sensitive Location Information Exposure Vulnerability Patched in iOS 16.2, iPadOS 16.2, and macOS Ventura 13.1 Arbitrary Code Execution Vulnerability in macOS and iOS Type Confusion Vulnerability Patched in macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2 Improved Memory Handling Vulnerability Improved Data Protection: Addressing User Information Vulnerability Memory Handling Vulnerability Allows Sandbox Escape in iOS 16.2 and iPadOS 16.2 Memory Handling Vulnerability in Apple Operating Systems Memory Handling Vulnerability in iOS and iPadOS: Potential System Termination via Malicious Video File Parsing Arbitrary Code Execution Vulnerability in macOS Ventura 13.1 Arbitrary Code Execution Vulnerability Patched in iOS, iPadOS, and tvOS Privileged API Access Vulnerability Incomplete Fix for CVE-2020-16599: Denial of Service Vulnerability in binutils Package Memory Handling Vulnerability Allows Arbitrary Code Execution in iOS and iPadOS Memory Handling Vulnerability in TIFF File Parsing Leads to User Information Disclosure Memory Disclosure Vulnerability in Safari and Apple Operating Systems Improved Access Restrictions in macOS Ventura 13.1: Mitigating Unauthorized File System Modifications Improved Memory Handling in macOS Monterey and Ventura: Fixing Kernel Memory Disclosure Vulnerability Arbitrary Entitlements Vulnerability Patched in Latest Apple Updates Type Confusion Vulnerability in Apple Safari and iOS Memory Corruption Vulnerability in macOS Ventura 13.1 Allows Arbitrary Code Execution with Kernel Privileges Privacy Bypass Vulnerability Patched in iOS, iPadOS, macOS, and watchOS Reflected Cross-Site Scripting (XSS) Vulnerability in B&R Automation Runtime Unauthorized File System Modification Vulnerability Patched in macOS Monterey, Big Sur, and Ventura Sandbox Escape Vulnerability Patched in iOS, iPadOS, and macOS Updates Privacy Bypass Vulnerability Patched in iOS 16.2, iPadOS 16.2, and macOS Ventura 13.1 Arbitrary Code Execution Vulnerability in Safari, tvOS, macOS, iOS, iPadOS, and watchOS Race Condition Vulnerability Patched in Multiple Apple Operating Systems Privacy Preference Bypass Vulnerability Patched in iOS 16.2 and Other Apple Operating Systems Improved Cache Handling in iOS 16.2 and macOS Ventura 13.1: Addressing Sensitive Location Information Vulnerability Arbitrary Code Execution Vulnerability Fixed in Safari 16.2 and Other Apple Operating Systems Authentication Bypass Vulnerability in Devolutions Remote Desktop Manager Null Pointer Dereference Vulnerability in Intel(R) Trace Analyzer and Collector Software Denial of Service Vulnerability in Intel(R) Arc(TM) & Iris(R) Xe Graphics Drivers Stored Cross-Site Scripting (XSS) Vulnerability in Ali Irani Auto Upload Images Plugin <= 3.3 CSV Formula Injection Vulnerability in Shambix Simple CSV/XLS Exporter Quiz And Survey Master Plugin <= 7.3.10 on WordPress Sensitive Information Disclosure Vulnerability Unauthenticated Access to ThemeinProgress WIP Custom Login Uninitialized Pointer Vulnerability in Open Babel 3.1.1 and Master Commit 530dbfa3 ARMember Premium Plugin <= 5.5.1 Unauthenticated Privilege Escalation Vulnerability Vulnerability: Remote Code Execution and Unintentional Contact with Remote Servers in Apache Commons Text Google IAP Details Leakage in GitLab Prometheus Integration Remote Code Execution Vulnerability in Apache XML Graphics Batik Improper Write Access Control Vulnerability in syngo Dynamics Application Server Improper Write Access Control Vulnerability in syngo Dynamics Application Server Improper Write Access Control Vulnerability in syngo Dynamics Application Server Unauthenticated Server-Side Request Forgery (SSRF) Vulnerability in syngo Dynamics Remote Kernel Pointer Leak Vulnerability in Linux Kernel's l2cap_parse_conf_req Function Remote Code Execution and Kernel Memory Leak Vulnerabilities in Linux Kernel's Bluetooth L2CAP Core Unauthenticated Command Injection and Privilege Escalation in Array Networks AG/vxAG Integer overflows in PAC parsing in MIT Kerberos 5 and Heimdal: Remote Code Execution and Denial of Service Vulnerability Vulnerability: Out-of-Bounds Read and Stack Overflow in Bentley MicroStation and MicroStation-based Applications Authenticated SQL Injection in Cyr to Lat Plugin for WordPress Out-of-Bounds Read Vulnerability in Bentley MicroStation and MicroStation-based Applications Vulnerability in Bentley MicroStation and MicroStation-based Applications: Out-of-Bounds and Stack Overflow Issues in Crafted XMT File Handling Dynamic Code Execution Vulnerability in LAVA Server's lavatable.py User Enumeration Vulnerability in Zoho ManageEngine SupportCenter Plus Command Execution Vulnerability in Zoho ManageEngine ADManager Plus (CVE-2021-XXXX) Heap Buffer Over-read Vulnerability in wolfSSL before 5.5.2 Arbitrary Code Execution in Powerline Gitstatus (CVE-2022-20002) Stored XSS vulnerability in WEPA Print Away: Persistent Cross-Site Scripting via Malicious Filenames Unauthorized Document Printing Vulnerability Heap Corruption Vulnerability in Avast Antivirus Windows Library Double Free Vulnerability in curl before 7.86.0 Bypassing HSTS Check in curl: IDN Character Replacement Vulnerability Local Privilege Escalation in Python Multiprocessing Library on Linux GitHub Repository vim/vim: Use After Free Vulnerability Arbitrary Bytecode Generation Vulnerability in Apache Commons BCEL SQL Injection Vulnerability in Forma LMS 3.1.0 and Earlier SQL Injection Vulnerability in Forma LMS 3.1.0 and Earlier Forma LMS Plugin Upload Privilege Escalation Vulnerability Same-Origin Policy Violation in Firefox and Thunderbird: Theft of Cross-Origin URL Entries via performance.getEntries() Memory Corruption Vulnerability in Firefox and Thunderbird Persistent Denial of Service (DoS) Vulnerability in Firefox and Thunderbird Incorrect Floating Point Comparison in Vim Prior to 9.0.0804 CacheStorage Data Race Vulnerability in Firefox < 106 Unencrypted Username Storage Vulnerability in Firefox Memory Corruption Vulnerabilities in Firefox 105 and Firefox ESR 102.3 Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe via Malicious TGA File Memory Corruption Vulnerability in DesignReview.exe via Malicious TGA File Privilege Escalation Vulnerability Found in Popular Windows Antivirus Software Memory Corruption Vulnerability in DesignReview.exe via Malicious TGA File Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe Memory Corruption Vulnerability in DesignReview.exe Application Memory Corruption Vulnerability in DesignReview.exe DLL Search Order Hijacking Vulnerability in DWG TrueViewTM 2023: Remote Code Execution Risk Buffer Overflow Vulnerability in Autodesk Maya 2023 and 2022 Buffer Overflow Vulnerability in Autodesk Maya 2023 and 2022 Remote Code Execution in Cobalt Strike UI via HTML Injection Insecure Permissions in Silverstripe/Subsites through 2.6.0 Reflected Cross-Site Scripting Vulnerability in Show All Comments WordPress Plugin Memory Exhaustion Denial of Service Vulnerability in Couchbase Server Backup Service Couchbase Server Default Credentials Vulnerability Sensitive Information Disclosure Vulnerability in ZKTeco Products Cross-Site Scripting (XSS) Vulnerability in Keyfactor EJBCA before 7.10.0 Cleartext Credential Vulnerability in PassWork Extension 5.0.9 for Chrome and Other Browsers PassWork Extension 5.0.9 Vulnerability: Cleartext Master Password Exposure ARP Handler Vulnerability in TP-Link TL-WR740N: Local Network Resource Consumption DOM XSS vulnerability in EqualWeb Accessibility Widget versions 2.0.0 to 2.0.4, 2.1.10, 3.0.0 to 3.0.2, and 4.0.0 to 4.0.1 Vulnerability: Rowhammer-based Fault Injection Attack on ECC Signatures in wolfSSL Exponential ReDoS Vulnerability in pymatgen's GaussianInput.from_string Method Exponential ReDoS Vulnerability in snowflake-connector-python's get_file_transfer_type Method Exponential ReDoS Vulnerability in cleo PyPI Package's Table.set_rows Method XSS Vulnerability in Caret Markdown Preview Mode Allows Client-Side Code Execution Ref Injection Vulnerability in Gitea before 1.17.3 Remote Code Execution Vulnerability in py Library through 1.11.0 Unauthenticated SQL Injection in WP AutoComplete Search WordPress Plugin Critical Function Authentication Bypass Vulnerability in APC and Schneider Electric Easy UPS Online Monitoring Software Title: Remote Code Execution via Unrestricted File Upload in APC/Schneider Electric Easy UPS Online Monitoring Software Local Privilege Escalation via Incorrect Permission Assignment in APC/Schneider Electric Easy UPS Online Monitoring Software CWE-798: Hard-coded Credentials Vulnerability in APC and Schneider Electric Easy UPS Online Monitoring Software Improper Wildcard Handling in Phoenix Socket/Transport Arbitrary File Download Vulnerability in Netic User Export Add-on for Atlassian Confluence Authorization Mishandling in Netic User Export Add-on for Atlassian Confluence Allows Unauthenticated File Access Insecure Hostname Validation in RYDE App 5.8.43: Account Takeover via Deep Link Arbitrary File Download Vulnerability in Wholesale Market WordPress Plugin Insecure Production JWT Key in go-admin (aka GO Admin) 2.0.12 Unauthenticated UDP Querying Vulnerability in BKG Professional NtripCaster 2.0.39 AJ-Report 0.9.8.6 Vulnerability: Authentication Bypass via JWT Token Spoofing SQL Injection Vulnerability in WoWonder Social Network Platform 4.1.4 via offset Parameter Cross-Site Scripting (XSS) Vulnerability in ScratchLogin Extension for MediaWiki Cross-Site Scripting (XSS) Vulnerability in ERP Sankhya v4.11b81 Caixa de Entrada Component Stored Cross-Site Scripting Vulnerability in Metricool WordPress Plugin SQL Injection Vulnerability in Food Ordering Management System v1.0 via /foms/all-orders.php?status=Cancelled%20by%20Customer Stored XSS Vulnerability in Simple Online Public Access Catalog v1.0 via Edit Account Full Name Field Stored Cross-Site Scripting (XSS) Vulnerabilities in Train Scheduler App v1.0 Cross-Site Scripting (XSS) Vulnerability in Password Storage Application v1.0 Setup Page Stack Overflow Vulnerability in D-Link DIR-816 A2 1.10 B05 via srcip Parameter Multiple Command Injection Vulnerabilities in D-Link DIR-816 A2 1.10 B05 Critical Remote Code Injection Vulnerability in FastCMS Stack Overflow Vulnerability in D-Link DIR-816 A2 1.10 B05 via wizardstep4_pskpwd Parameter Stack Overflow Vulnerability in D-Link DIR-816 A2 1.10 B05 via pskValue Parameter Stack Overflow Vulnerability in D-Link DIR-816 A2 1.10 B05 via wizardstep54_pskpwd Parameter Stack Overflow Vulnerability in D-Link DIR-816 A2 1.10 B05 via pskValue Parameter in setRepeaterSecurity Function Reflected Cross-Site Scripting in Sunshine Photo Cart WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in OpenCATS v0.9.6 via joborderID Parameter Reflected Cross-Site Scripting (XSS) Vulnerability in OpenCATS v0.9.6 Reflected XSS Vulnerability in OpenCATS v0.9.6 via Callback Component Reflected XSS Vulnerability in OpenCATS v0.9.6 via indexFile Component Reflected Cross-Site Scripting (XSS) Vulnerability in OpenCATS v0.9.6 Remote Code Execution Vulnerability in OpenCATS v0.9.6 via getDataGridPager's Ajax Functionality Unserialized PHP Object Injection in White Label CMS WordPress Plugin SQL Injection Vulnerability in OpenCATS v0.9.6 Tag Update Function SQL Injection Vulnerability in OpenCATS v0.9.6 via entriesPerPage Variable SQL Injection Vulnerability in OpenCATS v0.9.6 Tag Deletion Function SQL Injection Vulnerability in OpenCATS v0.9.6 via importID Parameter Stack Overflow Vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 Stack Overflow Vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 via startIp Parameter Stack Overflow Vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 via endIp Parameter Stack Overflow Vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 Firewall Configuration Stack Overflow Vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 via timeZone Parameter Stack Overflow Vulnerability in Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 Firmware Bypassing IP-based Restrictions on Login Forms in WP Limit Login Attempts Plugin Remote Code Execution (RCE) Vulnerability in Siyucms v6.1.7 DedeCMS v6.1.9 Cross-Site Request Forgery (CSRF) Vulnerability Memory Leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Bento4 v1.6.0-639 Denial of Service (DoS) Vulnerability in Bento4 1.6.0-639 Heap Buffer Overflow Vulnerability in AP4_BitReader::SkipBits(unsigned int) Function in Bento4 v1.6.0-639 Heap-buffer-overflow vulnerability in Bento4 v1.6.0-639 leads to Denial of Service (DoS) in AP4_Dec3Atom::AP4_Dec3Atom Memory Leak in AP4_File::ParseStream in Bento4 1.6.0-639 Heap Overflow Vulnerability in Bento4 v1.6.0-639 via AP4_BitReader::ReadCache() in mp42ts Segmentation Violation Vulnerability in GPAC 2.1-DEV-rev368-gfd054169b-master Timing-based side channel vulnerability in OpenSSL RSA Decryption Heap Buffer Overflow in GPAC 2.1-DEV-rev368-gfd054169b-master via gf_isom_box_dump_start_ex Heap Buffer Overflow in GPAC 2.1-DEV-rev368-gfd054169b-master via FixSDTPInTRAF function Segmentation Violation Vulnerability in GPAC 2.1-DEV-rev368-gfd054169b-master Segmentation Violation Vulnerability in GPAC 2.1-DEV-rev368-gfd054169b-master Segmentation Violation Vulnerability in GPAC 2.1-DEV-rev368-gfd054169b-master Cross-Site Scripting (XSS) Vulnerability in Food Ordering Management System v1.0 SQL Injection Vulnerability in Canteen Management System Project v1.0 Unauthenticated Access to Admin Sessions in Login as User or Customer WordPress Plugin Arbitrary File Upload Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 Reflected Cross-Site Scripting Vulnerability in Panda Pods Repeater Field WordPress Plugin Arbitrary File Upload Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 Unsanitized Parameters in پلاگین پرداخت دلخواه WordPress Plugin Allows XSS Attacks Stack Overflow Vulnerability in XPDF v4.04 Catalog::readPageLabelTree2(Object*) Function Arbitrary File Upload Vulnerability in AyaCMS v3.1.2 Cross-Site Scripting (XSS) Vulnerability in Web-Based Student Clearance System v1.0 Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in Web-Based Student Clearance System v1.0 Cross-Site Scripting (XSS) Vulnerability in Train Scheduler App v1.0 - Arbitrary Code Execution via cmddept Parameter Authentication Abuse Vulnerability in Secomea GateManager: Plaintext Storage of Passwords SQL Injection Vulnerability in Fast Food Ordering System v1.0 via /fastfood/purchase.php Arbitrary Code Execution via Cross-Site Scripting (XSS) in Fast Food Ordering System v1.0 Arbitrary File Upload Vulnerability in Vehicle Booking System v1.0 Cross-Site Scripting (XSS) Vulnerability in Vehicle Booking System v1.0's admin-add-vehicle.php Arbitrary File Upload Vulnerability in Restaurant POS System v1.0's add_product.php SQL Injection Vulnerability in Restaurant POS System v1.0 via update_customer.php CSRF Vulnerability in Subscribe2 WordPress Plugin Allows Arbitrary User Deletion Local Privilege Escalation via UART Port in Mediatrix 4102 (before v48.5.2718) Multiple Stored XSS Vulnerabilities in Phpgurukul User Registration & User Management System v3.0 Stored Cross-Site Scripting Vulnerability in Slimstat Analytics WordPress Plugin Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn via devName Parameter Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn via timeZone Parameter Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn via formSetQosBand Function Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn via wpapsk_crypto Parameter Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn via shareSpeed Parameter Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn via schedStartTime Parameter Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn via setSmartPowerManagement Function Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn Firewall Configuration Command Injection Vulnerability in D-Link DIR-823G v1.0.2 Sensitive Information Exposure in Log Files Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sourcecodester Password Storage Application Cross-Site Scripting (XSS) Vulnerability in flatCore-CMS v2.1.0 via Crafted Username Field Payload Cross-Site Scripting (XSS) Vulnerability in Clansphere CMS v2011.4 via Username Parameter Cleartext Storage of Sensitive Information Vulnerability in PcVue Versions 8.10 through 15.2.3 Cross-Site Scripting (XSS) Vulnerability in Intelliants Subrion CMS v4.2.1 Cross-Site Scripting (XSS) Vulnerability in Intelliants Subrion CMS v4.2.1 Field Add Page SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 Arbitrary Command Execution Vulnerability in Tenable Products SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 Privilege Escalation Vulnerability in Dolibarr Open Source ERP & CRM Privilege Escalation in GitHub Repository ikus060/rdiffweb prior to 2.5.2 Server-Side Request Forgery (SSRF) vulnerability in kkFileView v4.1.0 via getCorsFile component Cross-Site Scripting (XSS) Vulnerability in Password Storage Application v1.0's add-fee.php Component Cross-Site Scripting (XSS) Vulnerability in Beekeeper Studio v3.6.6 Canteen Management System v1.0 XSS Vulnerability: Execution of Arbitrary Web Scripts and HTML Arbitrary File Upload Vulnerability in Canteen Management System v1.0 Image Upload Function Heap Overflow Vulnerability in rtf2html v0.2.0 GitLab DAST Analyzer Vulnerability: Unauthorized Custom Request Headers on Authentication Page Memory Leak Vulnerability in timg v1.4.4 via timg::QueryBackgroundColor() Heap Overflow Vulnerability in tsMuxer v2.6.16 via BitStreamWriter::flushBits() SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Global Lists Feature Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Global Variables Feature Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Global Entities Feature Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Users Alerts Feature SQL Injection Vulnerability in Rukovoditel v3.2.1 via reports_id Parameter Stored XSS Vulnerability in Rukovoditel v3.2.1 Users Access Groups Feature GitLab DAST Analyzer Vulnerability: Custom Request Header Redirection Issue Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Dashboard Configuration Heap Buffer Overflow in LIEF v0.12.1: DoS via Crafted MachO File SQL Injection Vulnerability in Online Leave Management System v1.0 Arbitrary Line Addition Vulnerability in cri-o via Specially Crafted Environment Variable Server-Side Request Forgery (SSRF) Vulnerability in XXL-Job v2.3.1 D-Link DIR878 1.30B08 Hotfix_04 Command Injection Vulnerability Stored XSS Vulnerability in Rukovoditel v3.2.1 Configuration/Holidays Module Arbitrary Code Execution via Incomplete Fix in Dedecms v5.7.101 Arbitrary File Deletion Vulnerability in dedecmdv6 v6.1.9 via file_manage_control.php Reflected Cross-Site Scripting Vulnerability in WordPress Events Calendar Plugin Reflected Cross-Site Scripting Vulnerability in PDF Generator for WordPress Plugin SQL Injection Vulnerability in Billing System Project v1.0 via orderId Parameter at fetchOrderData.php SQL Injection Vulnerability in Billing System Project v1.0: Exploitable id Parameter in editorder.php SQL Injection Vulnerability in Billing System Project v1.0: orderId Parameter at printOrder.php SQL Injection Vulnerability in Billing System Project v1.0 via endDate Parameter at getOrderReport.php Critical Remote Code Injection Vulnerability in maku-boot up to 2.2.0 Memory Leak Vulnerability in open5gs v2.4.11's src/upf/pfcp-path.c Component Allows DoS Attacks Memory Leak Vulnerability in open5gs v2.4.11: Exploitable DoS via Crafted PFCP Packet Memory Leak Vulnerability in open5gs v2.4.11's ngap-handler.c Component Allows DoS via Crafted UE Attachment SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Online Diagnostic Lab Management System v1.0 SQL Injection Vulnerability in Barangay Management System v1.0 via hidden_id Parameter SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 Unserialized PHP Object Injection Vulnerability in Analyticator WordPress Plugin SQL Injection Vulnerability in Simple Cold Storage Management System v1.0 Arbitrary File Upload Vulnerability in Canteen Management System v1.0 SQL Injection Vulnerability in Canteen Management System v1.0 SQL Injection Vulnerability in Canteen Management System v1.0 Hoosk v1.8 Arbitrary File Upload Vulnerability Heap-buffer-overflow vulnerability in Libde265 v1.0.8 via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc Stack-buffer-overflow vulnerability in Libde265 v1.0.8 via put_qpel_fallback in fallback-motion.cc Stack-buffer-overflow vulnerability in Libde265 v1.0.8 via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc Denial of Service (DoS) Vulnerability in Libde265 v1.0.8 via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc Heap-Buffer-Overflow Vulnerability in Libde265 v1.0.8's motion.cc Unserialisation Vulnerability in Custom Field Template WordPress Plugin Heap-buffer-overflow vulnerability in Libde265 v1.0.8 via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc Denial of Service (DoS) Vulnerability in Libde265 v1.0.8 via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc Heap-Buffer-Overflow Vulnerability in Libde265 v1.0.8's motion.cc Heap-buffer-overflow vulnerability in Libde265 v1.0.8 via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc Heap-Buffer-Overflow Vulnerability in Libde265 v1.0.8 via put_qpel_fallback<unsigned short> in fallback-motion.cc Segmentation Violation Vulnerability in Libde265 v1.0.8: DoS via Crafted Video File Heap-buffer-overflow vulnerability in Libde265 v1.0.8 via put_weighted_pred_avg_16_fallback in fallback-motion.cc Heap-buffer-overflow vulnerability in Libde265 v1.0.8 via put_epel_hv_fallback<unsigned short> in fallback-motion.cc Reflected Cross-Site Scripting Vulnerability in Post Status Notifier Lite WordPress Plugin Heap-buffer-overflow vulnerability in Libde265 v1.0.8 via put_qpel_0_0_fallback_16 in fallback-motion.cc Heap-buffer-overflow Vulnerability in Libde265 v1.0.8 via put_epel_16_fallback in fallback-motion.cc Heap-buffer-overflow vulnerability in Libde265 v1.0.8 via put_unweighted_pred_16_fallback in fallback-motion.cc Memory Leak Vulnerability in GPAC v2.1-DEV-rev368-gfd054169b-master via gf_list_new at utils/list.c Memory Leak Vulnerability in GPAC v2.1-DEV-rev368-gfd054169b-master via gf_odf_new_iod at odf/odf_code.c SQL Injection Vulnerability in SeaCms v12.6 via /js/player/dmplayer/dmku/index.php Component Stack Overflow Vulnerability in Tenda AC15 V15.03.05.18 via timeZone Parameter Unauthenticated Local Privilege Escalation Vulnerability in Trellix Endpoint Agent Stack Overflow Vulnerability in Tenda AC18 V15.03.05.19(6318) via fromSetSysTime Function SQL Injection Vulnerability in Human Resource Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in Arobas Music Guitar Pro for iOS Directory Traversal Vulnerability in Arobas Music Guitar Pro for iPad and iPhone Arbitrary File Upload Vulnerability in Canteen Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in Inhabit Systems Pty Ltd Move CRM Version 4, Build 260 Memory Leak Vulnerability in DCMTK v3.6.7 via T_ASC_Association Object Arbitrary File Upload Vulnerability in Canteen Management System v1.0 SQL Injection Vulnerability in Canteen Management System v1.0 Arbitrary File Upload Vulnerability in Canteen Management System v1.0 SQL Injection Vulnerability in Canteen Management System v1.0 SQL Injection Vulnerability in LimeSurvey v5.4.4 via /application/views/themeOptions/update.php Arbitrary File Upload Vulnerability in WooCommerce Checkout Field Manager WordPress Plugin Out-of-Bounds Read Vulnerability in wasm-interp v1.0.29 via OnReturnCallExpr->GetReturnCallDropKeepCount Heap Overflow in wasm-interp v1.0.29 via std::vector<wabt::Type, std::allocator<wabt::Type>>::size() Out-of-Bounds Read Vulnerability in wasm-interp v1.0.29 via OnReturnCallIndirectExpr->GetReturnCallDropKeepCount Vulnerability: Abort in CWriter::Write discovered in wasm2c v1.0.29 Segmentation Violation Vulnerability in Nginx NJS v0.7.2 to v0.7.4 Segmentation Violation Vulnerability in Nginx NJS v0.7.4 Heap-Use-After-Free Vulnerability in Nginx NJS v0.7.2 SQL Injection Vulnerability in Rukovoditel v3.2.1 via order_by Parameter Stack Overflow Vulnerability in Deark v.1.6.2 via do_prism_read_palette() Function Reflected Cross-Site Scripting Vulnerability in Product List Widget for Woocommerce WordPress Plugin SQL Injection Vulnerability in Canteen Management System v1.0 SQL Injection Vulnerability in Canteen Management System v1.0 SQL Injection Vulnerability in Canteen Management System v1.0 Arbitrary File Write Vulnerability in Wacom Driver 6.3.46-1 for Windows Stack Overflow Vulnerability in Tasmota (Commit 066878da4d4762a9b6cb169fdf353e804d735cfd) via ClientPortPtr Parameter in CRtspSession.cpp Stack Overflow Vulnerability in XPDF v4.04 via FileStream::copy() at xpdf/Stream.cc:795 Stored Cross-Site Scripting Vulnerability in WP Attachments WordPress Plugin Potential Code Execution Backdoor in d8s-strings Package Code Execution Backdoor in d8s-timer Python Package (Version 0.1.0) Potential Code-Execution Backdoor in d8s-python Package (Version 0.1.0) Code-execution backdoor vulnerability in d8s-timer Python package (v0.1.0) Arbitrary Administrator Account Creation Vulnerability in INTELBRAS SG 2404 MR 20180928-rel64938 Insecure Permissions Vulnerability Found in Supermicro X11SSL-CF HW Rev 1.01 BMC Firmware v1.63 SAML SSO Bypass Vulnerability in GitLab EE Uncontrolled Search Path Element Vulnerability in Foxit Reader v11.2.118.51569 Cross-Site Scripting (XSS) Vulnerability in Human Resource Management System v1.0 SQL Injection Vulnerability in Human Resource Management System v1.0 via stateedit Parameter Arbitrary File Read Vulnerability in Simple E-Learning System v1.0 Vulnerability in SPRECON-E-C/P/T3 CPU Allows Arbitrary Code Execution Reflected Cross-Site Scripting (XSS) Vulnerability in FeehiCMS v2.1.1 Reflected Cross-Site Scripting (XSS) Vulnerability in Shopwind v3.4.3 Cross-Site Request Forgery (CSRF) vulnerability in EyouCMS V1.5.9-UTF8-SP1's Top Up Balance component under the Edit Member module Unauthenticated Command Injection Vulnerability in Telos Alliance Omnia MPX Node IDOR Vulnerability in Telos Alliance Omnia MPX Node Allows Arbitrary Password Changes SQL Injection Vulnerability in Canteen Management System v1.0 via id parameter at /editorder.php SQL Injection Vulnerability in Canteen Management System v1.0 Hardcoded Credentials in SPRECON-E CPU Variants: Remote Device Takeover Vulnerability SQL Injection Vulnerability in Canteen Management System v1.0 via id parameter at /editorder.php SQL Injection Vulnerability in Canteen Management System v1.0 Cross-Site Scripting (XSS) Vulnerability in Wondercms v3.3.4 via Crafted Site Title Field Remote Code Execution Vulnerability in Telenia Software s.r.l TVox (before v22.0.17) - action_export_control.php CSRF Vulnerability in dzzoffice 2.02.1_SC_UTF8 Allows Unauthorized User Account Creation and Administrator Privilege Escalation Stored XSS Vulnerability in Eramba GRC Software c2.8.1 via Crafted KPI Title Field Global Buffer Overflow Vulnerability in N-Prolog v1.91's gettoken() Function Blind SSRF Vulnerability in GitLab EE Versions Prior to 15.6.1 SQL Injection Vulnerability in Sanitization Management System v1.0 Arbitrary File Deletion Vulnerability in Sanitization Management System v1.0 SQL Injection Vulnerability in Sanitization Management System v1.0 SQL Injection Vulnerability in Sanitization Management System v1.0 SQL Injection Vulnerability in Sanitization Management System v1.0 SQL Injection Vulnerability in Sanitization Management System v1.0 Stack Overflow Vulnerability in libsass:3.6.5-8-g210218 and sassc 3.6.2 Stack Overflow Vulnerability in Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218 Out-of-Bounds Read Vulnerability in Gifdec's read_image_data Function Stored XSS Vulnerability in BAOTA Linux Panel Allows for Sensitive Information Leakage Cross-Site Scripting (XSS) Vulnerability in Senayan Library Management System v9.4.2 via pop_chart.php Component SQL Injection Vulnerability in Senayan Library Management System v9.4.2 via collType Parameter at loan_by_class.php XSS Vulnerability in Telegram Web 15.3.1 via Target Corporation Website Payload Password Reset Page Access Control Vulnerability in IP-COM EW9 V15.11.0.14(9732) Buffer Overflow Vulnerability in IP-COM EW9 V15.11.0.14(9732) - Exploitable DoS via crafted string Unauthenticated Access to Sensitive Information in IP-COM EW9 V15.11.0.14(9732) Command Injection Vulnerability in IP-COM EW9 V15.11.0.14(9732) Cross-Site Scripting (XSS) Vulnerability in AutoTaxi Stand Management System v1.0 via search.php OpenvSwitch Vulnerability: Out-of-Bounds Read in Organization Specific TLV Reflected Cross-Site Scripting (XSS) Vulnerability in Emlog Pro v1.7.1 at /admin/store.php Cross-Site Scripting (XSS) Vulnerability in NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) Title: Account Takeover Vulnerability in NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) Unrestricted External Address Frame Vulnerability in NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) Integer Underflow Vulnerability in OpenvSwitch's Organization Specific TLV AIX NFS Kernel Extension Denial of Service Vulnerability AIX SMB Client Denial of Service Vulnerability Local Privilege Escalation Vulnerability in IBM AIX and VIOS Buffer Overflow Vulnerability in Zyxel NR7101 Web Server Library Command Injection Vulnerability in Zyxel NR7101 Firmware Buffer Overflow Vulnerability in Zyxel NR7101 Firmware: Denial-of-Service Exploit Buffer Overflow Vulnerability in Zyxel NR7101 Web Server Parameter Unauthenticated Memory Corruption Vulnerability in Zyxel GS1920-24v2 Firmware Bypassing Command Blacklist in CVE-2022-24697 Out of Bounds Write Vulnerability in Parasolid and Simcenter Femap (ZDI-CAN-17854) Session Cookie Overwrite Vulnerability in POWER METER SICAM Q100 (All versions < V2.50) Insecure Direct Object Reference (IDOR) Vulnerability in BookingPress WordPress Plugin Unauthenticated Remote Access Vulnerability in Siveillance Video Mobile Server Sandbox Bypass Vulnerability in Jenkins Script Security Plugin Sandbox Bypass Vulnerability in Jenkins Pipeline: Groovy Plugin Sandbox Bypass Vulnerability in Jenkins Script Security Plugin Sandbox Bypass Vulnerability in Jenkins Script Security Plugin Sandbox Bypass Vulnerability in Jenkins Pipeline: Groovy Libraries Plugin Sandbox Bypass Vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin Jenkins Pipeline: Input Step Plugin ID Bypass Vulnerability Jenkins Pipeline: Stage View Plugin Vulnerability - Bypassing CSRF Protection via 'input' Step IDs Jenkins Pipeline: Supporting APIs Plugin Stored XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in csliuwy coder-chain_gdut Jenkins Mercurial Plugin Information Disclosure Vulnerability Timing Vulnerability in Jenkins GitLab Plugin Timing Vulnerability in Jenkins Generic Webhook Trigger Plugin Jenkins Job Import Plugin Allows Enumeration of Credentials IDs Arbitrary File Read Vulnerability in Jenkins NUnit Plugin Jenkins REPO Plugin 1.15.0 and earlier XML External Entity (XXE) Vulnerability Arbitrary OS Command Execution in Jenkins Katalon Plugin Jenkins Katalon Plugin Allows Unauthorized Access to Attacker-Specified URLs and Credential Capture Jenkins Katalon Plugin CSRF Vulnerability Allows Unauthorized Access to Stored Credentials Unencrypted Storage of API Keys in Jenkins Katalon Plugin Webhook URL Manipulation Vulnerability in GitLab CE/EE Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Contrast Continuous Application Security Plugin Unauthenticated Remote Triggering of Tuleap Projects in Jenkins Tuleap Git Branch Source Plugin Unrestricted Execution Vulnerability in Jenkins Compuware Topaz Utilities Plugin Unrestricted Execution of Agent/Controller Message in Jenkins Compuware Source Code Download Plugin Unrestricted Execution Vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Custom Checkbox Parameter Plugin Unmasked AWS_SECRET_ACCESS_KEY in Jenkins S3 Explorer Plugin 1.0.8 and earlier Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier: Credential Enumeration Vulnerability Unrestricted Execution Vulnerability in Jenkins Compuware Topaz for Total Test Plugin Arbitrary File Read Vulnerability in Jenkins Compuware Topaz for Total Test Plugin GitLab EE Vulnerability: Unauthorized Access to Stored Credentials in Site Profile XML External Entity (XXE) Vulnerability in Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and Earlier Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier: Credential Enumeration Vulnerability Jenkins XFramium Builder Plugin 1.0.22 and earlier: Content-Security-Policy Protection Bypass Jenkins ScreenRecorder Plugin 0.7 and earlier: Content-Security-Policy Protection Bypass Jenkins NeuVector Vulnerability Scanner Plugin: Content-Security-Policy Protection Bypass Jenkins 360 FireLine Plugin 1.7.2 and earlier: Content-Security-Policy Protection Bypass Arbitrary File Upload Vulnerability in EasyTest SQL Injection Vulnerability in EasyTest's Download Function Incorrect Authorization Vulnerability in EasyTest Administrator Function Vulnerability in Language-parameter Validation in POWER METER SICAM Q100 and SICAM P850/P855 Kafka Protocol Dissector Memory Exhaustion Vulnerability Privilege Escalation via Manipulated unixcat Executable in Checkmk Agent Code Execution Vulnerability in Ghost Foundation node-sqlite3 5.1.1 Statement Bindings Functionality Plaintext Password Storage Vulnerability in +F FS040U Software Buffalo Network Devices: OS Command Injection Vulnerability SQL Injection Vulnerability in Delta Electronics DIAEnergie AM_EBillAnalysis.aspx Image File Out-of-Bounds Write Vulnerability in V-SFT and TELLUS Arbitrary File Read Vulnerability in OpenHarmony-v3.1.2 and Prior Versions via download_server Denial of Service Vulnerability in Wireshark Protocol Dissectors User-Controlled Key Authorization Bypass Vulnerability in XWP Stream Multiple Path Traversal Vulnerability in OpenHarmony-v3.1.2 and Prior Versions SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie v1.9.02.001 and earlier versions Arbitrary Service Control Vulnerability in Sewio’s RTLS Studio Uncontrolled Search Path Vulnerability in Intel(R) RST Software SQL Injection Vulnerability in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 Cross-Site Scripting (XSS) Vulnerability in Code Tides Advanced Floating Content Plugin CSRF Vulnerability in Forms by CaptainForm – Form Builder for WordPress Plugin Public Disclosure of Settings and Email Address in AIOS WordPress Plugin (CVE-2021-XXXX) Vulnerability: Passwords Stored in Recoverable Format in Driver Distributor Stored Cross-Site Scripting (XSS) Vulnerability in John West Slideshow SE Plugin <= 2.5.5 Authentication Bypass SQL Injection Vulnerability in Adeel Ahmed's IP Blacklist Cloud Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Custom Product Tabs for WooCommerce Plugin <= 1.7.9 on WordPress Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware: Remote command execution and device settings alteration Denial of Service Vulnerability in Intel(R) SCS Software Buffalo Network Devices: OS Command Injection Vulnerability Open Babel 3.1.1 and master commit 530dbfa3 PQS coord_file Out-of-Bounds Write Vulnerability Arbitrary Manipulation of Article Views Vulnerability in WordPress Popular Posts CSRF Vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data Plugin Cross-Site Scripting (XSS) Vulnerability in xiandafu beetl-bbs CSRF Vulnerability in +F FS040U, FS020W, FS030W, and FS040W Software Versions Blind XML External Entity (XXE) Vulnerability in ManageEngine OpManager 12.6.168 Uncontrolled Search Path Vulnerability in DSP Builder Software Installer Insecure Storage of Sensitive Information in Intel(R) DCM Software: Potential Privilege Escalation Vulnerability Intel Unison Software: Incomplete Cleanup Vulnerability Allows Local Information Disclosure Open Redirect Vulnerability in SHIRASAGI v1.14.4 to v1.15.0: Remote Unauthenticated Redirect to Phishing Attack Cross-Site Scripting (XSS) Vulnerability in y_project RuoYi-Cloud JSON Handler (VDB-215108) Stored XSS Vulnerability in Magneticlab Sàrl Homepage Pop-up Plugin (<= 1.2.5) CSRF Vulnerability in Advanced Coupons for WooCommerce Coupons Plugin Unauthenticated Access to Appointment Booking Calendar Plugin <= 1.3.69 on WordPress Unvalidated Input Module Name Vulnerability in Sewio’s RTLS Studio ClassLoader Manipulation Vulnerability in TERASOLUNA Global Framework and TERASOLUNA Server Framework for Java Insufficient Random Value Generation in Honeywell OneWireless Hidden Debug Functionality Vulnerability in Buffalo Network Devices Arbitrary Script Injection Vulnerability in Salon Booking System Versions Prior to 7.9 CSRF Vulnerability in Advanced Dynamic Pricing for WooCommerce Plugin Cross-Site Request Forgery (CSRF) Vulnerability in CTF-hacker pwn (VDB-215109) CSRF Vulnerability in XWP Stream Plugin <= 3.9.2 CSRF Vulnerability in Advanced Dynamic Pricing for WooCommerce Plugin Allows Unauthorized Plugin Settings Import Insecure Direct Object References (IDOR) Vulnerability in wpDiscuz Plugin 7.4.2 File Disclosure Vulnerability DistributedHardware_Device_Manager Join Network DOS Vulnerability Cross-Site Scripting Vulnerability in WordPress Versions Prior to 6.0.3 Stored Cross-Site Scripting Vulnerability in SHIRASAGI Versions Prior to v1.16.2 Cross-Site Scripting (XSS) Vulnerability in Mingsoft MCMS 5.2.8 via search.do WordPress Cross-Site Scripting Vulnerability (Versions Prior to 6.0.3) Insufficiently Random Initial Sequence Number Generation in KASAGO TCP/IP Stack WordPress Post by Email Feature Email Address Disclosure Vulnerability BIOS Firmware Vulnerability: Denial of Service via Local Access SQL Injection Vulnerability in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 Buffer Overflow Vulnerability in Intel(R) QAT Engine for OpenSSL CX-Programmer v.9.77 and Earlier: Use-After-Free Vulnerability in CXP File Parsing Out-of-Bounds Write Vulnerability in CX-Programmer v.9.77 and Earlier: Information Disclosure and Arbitrary Code Execution via Specially Crafted CXP File SQL Injection Vulnerability in Qe SEO Handyman WordPress Plugin Information Disclosure Vulnerability in VISAM VBASE Automation Base Unauthenticated Remote File Rename Vulnerability in Automation License Manager Vulnerability in Automation License Manager Allows Remote Code Execution Bypassing IP Whitelisting Protection in Zabbix Frontend Critical Firewall Vulnerability: Unrestricted TCP Access After Zabbix Agent Installation Improper File Permissions in Simcenter STAR-CCM+ Installation Folders Aruba EdgeConnect Enterprise Authenticated Path Traversal Vulnerability Aruba EdgeConnect Enterprise Orchestrator SQL Injection Vulnerability SQL Injection Vulnerability in Qe SEO Handyman WordPress Plugin Aruba EdgeConnect Enterprise Orchestrator SQL Injection Vulnerability Aruba EdgeConnect Enterprise Orchestrator SQL Injection Vulnerability Aruba EdgeConnect Enterprise Orchestrator SQL Injection Vulnerability Aruba EdgeConnect Enterprise Orchestrator SQL Injection Vulnerability Aruba EdgeConnect Enterprise Orchestrator Stored XSS Vulnerability Aruba EdgeConnect Enterprise Orchestrator Multiple Reflected XSS Vulnerabilities Aruba EdgeConnect Enterprise Orchestrator Multiple Reflected XSS Vulnerabilities Aruba EdgeConnect Enterprise Orchestrator Multiple Reflected XSS Vulnerabilities Aruba EdgeConnect Enterprise Orchestrator MFA Bypass Vulnerability Aruba EdgeConnect Enterprise Orchestrator Session Persistence Vulnerability Cross Site Scripting (XSS) Vulnerability in LinZhaoguan pb-cms 2.0 (IpUtil.getIpAddr) - Remote Code Execution Possible SQL Injection Vulnerabilities in ClearPass Policy Manager SQL Injection Vulnerabilities in ClearPass Policy Manager Stored Cross-Site Scripting (XSS) Vulnerability in ClearPass Policy Manager ClearPass OnGuard macOS Agent Privilege Escalation Vulnerability ClearPass OnGuard Linux Agent Privilege Escalation Vulnerability Privilege Escalation Vulnerability in ClearPass OnGuard Windows Agent Aruba ClearPass Policy Manager Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability Aruba ClearPass Policy Manager Remote Command Execution Vulnerability ClearPass Policy Manager Cluster Communications Vulnerability Cross-Site Scripting (XSS) Vulnerability in LinZhaoguan pb-cms 2.0 ClearPass OnGuard macOS Agent Local Information Disclosure Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Aruba EdgeConnect Enterprise Command Line Interface Remote Code Execution Vulnerability Vulnerability: Unicode Control Character Spoofing in KDDI, NTT DOCOMO, and SoftBank +Message Apps Vulnerability in SICAM Power Meters and Controllers Vulnerability: Unvalidated EndTime-parameter in Web Interface Requests Incomplete Fix for OS Command Injection Vulnerability in Node.js Versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 (CVE-2022-32212) Authentication Bypass Vulnerability in Veeam Backup for Google Cloud v1.0 and v3.0 SQL Injection Vulnerability in LetsRecover WordPress Plugin (Versions before 1.2.0) Command Injection Vulnerability in Jitsi Allows Remote Code Execution Bypassing HSTS Check in curl: IDN Character Vulnerability Use After Free Vulnerability in Curl's Tunneling Functionality EdgeRouter Remote Code Execution Vulnerability Unauthenticated Local Privilege Escalation Vulnerability in Ivanti Avalanche Smart Device Service Unauthenticated Local Privilege Escalation in Ivanti Avalanche Printer Device Service XSS Vulnerability in Concrete CMS (formerly concrete5) 8.5.10 and 9.1.3 Vulnerability: Unauthorized Configuration and Disabling of BD BodyGuard™ Infusion Pumps via RS-232 Port SQL Injection Vulnerability in LetsRecover WordPress Plugin (Versions before 1.2.0) Persistent Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise Unvalidated Host Header Vulnerability in Splunk Enterprise Risky Command Bypass Vulnerability in Splunk Enterprise Versions Below 8.2.9 and 8.1.12 Denial of Service Vulnerability in Splunk Enterprise Versions Below 8.1.12, 8.2.9, and 9.0.2 JSON Bypass Vulnerability in Splunk Enterprise Versions Below 8.2.9 and 8.1.12 Vulnerability: Privilege Escalation via Phishing Attack in Splunk Enterprise Remote Command Execution Vulnerability in Splunk Secure Gateway App Reflected Cross Site Scripting (XSS) via JSON in Splunk Enterprise View Persistent Cross-Site Scripting (XSS) Vulnerability in Splunk Enterprise Data Model Object Name SQL Injection Vulnerability in LetsRecover WordPress Plugin XML External Entity (XXE) Injection in Splunk Enterprise Versions Below 8.1.12, 8.2.9, and 9.0.2 via Custom View Arbitrary Code Execution Vulnerability in Splunk Enterprise Dashboard PDF Generation Denial-of-Service Vulnerability in Splunk Enterprise Versions Below 8.2.9, 8.1.12, and 9.0.2 Exposure of Creator/Modifier Information in IBM Robotic Process Automation IBM Robotic Process Automation 21.0.1-21.0.5 Vulnerability: Incorrect Permission Assignment Allows Unauthorized Access to Application Configurations Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator SQL Injection Vulnerability in WP RSS By Publishers WordPress Plugin Missing Authorization Vulnerability in IBM Content Navigator 3.0.x Null Pointer Dereference Vulnerability in CBFS Filter 20.0.8317: Denial of Service via Specially Crafted IRP Null Pointer Dereference Vulnerability in CBFS Filter 20.0.8317: Denial of Service via IOCTL SQL Injection Vulnerability in WP RSS By Publishers WordPress Plugin Null Pointer Dereference Vulnerability in CBFS Filter 20.0.8317: Denial of Service via IOCTL Buffer Overflow Vulnerability in QML QtScript Reflect API of Qt Project Qt 6.3.2 Information Disclosure Vulnerability in OpenImageIO Project OpenImageIO v2.4.4.2: Leaked Heap Data via DPXOutput::close() Denial of Service Vulnerability in OpenImageIO Project OpenImageIO v2.4.4.2: DPXOutput::close() Null Pointer Dereference Denial of Service Vulnerabilities in OpenImageIO Project OpenImageIO v2.4.4.2 Image Output Closing Functionality Multiple Denial of Service Vulnerabilities in OpenImageIO Project OpenImageIO v2.4.4.2 Image Output Closing Functionality Information Disclosure Vulnerability in OpenImageIO Project OpenImageIO v2.4.4.2: Leaked Heap Data via IFFOutput Channel Interleaving Arbitrary Code Execution Vulnerability in OpenImageIO Project OpenImageIO v2.4.4.2 Arbitrary Code Execution Vulnerability in OpenImageIO Project OpenImageIO v2.4.4.2 Heap Buffer Overflow in IFFOutput::close() Functionality of OpenImageIO Project OpenImageIO v2.4.4.2 SQL Injection Vulnerability in WP RSS By Publishers WordPress Plugin Heap Buffer Overflow in IFFOutput::close() Functionality of OpenImageIO Project OpenImageIO v2.4.4.2 Heap Buffer Overflow in IFFOutput::close() Functionality of OpenImageIO Project OpenImageIO v2.4.4.2 Heap Buffer Overflow in IFFOutput::close() Functionality of OpenImageIO Project OpenImageIO v2.4.4.2 Denial of Service Vulnerability in OpenImageIO Project OpenImageIO v2.4.4.2 Out-of-Bounds Write Vulnerability in EIP Stack Group OpENer Development Commit 58ee13c Out-of-Bounds Write Vulnerability in EIP Stack Group OpENer Development Commit 58ee13c Use-of-Uninitialized-Pointer Vulnerability in EIP Stack Group OpENer Development Commit 58ee13c Open Babel 3.1.1 and master commit 530dbfa3 - Arbitrary Code Execution via Malformed MOL2 File Canon imageCLASS MF644Cdw 10.03 Printer BJNP Service Integer Overflow Remote Code Execution Vulnerability Arbitrary Code Execution via IronCAD STP File Parsing Vulnerability Cross-Site Scripting (XSS) Vulnerability in Keycloak SAML and OIDC Providers Remote Code Execution Vulnerability in CorelDRAW Graphics Suite 23.5.0.506 via Malicious GIF Image Parsing BMP Image Parsing Vulnerability in CorelDRAW Graphics Suite 23.5.0.506 Remote Code Execution Vulnerability in CorelDRAW Graphics Suite 23.5.0.506 Arbitrary Code Execution via CGM File Parsing in CorelDRAW Graphics Suite 23.5.0.506 Arbitrary Code Execution via GIF Image Parsing in CorelDRAW Graphics Suite 23.5.0.506 Remote Code Execution Vulnerability in CorelDRAW Graphics Suite 23.5.0.506 via Malicious PDF Parsing Arbitrary Code Execution via EMF Image Parsing in CorelDRAW Graphics Suite 23.5.0.506 Arbitrary Code Execution via PCX File Parsing in CorelDRAW Graphics Suite 23.5.0.506 Arbitrary Code Execution via PCX File Parsing in CorelDRAW Graphics Suite 23.5.0.506 Arbitrary Code Execution Vulnerability in D-Link DIR-1935 1.03 Routers (ZDI-CAN-16141) Stored Cross-Site Scripting Vulnerability in Popup Maker WordPress Plugin Authentication Bypass Vulnerability in D-Link DIR-1935 1.03 Routers (ZDI-CAN-16142) Authentication Bypass Vulnerability in D-Link DIR-1935 1.03 Routers (ZDI-CAN-16152) Unauthenticated Remote Code Execution in D-Link DIR-1935 1.03 Routers Authentication Bypass and Remote Code Execution in D-Link DIR-1935 1.03 Routers (ZDI-CAN-16140) Bypassing Authentication to Execute Arbitrary Code on D-Link DIR-1935 1.03 Routers (ZDI-CAN-16145) Title: D-Link DIR-1935 1.03 Router Authentication Bypass and Arbitrary Code Execution Vulnerability (ZDI-CAN-16144) Title: D-Link DIR-1935 Router Authentication Bypass and Remote Code Execution Vulnerability (ZDI-CAN-16146) Bypassing Authentication to Execute Arbitrary Code on D-Link DIR-1935 1.03 Routers (ZDI-CAN-16147) Arbitrary Code Execution Vulnerability in D-Link DIR-1935 1.03 Routers (ZDI-CAN-16148) Title: Arbitrary Code Execution Vulnerability in D-Link DIR-1935 1.03 Routers (ZDI-CAN-16149) Unauthenticated Remote Code Execution in D-Link DIR-1935 1.03 Routers Authentication Bypass Vulnerability in D-Link DIR-1935 1.03 Routers Title: D-Link DIR-1935 Router Authentication Bypass and Remote Code Execution Vulnerability (ZDI-CAN-16153) Arbitrary Code Execution via SetSysLogSettings in D-Link DIR-1935 1.03 Routers Arbitrary Code Execution Vulnerability in Netatalk (ZDI-CAN-17646) Unauthenticated Information Disclosure Vulnerability in TP-Link TL-WR940N Routers Authentication Bypass Vulnerability in TP-Link TL-WR940N 6_211111 3.20.1(US) Routers Remote Code Execution Vulnerability in Foxit PDF Reader 12.0.1.12430 via U3D File Parsing Remote Code Execution Vulnerability in Foxit PDF Reader 12.0.1.12430 via U3D Parsing Remote Code Execution Vulnerability in Foxit PDF Reader 12.0.1.12430 via U3D File Parsing Critical Command Injection Vulnerability in Teledyne FLIR AX8 (up to 1.46.16) via palette.php Remote Code Execution Vulnerability in Foxit PDF Reader 12.0.1.12430 Remote Code Execution Vulnerability in Foxit PDF Reader 12.0.1.12430 via U3D File Parsing Arbitrary Code Execution Vulnerability in D-Link DIR-825 1.0.9/EE Routers Arbitrary Code Execution Vulnerability in D-Link DIR-825 1.0.9/EE Routers Arbitrary Code Execution Vulnerability in D-Link DIR-825 1.0.9/EE Routers Arbitrary Code Execution Vulnerability in D-Link DIR-825 1.0.9/EE Routers Arbitrary Code Execution Vulnerability in D-Link DIR-825 1.0.9/EE Routers Unauthenticated Remote Code Execution in D-Link DIR-825 1.0.9/EE Routers via xupnpd Service (ZDI-CAN-19464) Arbitrary Code Execution Vulnerability in D-Link DIR-3040 1.20B03 Routers Arbitrary Code Execution Vulnerability in Foxit PDF Reader 12.0.2.12465 Sentry Token Leakage Vulnerability in GitLab CE/EE Remote Code Execution Vulnerability in RARLAB WinRAR 6.11.0.0 via ZIP File Parsing Missing Authorization in GitHub Repository lirantal/daloradius: A Potential Security Breach Arbitrary Code Execution via Server-Side Includes in Movable Type Kernel Stack Overflow Vulnerability in OpenHarmony-v3.1.4 and Prior Versions Buffer Overflow Vulnerability in WellinTech KingHistorian 35.01.00.05's SORBAx64.dll RecvPacket Functionality Use-after-free vulnerability in Ichitaro Word Processor 2022 allows arbitrary code execution Denial of Service Vulnerability in ESTsoft Alyac 2.5.8.645 Malware Scan Functionality Debug Information Leakage in Intel Unison Software: Local Access Information Disclosure Vulnerability Stack-based Buffer Overflow Vulnerability in CX-Programmer v.9.77 and Earlier Unsanitized JavaScript Execution in Typora Versions Prior to 1.4.4 Reflected Cross-Site Scripting (XSS) Vulnerability in Sling App CMS 1.1.0 and Prior SQL Injection Vulnerability in Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus SQL Injection Vulnerability in Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus Vulnerability: Message Deletion Advertised but Retrievable in Wire for Windows Reflected XSS Vulnerabilities in NOKIA NFM-T R19.9 Index-Out-of-Range Panic Vulnerability in free5GC 3.2.1 AMF and NGAP Decoders Misconfiguration in Docker Image of ownCloud Server Allows URL Spoofing in Password-Reset Emails Reflected Cross-Site Scripting in WP CSV WordPress Plugin Use-after free vulnerability in libexpat through 2.4.9 BGP Daemon Denial-of-Service Vulnerability in FRRouting FRR through 8.4 Title: ServiceNow Core Functionality ACL Bypass Vulnerability CKAN Account Takeover Vulnerability via Unauthenticated User HTTP POST Request Denial of Service Vulnerability in Concrete CMS (formerly concrete5) Session ID Not Refreshed After OAuth Authentication in Concrete CMS (formerly concrete5) Versions 8.5.10 and Below 9.1.3 Stored Cross-Site Scripting (XSS) Vulnerability in Concrete CMS Icons XXE-based DNS Request Vulnerability in Concrete CMS Reflected Cross-Site Scripting Vulnerability in WP-Lister Lite for Amazon WordPress Plugin Authentication Bypass Vulnerability in Concrete CMS Inadvertent Disclosure of Server-Side Sensitive Information in Concrete CMS Reflected XSS vulnerability in Concrete CMS versions 8.5.10 and below, and 9.0.0 to 9.1.2 CSRF Vulnerability in Concrete CMS's External Authentication Service Reflected XSS Vulnerability in Concrete CMS Image Manipulation Library Stored Cross-Site Scripting (XSS) Vulnerability in Concrete CMS Cross-Site Scripting (XSS) Vulnerability in OX App Suite before 7.10.6-rev20 via Upsell Ads Cross-Site Scripting (XSS) Vulnerability in OX App Suite before 7.10.6-rev30 SSRF Vulnerability in OX App Suite before 7.10.6-rev30 SSRF Vulnerability in OX App Suite Email Account Discovery SQL Injection Vulnerability in Multimedial Images WordPress Plugin Insecure File Permissions in Installation Directory Allows Execution of Malicious Code Insecure File Permissions Allow for Installer Tampering Vulnerability Unconstrained Search Path Vulnerability Vulnerability: Unauthorized Control of Sinilink XY-WFT1 WiFi Remote Thermostat OCSP Response Forgery Vulnerability in Botan Arbitrary Script Injection in StackStorm Web UI Cross-site Scripting (XSS) Vulnerability in MyBB 1.8.31 Visual MyCode Editor (SCEditor) Cross-Site Scripting (XSS) Vulnerability in MyBB 1.8.31 Post Attachments Interface SQL Injection Vulnerability in MyBB 1.8.31 Admin CP Users Module SQL Injection Vulnerability in Web Invoice WordPress Plugin Cross-Site Request Forgery (CSRF) Vulnerability in GX Software XperienCentral Interactive Forms (IAF) Cross-Site Scripting (XSS) Vulnerability in GX Software XperienCentral Interactive Forms (IAF) Unauthenticated POST Request Vulnerability in GX Software XperienCentral (CVE-2022-22965) Bypassing Form Validation in GX Software XperienCentral Versions 10.33.1 - 10.35.0 Denial of Service Vulnerability in SIMATIC CP and SIPLUS Devices XSS Vulnerability in Apache Superset Dashboard Rendering Cross-Site Scripting (XSS) Vulnerability in Apache Superset Cross-Site Request Forgery Vulnerability in Apache Superset REST API Endpoints SQL Injection Vulnerability in Web Invoice WordPress Plugin HTML Injection Vulnerability in Apache Superset Dataset Link Redirection Vulnerability in Apache Superset Insecure Folder Permissions in SICAM PAS/PQS (All versions < V7.0) Denial of Service Vulnerability in SICAM PAS/PQS ClearText Transmission of Database Credentials and Remote Command Execution in SICAM PAS/PQS (All versions < V7.0) SQL Injection Vulnerability in Quote-O-Matic WordPress Plugin Reflected Cross-Site Scripting in Bg Bible References WordPress Plugin Denial of Service Vulnerability in IBM Security Verify Access OIDC Provider (IBM X-Force ID: 238921) Remote Code Execution Vulnerability in baramundi Management Agent (bMA) Path Traversal Vulnerability in Synology Presto File Server Privilege Bypass Vulnerability in Synology Presto File Server Critical SQL Injection Vulnerability in Mingsoft MCMS up to 5.2.9 (VDB-215196) USBmon Memory Corruption Vulnerability Uncontrolled Search Path Element Vulnerability in McAfee Total Protection Privilege Escalation Vulnerability in Oracle Solaris CDE via Malicious Printer Improper Path Traversal Vulnerability in SUSE Manager Server Cross-site Scripting (XSS) Vulnerability in SUSE Manager Server 4.2 and 4.3 Insufficient Entropy Vulnerability in SUSE Rancher Allows Persistent Abuse of Renewed Cattle-Token Denial of Service Vulnerability in SUSE Rancher Wrangler (CVE-2021-12345) Cleartext Storage of Sensitive Information Vulnerability in SUSE Rancher: Unauthorized Access to Credentials OS Command Injection Vulnerability in SUSE Rancher Allows Code Execution Privilege Escalation Vulnerability in SUSE Rancher Private Email Mapping Vulnerability in GitLab Cross-Site Scripting (XSS) Vulnerability in SUSE Rancher Allows Privileged User Impersonation Unauthenticated Access to B&R APROL Database Configuration Memory Leak Vulnerability in B&R APROL Tbase Server Versions < R 4.2-07 Denial of Service Vulnerability in B&R APROL Versions < R 4.2-07 Buffer Overflow Vulnerability in Tbase Server Configuration Change in B&R APROL versions < R 4.2-07 B&R APROL Denial-of-Service Vulnerability Apache IoTDB REGEXP Query Denial of Service Vulnerability Vulnerability: Denial of Service in SIMATIC CP and SIPLUS Devices Title: Denial of Service Vulnerability in SIMATIC CP and SIPLUS Devices Template Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Cross-Site Scripting (XSS) Vulnerability in S-CMS 5.0 Build 20220328 Authorization Bypass in Hitachi Vantara Pentaho Business Analytics Server Dashboard Editor Plugin API CSV Import Path Traversal Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Clear Text Exposure of Cluster Credentials in Hitachi Vantara Pentaho Business Analytics Server Stored Procedure Vulnerability in Hitachi Vantara Pentaho Business Analytics Server SQL Injection Vulnerability in Delta Electronics DIAEnergy v1.9 HandlerPageP_KID Class SQL Injection Vulnerability in Delta Electronics DIAEnergy v1.9 HICT_Loop Class Server Side Request Forgery (SSRF) Vulnerability in Metabase <44.5 via /api/geojson Endpoint HP BIOS TOCTOU Vulnerabilities HP BIOS TOCTOU Vulnerabilities TOCTOU Vulnerability in HP PC Products with AMI UEFI Firmware Stack Overflow Vulnerability in Linux Kernel's SYSCTL Subsystem Allows Privilege Escalation Vulnerability Alert: Denial of Service Attack on HP ENVY, OfficeJet, and DeskJet Printers Command Injection Vulnerability in Bitbucket Server and Data Center Authentication Bypass and Privileged API Access in Atlassian Crowd of service (DoS) attack. Stored Cross-Site Scripting Vulnerability in Popup Maker WordPress Plugin Race Condition Vulnerability in Gadgetfs Linux Driver Leads to Use-After-Free Flaw SQL Injection Vulnerability in CBX Petition for WordPress Plugin Privilege Escalation Vulnerability in IBM Storage Scale Container Native Storage Access Privilege Escalation Vulnerability in Stream WordPress Plugin SQL Injection Vulnerability in IBM Aspera Console 3.4.0 through 3.4.2 Weak Cryptographic Algorithms in IBM Spectrum Scale 5.1.5.0-5.1.5.1: High-Risk Data Decryption Vulnerability Broken Access Control Vulnerability in IBM Robotic Process Automation for Cloud Pak AIX perfstat Kernel Extension Denial of Service Vulnerability AIX pfcdd Kernel Extension Denial of Service Vulnerability Unauthenticated User Can Update Menu Order in Intuitive Custom Post Order WordPress Plugin CVE-2022-43855 IBM Navigator for i Log File Access Vulnerability Authenticated User File System Access Vulnerability in IBM Navigator for i IBM Navigator for i SQL Injection Vulnerability CSRF Vulnerability in Intuitive Custom Post Order WordPress Plugin SQL Injection Vulnerability in IBM Navigator for i 7.3, 7.4, and 7.5 Privilege Escalation Vulnerability in IBM QRadar SIEM 7.4 and 7.5 Directory Traversal Vulnerability in IBM Business Automation Workflow 22.0.2 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 Arbitrary Command Execution Vulnerability in IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 IBM Security Verify Access OIDC Provider Directory Disclosure Vulnerability Denial of Service through GUI using Format String Attack in IBM Spectrum Scale and IBM Elastic Storage System Disclosure of SNMPv3 Server Credentials in IBM Spectrum Virtualize Log Files Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager for SWIFT Services 3.2.4 Improper Authorization Checks in IBM Financial Transaction Manager 3.2.4 Allow Unauthorized Access to Technical Information Privilege Escalation Vulnerability in IBM Spectrum Virtualize GUI Cross-Site Scripting (XSS) Vulnerability in IBM App Connect Enterprise Certified Container Denial of Service Vulnerability in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 Sensitive Password Disclosure in IBM UrbanCode Deploy (UCD) Agentrelay.properties File CVE-2022-43880 Log Injection Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Sensitive Information Exposure via API Key Logging in IBM Cognos Analytics IBM Security Verify Privilege On-Premises 11.5 Information Disclosure Vulnerability CVE-2022-43890 Sensitive Information Disclosure in IBM Security Verify Privilege On-Premises 11.5 Certificate Validation Vulnerability in IBM Security Verify Privilege On-Premises 11.5 Privilege Escalation Vulnerability in IBM Security Verify Privilege On-Premises 11.5 Unrestricted WAN Interface Access to IPv6 Services on NETGEAR RAX30 AX2400 Routers Local Privilege Escalation in IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 Information Disclosure Vulnerability in IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 Denial of Service Vulnerability in IBM MQ 9.2 and 9.3 Denial of Service Vulnerability in IBM Security Guardium 10.6, 11.3, and 11.4 Improper Restriction of Excessive Authentication Attempts in IBM Security Guardium 11.3 and 11.4 Missing or Insecure SameSite Attribute in IBM Security Guardium 11.5 Could Lead to Sensitive Information Disclosure Remote Code Execution Vulnerability in IBM Security Guardium 11.4 Denial of Service Vulnerability in IBM Security Guardium 11.3 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.4 Stored Cross-Site Scripting Vulnerability in Vision Interactive For WordPress Plugin Privilege Escalation Vulnerability in IBM Security Guardium 11.3 Cross-Site Scripting (XSS) Vulnerability in IBM TRIRIGA Application Platform 4.0 Weak Cryptographic Keys in IBM WebSphere Application Server Traditional Container IBM MQ 9.2 and 9.3 Authenticated Message Crafting Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerability in iPanorama 360 WordPress Virtual Tour Builder Plugin Access Control Vulnerability in IBM Sterling B2B Integrator Sftp Server Adapter Weak Hash of API Key in IBM App Connect Enterprise Certified Container Local Information Disclosure Vulnerability in IBM Maximo Application Suite 8.8.0 and 8.9.0 Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows Sensitive Data Exposure in IBM Toolbox for Java Denial of Service Vulnerability in IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 Stored Cross-Site Scripting Vulnerability in ImageLinks Interactive Image Builder for WordPress Plugin Information Disclosure Vulnerability in IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 Remote Code Execution Vulnerability in Synology VPN Plus Server Arbitrary File Read Vulnerability in Synology Router Manager (SRM) Scripting Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Non-Canonical URL Security Bypass Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Stored Cross-Site Scripting Vulnerability in iPages Flipbook For WordPress Plugin Authorization Bypass in Hitachi Vantara Pentaho Business Analytics Server Out-of-Band XML External Entity Reference Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Buffer Overflow Vulnerability in Linux Kernel NFSD Implementation Fortinet FortiClientWindows Multiple Vulnerabilities: Incorrect Permission Assignment and TOCTOU Race Condition Excessive Authentication Attempts Vulnerability in Fortinet FortiOS and FortiProxy Administrative Interface Command Injection Vulnerability in Fortinet FortiWeb and FortiADC Outdated Hashing Methods in Fortinet FortiSIEM: Remote Brute Force Attack Vulnerability Arbitrary File Upload Vulnerability in Membership For WooCommerce WordPress Plugin Open Redirect Vulnerability in FortiNAC-F and FortiNAC Versions 7.2.0 and below Unauthenticated Access to Sensitive Information Vulnerability in FortiNAC Cross-Site Scripting (XSS) Vulnerability in FortiADC Versions 7.1.1 and below, 7.0.3 and below, 6.2.5 and below Format String Vulnerability in Fortinet FortiOS and FortiProxy FortiPortal Management Interface Log File Vulnerability: Unauthorized Access to Passwords [CWE-532] Reflected Cross-Site Scripting (XSS) Vulnerability in FortiWeb Web Interface Plaintext Storage of User Credentials in QMS Automotive (All versions < V12.39) Insufficiently Protected Credentials in AD/LDAP Server Settings in 1C-Bitrix Bitrix24 through 22.200.200 Cross-Site Scripting (XSS) Vulnerability in RDFlib pyrdfa3 Reflected XSS Vulnerability in Concrete CMS Multilingual Report Reflected XSS Vulnerability in Concrete CMS Dashboard Icons Credential Mishandling in Ricoh MP_C4504ex Devices with Firmware 1.06 Cross-Site Request Forgery Vulnerability in morontt zend-blog-number-2 Buffer Overflow Vulnerability in Linksys WRT54GL Wireless-G Broadband Router Firmware <= 4.30.18.006 Arbitrary Code Execution Vulnerability in Linksys WUMC710 Wireless-AC Universal Media Connector Null Pointer Dereference Vulnerability in Linksys WRT54GL Wireless-G Broadband Router Arbitrary Code Execution Vulnerability in Linksys WRT54GL Wireless-G Broadband Router Integer Overflow in matrixSslDecodeTls13: Remote Code Execution Vulnerability Arbitrary File and Configuration Read Vulnerability in FC46-WebBridge Unauthenticated API Access Vulnerability in FC46-WebBridge on GE Grid Solutions MS3000 Devices Unauthenticated Access to Debug Port on GE Grid Solutions MS3000 Devices Improper Authentication Vulnerability in Pandora FMS v764 Path Traversal and Local File Inclusion Vulnerability in Pandora FMS v764 Integer Overflow or Wraparound in radareorg/radare2 prior to 5.8.0 Stored Cross-Site Scripting Vulnerability in Pandora FMS v765 Network Maps Editing Functionality XSS Vulnerability in Apache Airflow's Trigger DAG with config Screen Arbitrary Local File Access in Browsershot version 3.57.2 Arbitrary Local File Access in Browsershot v3.57.3 Open Redirect Vulnerability in Apache Airflow's `/confirm` Endpoint Password Recovery Vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with Firmware Version < 1.2.0 Critical SQL Injection Vulnerability in TicklishHoneyBee nodau (VDB-215252) Password Recovery Vulnerability in SICK SIM1012 Partnumber 1098146 Firmware <2.2.0 Heap-based Buffer Over-read in Sudo with Crypt() Password Backend Cross-Site Scripting (XSS) Vulnerability in csaf_provider Package Local Privilege Escalation in Riverbed Aternity Agent: Insufficiently Protected Handle to A180AG.exe Arbitrary Command Execution Vulnerability in BACKCLICK Professional 5.9.63 Cross-Site Scripting (XSS) Vulnerability in zbl1996 FS-Blog Title Handler (VDB-215267) Arbitrary Command Execution Vulnerability in BACKCLICK Professional 5.9.63 Authentication Bypass Vulnerability in BACKCLICK Professional 5.9.63 Cross-Site Scripting (XSS) Vulnerability in BACKCLICK Professional 5.9.63 SQL Injection Vulnerability in BACKCLICK Professional 5.9.63 Insecure Password Reset Process in BACKCLICK Professional 5.9.63 Vulnerability: Enumeration and Unauthorized Subscription in BACKCLICK Professional 5.9.63 Arbitrary File Write and Remote Code Execution Vulnerability in BACKCLICK Professional 5.9.63 Session Fixation Vulnerability in BACKCLICK Professional 5.9.63 Arbitrary Local File Retrieval Vulnerability in BACKCLICK Professional 5.9.63 Improper Access Control in Key-Value RBAC in StackStorm 3.7.0 Allows Unauthorized Access to User K/V Pairs Cross-Site Scripting (XSS) Vulnerability in pallidlight Online Course Selection System (VDB-215268) Heap-based Buffer Overflow in ClickHouse HTTP Endpoint Heap Buffer Overflow Vulnerability in ClickHouse JavaScript Code Execution and Password Theft in Simmeth Lieferantenmanager Unauthenticated API Access in Simmeth Lieferantenmanager Arbitrary SQL Table Fetch Vulnerability in Simmeth Lieferantenmanager SQL Injection Vulnerability in Simmeth Lieferantenmanager Arbitrary File Download Vulnerability in Simmeth Lieferantenmanager Session Hijacking Vulnerability in Simmeth Lieferantenmanager Softing uaToolkit Embedded PubSub Discovery Announcement Message Vulnerability Remote Command Execution Vulnerability in Total.js 4 before 0e5ace7 Critical Path Traversal Vulnerability in RainyGao DocSys 2.02.37 Vulnerability: Password Protection Bypass in OpenStack Sushy-Tools and VirtualBMC Timing-based User Account Enumeration in PwnDoc through 0.5.3 User Account Enumeration Vulnerability in PwnDoc through 0.5.3 Reflected Cross-Site Scripting (XSS) Vulnerability in NetScout nGeniusONE 6.3.2 Reflected Cross-Site Scripting (XSS) Vulnerability in NetScout nGeniusONE 6.3.2 Reflected Cross-Site Scripting (XSS) Vulnerability in NetScout nGeniusONE 6.3.2 Reflected Cross-Site Scripting (XSS) Vulnerability in NetScout nGeniusONE 6.3.2 Reflected Cross-Site Scripting (XSS) Vulnerability in NetScout nGeniusONE 6.3.2 Reflected Cross-Site Scripting (XSS) Vulnerability in NetScout nGeniusONE 6.3.2 Critical SQL Injection Vulnerability in SourceCodester Canteen Management System (ajax_represent.php) Insufficient Permission Checks Allow Unauthorized File Download in Redmine 5.x Persistent XSS Vulnerability in Redmine Textile Formatter Race Condition and Use-After-Free Vulnerability in Linux Kernel's PCMCIA Driver Race condition and use-after-free vulnerability in Linux kernel's cm4040_cs.c driver Race Condition and Use-After-Free Vulnerability in Linux Kernel's PCMCIA Driver Arbitrary File Upload and Command Execution in b2evolution 7.2.5 Unauthenticated Access Control Vulnerability in APsystems ECU-C Power Control Software Remote Code Execution Vulnerability in Russound XSourcePlayer 777D v06.08.03 via scriptRunner.cgi Vulnerability: Remote File System Overwrite in Franklin Fueling System FFS Colibri 1.9.22.8925 Potential Code Execution Backdoor in d8s-urls Python Package Potential Code-Execution Backdoor in d8s-python Package (Version 0.1.0) Potential Code-Execution Backdoor in d8s-networking for Python Code-execution backdoor vulnerability in d8s-stats for Python Potential Code-Execution Backdoor in d8s-dates Python Package (Version 0.1.0) Potential Code-Execution Backdoor in d8s-networking for Python Potential Code-Execution Backdoor in d8s-xml Python Package (Version 0.1.0) Cross Site Scripting (XSS) Vulnerability in Zenario CMS 9.3.57186 via Nest Library Module Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.9 Cross Site Scripting (XSS) Vulnerability in Zenario CMS 9.3.57186 via News Articles Cross Site Scripting (XSS) Vulnerability in Zenario CMS 9.3.57186 via Profile Cross Site Scripting (XSS) Vulnerability in Zenario CMS 9.3.57186 via svg, Users & Contacts Stack Overflow Vulnerability in pycdc Commit 44a730f3a889503014fec94ae6e62d8401cb75e5 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository thorsten/phpmyfaq prior to 3.1.9 Segmentation Fault Vulnerability in LodePNG v20220717 via pngdetail Function Remote Code Execution Vulnerability in ESPCMS P8.21120101 Component UPFILE_PIC_ZOOM_HIGHT Remote Code Execution (RCE) Vulnerability in ESPCMS P8.21120101 Component INPUT_ISDESCRIPTION ESPCMS P8.21120101 IS_GETCACHE Remote Code Execution Vulnerability Insecure Handling of Sensitive Cookies in GitHub Repository thorsten/phpmyfaq prior to 3.1.9 Hardcoded Credentials Vulnerability in Sanitization Management System v1.0 Hardcoded Credentials Vulnerability in Book Store Management System v1.0 Allows Privilege Escalation and Unauthorized Admin Panel Access Stored Cross-Site Scripting Vulnerability in Permalink Manager Lite Plugin for WordPress Stack Overflow Vulnerability in pdftojson commit 94204bb via Object::copy(Object*):Object.cc Stack Overflow Vulnerability in pdftojson Commit 94204bb SQL Injection Vulnerability in Boa 0.94.14rc21 via Username Remote Code Execution (RCE) Vulnerability in dedecmdv6 v6.1.9 via file_manage_control.php SQL Injection Vulnerability in dedecmdv6 6.1.9 via sys_sql_query.php Reflected Cross-site Scripting (XSS) Vulnerability in GitHub Repository nuxt/framework prior to v3.0.0-rc.13 Zenario CMS 9.3.57186 Remote Code Execution Vulnerability SQL Injection Vulnerability in SourceCodester Sanitization Management System 1.0 SQL Injection Vulnerability in Apartment Visitor Management System v1.0 DOM-based Cross-site Scripting (XSS) in GitHub repository nuxt/framework prior to v3.0.0-rc.13. SQL Injection Vulnerability in Jizhicms v2.3.3 via /Member/memberedit.html Component Remote OS Command Execution Vulnerability in Nexxt Amp300 ARN02304U8 Devices Systemd Vulnerability: Local Information Leak via systemd-coredump SQL Injection Vulnerability in Simple Inventory Management System v1.0 via /ims/login.php Cross Site Scripting (XSS) Vulnerability in Rapid SCADA 5.8.4 Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.19: Exploiting formSetIpMacBind Function Buffer Overflow Vulnerability in Tenda AC21 V16.03.08.15 via set_device_name Function Critical SQL Injection Vulnerability in RainyGao DocSys (CVE-215278) Buffer Overflow Vulnerability in Tenda AC21 V16.03.08.15: Exploiting formSetMacFilterCfg Function Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.18: Exploiting formSetPPTPServer Function Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.18: Exploiting fromSetRouteStatic Function Buffer Overflow Vulnerability in Tenda AC15 V15.03.05.18: Exploiting formSetVirtualSer Function Improper Access Restriction in WP Cerber Security Plugin Allows User Enumeration Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: Exploiting form_fast_setting_wifi_set Function Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: R7WebsSecurityHandler Function Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.05: Exploiting formSetDeviceName Function Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: Exploiting formSetMacFilterCfg Function Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: Exploiting fromSetRouteStatic Function Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: Exploiting formWifiWpsStart Function Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: Exploiting formWifiWpsOOB Function Unrestricted Loading of Unsigned Libraries Vulnerability in Acronis Cyber Protect Home Office (Windows) Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: Exploiting addWifiMacFilter Function Buffer Overflow Vulnerability in Tenda AC18 V15.03.05.19: Exploiting formSetWifiGuestBasic Function Buffer Overflow Vulnerability in Netgear R7000P V1.3.0.8 via wan_dns1_sec Parameter Buffer Overflow Vulnerability in Netgear R7000P V1.3.1.64 via wan_dns1_pri Parameter Buffer Overflow Vulnerability in Netgear R7000P V1.3.0.8 via wan_dns1_pri Buffer Overflow Vulnerability in Netgear R7000P V1.3.0.8: Exploiting enable_band_steering Parameter in /usr/sbin/httpd Buffer Overflow Vulnerability in Netgear R7000P V1.3.1.64 via enable_band_steering Parameter Buffer Overflow Vulnerability in Netgear R7000P V1.3.1.64: Exploiting KEY1 and KEY2 Parameters Buffer Overflow Vulnerability in Netgear R7000P V1.3.1.64's /usr/sbin/httpd Buffer Overflow Vulnerability in Netgear R7000P V1.3.0.8: Exploiting apmode_dns1_pri and apmode_dns1_sec Parameters. Buffer Overflow Vulnerability in Netgear R7000P V1.3.0.8: Exploiting Parameter openvpn_push1 Buffer Overflow Vulnerability in Netgear R7000P V1.3.0.8 via openvpn_server_ip Parameter Buffer Overflow Vulnerability in Netgear R7000P V1.3.1.64 via openvpn_push1 Parameter Buffer Overflow Vulnerability in Netgear R7000P V1.3.1.64 via openvpn_server_ip Parameter Buffer Overflow Vulnerability in Netgear R7000P V1.3.0.8, V1.3.1.64 via stamode_dns1_pri and stamode_dns1_sec Parameters Critical Command Injection Vulnerability in D-Link DIR823G 1.02B05 Router Buffer Overflow Vulnerability in D-Link DIR878 1.02B04 and 1.02B05 Routers Buffer Overflow Vulnerability in D-Link DIR3060 DIR3060A1_FW111B04.bin Cross Site Scripting (XSS) Vulnerability in rAthena FluxCP Service Desk Image URL Handler GL.iNet Goodcloud 1.1 Vulnerability: Remote Access and Settings Manipulation Remote Access Vulnerability in GL.iNet Goodcloud 1.0 Allows Unauthorized Admin Panel Access Cross Site Scripting (XSS) Vulnerability in ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 Open Redirect Vulnerability in Titan FTP Server 19.0 and Below Insecure Permissions in Gnuboard 5.5.4 and 5.5.5 Allow Unauthorized Password Changes Unauthenticated SQL Injection Vulnerability in Bulutses Call Center System (pre-3.0) Buffer Overflow in getInt() function in libming 0.4.8 decompile.c leads to denial of service Cross Site Scripting (XSS) Vulnerability in Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) Weak Password Vulnerability in Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) Authentication Bypass Vulnerability in Lin-CMS v0.2.1 Allows Privilege Escalation to Super Administrator Command Injection Vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 Command Injection Vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 Command Injection Vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 via setUssd Function's ussd Parameter Command Injection Vulnerability in TOTOLINK NR1800X V9.1.0u.6279_B20210910 Post-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 via ip Parameter in setDiagnosisCfg Function Post-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 via setSmsCfg Function Pre-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 Post-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 via lang Parameter in setLanguageCfg Function Post-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 via pppoeUser Parameter Post-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 via setTracerouteCfg Command Parameter Post-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 via setParentalRules Function CSRF Vulnerability in Mautic Integration for WooCommerce WordPress Plugin Post-Authentication Buffer Overflow in TOTOLINK LR350 V9.3.5u.6369_B20220309 via sPort/ePort Parameter in setIpPortFilterRules Function Cross Site Scripting (XSS) Vulnerability in Avery Dennison Monarch Printer M9855 Critical Remote Code Execution (RCE) Vulnerability in ff4j 1.8.1 Critical Vulnerability: Incorrect Access Control in Dentsply Sirona Sidexis <= 4.3 Unquoted Service Path Vulnerability in Dentsply Sirona Sidexis <= 4.3 Denial of Service Vulnerability in ImageMagick 7.1.0-49: PNG Image Parsing DoS Arbitrary File Content Disclosure in ImageMagick 7.1.0-49 SQL Injection vulnerability in OTRS AG OTRS and ((OTRS)) Community Edition via TicketSearch Webservice Bypassing Upload Restrictions Leading to Remote Code Execution in Responsive Filemanager < 9.12.0 SQL Injection Vulnerability in Sanitization Management System v1.0 via delete_product function SQL Injection Vulnerability in Sanitization Management System v1.0 via /php-sms/admin/?page=user/manage_user&id= Cross Site Scripting (XSS) Vulnerability in Garage Management System v1.0 Privilege Escalation and Arbitrary Code Execution via WARP Client's support_uri Parameter Vulnerability: File Deletion Exploit in Automotive Shop Management System v1.0 Buffer Overflow Vulnerability in AVS Audio Converter 10.3 Dinstar FXO Analog VoIP Gateway DAG2000-16O XSS Vulnerability ThinkPHP File Upload Code Logic Vulnerability Unquoted Service Path Vulnerability in Avira Security for Windows SQL Injection Vulnerability in webTareas 2.4p5 via deleteapprovalstages.php SQL Injection Vulnerability in webTareas 2.4p5 via id parameter in phasesets.php SQL Injection Vulnerability in Sanitization Management System v1.0 via /php-sms/admin/?page=services/manage_service&id= SQL Injection Vulnerability in Sanitization Management System v1.0 via /php-sms/admin/orders/assign_team.php?id= SQL Injection Vulnerability in Sanitization Management System v1.0 via /php-sms/admin/quotes/manage_remark.php?id= Critical SQL Injection Vulnerability in SiteServer CMS 7.1.3 Critical SQL Injection Vulnerability in SiteServer CMS 7.1.3 File Read Vulnerability in SiteServerCMS 7.1.3 (SSCMS) Cross-Site Scripting (XSS) Vulnerability in Resque Scheduler version 1.27.4 Stored Cross-Site Scripting Vulnerability in WOOCS WordPress Plugin Invalid Point Vulnerability in Development IL ECDH Before 0.2.0 Out-of-Bounds Read Vulnerability in html2xhtml v1.3 Heap Buffer Overflow in PicoC Version 3.2.2's ExpressionCoerceInteger Function Heap Buffer Overflow in PicoC Version 3.2.2's ExpressionCoerceUnsignedInteger Function Heap Buffer Overflow in PicoC Version 3.2.2's StringStrncpy Function Heap Buffer Overflow in PicoC Version 3.2.2's ExpressionAssign Function Heap Buffer Overflow in PicoC Version 3.2.2's LexGetStringConstant Function Heap Buffer Overflow in PicoC Version 3.2.2's StdioOutPutc Function Heap Buffer Overflow in PicoC Version 3.2.2's StringStrcat Function Heap Buffer Overflow in PicoC Version 3.2.2's StdioBasePrintf Function ThinkPadX13s BIOS PersistenceConfigDxe Driver Buffer Over-read Vulnerability Heap Buffer Overflow in PicoC Version 3.2.2's ExpressionCoerceFP Function Heap Buffer Overflow in PicoC Version 3.2.2's LexSkipComment Function ThinkPadX13s BIOS LenovoSetupConfigDxe Driver Buffer Over-read Vulnerability ThinkPadX13s BIOS Driver Buffer Over-read Vulnerability CRMEB 4.4.4 Vulnerability: Any File Download Exploit SQL Injection Vulnerability in Sanitization Management System v1.0 via /php-sms/admin/?page=quotes/view_quote&id= SQL Injection Vulnerability in Sanitization Management System v1.0 SQL Injection Vulnerability in Sanitization Management System v1.0 via /php-sms/admin/orders/update_status.php?id= Cross Site Scripting (XSS) Vulnerability in NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe Driver Buffer Over-read Vulnerability Deserialization Vulnerability in Skycaiji v2.5.1 via /SkycaijiApp/admin/controller/Mystore.php Unrestricted File Upload Vulnerability in SolarView Compact 4.0 and 5.0 Cross-site Scripting (XSS) Vulnerability in SolarView Compact 7.0 via /network_test.php Access Control Issue in WAVLINK Quantum D4G (WL-WN531G3) Firmware Versions M31G3.V5030.201204 and M31G3.V5030.200325 Blink Media Use After Free Vulnerability in Google Chrome Cross-Site Scripting (XSS) Vulnerability in ZZCMS 2022 admin/ad_list.php Buffer Overflow Vulnerability in Tenda i21 V1.0.0.14(4656) via /goform/AddSysLogRule Buffer Overflow Vulnerability in Tenda i21 V1.0.0.14(4656) via /goform/setSnmpInfo Stack Overflow Vulnerability in Tenda i21 V1.0.0.14(4656) via /goform/setSysPwd Buffer Overflow Vulnerability in Tenda i21 V1.0.0.14(4656) via /goform/setDiagnoseInfo Buffer Overflow Vulnerability in Tenda i21 V1.0.0.14(4656) via /goform/setUplinkInfo Null Pointer Dereference Vulnerability in NASM v2.16 Vulnerability Title: Null Pointer Dereference in NASM 2.16 via output/outaout.c Use After Free Vulnerability in Mojo IPC in Google Chrome Heap Buffer Overflow in NASM v2.16's quote_for_pmake() Function Deserialization Vulnerability in hope-boot 1.0.0 Allows Remote Code Execution (RCE) Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) Allows Remote Code Execution SQL Injection Vulnerability in Automotive Shop Management System v1.0 SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/classes/Master.php?f=delete_service Use After Free Vulnerability in Blink Frames in Google Chrome Cross Site Scripting (XSS) Vulnerability in Snipe-IT before 6.0.14 for View Assigned Assets User Account Existence Disclosure in Snipe-IT through 6.0.14 Arbitrary File Upload Vulnerability in rConfig v3.9.6: Remote Code Execution Cross-Site Request Forgery (CSRF) vulnerability in EyouCMS V1.5.9-UTF8-SP1 Edit Member module EyouCMS V1.5.9-UTF8-SP1 Cross-Site Request Forgery (CSRF) in Edit Admin Profile Module Use After Free Vulnerability in Aura in Google Chrome on Windows Cross-Site Scripting (XSS) Vulnerability in EyouCMS V1.5.9-UTF8-SP1 via Public Security Record Number Field SQL Injection Vulnerability in Sanitization Management System v1.0 via /php-sms/admin/?page=services/view_service&id= SQL Injection Vulnerability in Poultry Farm Management System v1.0 Use After Free Vulnerability in Profiles in Google Chrome File Upload Vulnerability in Purchase Order Management System v1.0 via /purchase_order/admin/?page=system_info Arbitrary File Upload Vulnerability in Online Tours & Travels Management System v1.0 SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/classes/Master.php?f=delete_transaction SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/admin/?page=user/manage_user&id= Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter Plaintext Password Transmission Vulnerability in Web Based Quiz System v1.0 SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/admin/mechanics/manage_mechanic.php?id= SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/admin/services/manage_service.php?id= SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/admin/mechanics/view_mechanic.php?id= LTE Modem Vulnerability: Missing Verification of NAS Security Mode Command Replay Attacks Stored Cross-Site Scripting Vulnerability in Custom Post Types and Custom Fields Creator WordPress Plugin Modem Security Mode Command Vulnerability: Missing HashMME Verification Possible Local Information Disclosure Vulnerability in WLAN Driver Music Service Vulnerability: Missing Permission Check Leads to Local Denial of Service in Contacts Service Music Service Vulnerability: Missing Permission Check Enables Local Denial of Service in Contacts Service Music Service Vulnerability: Missing Permission Check Leads to Local Denial of Service in Contacts Service Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver CSRF Vulnerability in BruteBank WordPress Plugin Potential Denial of Service Vulnerability in WLAN Driver Potential Local Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Possible Local Privilege Escalation Vulnerability in phoneEx Service Local Denial of Service Vulnerability in Messaging Service: Missing Permission Check in Contacts Service Local Denial of Service Vulnerability in Messaging Service: Missing Permission Check in Contacts Service Local Denial of Service Vulnerability in Messaging Service: Missing Permission Check in Contacts Service Local Denial of Service Vulnerability in Messaging Service: Missing Permission Check in Contacts Service Local Denial of Service Vulnerability in Messaging Service: Missing Permission Check in Contacts Service Missing Permission Check in Messaging Service: Local Denial of Service in Contacts Service Cross Site Scripting (XSS) Vulnerability in ipti br.tag Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Local Denial of Service Vulnerability in WLAN Driver Potential Local Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Local Denial of Service Vulnerability in WLAN Driver Potential Local Denial of Service Vulnerability in WLAN Driver Potential Null Pointer Dereference Vulnerability in WLAN Driver: Local Denial of Service Potential Denial of Service Vulnerability in WLAN Driver Stored Cross-Site Scripting Vulnerability in Zenphoto Versions Prior to 1.6 SQL Injection Vulnerability in FL3R FeelBox WordPress Plugin Uninitialized Pointer Vulnerability in Open Babel 3.1.1 and master commit 530dbfa3 Buffer Overflow Vulnerability in OpenHarmony-v3.1.2 and Prior Versions: Exploiting Appspawn and Nwebspawn Services Remote Code Execution Vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.4 and Earlier Insufficient Protection from Packet Capture Replay in Mendix SAML Remote File Inclusion Vulnerability in tsolucio/corebos prior to 8.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier SQL Injection Vulnerability in Fontsy WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Stored Cross-Site Scripting Vulnerability in GiveWP WordPress Plugin Adobe Experience Manager 6.5.14 (and earlier) Open Redirect Vulnerability Stored Cross-Site Scripting Vulnerability in Page scroll to id WordPress Plugin Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Double Free Vulnerability in PEM_read_bio_ex() and Related Functions Adobe Illustrator Out-of-Bounds Read Vulnerability Adobe Illustrator Out-of-Bounds Read Vulnerability Stored Cross-Site Scripting Vulnerability in Social Sharing WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Experience Manager 6.5.14 and Earlier Object Corruption Vulnerability in crosvm in Google Chrome Stored Cross-Site Scripting Vulnerability in 3D FlipBook WordPress Plugin Aruba EdgeConnect Enterprise Authenticated Path Traversal Vulnerability Aruba EdgeConnect Enterprise Web Management Interface Remote Command Execution Vulnerability Aruba EdgeConnect Enterprise Orchestrator Remote Command Execution Vulnerability Aruba EdgeConnect Enterprise Orchestrator Privilege Escalation Vulnerability Critical SQL Injection Vulnerability in m0ver bible-online (VDB-215444) Code Execution via Perl Storable (pst) Files in lesspipe before 2.06 Usergroup InList Protection Bypass in TYPO3 femanager Extension Remote Shell Execution via PDF Export in Mahara Kernel Module Vulnerability: Unreleased Memory Mapping Leading to System Restart UAF Vulnerability in Display Service Module: Impact on Availability Bluetooth Pairing Vulnerability: Bypassing Permission Verification Unauthorized Geofencing API Access Vulnerability Cross Site Scripting (XSS) Vulnerability in sproctor php-calendar UAF Vulnerability in Graphics Display Module: Impact on System Availability Thread Security Vulnerability in iaware Module: A Threat to Confidentiality, Integrity, and Availability Lock Screen Module Design Defects: A Potential Threat to System Availability HiView Module Vulnerability: Unfiltered Third-Party App Invocation Permission Verification Vulnerability in Power Module: Potential Module Abnormality Service Hijacking Vulnerability in DDMP/ODMF Module Unvalidated Parameter Type in DRM Module: A Potential Threat to Availability Arbitrary File Access Vulnerability in SmartTrimProcessEvent Module Serialization/Deserialization Mismatch Vulnerability in AMS Module: Potential Privilege Escalation Serialization/Deserialization Mismatch Vulnerability in AMS Module: Potential Privilege Escalation Cross Site Scripting (XSS) Vulnerability in Falling-Fruit (VDB-215446) Intent Redirection Vulnerability in Launcher Module Permission Verification Vulnerability in Preset Launcher Module Allows Unauthorized App Manipulation Serialization/Deserialization Mismatch Vulnerability in System Framework Layer: Potential Privilege Escalation Race Condition Vulnerability in SD Upgrade Mode: Implications for Data Confidentiality Path Traversal Vulnerability in Huawei Aslan Children's Watch Allows Unauthorized Access and Modification Improper Access Validation Vulnerability in UISP Devices Denial of Service Vulnerability in ActiveRecord's PostgreSQL Adapter: Integer vs Numeric Comparison Command Injection Vulnerability in Rocket.Chat-Desktop <3.8.14 Insecure Inter-Process Communication Allows Bypass of Authentication for Local Attackers Manifest File Misconfiguration Vulnerability in WARP Client for Android Allows Task Hijacking Rack Range Header Parsing Denial of Service Vulnerability Denial of Service Vulnerability in Rack's Content-Disposition Parsing Component Denial of Service Vulnerability in Rack's Multipart Parsing Component Improper Authentication Vulnerability in Avalanche 6.3.x and Below Allows Unauthenticated Modification of Port Properties Reflected Cross-Site Scripting (XSS) Vulnerability in PLM Help Server V4.2 Stored Cross-Site Scripting (XSS) Vulnerability in AgentEasy Properties Plugin <= 1.0.4 on WordPress Stored Cross-Site Scripting Vulnerability in amr shortcode any widget WordPress Plugin SQL Injection Vulnerability in RichPlugins Plugin for Google Reviews Plugin <= 2.2.3 Apptivo Apptivo Business Site CRM Plugin <= 3.0.12 Authenticated Stored XSS Vulnerability Unauthenticated Arbitrary File Download Vulnerability in WatchTowerHQ Plugin WatchTowerHQ Plugin Unauthenticated Arbitrary File Deletion Vulnerability CSRF Vulnerability in Magneticlab Sàrl Homepage Pop-up Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ayoub Media AM-HiLi Plugin <= 1.0 on WordPress Unauthenticated SQL Injection Vulnerability in Cryptocurrency Widgets Pack Plugin <=1.8.1 on WordPress Sensitive Information Exposure Vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA Stored Cross-Site Scripting Vulnerability in WP Show Posts WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Simple Video Embedder Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Anthologize Plugin <= 0.8.0 on WordPress Stored XSS Vulnerability in Codebangers All in One Time Clock Lite Plugin <= 1.3.320 CVE-2022-44595 Stored Cross-Site Scripting Vulnerability in Sidebar Widgets by CodeLights WordPress Plugin OS Command Injection Vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 Firmware Versions 71x10.1.107112.43A and Earlier Uncontrolled Resource Consumption Vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3: A DoS Attack Vector Authentication Bypass Vulnerability in Intel(R) DCM Software BIOS Firmware Vulnerability: Privilege Escalation via Adjacent Access in Intel(R) Processors Hard-Coded Credentials Vulnerability in Intel(R) Unison(TM) Software Denial of Service Vulnerability in libXpm Insecure Storage of Sensitive Information in Intel(R) DCM Software: Potential Privilege Escalation Vulnerability GitLab Discord Webhook URL Unmasking Vulnerability Authentication Bypass Vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 Firmware Command Injection Vulnerability in Diagnosis Controller Excessive Access Permissions for Secure Token Health Items in JetBrains TeamCity (2021.2 - 2022.10) Sensitive Data Exposure in JetBrains TeamCity Project Viewer Sensitive Password Exposure in JetBrains TeamCity Build Logs Stored Cross-Site Scripting (XSS) Vulnerability in Zephilou Cyklodev WP Notify Plugin CVE-2022-44626 CSRF Vulnerability in David Cole Simple SEO Plugin Allows Unauthorized Sitemap Manipulation Stored XSS Vulnerability in JumpDEMAND Inc. 4ECPS Web Forms Plugin for WordPress Stored XSS Vulnerability in Catalyst Connect Zoho CRM Client Portal Plugin 1app Business Forms Plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) Vulnerability Stored XSS Vulnerability in Denis Buka Content Repeater – Custom Posts Simplified Plugin (<= 1.1.13) Arbitrary File Read Vulnerability in S2W – Import Shopify to WooCommerce Plugin Path Traversal Vulnerability in Apache Fineract Allows Remote Code Execution Bluetooth Spoofing Vulnerability in Samsung TV Smart Remote Control Persistent XSS in Redmine Textile Formatter Heap-based Buffer Overflow in libpixman's rasterize_edges_8 Function Stored Cross-Site Scripting Vulnerability in Themify Portfolio Post WordPress Plugin Invalid Free Vulnerability in Heimdal Key Distribution Center (KDC) Allows Remote Code Execution XML Entity Expansion Vulnerability in Linaro Automated Validation Architecture (LAVA) Label-Based Access Control Bypass in Grafana Enterprise Metrics Arbitrary Local File Read Vulnerability in Apache Linkis <=1.3.0 Deserialization Vulnerability in Apache Linkis <=1.3.0 with MySQL Connector/J: Remote Code Execution Lack of Audit Logging for User Settings Editing in JetBrains TeamCity (pre-2022.10) Out-of-bounds Read Vulnerability in Trend Micro Apex One and Apex One as a Service Out-of-bounds Read Vulnerability in Trend Micro Apex One and Apex One as a Service Local Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Stored Cross-Site Scripting Vulnerability in WP Video Lightbox WordPress Plugin Memory Corruption Vulnerability in Trend Micro Apex One and Apex One as a Service Allows Privilege Escalation Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Agent Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Local Privilege Escalation Vulnerability in Trend Micro Apex One and Apex One as a Service Vulnerability in Trend Micro Apex One and Apex One as a Service Monitor Engine Stored Cross-Site Scripting Vulnerability in WordPress Infinite Scroll Plugin Contacting Danger: Windows Contacts Remote Code Execution Vulnerability Windows Media Player Remote Code Execution Vulnerability Windows Media Player Remote Code Execution Vulnerability Windows Error Reporting Privilege Escalation Vulnerability Stored Cross-Site Scripting Vulnerability in Search & Filter WordPress Plugin Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Graphics Component Privilege Escalation Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Windows Bluetooth Driver Data Exposure Vulnerability BlueBleed: Windows Bluetooth Driver Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) Windows Projected File System Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Stored Cross-Site Scripting Vulnerability in WP Recipe Maker WordPress Plugin Windows Graphics Component Privilege Escalation Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Hyper-V DoS Vulnerability: Disrupting Windows Virtualization Windows Kernel Privilege Escalation Vulnerability Windows Local Session Manager (LSM) Denial of Service Vulnerability: Disrupting System Functionality Raw Image Extension RCE Vulnerability EdgeSpoof: A Chromium-based Vulnerability Allowing Spoofing Attacks WSL2 Kernel Elevation of Privilege Vulnerability in Windows Subsystem for Linux Stored Cross-Site Scripting Vulnerability in Simple Membership WordPress Plugin SharePoint Server Remote Code Execution Vulnerability Exploiting the Microsoft Office OneNote Remote Code Execution Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability SharePoint Server Remote Code Execution Vulnerability Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Visio RCE Vulnerability: Exploiting Microsoft Office for Remote Code Execution Windows Graphics Component Privilege Escalation Vulnerability Exploiting Windows SmartScreen Security Feature Bypass Vulnerability Azure Network Watcher Agent Security Feature Bypass Vulnerability Stored Cross-Site Scripting Vulnerability in Widgets for Google Reviews WordPress Plugin Terminal RCE: A Critical Vulnerability in Windows Terminal Windows Sysmon Privilege Escalation Vulnerability Windows Kernel DoS Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Edge (Chromium-based) Stored Cross-Site Scripting Vulnerability in YARPP WordPress Plugin Exploiting the DirectX Graphics Kernel for Privilege Escalation Outlook for Mac Email Spoofing Vulnerability Authenticated Remote User Privilege Escalation in NetScout nGeniusONE 6.3.2 build 904 Open Redirection Vulnerability in NetScout nGeniusONE 6.3.2 build 904 Open Redirection Vulnerability in NetScout nGeniusONE 6.3.2 build 904 Insecure Permissions in Weblib Ucopia SSH Server Stored Cross-Site Scripting Vulnerability in Simple Sitemap WordPress Plugin OS Command Injection Vulnerability in Weblib Ucopia before 6.0.13 Cross-Site Scripting (XSS) Vulnerability in Handy Tip Macro of Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 Hard-coded File Path Vulnerability in OPC Foundation Local Discovery Server (LDS) XSS Vulnerability in TouchDown Timesheet Tracking Component 4.1.4 for Jira Calendar View SQL Injection Vulnerability in EU Cookie Law GDPR (Banner + Blocker) Module for PrestaShop Apache XML Graphics Batik 1.16 SSRF Vulnerability Stored Cross-Site Scripting Vulnerability in Widget Shortcode WordPress Plugin Apache XML Graphics Batik 1.16 - Server-Side Request Forgery (SSRF) Vulnerability Arbitrary Parameter Injection Vulnerability in SIMATIC WinCC OA Insecure Folder Permissions in Acronis Cyber Protect Home Office (Windows) before build 39900: Local Privilege Escalation Vulnerability Insecure Folder Permissions in Acronis Cyber Protect Home Office (Windows) before build 39900: Local Privilege Escalation Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in BestWebSoft Car Rental Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Gus Sevilla WP Clictracker Plugin <= 1.0.5 Chameleon Plugin <= 1.4.3 on WordPress: Authenticated Stored XSS Vulnerability Multiple Cross-Site Request Forgery Vulnerabilities in All-In-One Security (AIOS) Plugin for WordPress CSV Injection Vulnerability in Patrick Robrecht Posts and Users Stats CSRF Vulnerability in ThingsForRestaurants Quick Restaurant Reservations Plugin Stored Cross-Site Scripting Vulnerability in Easy Social Feed WordPress Plugin CSRF Vulnerabilities in Creative Mail Plugin for WordPress CSRF Vulnerability Exploiting Testimonial Slider Plugin in WordPress Stored Cross-Site Scripting Vulnerability in Yannick Lefebvre Community Events Plugin <= 1.4.8 Stored Cross-Site Scripting (XSS) Vulnerability in BlueGlass Jobs for WordPress Plugin <= 2.5.11.2 DLL Hijacking Vulnerability in Acronis Cyber Protect Home Office (Windows) before build 40107 Log File Information Disclosure Vulnerability in Acronis Cyber Protect Home Office (Windows) before build 40107 Insecure Folder Permissions in Acronis Cyber Protect Home Office (Windows) before build 40107: Sensitive Information Disclosure Vulnerability Improper Soft Link Handling Vulnerability in Acronis Cyber Protect Home Office (Windows) Zip-Slip Directory Traversal Vulnerability in KNIME Server Zip-Slip Vulnerability in KNIME Analytics Platform 3.2.0 and Above Allows Arbitrary File Overwrite Stored Cross-Site Scripting Vulnerability in Collapse-O-Matic WordPress Plugin Stack Based Buffer Overflow Vulnerability in HCL Domino via Micro Focus KeyView's lasr.dll Stack Based Buffer Overflow Vulnerability in HCL Notes via Micro Focus KeyView's lasr.dll Stack Based Buffer Overflow Vulnerability in HCL Domino via Micro Focus KeyView Stack Based Buffer Overflow Vulnerability in HCL Notes via wp6sr.dll in Micro Focus KeyView Stack Based Buffer Overflow Vulnerability in HCL Domino via Micro Focus KeyView Stack Based Buffer Overflow Vulnerability in HCL Notes via Micro Focus KeyView's lasr.dll Improper Input Validation in Insights for Vulnerability Remediation (IVR) Leads to Information Disclosure Weak Cryptography in BigFix Insights for Vulnerability Remediation (IVR) Allows Credential Exposure Improper Credential Handling in BigFix Insights/IVR Fixlet Content Stored Cross-Site Scripting Vulnerability in Download Manager WordPress Plugin Stored Cross-Site Scripting Vulnerability in Smash Balloon Social Post Feed WordPress Plugin Stored Cross-Site Scripting Vulnerability in Font Awesome WordPress Plugin Remote Code Execution via Axis AdminService in Appalti & Contratti 9.12.2 Multiple SQL Injection Vulnerabilities in Appalti & Contratti 9.12.2 Local File Inclusion Vulnerability in Appalti & Contratti 9.12.2 Reflected Cross-Site Scripting Vulnerability in Appalti & Contratti 9.12.2 Session Fixation Vulnerability in Appalti & Contratti 9.12.2 Remote Code Execution Vulnerability in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 Stored Cross-Site Scripting Vulnerability in Table of Contents Plus WordPress Plugin SQL Injection Vulnerability in Interspire Email Marketer Surveys Module Net-SNMP 5.8 through 5.9.3 - NULL Pointer Exception Denial of Service Vulnerability Net-SNMP NULL Pointer Exception Denial of Service Vulnerability Arbitrary Code Execution with Root Privileges in Object First Ootbi BETA build 1.0.7.712 Insecure RNG in Object First Ootbi BETA build 1.0.7.712 Web Service allows local information disclosure Insecure Authorization Flow Allows Unauthorized Access to Object First Ootbi Web UI Witness Size Checking Vulnerability in btcd and Lightning Labs lnd Stored Cross-Site Scripting Vulnerability in Click to Chat WordPress Plugin Critical Vulnerability: Incorrect Access Control in D-Link DIR-878 1.02B05 Buffer Overflow Vulnerability in D-Link DIR-882 Router's websRedirect Function Buffer Overflow Vulnerability in D-Link DIR-882 1.10B02 and 1.20B06 Buffer Overflow Vulnerability in D-Link DIR-882 Router Command Injection Vulnerability in D-Link DIR-823G Firmware 1.02B03 Stored Cross-Site Scripting Vulnerability in Mesmerize Companion WordPress Plugin Stored Cross-Site Scripting Vulnerability in WP Carousel WordPress Plugin SQL Injection Vulnerability in Automotive Shop Management System v1.0 via /asms/admin/?page=transactions/manage_transaction&id= Stored Cross-Site Scripting Vulnerability in Insert Pages WordPress Plugin CSV Injection Vulnerabilities in Sourcecodester Event Registration App v1.0 Command Injection Vulnerability in D-Link DIR-3040 Firmware 120B03: Exploiting SetTriggerLEDBlink Function SQL Injection Vulnerability in Automotive Shop Management System v1.0 Stored Cross-Site Scripting Vulnerability in Social Share, Social Login and Social Comments Plugin for WordPress Heap Buffer Overflow Vulnerability in binutils readelf via find_section_in_set function Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 MetInfo v7.7 Administrator List CSRF Vulnerability: Unauthorized Addition of Super Administrator Account Stored Cross-Site Scripting Vulnerability in Page-list WordPress Plugin SQL Injection Vulnerability in Automotive Shop Management System v1.0 SQL Injection Vulnerability in Automotive Shop Management System v1.0 Stored Cross-Site Scripting Vulnerability in Meteor Slides WordPress Plugin SQL Injection Vulnerability in Automotive Shop Management System v1.0 Stored Cross-Site Scripting Vulnerability in Easy Accordion WordPress Plugin Reflected Cross-Site Scripting (XSS) Vulnerability in maccms10 v2022.1000.3032 AD Management Module Segmentation Fault Vulnerability in wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 KioWare Windows Vulnerability: SYSTEM Access via KioUtils.Execute Arbitrary OS Command Execution in CWP 7 before 0.9.8.1147 via login parameter Stored Cross-Site Scripting Vulnerability in Widgets on Pages WordPress Plugin Unserialized PHP Object Injection in HUSKY WordPress Plugin Cross-Site Scripting (XSS) Vulnerability in ApolloTheme AP PageBuilder Component through 2.4.4 Memory Corruption Vulnerability in Asus Aura Sync Arbitrary File Write Vulnerability in py7zr v0.20.0 and Earlier Stored Cross-Site Scripting Vulnerability in WP-Table Reloaded WordPress Plugin Heap Buffer Overflow Vulnerability in Binbloom 2.0 via read_pointer function Undertow Client Vulnerability: Lack of Server Identity Verification in HTTPS Connections Command Injection Vulnerability in D-Link DVG-G5402SP GE_1.03 Maintenance Function Privilege Escalation Vulnerability in D-Link DVG-G5402SP GE_1.03 Critical Path Traversal Vulnerability in scifio's ZIP File Handler (VDB-215803) Command Injection Vulnerability in D-Link DHP-W310AV 3.10EU System Checks Function Stack Overflow Vulnerability in Tenda A18 v15.13.07.09 via security_5g Parameter Unauthenticated Access Control Vulnerability in Tenda A18 v15.13.07.09 Cross-Site Request Forgery (CSRF) Vulnerability in Bosscms v2.0.0 Administrator List Module Vulnerability: Weak Reset Token Generation in SeedDMS v6.0.20 and v5.1.7 DLL Hijacking Vulnerability in Efs Software Easy Chat Server Version 3.1 via TextShaping.dll Critical Path Traversal Vulnerability in bspkrs MCPMappingViewer Out-of-Bounds Read Vulnerability in Patchelf v0.9 Arbitrary File Deletion Vulnerability in Casdoor v1.126.1 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1's Add Announcement Function SQL Injection Vulnerability in Rukovoditel v3.2.1 via heading_field_id Parameter Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Add Page Function Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1's Highlight Row Feature Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Entities Group Feature Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1's Add New Field Function Cross-Site Scripting (XSS) Vulnerability in collective.dms.basecontent up to 1.6 (VDB-215813) Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1's Add New Field Function Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1's Add New Form Tab Function Stored Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1's Copyright Text Field Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /linkedcontent/listfiles.php Component Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /contacts/listcontacts.php Component Cross-Site Scripting (XSS) Vulnerability in Webtareas 2.4p5 Chat Function Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /projects/listprojects.php Component Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /clients/listclients.php Component Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /meetings/listmeetings.php Component Open Redirect Vulnerability in SAML SSO WordPress Plugins Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /general/search.php?searchtype=simple Component Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /forums/editforum.php Component Cross-Site Scripting (XSS) Vulnerability in webtareas 2.4p5's /calendar/viewcalendar.php Component Stored Cross-Site Scripting Vulnerability in Jetpack CRM WordPress Plugin TP-Link Archer C5 and WR710N-V1 Routers: HTTP Basic Authentication Heap Overflow Vulnerability Side-Channel Attack Vulnerability in TP-Link Archer C5 and WR710N-V1 Routers Denial of Service (DoS) Vulnerability in Gophish 0.12.1 via Crafted Autofocus Payload Cross-Site Scripting (XSS) Vulnerability in Gophish 0.12.1 via Crafted Landing Page Command Injection Vulnerability in IP-COM EW9 V15.11.0.14(9732) Stored Cross-Site Scripting (XSS) Vulnerability in Online Leave Management System v1.0 Arbitrary File Upload Vulnerability in Online Leave Management System v1.0 Authorization Bypass Vulnerability in Mega Addons WordPress Plugin SQL Injection Vulnerability in Simple Phone Book/Directory Web App v1.0 Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 Modify Page Module Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 Show Advanced Option Module Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 Search Settings Module Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 Search Settings Module Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 Search Settings Module Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 Overview Page Settings Module SQL Injection Vulnerability in SLiMS 9 Bulian v9.5.0 via Keywords Parameter Reflected Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0.2 DOM-based Cross-Site Scripting (XSS) Vulnerability in Rukovoditel v3.2.1 Command Injection Vulnerability in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom Arbitrary Command Execution Vulnerability in Markdown Preview Enhanced v0.6.5 and v0.19.6 HTTP Request Header Value-Based Local Address Determination Vulnerability in perfSONAR Cross-Site Scripting (XSS) Vulnerability in Arris NVG443B 9.3.0h3d36 via Crafted POST Request to /cgi-bin/logs.ha Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0.2 SQL Injection Vulnerability in rConfig 3.9.7 via ajaxCompareGetCmdDates.php Cross-Site Scripting (XSS) Vulnerability in Expense Tracker 1.0 Allows Arbitrary Code Execution via Chat Field Injection Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 Search Settings Module Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 - Arbitrary Code Execution via Display Name Field Cross-Site Scripting (XSS) Vulnerability in WBCE CMS v1.5.4 - Arbitrary Code Execution via Website Footer Field Arbitrary File Upload Vulnerability in WBCE CMS v1.5.4 Server Settings Module Improper Input Validation in openemr/openemr prior to 7.0.0.2 Arbitrary Code Execution via Cross-Site Scripting (XSS) in WBCE CMS v1.5.4 SQL Injection Vulnerability in Xinhu < 2.5.0 Command Injection Vulnerability in Tenda AX12 V22.03.01.16_cn via goform/fast_setting_internet_set Denial of Service Vulnerability in SIPROTEC 5 Devices Arbitrary Command Execution Vulnerability in Xiongmai NVR Devices Java Deserialization Vulnerability in Apache MINA SSHD <= 2.9.1 Apache Ranger 2.3.0 Code Execution Vulnerability Reflected XSS Vulnerability in Axiell Iguana CMS Allows Code Execution in Victim's Browser User-Controlled Key Authorization Bypass in openemr/openemr prior to 7.0.0.2 Reflected XSS Vulnerability in Axiell Iguana CMS Allows Code Execution in Browsers Reflected XSS Vulnerability in Axiell Iguana CMS Allows Code Execution in Browsers Local File Inclusion Vulnerability in Axiell Iguana CMS Allows Unauthorized File Access Request Smuggling Vulnerability in Varnish Cache Servers Unrestricted File Upload Vulnerability in openemr/openemr prior to 7.0.0.2 HTTP Request Forgery Vulnerability in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1 Quadratic Algorithm CPU Denial of Service Vulnerability in Python's IDNA Decoder Argument Injection Vulnerability in Xfce4-mime-helper Vulnerability: Code Execution via Font Ops in xterm Apache Sling RequestDispatcher Cross-Site Scripting Vulnerability Squirrly SEO Plugin: Unauthenticated Reflected XSS Vulnerability WooSwipe WooCommerce Gallery Plugin <= 2.0.1 Auth. (subscriber+) Broken Access Control Vulnerability CSRF Vulnerability in DevsCred Exclusive Addons Elementor Plugin CSRF Vulnerability in Mercado Pago Payments for WooCommerce Plugin Crowdsignal Dashboard Plugin <= 3.0.9 WordPress Privilege Escalation Vulnerability Stored Cross-Site Scripting Vulnerability in Real Cookie Banner WordPress Plugin CSRF Vulnerability in WPML Multilingual CMS Plugin CSRF Vulnerability in WPML Multilingual CMS Plugin CSRF Vulnerability in REST API Authentication Plugin for WordPress CSRF Vulnerability in Activity Reactions For Buddypress Plugin <= 1.0.22 CSRF Vulnerability in WebMat Flexible Elementor Panel Plugin PHP Object Injection Vulnerability in Betheme Theme <= 26.5.1.4 on WordPress CSV Injection vulnerability in Solwin Infotech User Blocker CSRF Vulnerability in Softaculous Loginizer Plugin <= 1.7.5 Stored Cross-Site Scripting Vulnerability in ConvertKit WordPress Plugin CSRF Vulnerability in KrishaWeb Add Multiple Marker Plugin <= 1.2 Stored Cross-Site Scripting (XSS) Vulnerabilities in Accordions Plugin <= 2.0.3 on WordPress Deserialization of Untrusted Data Vulnerability in ProfilePress Membership Plugin Unauthenticated Reflected XSS Vulnerability in Softaculous Loginizer Plugin <= 1.7.5 Server-Side Request Forgery (SSRF) Vulnerability in Group Arge Energy and Control Systems Smartpower Web Cross-Site Scripting (XSS) Vulnerability in Group Arge Energy and Control Systems Smartpower Web Cross-Site Scripting (XSS) Vulnerability in Group Arge Energy and Control Systems Smartpower Web PHP Local File Inclusion Vulnerability in Group Arge Energy and Control Systems Smartpower Web SQL Injection Vulnerability in Group Arge Energy and Control Systems Smartpower Web Stored Cross-Site Scripting Vulnerability in Content Control WordPress Plugin SQL Injection Vulnerability in Group Arge Energy and Control Systems Smartpower Web Cross-Site Scripting (XSS) Vulnerability in Group Arge Energy and Control Systems Smartpower Web Arbitrary File Read/Write and Remote Code Execution Vulnerability in SINEC INS (All versions < V1.0 SP2 Update 1) Arbitrary File Read/Write and Remote Code Execution Vulnerability in SINEC INS Command Injection Vulnerability in SINEC INS (All versions < V1.0 SP2 Update 1) Command Injection Vulnerability in Dell PowerScale OneFS Unauthenticated Remote User Interface Security Issue in Dell PowerScale OneFS Dell PowerScale OneFS 9.0.0.x-9.4.0.x Incorrect User Management Vulnerability Cleartext Storage of Sensitive Information Vulnerability in Dell PowerScale OneFS S3 Component Weak Encoding Vulnerability in Dell PowerScale OneFS Path Traversal Vulnerability in ReFirm Labs Binwalk Improper Certificate Validation Vulnerability in Dell PowerScale OneFS Dell PowerScale OneFS NFS Vulnerability: Information Disclosure and Remote Execution Host Header Injection Vulnerability in Dell EMC Data Protection Central Information Disclosure Vulnerability in Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp 9.2.3.x Arbitrary Command Execution Vulnerability in Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x Intel Unison Software: Local Access Information Disclosure Vulnerability Critical Path Traversal Vulnerability in RainyGao DocSys (VDB-215851) Intel(R) VROC Software Vulnerability: Local Access Privilege Escalation Reset Password Phishing Vulnerability in Movable Type Series Buffer Overflow Vulnerability in Ichitaro 2022 1.0.1.57600 Attribute Arena Functionality Unsecured Telephony Event Broadcasting Vulnerability in OpenHarmony-v3.1.2 and Prior Versions Stored Cross-Site Scripting Vulnerability in Better Font Awesome WordPress Plugin Information Disclosure Vulnerability in VISAM VBASE Automation Base Versions Prior to 11.7.5 Arbitrary script injection vulnerability in Movable Type versions 6 and 7 Information Disclosure Vulnerability in WellinTech KingHistorian 35.01.00.05 User Authentication Functionality Kernel Stack Overflow Vulnerability in OpenHarmony-v3.1.4 and Prior Versions Cross-Site Request Forgery Vulnerability in Sewio RTLS Studio Backup Services Denial of Service Vulnerability in Intel(R) EMA Software Payara Platform Community and Enterprise Vulnerability: Unrestricted Access to META-INF and WEB-INF Cross-Site Scripting (XSS) Vulnerability in European Environment Agency eionet.contreg CSRF Vulnerability in Plesk Obsidian Allows Unauthorized Password Change Remote Code Execution in Linaro Automated Validation Architecture (LAVA) through User-Submitted Jinja2 Template Apache Cocoon SQL Injection Vulnerability JDBC Deserialization Attack in Apache Jena SDB 3.17.0 and Earlier Reflected XSS Vulnerability in Web-Based Management Configuration Backend Unauthenticated Access to Configuration Backend Allows Full Device Compromise CORS Misconfiguration in Web-Based Management: Limited Confidentiality Disclosure Cross Site Scripting (XSS) Vulnerability in Opencaching Deutschland oc-server3 Unauthenticated Remote Code Execution and System Compromise via Configuration Backend Vulnerability Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Inverted Message Integrity Code Validation in Heimdal GSSAPI/ARCFour (CVE-2022-3437) JSON Injection Vulnerability in Apache Tomcat XSS Vulnerability in Algoo Tracim before 4.4.2 via HTML File Upload Arbitrary OS Command Execution Vulnerability in CHICKEN 5.x before 5.3.1 Zeroing Out of Temporary Keys in Bouncy Castle BC-FJA FIPS Java API CSRF Vulnerability in Moodle's Course Redirect URL Validation Arbitrary Command Execution Vulnerability in Exuberant Ctags Reflected Cross-Site Scripting Vulnerability in Moodle's Policy Tool Stored Cross-Site Scripting (XSS) Vulnerability in Moodle's Social User Profile Fields Blind SSRF Vulnerability in Moodle's LTI Provider Library Incorrect Default Permissions Vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5, and openSUSE Leap 15.4 Cleartext Storage of Sensitive Information in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 Improper Exception Handling in obs-service-go_modules Allows File and Directory Deletion Information-Disclosure Vulnerability in NXP Devices: SDP Mode Memory Leakage Unauthorized Booking Deletion Vulnerability in Archibus Web Central 2022.03.01.107 SQL Injection Vulnerability in Archibus Web Central 2022.03.01.107 Unauthorized Data Access Vulnerability in Archibus Web Central 2022.03.01.107 User Profile Information Exposure Vulnerability in Archibus Web Central 2022.03.01.107 Arbitrary Push Notification with URL Redirection Vulnerability in LIVEBOX Collaboration vDesk Cryptographic Issue in LIVEBOX Collaboration vDesk: Unauthorized File Decryption Privilege Escalation and Account Theft Vulnerability in LIVEBOX Collaboration vDesk Bypass of Two-Factor Authentication in LIVEBOX Collaboration vDesk through v018 Bypass of Two-Factor Authentication for SAML Users in LIVEBOX Collaboration vDesk Insecure Direct Object Reference in LIVEBOX Collaboration vDesk Observable Response Discrepancy Vulnerability in LIVEBOX Collaboration vDesk Privilege Escalation and User Creation Vulnerability in LIVEBOX Collaboration vDesk XSS Vulnerability in LIVEBOX Collaboration vDesk through v031 Broken Access Control in LIVEBOX Collaboration vDesk Allows Unauthorized User to Export User Information Module Parameter Mishandling Vulnerability in Pi-Star DV Dash Privilege Escalation via App Token Retrieval in Ironman Software PowerShell Universal Directory Traversal Vulnerability in Ironman Software PowerShell Universal Heap-based Buffer Overflow in Netatalk 3.1.13 Allows Remote Root Access via Crafted .appl File Stored Cross-Site Scripting Vulnerability in WP User Plugin for WordPress Vulnerability: Passkey Bypass in Microchip RN4870 1.43 BLE Devices Denial of Service Vulnerability in Microchip RN4870 1.43 Devices Denial of Service Vulnerability in Microchip RN4870 1.43 Devices via Cleartext Encryption Pause Request Weak File Permissions in CBRN-Analysis before 22: A Gateway to Data Disclosure and Privilege Escalation CBRN-Analysis before 22: XXE Vulnerability and NTLMv2-SSP Hash Disclosure Lack of Key Derivation Function in SimpleXMQ: Implications for Forward Secrecy and Key Compromise Denial of Service Vulnerability in Hyperledger Fabric 2.3: Orderer Crash via Crafted Channel TX SSL Certificate Hostname Validation Bypass in Slixmpp XMLStream Pillow GIF Data Amplification Vulnerability Denial of Service Vulnerability in Pillow before 9.3.0 via SAMPLESPERPIXEL Cross-Site Scripting (XSS) Vulnerability in WSO2 Carbon-Registry up to 4.8.11 Stack Overflow Vulnerability in GPAC v2.1-DEV-rev428-gcb8ae46c8-master via dimC_box_read function Memory Leak Vulnerability in GPAC v2.1-DEV-rev428-gcb8ae46c8-master via dimC_box_read function SQL Injection Vulnerability in Jeecg-boot v3.4.3 via /sys/dict/queryTableData Component SQL Injection Vulnerability in Jeecg-boot v3.4.3 via /sys/duplicate/check Component SQL Injection Vulnerability in Jeecg-boot v3.4.3 via updateNullByEmptyString Component SQL Injection Vulnerability in Jeecg-boot v3.4.3 via /sys/user/putRecycleBin Component Cross-Site Scripting (XSS) Vulnerability in WSO2 Carbon-Registry up to 4.8.6 (VDB-215901) SQL Injection Vulnerability in Jeecg-boot v3.4.3 via /sys/user/deleteRecycleBin Component File Inclusion Vulnerability in perfSONAR before 4.4.6 Cross-Site Scripting (XSS) Vulnerability in Sanitization Management System v1.0.0 via Username Parameter Injection Cross-Site Scripting (XSS) Vulnerability in Book Store Management System v1.0.0 Cross-Site Scripting (XSS) Vulnerability in Book Store Management System v1.0.0 Cross-Site Scripting (XSS) Vulnerability in Human Resource Management System v1.0.0 Cross-Site Scripting (XSS) Vulnerability in CalendarXP up to 10.0.1 Cross-Site Scripting (XSS) Vulnerability in Web-Based Student Clearance System v1.0's changepassword.php Cross-Site Scripting (XSS) Vulnerability in Web-Based Student Clearance System v1.0 Cross-Site Scripting (XSS) Vulnerability in Web-Based Student Clearance System v1.0 Cross-Site Scripting (XSS) Vulnerability in Book Store Management System v1.0 Unauthenticated Backup File Download Vulnerability in Dragino Lora LG01 18ed40 IoT v4.3.4 Cross-Site Request Forgery Vulnerability in Dragino Lora LG01 18ed40 IoT v4.3.4 Logout Page Cross-Site Scripting (XSS) Vulnerability in vexim2 (VDB-215903) Cross-Site Scripting (XSS) Vulnerability in Roots soil Plugin up to 4.0.x Cross-Site Scripting (XSS) Vulnerability in National Sleep Research Resource sleepdata.org Cross-Site Scripting (XSS) Vulnerability in django-photologue up to 3.15.1 Arbitrary File Read Vulnerability in Linx Sphere LINX 7.35.ST15 Cross Site Scripting (XSS) Vulnerability in collective.task up to 3.0.8 Arbitrary File Upload Vulnerability in Dynamic Transaction Queuing System v1.0 Unauthenticated Account Password Disclosure in YJCMS v1.0.9 SQL Injection Vulnerability in Jizhicms v2.3.3 via /index.php/admins/Fields/get_fields.html EyouCMS v1.6.0 - Cross-Site Scripting (XSS) Vulnerability in /login.php Stack Overflow Vulnerability in GPAC MP4box v2.0.0 Cross Site Scripting (XSS) Vulnerability in Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 Privilege Escalation Vulnerability in Temenos CWX 8.5.6 Registration.aspx Arbitrary File Deletion Vulnerability in Kbase Doc v1.0 Remote Code Execution Vulnerability in PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) Persistent Invitation Vulnerability in Funkwhale v1.2.8 SQL Injection Vulnerability in EQ v1.5.31 to v2.2.0 via UserPwd Parameter Arbitrary File Access Vulnerability in rust-lang webbrowser-rs v0.8.2 Insecure Permissions Granting Write Privileges in Chocolatey Ruby Package Insecure Permissions Grant Write Privileges to Authenticated Users in Chocolatey Cmder Package Insecure Permissions Grant Write Privileges to Authenticated Users in Chocolatey Python3 Package Insecure Permissions Granting Write Privileges to Authenticated Users in Chocolatey Azure-Pipelines-Agent Package Insecure Permissions Granting Write Privileges to Authenticated Users in Chocolatey PHP Package v8.1.12 and Below Critical Out-of-Bounds Read Vulnerability in MikroTik RouterOS Allows Arbitrary Code Execution Critical Out-of-Bounds Read Vulnerability in MikroTik RouterOS Allows Remote Code Execution Remote Code Execution Vulnerability in Liferay Portal and Liferay DXP XML External Entity (XXE) Injection Vulnerability in Kwoksys Kwok Information Server SQL Injection Vulnerability in Church Management System v1.0 SQL Injection Vulnerability in AeroCMS v0.0.1 Allows Unauthorized Database Access via Search Parameter SQL Injection Vulnerability in AeroCMS v0.0.1 via Category Parameter at \category.php SQL Injection Vulnerability in AeroCMS v0.0.1 via p_id Parameter at \post.php Heap Buffer Overflow in LibreDWG v0.12.4.4643 via decode_preR13_section_hdr function Stack Overflow Vulnerability in Tenda TX9 Pro v22.03.02.10 via /goform/SetIpMacBind Arbitrary Code Execution via Crafted SVG File Upload in Exact Synergy Enterprise Heap Use-After-Free Vulnerability in GPAC v2.1-DEV-rev478-g696e6f868-master Incomplete Cleanup of Database Session in Apache ShardingSphere-Proxy Prior to 5.3.0 CSV Injection Vulnerability in anmari amr users CVE-2022-45349 CSV Injection Vulnerability in Simple History – User Activity Log, Audit Tool CVE-2022-45351 CVE-2022-45352 Vulnerability: Broken Access Control in Betheme theme <= 26.6.1 on WordPress Sensitive Information Exposure in WPChill Download Monitor ThimPress WP Pipes Plugin <= 1.33 Authenticated SQL Injection Vulnerability CVE-2022-45356 CSV Injection vulnerability in Lenderd 1003 Mortgage Application Silkalns Activello Theme <= 1.4.4 Reflected XSS Vulnerability Unauthenticated Arbitrary File Upload Vulnerability in YITH WooCommerce Gift Cards Plugin CSV Formula Injection Vulnerability in Scott Reilly Commenter Emails Stored XSS Vulnerability in Boris Kuzmanov 0mk Shortener Plugin <= 0.2 Versions Server-Side Request Forgery (SSRF) Vulnerability in Paytm Payment Gateway Stored Cross-Site Scripting (XSS) Vulnerability in Muffingroup Betheme theme <= 26.6.1 on WordPress CSRF Vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 Plugin Cross-site Scripting (XSS) vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS Unauthenticated Reflected XSS Vulnerability in VeronaLabs Slimstat Analytics Plugin <= 5.0.4 CSRF Vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce Plugin Unrestricted Access Control Vulnerability in Plugin for Google Reviews Plugin <= 2.2.2 on WordPress IP Address Spoofing Vulnerability in Hide My WP Ghost – Security Plugin for WordPress CSV Injection vulnerability in WebToffee WordPress Comments Import & Export CSRF Vulnerability in Wpmet ShopEngine Plugin <= 4.1.1 CSRF Vulnerability in Codeixer Product Gallery Slider for WooCommerce Plugin SQL Injection vulnerability in Slimstat Analytics (Jason Crouse, VeronaLabs) Stored Cross-Site Scripting (XSS) Vulnerability in iFeature Slider Plugin <= 1.2 on WordPress CSRF Vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 Unrestricted Upload of Dangerous File Type in WooCommerce Drag and Drop Multiple File Upload Plugin Unauthenticated Remote Code Execution in Apache SOAP (Unsupported Versions) Vulnerability: Jenkins Script Security Plugin SHA-1 Collision Attack Jenkins JUnit Plugin Stored XSS Vulnerability Arbitrary File Read Vulnerability in Jenkins Pipeline Utility Steps Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Naginator Plugin 1.18.1 and Earlier Incorrect Permission Check in Jenkins Support Core Plugin Allows Unauthorized Download of Support Bundle Unencrypted Storage of LDAP Manager Password in Jenkins Reverse Proxy Auth Plugin Unauthenticated Build Triggering Vulnerability in Jenkins CloudBees Docker Hub/Registry Notification Plugin XML External Entity (XXE) Vulnerability in Jenkins Violations Plugin 0.7.11 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins BART Plugin 1.0.3 and Earlier Arbitrary File Read Vulnerability in Jenkins Config Rotator Plugin Unauthenticated Remote Build Triggering in Jenkins XP-Dev Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins loader.io Plugin Jenkins NS-ND Integration Performance Publisher Plugin: Global SSL/TLS Certificate and Hostname Validation Bypass Unencrypted Password Storage in Jenkins NS-ND Integration Performance Publisher Plugin Jenkins Delete log Plugin CSRF Vulnerability: Unauthorized Deletion of Build Logs Vulnerability: Unauthorized Deletion of Build Logs in Jenkins Delete log Plugin Jenkins CCCC Plugin 0.6 and Earlier XML External Entity (XXE) Vulnerability Jenkins SourceMonitor Plugin 0.2 and earlier: XML External Entity (XXE) Vulnerability XML External Entity (XXE) Vulnerability in Jenkins OSF Builder Suite XML Linter Plugin CSRF Vulnerability in Jenkins Cluster Statistics Plugin Allows Deletion of Recorded Data Vulnerability: Unauthorized Deletion of Jenkins Cluster Statistics in Cluster Statistics Plugin 0.4.6 and earlier Jenkins JAPEX Plugin XML External Entity (XXE) Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Associated Files Plugin 0.2.1 and Earlier Open Redirect Vulnerability in Apache Airflow's /login Endpoint Timing-based Inference of Cross-Origin Media Files in Service Workers Full-Screen Spoofing Vulnerability in Firefox ESR, Thunderbird, and Firefox Use-after-free vulnerability in Firefox ESR, Thunderbird, and Firefox Use-after-free vulnerability in JavaScript realm deletion leading to potentially exploitable crash Use-after-free vulnerability in Firefox < 107 when loading fonts with FontFace() on a background worker Window Reuse Fullscreen Spoofing Vulnerability Use-after-free vulnerability in garbage collector of Firefox ESR, Thunderbird, and Firefox Origin Loss in ServiceWorker Interception: Bypassing SameSite Cookie Protections Cross-Site Tracing Vulnerability in Firefox, Thunderbird, and Firefox ESR Symlink Resolution Vulnerability in Thunderbird on Unix-based Systems SameSite Cookie Leakage in Firefox for Android Remote URL Request and Image Display Vulnerability in Thunderbird < 102.5.1 File Extension Spoofing Vulnerability in Firefox < 107 Cache-based Timing Attack on Keyboard Events in Firefox ESR, Thunderbird, and Firefox Service Workers Vulnerability: Private Browsing Mode Detection Failure in Firefox < 107 CSS Cursor Spoofing Vulnerability Persistent Trust: TLS Certificate Exception Retention Vulnerability in Firefox < 107 Stored Cross-Site Scripting Vulnerability in Compact WP Audio Player WordPress Plugin Iframe Content Rendering Vulnerability Memory Corruption Vulnerabilities in Thunderbird 102.4 LG SmartShare DLL Hijacking Vulnerability Unauthenticated Request Vulnerability in Dahua Software Products: MQTT Credential Exposure Unauthenticated Request Vulnerability in Dahua Software Products: Exploiting AES Crypto Key Retrieval Dahua Software Vulnerability: Hard-Coded Cryptographic Key Exploitation Unrestricted File Download Vulnerability in Dahua Software Products Unrestricted File Upload Vulnerability in Dahua Software Products Dahua Software Vulnerability: Sensitive Information Leakage via Crafted Packets Dahua Software Products Vulnerable to Server-Side Request Forgery (SSRF) Exploit EntryBleed: Local Attackers Exploit Linux Kernel Page Table Isolation to Leak KASLR Base via Prefetch Side-Channels Unauthenticated SSHD Service Manipulation Vulnerability in Dahua Software Products Unauthenticated Remote Restart Vulnerability in Dahua Software Products Unauthenticated Device Search Vulnerability in Dahua Software Products Unauthenticated Traceroute Host Vulnerability in Dahua Software Products Unauthenticated Un-Throttled ICMP Request Vulnerability in Dahua Software Products Unauthorized Modification of Work Item Forwarding Configuration in IdentityIQ Cross-Site Scripting (XSS) Vulnerability in Artica PFMS Pandora FMS v765 Allows Cookie Theft Cross-Site Scripting (XSS) Vulnerability in Artica PFMS Pandora FMS v765 Unauthenticated Access to Dashboard Configuration Metadata in Apache Superset Cleartext Storage of WiFi Credentials in Zyxel AX7501-B0 Firmware Stored Cross-Site Scripting Vulnerability in MashShare WordPress Plugin FTP Server Symbolic Link Vulnerability in Zyxel AX7501-B0 Firmware Zyxel NBG-418N v2 Firmware XSS Vulnerability: Log Page DoS Exploit Reflected File Download (RFD) Vulnerability in Sinatra Hard-coded Passwords in Sewio's RTLS Studio Database Directory Traversal Vulnerability in M4 PDF Plugin for Prestashop (<=3.2.3) Arbitrary HTML Document Crafting Vulnerability in M4 PDF Plugin for Prestashop Stored Cross-Site Scripting Vulnerability in Sitemap WordPress Plugin Improper Authorization Leads to Sensitive Information Disclosure and Manipulation in Acronis Products Insecure Driver Communication Port Permissions Vulnerability Insecure Folder Permissions Vulnerability in Acronis Agent and Acronis Cyber Protect Acronis Cyber Protect 15 (Windows, Linux) Vulnerability: Weak TLS/SSL Cipher Suites Insecure Folder Permissions Lead to Sensitive Information Disclosure in Acronis Agent and Acronis Cyber Protect Incomplete Uninstallation Cleanup Vulnerability in Acronis Cyber Protect Products Unauthenticated API Endpoint Vulnerability in Acronis Agent (Windows, macOS, Linux) before build 30161 Improper Certification Validation in Acronis Agent and Acronis Cyber Protect: Sensitive Information Disclosure and Manipulation Vulnerability Improper Certification Validation in Acronis Agent and Acronis Cyber Protect: Sensitive Information Disclosure and Manipulation Vulnerability Insecure Registry Permissions Lead to Sensitive Information Disclosure in Acronis Products SQL Injection Vulnerability in Mapwiz WordPress Plugin Stack-based Buffer Overflow in Xiongmai NVR Devices Allows Remote Code Execution Privilege Escalation in Veritas NetBackup Java Admin Console Command Injection Vulnerability in Alarm Instance Management for Logged-In Users Information Disclosure Vulnerability in VISAM VBASE Automation Base Versions Prior to 11.7.5 Intel Unison Software: Local Privilege Escalation Vulnerability SQL Injection Vulnerability in Conditional Payment Methods for WooCommerce WordPress Plugin Apache Hama EOL: Path Traversal and XSS Vulnerability Uncontrolled Email Throttling in JetBrains Hub before 2022.3.15181 DOM XSS Vulnerability in CAE LearningSpace Enterprise (with Intuity License) Image 267r Patch 639 Insecure File Permissions in drachtio-server 0.8.18 Use-After-Free Vulnerability in drachtio-server 0.8.18's request-handler.cpp Unauthenticated Remote Access to Internal Files in Tiny File Manager v2.4.8 Insecure File Upload Vulnerability in Tiny File Manager v2.4.8 Remote Code Execution Vulnerability in Telepad Telepad Cleartext Data Vulnerability Remote Code Execution Vulnerability in PC Keyboard CSRF Vulnerability in Optimize images ALT Text & names for SEO using AI WordPress Plugin Title: PC Keyboard WiFi & Bluetooth Cleartext Data Leakage Vulnerability Lazy Mouse Default Configuration Vulnerability Weak Password Requirements and Lack of Rate Limiting in Lazy Mouse Server: A Gateway for Remote Brute Force Attacks and Command Execution Lazy Mouse: Cleartext Data Exposure Vulnerability Out of Bounds Read Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-19056) CSRF Vulnerability in Tickera WordPress Plugin Buffer Overflow Vulnerability in json_parse_value Function in sheredom json.h Buffer Overflow Vulnerability in json_parse_number Function in sheredom json.h Buffer Overflow Vulnerability in json_parse_key Function in sheredom json.h Buffer Overflow Vulnerability in json_parse_object Function in sheredom json.h Buffer Overflow Vulnerability in json_parse_string Function in sheredom json.h Command Injection Vulnerability in Tenda W6-S v1.0.0.4(510) Arbitrary Reboot Vulnerability in Tenda W6-S v1.0.0.4(510) Stack Overflow Vulnerability in Tenda W6-S v1.0.0.4(510) via wl_radio parameter at /goform/WifiMacFilterGet IP Spoofing Vulnerability in User Activity WordPress Plugin Stack Overflow Vulnerability in Tenda W6-S v1.0.0.4(510) via wl_radio Parameter Stack Overflow Vulnerability in Tenda W6-S v1.0.0.4(510) via linkEn Parameter at /goform/setAutoPing Arbitrary Reboot Vulnerability in Tenda W6-S v1.0.0.4(510) Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via cmdinput Parameter at /goform/exeCommand Command Injection Vulnerability in Tenda W30E v1.0.1.25(633) via fileNameMit Parameter Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via editNameMit Parameter at /goform/editFileName Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via new_account Parameter at /goform/editUserName Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/addUserName Endpoint Stored Cross-Site Scripting Vulnerability in Rich Table of Contents WordPress Plugin Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via mit_ssid_index Parameter Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via PPPOEPassword Parameter at /goform/QuickIndex Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/SafeEmailFilter Endpoint Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/P2pListFilter Parameter Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/webExcptypemanFilter Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/addressNat Entries Parameter Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/NatStaticSetting Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/VirtualSer Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/SetIpBind Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/SafeMacFilter Go Parameter Stored XSS Vulnerability in FL3R FeelBox WordPress Plugin Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/qossetting Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/SafeUrlFilter Parameter Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/SafeClientFilter Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via /goform/L7Im Endpoint Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via opttype parameter at /goform/IPSECsave Stack Overflow Vulnerability in Tenda W30E V1.0.1.25(633) via downaction Parameter at /goform/CertListInfo SQL Injection Vulnerability in Future-Depth IMS 1.0: Arbitrary Command Execution via ad Parameter Future-Depth IMS 1.0: Unauthorized File Upload Vulnerability in Courseimg Directory SQL Injection Vulnerability in AeroCMS v0.0.1 via post_category_id Parameter CSRF Vulnerability in FL3R FeelBox WordPress Plugin Allows Deletion of lydl_posts & lydl_poststimestamp DB Tables SQL Injection Vulnerability in AeroCMS v0.0.1 via edit parameter at \admin\categories.php SQL Injection Vulnerability in AeroCMS v0.0.1 via id parameter at \admin\post_comments.php Reflected-XSS Vulnerability in EyouCMS <= 1.6.0 Article Publish Component Reflected-XSS Vulnerability in EyouCMS <= 1.6.0 Article Publish Component Reflected-XSS Vulnerability in EyouCMS FileManager Component Authenticated Reflected XSS Vulnerability in B2B Customer Ordering System Reflected XSS Vulnerability in EyouCMS <= 1.6.0 Article Type Editor Component Reflected XSS Vulnerability in EyouCMS <= 1.6.0 Article Attribute Editor Component Reflected-XSS Vulnerability in EyouCMS FileManager Component DiscuzX 3.4 Cross Site Scripting (XSS) Vulnerability in Audit Search Arbitrary File Upload and Code Execution Vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 Authentication Credentials Information Disclosure in ScreenCheck BadgeMaker 2.6.2.0 Application Arbitrary File Upload Vulnerability in AyaCMS v3.1.2 Authorization Bypass Vulnerability in WP Shamsi Plugin Allows Deactivation of Arbitrary Plugins Remote Code Execution (RCE) Vulnerability in AyaCMS 3.1.2 Privilege Escalation Vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 Insecure Permissions Vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18: Unauthorized Access to Sensitive Information via SPI Bus Interface Arbitrary Command Execution Vulnerability in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 Arbitrary Code Execution via File Names in Hundredrabbits Left 7.1.5 for MacOS Arbitrary Code Execution via Meta Tag in Hundredrabbits Left 7.1.5 for MacOS Cross-Site Scripting (XSS) Vulnerability in Alinto SOGo up to 5.7.1 Insecure Permissions and Backdoor Account Vulnerability in Telos Alliance Omnia MPX Node SQL Injection Vulnerability in znfit Home Improvement ERP Management System V50_20220207, V42 SQL Injection Vulnerability in Group Arge Energy and Control Systems Smartpower Web Cross-Site Scripting Vulnerability in Alinto SOGo up to 5.7.1 Open Redirect Vulnerability in Horizon Web Dashboard via success_url Parameter Stack Overflow Vulnerability in Dict::find Function in xpdf 4.04 Allows Denial of Service Stack Overflow Vulnerability in gmalloc Function in xpdf 4.04: Local Denial of Service Talend Remote Engine Gen 2 XXE Vulnerability SQL Injection Vulnerability in Talend ESB Runtime Provisioning Service Cross-Site Scripting (XSS) Vulnerability in INEX IPX-Manager up to 6.2.0 (VDB-215962) Missing SSL Certificate Validation in ComponentSpace.Saml2 4.4.0 Arbitrary Code Execution via Cross Site Scripting (XSS) Vulnerability in Joplin Desktop App PHP Type Juggling Vulnerability in Aztech WMB250AC Mesh Routers Firmware Version 016 2020 Allows Privilege Escalation via /var/www/login.php Cross Site Scripting (XSS) Vulnerability in Joget up to 7.0.31 (VDB-215963) Authentication Bypass and Arbitrary Command Execution in Aztech WMB250AC Mesh Routers Privilege Escalation Vulnerability in ThingsBoard 3.4.1 Cross-Site Scripting (XSS) Vulnerability in SemanticDrilldown Extension Privilege Escalation Vulnerability in Fresenius Kabi PharmaHelp 5.1.759.0 Cross-Site Scripting (XSS) Vulnerability in Book Store Management System v1.0 Stored Cross-Site Scripting Vulnerability in Meks Flexible Shortcodes WordPress Plugin Critical Vulnerability in Freedom of the Press SecureDrop: Symlink Following in gpg-agent.conf (VDB-215972) Account Information Exposure Vulnerability in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 Insecure Password Policy in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 Allows Unauthorized Access to Sensitive Account Information Unauthorized Model Unlocking Vulnerability in MEGAFEIS BOFEI DBD+ Application v1.4.4 Insecure Password Reset Vulnerability in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 Sleuthkit FLS Tool 4.11.1 OS Command Injection Vulnerability Cross-Site Request Forgery Vulnerability in University of Central Florida Materia up to 9.0.0 Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19: Local Denial of Service Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19: Exploiting formSetMacFilterCfg Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via addWifiMacFilter Function Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via deviceId Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via addWifiMacFilter Function Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via limitSpeedUp Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via limitSpeed Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via devName Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via endIp Parameter in formSetPPTPServer Function Remote Code Execution Vulnerability in Dromara HuTool up to 5.8.10 Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 Firewall Configuration Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via startIp Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via ssid Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via timeZone Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via fromSetSysTime Function Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via fromSetIpMacBind Function Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via schedEndTime Parameter Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via wpapsk_crypto Parameter Critical SQL Injection Vulnerability in y_project RuoYi 4.7.5 (VDB-215975) Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via schedStartTime Parameter in setSchedWifi Function Buffer Overflow Vulnerability in Tenda AC6V1.0 V15.03.05.19 via setSmartPowerManagement Function Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via formWifiMacFilterSet Function Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via formwrlSSIDget Function Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via funcpara1 Parameter in formSetCfm Function Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via formwrlSSIDset Function Tenda i22 V1.0.0.3(4687) CSRF Vulnerability in fromSysToolRestoreSet Function Tenda i22 V1.0.0.3(4687) CSRF Vulnerability in fromSysToolReboot Function Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via formWifiMacFilterGet Function Improper Access Control in GitHub Repository: openemr/openemr (prior to 7.0.0.2) Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via ping1 Parameter Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via appData Parameter in formSetAppFilterRule Function Buffer Overflow Vulnerability in Tenda i22 V1.0.0.3(4687) via formWx3AuthorizeSet Function Tenda AC6V1.0 V15.03.05.19 CSRF Vulnerability in fromSysToolRestoreSet Function Tenda AC6V1.0 V15.03.05.19 CSRF Vulnerability in fromSysToolReboot Function SQL Injection Vulnerability in TMS Student Login Process via Email Parameter Lenovo System Update Directory Permissions Vulnerability Stack Overflow Vulnerability in Jettison v1.5.2 and Earlier: Denial of Service (DoS) via Crafted JSON Data Stack Overflow Vulnerability in XML.toJSONObject Component of hutool-json v5.8.10 Hutool-JSON v5.8.10 Out of Memory Vulnerability ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool Local Privilege Escalation Vulnerability Stack Overflow Vulnerability in org.json.JSONTokener.nextValue::JSONTokener.java Component of Hutool-JSON v5.8.10 Stack Overflow Vulnerability in Jettison v1.5.2: Denial of Service (DoS) via Crafted String Arbitrary File Delete Vulnerability in Razer Central APSystems ECU-R Version 5203: Remote Command Injection via Timezone Parameter Stored Cross-Site Scripting Vulnerability in Top 10 WordPress Plugin (Version 3.2.3 and below) Remote Code Execution Vulnerability in Arris TG2482A Firmware through 9.1.103GEM9 via Ping Utility Heap Buffer Overflow Vulnerability in binutils readelf (CVE-2021-xxxx) Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) via hostname parameter in formSetNetCheckTools function Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) Multiple Command Injection Vulnerabilities in IP-COM M50 V15.11.0.33(10768) Stored Cross-Site Scripting Vulnerability in Seriously Simple Podcasting WordPress Plugin Multiple Buffer Overflows in IP-COM M50 V15.11.0.33(10768) via formSetDebugCfg Function Parameters Command Injection Vulnerability in IP-COM M50 V15.11.0.33(10768) Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) Multiple Buffer Overflows in IP-COM M50 V15.11.0.33(10768) via pLanPortRange and pWanPortRange Parameters Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) Command Injection Vulnerability in IP-COM M50 V15.11.0.33(10768) via usbPartitionName Parameter Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) via gotoUrl Parameter Path Traversal Vulnerability in UBI Reader up to 0.8.0 Multiple Buffer Overflows in IP-COM M50 V15.11.0.33(10768) via IPMacBindModify Function Buffer Overflow Vulnerability in IP-COM M50 V15.11.0.33(10768) Cross-Site Scripting (XSS) Vulnerability in ezEIP v5.3.0(0649) Incorrect Access Control in Comfast router CF-WR6110N V2.3.1: Remote Session Hijacking Vulnerability Remote Code Execution Vulnerability in Comfast Router CF-WR6110N V2.3.1 Cross-Site Scripting (XSS) Vulnerability in Doctor Appointment Management System v1.0.0 Cross-Site Scripting (XSS) Vulnerability in Doctor Appointment Management System v1.0.0 via Crafted Employee ID Parameter ThinkPad X1 Fold Gen 1 SMI Handler Input Validation Vulnerability Cross-Site Scripting (XSS) Vulnerability in Doctor Appointment Management System v1.0.0 ThinkPad BIOS SMI Handler Input Validation Vulnerability Use After Free Vulnerability in assimp 5.1.4's ColladaParser::ExtractDataObjectFromChannel Function ThinkPad BIOS Vulnerability: Bypassing Secure Boot via Improper Write Protection of UEFI Variables Arbitrary Code Execution via XSS Vulnerability in EyouCMS v1.6.0 Cross Site Scripting (XSS) Vulnerability in SENS v1.0 Cross Site Scripting (XSS) Vulnerability in SENS v1.0 via com.liuyanzhao.sens.web.controller.admin, getRegister File Upload Vulnerability in SENS v1.0 Stored Cross-Site Scripting Vulnerability in Easy Bootstrap Shortcode WordPress Plugin Incorrect Access Control Vulnerability in SENS v1.0 Vulnerability: Hardcoded Credentials in GFMS Version 3 Software Allows Remote Attackers to Compromise Electronic Key Boxes Command Injection Vulnerability in Edimax Wireless Router N300 Firmware BR428nS v3 ClicShopping_V3 v3.402 Cross-Site Scripting (XSS) Vulnerability Stored Cross-Site Scripting Vulnerability in Easy Testimonials WordPress Plugin Local Privilege Escalation Vulnerability in Adguard For Windows x86 through 7.11 Privilege Escalation and Arbitrary Code Execution in Pwndoc v0.5.3 via Crafted Audit File Upload Hillstone Firewall SG-6000 <= 5.0.4.0 Incorrect Access Control Vulnerability Stored Cross-Site Scripting Vulnerability in Video Conferencing with Zoom WordPress Plugin Arbitrary Code Execution Vulnerability in Tenda AX1803 v1.0.0.1_2994 and Earlier Cryptographically Insecure Random Generation Algorithm in dotCMS Core Leads to Account Takeover Authenticated Directory Traversal Vulnerability in dotCMS API Leading to Remote Code Execution Vulnerability: SQL Injection in AGE Drivers for Golang and Python Information Disclosure Vulnerability in Apache James MIME4J TempFileStorageProvider Title: Multiple Schneider Electric Controllers Vulnerable to Arbitrary Code Execution and Denial of Service Attacks Authentication Bypass by Capture-replay Vulnerability in Modbus Controllers Vulnerability: Brute Force Attack on Omron FINS Protocol Authentication Directory Traversal and File Overwrite Vulnerability Insecure Permissions in Sysmac Studio Installation Directory PLC File Access Vulnerability Command Injection Vulnerability in SHARP MFPs' nw_interface.html Arbitrary File Deletion Vulnerability in Trend Micro Apex One and Apex One as a Service Privilege Escalation via Symbolic Link Abuse in Trend Micro Apex One Stored Cross-Site Scripting Vulnerability in Twenty20 Image Before-After WordPress Plugin LDAP Injection Vulnerability in Apache StreamPark 1.0.0 to 2.0.0 Unrestricted File Upload Vulnerability in Streampark CSRF Vulnerability in RoboSoft Photo Gallery Plugin Allows Unauthorized Gallery Hierarchy Changes SQL Injection Vulnerability in Paytm Paytm Payment Gateway CSRF Vulnerability in WPVibes WP Mail Log Plugin <= 1.0.1 Critical SQL Injection Vulnerability in LearnPress WordPress LMS Plugin TOCTOU Race Condition Vulnerability in Ricard Torres Thumbs Rating Cross-Site Scripting (XSS) Vulnerability in 1j01 Mind-Map (VDB-216167) CSV Injection vulnerability in Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce Stored Cross-Site Scripting (XSS) Vulnerability in Martin Lees Exxp Plugin <= 2.6.8 Stored Cross-Site Scripting (XSS) Vulnerability in Fabian von Allmen WP Calendar Plugin <= 1.5.3 CSRF Vulnerability in StylemixThemes GDPR Compliance & Cookie Consent Plugin Stored Cross-Site Scripting (XSS) Vulnerability in GD bbPress Attachments Plugin <= 4.3.1 on WordPress Erin Garscadden GC Testimonials Plugin XSS Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in WP OnlineSupport Essential Plugin Hero Banner Ultimate Plugin Cross Site Scripting (XSS) Vulnerability in starter-public-edition-4 up to 4.6.10 Title: Critical SQL Injection Vulnerability in LearnPress WordPress LMS Plugin Stored Cross-Site Scripting (XSS) Vulnerability in NooTheme Noo Timetable Plugin <= 2.1.3 Unauthenticated SQL Injection Vulnerability in Advanced Booking Calendar Plugin CSRF Vulnerability in GalleryPlugins Video Contest WordPress Plugin CSRF Vulnerability in Advanced Booking Calendar Plugin for WordPress Critical Unauthenticated Reflected XSS Vulnerability in iThemes WPComplete Plugin Stored XSS Vulnerability in GalleryPlugins Video Contest Plugin <= 3.2 CSRF Vulnerability in NooTheme Noo Timetable Plugin Authentication Bypass Vulnerability in Easy WP SMTP Plugin <= 1.5.1 for WordPress Critical Path Traversal Vulnerability in jLEMS (CVE-2021-216169) Unauthenticated Reflected XSS Vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox Plugin Easy WP SMTP Plugin <= 1.5.1 Authenticated Path Traversal Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in PhonePe Payment Solutions Unauthenticated Reflected XSS Vulnerability in W3 Eden, Inc. Download Manager Plugin <= 3.2.59 Title: Denis 微信机器人高级版 Plugin <= 6.0.1 Reflected Cross-Site Scripting (XSS) Vulnerability Critical Unauthenticated Stored XSS Vulnerability in Repute InfoSystems ARForms Form Builder Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WHA WHA Puzzle Plugin <= 1.0.9 Critical Heap-Based Buffer Overflow Vulnerability in Axiomatic Bento4 (CVE-2021-216170) Unauthenticated Race Condition Vulnerability in WP ULike Plugin <= 4.6.4 on WordPress Allows Unauthorized Rating Manipulation Stored Cross-Site Scripting Vulnerability in Nextend Smart Slider 3 Plugin <= 3.5.1.9 Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3 CSRF Vulnerability in Nickys Image Map Pro for WordPress Plugin CVE-2022-45847 Contest Gallery Plugin Unauthenticated Stored XSS Vulnerability Silkalns Activello Theme <= 1.4.4 Reflected XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Opencaching Deutschland oc-server3 CVE-2022-45851 Privilege Escalation Vulnerability in Zyxel GS1900-8 Firmware: Unauthorized Root Access via SSH Vulnerability: Denial-of-Service (DoS) via Crafted VLAN Frames in Zyxel NWA110AX Firmware Remote Code Execution via SpringEL Injection in Apache Ambari 2.7.0 to 2.7.6 FortiManager VDOM Creation Vulnerability: Unauthorized Access to FortiGate without Password Weak Cryptographic Algorithm Vulnerability in FortiNAC Credential Exposure Vulnerability in FortiNAC-F and FortiNAC Versions 7.2.0, 9.4.1, and below Cross Site Scripting (XSS) Vulnerability in Opencaching Deutschland oc-server3 FortiNAC-F Weak Authentication Vulnerability Uninitialized Pointer Vulnerability in Fortinet FortiOS and FortiProxy Directory Traversal Vulnerability in qpress Directory Traversal and Local File Inclusion Vulnerability in MyBB Admin CP Languages Module Cleartext Password Exposure in H2 Database Engine Web Admin Console Race Condition Vulnerability in x86 KVM Subsystem Allows Denial of Service in Linux Kernel Cross Site Scripting (XSS) Vulnerability in Opencaching Deutschland oc-server3 Remote Denial-of-Service (DoS) Vulnerability in WithSecure fsicapd Component iTerm2 DECRQSS Response Mishandling Vulnerability Local Denial of Service (DoS) Vulnerability in systemd 250 and 251 Improper Authorization Vulnerability in Huawei Aslan Children's Watch Allows Unauthorized File Access Remote Command Execution Vulnerability in Apache DolphinScheduler Information Disclosure Vulnerability in VISAM VBASE Automation Base Plain Text Transmission of PIN Code in OpenHarmony-v3.1.4 and Prior Versions: A Man-in-the-Middle Vulnerability Cross-Site Scripting Vulnerability in Boston Sleep Slice up to 84.1.x Use-after-free vulnerability in Linux kernel through 6.0.9 in drivers/media/dvb-core/dvbdev.c Race condition leading to use-after-free vulnerability in Linux kernel's dvb_frontend.c Race condition in Linux kernel leads to use-after-free vulnerability in dvb_net.c Memory Leak in ttusb_dec.c due to Missing dvb_frontend_detach Call Race Condition and Use-After-Free Vulnerability in Linux Kernel USB Device Removal Remote SQL Injection Vulnerability in Planet eStream before 6.72.10.07 Open Redirect Vulnerability in cyface Terms and Conditions Module up to 2.0.9 Reflected Cross-Site Scripting (XSS) Vulnerability in Planet eStream before 6.72.10.07 Planet eStream before 6.72.10.07 Vulnerability: Unauthenticated Uploads and Unauthorized Access Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Planet eStream before 6.72.10.07 Planet eStream before 6.72.10.07: Brute-Force Attack Allows Unauthorized Access to Administrative and High-Privileged User Accounts Arbitrary Local File Read Vulnerability in GetFile.aspx Sensitive Information Disclosure in Planet eStream before 6.72.10.07: ON Cookie and WhoAmI Endpoint Vulnerability Unauthenticated Arbitrary File Upload Vulnerability in Planet eStream before 6.72.10.07 Cleartext Credential Exposure Vulnerability on Xerox WorkCentre 3550 25.003.03.000 Devices Cross Site Scripting (XSS) Vulnerability in mschaef toto up to 1.4.20 Arbitrary Code Execution Vulnerability in PyTorch's torch.jit.annotations.parse_type_line Code Injection Vulnerability in PaddlePaddle's paddle.audio.functional.get_window() Function Heap-Based Buffer Over-Read Vulnerability in drachtio-server before 0.8.19 Cross-Site Scripting (XSS) Vulnerability in mschaef toto up to 1.4.20 LDAP Injection Vulnerability in Apache ManifoldCF Cross-Site Scripting (XSS) Vulnerability on Zimbra Collaboration (ZCS) 9.0 Classic UI Login Page Remote Code Execution through ClientUploader Utility in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration (ZCS) 9.0 Unauthenticated RF Signal Manipulation Vulnerability in Electronic Shelf Label Protocol OS Command Injection in ILIAS before 7.16 Cross-Site Scripting (XSS) Vulnerability in ILIAS before 7.16 Open Redirect Vulnerability in ILIAS before 7.16 External Control of File Name or Path in ILIAS before 7.16 Use-after-free vulnerability in Linux kernel through 6.0.10 in dvb_ca_en50221.c Critical SQL Injection Vulnerability in luckyshot CRMx (CVE-2021-216185) Memory Leak Vulnerability in Softing uaToolkit Embedded before 1.41 Arbitrary File Retrieval Vulnerability in FusionAuth OpenText Content Suite Platform 22.1 (16.2.19.1803) AdminPwd Cookie Bypass Vulnerability Arbitrary Memory Address Manipulation and Virtual Function Table Exploitation in OpenText Content Suite Platform 22.1 Arbitrary File Deletion Vulnerability in OpenText Content Suite Platform 22.1 Information Disclosure in OpenText Content Suite Platform 22.1 (16.2.19.1803) Privilege Escalation via notify.localizeEmailTemplate Endpoint Authentication Bypass Vulnerability in OpenText Content Suite Platform 22.1 Remote OScript Execution Vulnerability in OpenText Content Suite Platform 22.1 Cross Site Scripting (XSS) Vulnerability in retra-system (VDB-216186) SQL Injection Vulnerability in OpenDaylight AAA SQL Injection Vulnerability in OpenDaylight AAA UserStore.java deleteUser Function SQL Injection Vulnerability in OpenDaylight AAA Unauthenticated Access to Kubernetes Cluster via KubeView Integer Wraparound Vulnerability in l2cap_config_req Function Insecure Permissions in Apache James Server's Temporary Files Improper Access Control in Mendix Email Connector (All versions < V2.0.0) Sensitive Information Disclosure Vulnerability in APOGEE and TALON Building Automation Systems Stored XSS Vulnerability in Comcast Defined Technologies microeisbss: Remote Code Execution and Privilege Escalation Arbitrary Command Execution Vulnerability in GNU Emacs through 28.2 Critical Path Traversal Vulnerability in drogatkin TJWS2 (CVE-2021-216187) Remote Code Execution (RCE) Vulnerability in baijiacms v4's common.inc.php Cross Site Scripting (XSS) Vulnerability in django-openipam Insecure HEAD Method Bypass in Boa Web Server Versions 0.94.13-0.94.14 Remote Stack Buffer Overflow Vulnerability in ZTE ZXHN-H108NS Router Cross-Site Scripting (XSS) Vulnerability in Shoplazza 1.1 SQL Injection Vulnerability in openSIS Community Edition v8.0 and earlier via CalendarModal.php Privilege Bypass Vulnerability in H3C Firewall <= 3.10 ESS6703 Arbitrary File Upload Vulnerability in Classcms3.5 File Management Function Module File Upload Vulnerability in Alist v3.4.0 Allows Unauthorized File Upload Directory Traversal Vulnerability in Alist v3.4.0 Cross-Site Scripting (XSS) Vulnerability in Shoplazza LifeStyle 1.1 Bulletin Board Cross Site Scripting (XSS) Vulnerability in Alist v3.5.1 Command Injection Vulnerability in Tenda AX12 V22.03.01.21_CN via /goform/setMacFilterCfg Function Stack Overflow Vulnerability in Tenda AX12 v22.03.01.21_CN via ssid Parameter Cross-Site Scripting (XSS) Vulnerability in Shoplazza LifeStyle 1.1 Tenda AX12 V22.03.01.21_CN CSRF Vulnerability in /goform/SysToolRestoreSet Deserialization Vulnerability in ThinkPHP 6.0.0~6.0.13 and 6.1.0~6.1.1: Remote Code Execution Arbitrary Command Execution and Privilege Escalation in starsoftcomm CooCare 5.304 Cross-Site Scripting (XSS) Vulnerability in Shoplazza LifeStyle 1.1 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Ecommerce-Website v1.0's /signup_script.php Title: Unauthorized Buffer Overflow Vulnerability in Tenda AX12 v22.03.01.21 _ cn Command Injection Vulnerability in Tenda W20E V16.01.0.6(3392) via cmd_get_ping_output Buffer Overflow Vulnerability in Tenda W20E V16.01.0.6(3392) Cross-Site Scripting (XSS) Vulnerability in Shoplazza LifeStyle 1.1 Cross-Site Scripting Vulnerability in Shoplazza LifeStyle 1.1 Cross-Site Scripting (XSS) Vulnerability in Shoplazza LifeStyle 1.1 Arbitrary File Upload Vulnerability in WBCE CMS v1.5.4 X-Man 1.0 SQL Injection Vulnerability: Risk of Data Leakage Totolink N200RE_V5 V9.3.5u.6255_B20211224 Incorrect Access Control Vulnerability Improper Validation of Array Index in pppdump's dumpppp Function Cross-Site Request Forgery Vulnerability in wp-english-wp-admin Plugin up to 1.5.1 SQL Injection Vulnerability in AeroCMS v0.0.1 via delete parameter Stored Cross-site Scripting (XSS) Vulnerability in FlatPress Blog prior to version 1.3 SQL Injection Vulnerability in AeroCMS-v0.0.1 CMS System's approve Parameter Cross-Site Scripting (XSS) Vulnerability in AeroCMS v0.0.1 via add_post.php CSRF Vulnerability in AeroCMS v0.0.1 PHP Remote File Inclusion Vulnerability in FlatPress Blog prior to version 1.3 ClickJacking Vulnerability in AeroCMS v0.0.1 Gym Management System v0.0.1 Vulnerability: Cross Site Request Forgery (CSRF) XML External Entity (XXE) Reference Vulnerability in 3D City Database OGC Web Feature Service up to 5.2.0 CVE-2022-46070 Critical SQL Injection Vulnerability in Helmet Store Showroom v1.0 Login Page Allows Admin Access Bypass Unauthenticated SQL Injection Vulnerability in Helmet Store Showroom v1.0 Cross Site Scripting (XSS) Vulnerability in Helmet Store Showroom 1.0 CSRF Vulnerability in Helmet Store Showroom 1.0 Allows Unauthorized Admin Account Addition Authentication Bypass Vulnerability in D-Link DIR-869 Router Firmware Stack Overflow Vulnerability in HCI IEC 60870-5-104 Function of RTU500 Series Authentication Bypass and Command Execution Vulnerability in Nexxt Nebula 1200-AC 15.03.06.60 Unresolved Vulnerability: Continued Exposure of Private Personal Information in Garmin Connect 4.61 LiveTrack API Cross Site Scripting (XSS) vulnerability in CloudSchool v3.0.1 allows session cookie theft through admin user notifications CVE-2022-46088 CVE-2022-46089 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.0 CVE-2022-46091 SQL Injection Vulnerability in Hospital Management System v1.0 Allows Unauthorized Administrator Access Cross-Site Scripting (XSS) Vulnerability in Sourcecodester Covid-19 Directory on Vaccination System 1.0 Cross-Site Scripting (XSS) Vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 Risky Cryptographic Algorithm Vulnerability in Click Studios Passwordstate and Passwordstate Browser Extension Chrome (VDB-216272) Command Execution Vulnerability in AyaCMS v3.1.2 Arbitrary File Upload Vulnerability in AyaCMS 3.1.2 via /aya/module/admin/fst_down.inc.php Buffer Overflow Vulnerability in Tenda AC15 V15.03.06.23: Exploiting formSetClientState Function Hard-coded Credentials Vulnerability in Click Studios Passwordstate and Passwordstate Browser Extension Chrome (VDB-216273) SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 via /hss/?page=view_product&id= SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 via /hss/?page=categories&c= Insufficient Protection of Credentials in Click Studios Passwordstate and Passwordstate Browser Extension SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 via User Management Page SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 via /hss/admin/brands/manage_brand.php?id= SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 via /hss/classes/Master.php?f=delete_product Cross Site Scripting (XSS) Vulnerability in phpgurukul Doctor Appointment Management System V 1.0.0 via searchdata= Critical Authorization Vulnerability in Click Studios Passwordstate and Passwordstate Browser Extension Arbitrary File Upload Vulnerability in AeroCms v0.0.1 Directory Traversal Vulnerability in AeroCMS v0.0.1 Denial of Service (DoS) Vulnerability in TP-Link TL-WR940N V4 3.16.9 and Earlier Stored Cross-site Scripting (XSS) Vulnerability in znote-app GitHub Repository (prior to version 1.7.11) Weak Encryption Scheme in Debug Zip File Allows Unauthorized Access to System Debug Information Information Disclosure Vulnerability in SIMATIC STEP 7 (TIA Portal) Allows Unauthorized Access to Access Level Passwords Physical Access Vulnerability: Retrieval and Decryption of Encrypted CLI User Passwords TFTP Blocksize Check Vulnerability Vulnerability in SCALANCE SC6xx-2C Series: Unresponsive CLI via SSH or Serial Interface Unauthorized User Creation and Account Takeover in authentik Identity Provider Authentication Bypass Vulnerability in Prometheus Exporter Toolkit Cross-Site Scripting Vulnerability in Drag and Drop XBlock v2 Self-XSS vulnerability in Discourse allows for potential full XSS Out-of-Bounds Read Vulnerability in Cap'n Proto Reflected Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0.2 Disclosure of Hidden Tags to Unauthorized Users in Discourse Reflected Cross-Site Scripting (XSS) in Querybook's Auth Callback URL Improper Validation of Array Index in OP-TEE Trusted OS Allows Local Privilege Escalation Potential TLS Connection Vulnerability in Traefik Arbitrary File Access Vulnerability in Kodexplorer Misconfigured Build Script in Airtable.js Allows Bundling of Environment Variables Exposure of Authentication Token in Synthetic Monitoring Agent for Grafana's Synthetic Monitoring Application Arbitrary PHP Code Execution via Crafted Image Upload in Akeneo PIM Community Edition Filesystem Access Vulnerability in PrestaShop Versions Prior to 1.7.8.8 Unlisted Topic Creation Vulnerability in Discourse Command Injection Vulnerability in Delta DX-3021 Webserver Improper Verification of Project Level Authorizations in Tuleap Prior to 14.2.99.104 Arbitrary Code Execution Vulnerability in pdfmake (versions up to 0.2.5) CSS Injection Vulnerability in discourse-bbcode Plugin Ransack Query Injection Vulnerability in Travel Support Program User Impersonation and Account Takeover Vulnerability in NodeBB Stored Cross-Site Scripting Vulnerability in Syncthing Vulnerability: Unauthorized Write Access to Environment Variables in Spring Boot Admin Privilege Escalation via Namespace Detachment in Capsule Framework Email addresses of users in group SMTP topics are exposed in Discourse versions prior to 2.8.14 and 2.9.0.beta15 Cacti Remote Command Injection Vulnerability Reflected Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3.2 Session Cookie Cross-Access Vulnerability in CodeIgniter File Path Literal Exposure Vulnerability in Tauri Framework Arbitrary Account Creation Vulnerability in Authentik Identity Provider Processing Issue with Cross-Shard Relayed Transaction and Smart Contract Deploy Transaction Data in Elrond-GO (Versions prior to 1.3.50) Race condition vulnerability in Amazon EFS mount helper in efs-utils v1.34.3 and below Prototype Pollution in JSON5.parse method allows arbitrary key pollution in returned object Cargo SSH Host Key Verification Bypass Vulnerability Account Takeover via Password Reset Link Email File Upload Path Validation Vulnerability in MeterSphere v2.5.0 and earlier Authentication Bypass Vulnerability in LiuOS 0.1.0 and Prior Arbitrary HTML Injection Vulnerability in Discourse Mermaid Theme Component XSS Vulnerability in Gotify Server Allows Account Takeover Stored Cross-Site Scripting Vulnerability in Sidebar Widgets by CodeLights Plugin for WordPress CSRF Vulnerability in Panasonic Sanyo CCTV Network Cameras Stored Cross-Site Scripting Vulnerability in Login Logout Menu WordPress Plugin Stored Cross-Site Scripting Vulnerability in ND Shortcodes WordPress Plugin Stored Cross-Site Scripting Vulnerability in GS Logo Slider WordPress Plugin Stored Cross-Site Scripting Vulnerability in Login Logout Menu WordPress Plugin Improper Pathname Limitation in GitHub Enterprise Server Enables Remote Code Execution GitHub Enterprise Server Path Traversal Vulnerability Allows Remote Code Execution GitHub Enterprise Server Information Disclosure Vulnerability GitHub Enterprise Server Incorrect Authorization Vulnerability Stored Cross-Site Scripting Vulnerability in PPWP WordPress Plugin Host Header Injection Vulnerability in Polarion ALM (All versions < V2304.0) Stored Cross-Site Scripting Vulnerability in ShiftNav WordPress Plugin Improper Access Control in Intel(R) Retail Edge Android App: Potential Information Disclosure Stored Cross-Site Scripting Vulnerability in Easy PayPal Buy Now Button WordPress Plugin Uninitialized Pointer Vulnerability in Open Babel 3.1.1 and master commit 530dbfa3 Local Code Execution Vulnerability in CX-Drive V3.00 and Earlier Denial of Service Vulnerability in libXpm Information Disclosure Vulnerability in VISAM VBASE Automation Base Arbitrary Script Injection Vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and Earlier Open Redirect Vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and Earlier: Remote Phishing Attack Exploit Out-of-Bounds Write Vulnerabilities in ORCA Format nAtoms Functionality of Open Babel 3.1.1 and Master Commit 530dbfa3 Stored Cross-Site Scripting Vulnerability in Product Slider for WooCommerce WordPress Plugin Out-of-Bounds Write Vulnerabilities in Open Babel 3.1.1 and master commit 530dbfa3 Arbitrary Code Execution via Out-of-Bounds Write in Open Babel 3.1.1 and master commit 530dbfa3 Out-of-Bounds Write Vulnerabilities in Open Babel TranslationVectors Parsing Functionality Out-of-Bounds Write Vulnerabilities in Open Babel TranslationVectors Parsing Functionality Arbitrary Code Execution via Out-of-Bounds Write in Open Babel 3.1.1 and Master Commit 530dbfa3 Arbitrary Code Execution via Out-of-Bounds Write in Open Babel's TranslationVectors Parsing Functionality Denial of Service Vulnerability in Intel Unison Software Intel Unison Software: Local Access Information Disclosure Vulnerability Missing 'HttpOnly' Flag for Sensitive Cookie in GitHub Repository lirantal/daloradius Information Disclosure Vulnerability in VISAM VBASE Automation Base Versions Prior to 11.7.5 Unison Software Vulnerability: Local Privileged User Denial of Service Exploit Remote Code Execution Vulnerability in Tribe29's Checkmk Arbitrary Command Execution in Tribe29 Checkmk SMS Notifications Command Injection Vulnerability in ChangingTec ServiSign Component Path Traversal Vulnerability in ChangingTec ServiSign Component Path Traversal Vulnerability in ChangingTec ServiSign Component Incorrect Authorization in SGUDA U-Lock Central Lock Control Service Allows Remote Attackers to Manipulate Electronic Locks Incorrect Authorization in SGUDA U-Lock Central Lock Control Service Allows Unauthorized Access and Modification of User Information Path Traversal Vulnerability in Vitals ESP Upload Function Allows Unauthorized Access to System Files Cross-Site Scripting (XSS) Vulnerability in WP-Ban (VDB-216480) TelephonyProvider Module Vulnerability: Data Confidentiality at Risk Unsecured Provider Vulnerability in Contacts Component: Risk to Data Integrity Application Management Module Vulnerability: Unauthorized Clearing of Device Applications Authentication Vulnerability in Sensor Privacy Module: Implications for Camera and Microphone Availability IPC Module Design Defects: A Threat to System Availability Design Defect in ProfileSDK: A Threat to System Availability Authentication Process Vulnerability: Threat to Data Integrity, Confidentiality, and Availability Out-of-Bounds Read Vulnerability in Power Consumption Module Account Removal Function Logic Error in HAware Module Boundary Judgment Vulnerability in Fingerprint Calibration: Exploiting Out-of-Bounds Write Cross Site Scripting (XSS) Vulnerability in Auto Upload Images up to 3.3.0 Out-of-Bounds Read Vulnerability in Kernel Module: Risk of Memory Overwriting Wi-Fi Module Vulnerability: Permission Verification Flaw Exposes Data Confidentiality Out-of-Bounds Write Vulnerability in Smartphones: Exploiting System Service Exceptions Out-of-Bounds Write Vulnerability in Smartphones: Potential System Service Exception Exploitation Out-of-Bounds Write Vulnerability in Smartphones: Exploiting System Service Exceptions Out-of-Bounds Write Vulnerability in Smartphones: Potential System Service Exception Exploitation Out-of-Bounds Write Vulnerability in Smartphones: Exploiting System Service Exceptions Configuration Vulnerability in Smartphones: Privilege Escalation and System Service Exceptions Data Confidentiality at Risk: Input Validation Vulnerability Found in Certain Smartphones Privilege Escalation Vulnerability in Intel(R) PROSet/Wireless WiFi Software Cross-Site Request Forgery Vulnerability in Auto Upload Images up to 3.3.0 Insecure DLL Loading Vulnerability in Squirrel.Windows Installers File Deletion Vulnerability Stored Cross-Site Scripting Vulnerability in Proofpoint Enterprise Protection's Admin Smart Search Feature Command Injection Vulnerability in Proofpoint Enterprise Protection (PPS/PoD) Admin User Interface Privilege Escalation Vulnerability in Proofpoint Enterprise Protection (PPS/PoD) LDAP Authentication Bypass and Database Corruption Vulnerability in Derby Critical Security Vulnerability in g810-led 0.4.2: Unauthorized Access to Sensitive Keyboard Data Stack-Based Buffer Overflow in Delta Electronic’s CNCSoft Stack Corruption Vulnerability in X.Org's XTest Extension X.Org XIPassiveUngrab Out-of-Bounds Memory Access Vulnerability X.Org XvdiSelectVideoNotify Memory Write-after-Free Vulnerability X.Org ScreenSaverSetAttributes Memory Corruption Vulnerability X.Org XIChangeProperty Request Length Validation Vulnerability Out of Bounds Write Vulnerability in Parasolid and Solid Edge Applications (ZDI-CAN-19070) Out of Bounds Write Vulnerability in Parasolid and Solid Edge Applications (ZDI-CAN-19071) Out of Bounds Write Vulnerability in Parasolid and Solid Edge Applications (ZDI-CAN-19079) Out of Bounds Write Vulnerability in Parasolid and Solid Edge Applications (ZDI-CAN-19383) Out of Bounds Read Vulnerability in Parasolid and Solid Edge Applications (ZDI-CAN-19384) Cross-Site Scripting (XSS) Vulnerability in SCALANCE X204RNA and SCALANCE X204RNA EEC PROFINET DCP Packet Denial of Service Vulnerability PROFINET DCP Packet Denial of Service Vulnerability Insecure Session ID Generation in SCALANCE X204RNA Devices Missing Security Headers in SCALANCE X204RNA Devices Sensitive Data Leakage via HTTP Referer vulnerability Critical Vulnerabilities in HP Security Manager: Privilege Escalation, Code Execution, and Information Disclosure Critical Vulnerabilities in HP Security Manager: Privilege Escalation, Code Execution, and Information Disclosure Critical Vulnerabilities in HP Security Manager: Privilege Escalation, Code Execution, and Information Disclosure Critical Vulnerabilities in HP Security Manager: Privilege Escalation, Code Execution, and Information Disclosure Path Traversal Vulnerability in Black Box KVM Firmware version 3.4.31307 on Select Models Local Privilege Escalation Vulnerability in V-SFT and TELLUS via Specially Crafted Image File Physical Access USB Device Vulnerability Remote Directory Listing and Code Exfiltration Vulnerability in Apache CXF SSRF Vulnerability in Apache CXF: Parsing Href Attribute of XOP:Include in MTOM Requests Unauthenticated User Account Modification in Apache StreamPark 1.0.0 before 2.0.0 Apache Tapestry 3.x Remote Code Execution Vulnerability Rumpus FTP Server CSRF Privilege Escalation Vulnerability Rumpus FTP Server 9.0.7.1 CSRF Vulnerability Rumpus FTP Server v9.0.7.1 PXSS Vulnerability: Unspecified Input Fields at Risk Cross Site Scripting (XSS) Vulnerability in ep3-bs up to 1.7.x (VDB-216495) Rumpus FTP Server 9.0.7.1 - Identity Verification Bypass Vulnerability Default Administrator User Name Disclosure in Alotcer AR7088H-A Firmware Version 16.10.3 Unauthenticated Command Execution Vulnerability in Alotcer AR7088H-A Firmware Version 16.10.3 Out-of-Bounds Read Vulnerability in Weston Embedded uC-FTPs v 1.98.00 PORT Command Parameter Extraction Functionality Out-of-Bounds Read Vulnerability in Weston Embedded uC-FTPs v 1.98.00 PORT Command Parameter Extraction Functionality Cross-Site Scripting (XSS) Vulnerability in collective.contact.widget up to 1.12 XSS Vulnerability in Linear eMerge E3-Series Devices via type Parameter Insecure Token Validation in RackN Digital Rebar Privileged Token Exposure in RackN Digital Rebar: Incorrect Access Control Vulnerability Terminal Title Command Injection Vulnerability Reflected XSS Vulnerability in ServiceNow Logout Functionality Critical Format String Vulnerability in sslh (CVE-2021-216497) Cross-Site Scripting (XSS) Vulnerability in AWStats Hostinfo Plugin RSA Private Key Recovery Vulnerability Heap-based Buffer Overflow and Over-read in Mbed TLS DTLS with Enabled MBEDTLS_SSL_DTLS_CONNECTION_ID Improper GPU Processing Operations Vulnerability in Arm Mali GPU Kernel Driver Improper GPU Processing Operations Vulnerability in Arm Mali GPU Kernel Driver Improper GPU Memory Processing Vulnerability in Arm Mali Kernel Driver Predictable IV Generation Vulnerability in FP.io VPP (Vector Packet Processor) Unresponsive Firmware Vulnerability in Microchip RN4870 Module Cross-Site Scripting (XSS) Vulnerability in Mingsoft MCMS 5.2.9 Bypassing Passkey Entry in Legacy Pairing Vulnerability in Microchip RN4870 Module Firmware 1.43 Vulnerability: Insecure Acceptance of PauseEncReqPlainText in Microchip RN4870 Module Firmware 1.43 Vulnerability: Incorrect Value Acceptance in Microchip RN4870 Module Firmware 1.43 Vulnerability: Mishandling of Reject Messages in Microchip RN4870 Module Firmware 1.43 Arbitrary File Upload and Administrative Access Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager Denial of Service Vulnerability in Mastodon 4.0.2 via Recursive Attacker-Generated Messages Open Redirect HTTP Header Injection in Ericsson Network Manager (ENM) Versions Prior to 22.2 Vulnerability in Ericsson Network Manager (ENM) Allows Remote Code Execution and Data Leakage via Malicious Hyperlinks Insecure Temporary File Vulnerability in LogisticRegression Function (VDB-216500) Privilege Escalation Vulnerability in Veritas NetBackup Flex Scale 3.0 Default Password Persistence Vulnerability in Veritas NetBackup Flex Scale and Access Appliance Privilege Escalation Vulnerability in Veritas NetBackup Flex Scale Authenticated Remote Command Execution in Veritas NetBackup Flex Scale and Access Appliance Unauthenticated Remote Command Execution in Veritas NetBackup Flex Scale and Access Appliance DJI Spark 01.00.0900 DHCP Exhaustion Vulnerability Denial of Service Vulnerability in Parrot Bebop 4.7.1. Cross-Site Scripting (XSS) Vulnerability in tatoeba2's Profile Name Handler Command Injection vulnerability in Apache Airflow Hive Provider (CVE-2021-28358) Firmware Update DoS Vulnerability in Netgear WNR2000 v1 1.2.3.7 and Earlier Netgear WNR2000v1 Router Firmware Modification Vulnerability Firmware Modification Vulnerability in Netgear XWN5001 Powerline 500 WiFi Access Point Firmware Update Vulnerability in TP-Link TL-WR1043ND V1 3.13.15 and Earlier Critical Remote Command Injection Vulnerability in docconv up to 1.2.0 (VDB-216502) Firmware Update Vulnerability in TP-Link TL-WR740N V1 and V2 (v3.12.4 and earlier) Firmware Modification Vulnerability in TP-Link TL-WR743ND V1 Allows for Arbitrary Code Execution and DoS Firmware Update Vulnerability in TP-Link TL-WA7510N v1 v3.12.6 and Earlier: Arbitrary Code Execution and DoS Firmware Update Vulnerability in TP-Link TL-WR941ND Routers Arbitrary Code Execution via Cross-Site Scripting (XSS) in DouPHP v1.7 20221118 Open Redirect Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.4 Segmentation Violation Vulnerability in ttftool v0.9.2 SQL Injection Vulnerability in dedecms <=V5.7.102 SQL Injection Vulnerability in mesinkasir Bangresto 1.0 via itemqty%5B%5D parameter Denial of Service (DoS) Vulnerability in MPD v0.23.10 Out-of-Bounds Read Vulnerability in LibTIFF 4.4.0 Global Buffer Overflow Vulnerability in NASM v2.16's dbgdbg_typevalue Component Segmentation Violation Vulnerability in NASM v2.16's ieee_write_file Component CSRF Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.4 Unauthenticated Access to Public and Private Image Repositories in Harbor v1.X.X to v2.5.3 Stored Cross-site Scripting (XSS) Vulnerability in Microweber Prior to 1.3.2 SQL Injection Vulnerability in Online Health Care System v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 Stack Overflow Vulnerability in D-Link DIR 645A1 1.06B01_Beta01 Command Injection Vulnerability in D-Link DIR-859 A1 1.05 via service= Variable in soapcgi_main Function Unauthenticated Remote Command Execution in datax-web v1.0.0 to v2.1.2 Stored Cross-Site Scripting Vulnerability in Real Testimonials WordPress Plugin Bluetooth LE Stack Vulnerability in Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012: Unauthorized Access via Session Management and Credential Re-use Password Disclosure Vulnerability in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below Denial of Service Vulnerability in ngSurvey Version 2.4.28 and Below Pointer-validation logic vulnerability in SCONE __scone_dispatch component allows unauthorized access to sensitive information Improper Initialization of Floating-Point Configuration Registers in SCONE Enclave Component Allows Local Attackers to Compromise Execution Integrity and Access Sensitive Information Memory Leak Vulnerability in GPAC version 2.1-DEV-rev505-gb9577e6ad-master Stored Cross-Site Scripting Vulnerability in WP Extended Search WordPress Plugin Memory Leak Vulnerability in GPAC Version 2.1-DEV-rev505-gb9577e6ad-master via afrt_box_read function at box_code_adobe.c Arbitrary Administrator Account Addition Vulnerability in nbnbk's Add Administrator Function Arbitrary File Read Vulnerability in nbnbk Commit 879858451d53261d10f77d4709aee2d01c72c301 Arbitrary File Upload Vulnerability in Default Version of nbnbk Missing SSL Certificate in BTicino Door Entry HOMETOUCH for iOS 1.4.2 CVE-2022-46497 CVE-2022-46498 CVE-2022-46499 Stored Cross-Site Scripting Vulnerability in HashBar WordPress Plugin SQL Injection Vulnerability in Accruent LLC Maintenance Connection 2021 & 2022.2 E-Mail to Work Order Function SQL Injection Vulnerability in Online Student Enrollment System v1.0 Arbitrary Web Script Execution via Cross-Site Scripting (XSS) in Online Student Enrollment System v1.0 Insecure SessionID Field Checking in MatrixSSL 4.5.1-open and Earlier Allows for Misuse of All-Zero MasterSecret Stored Cross-Site Scripting Vulnerability in Justified Gallery WordPress Plugin Stored Cross-Site Scripting Vulnerability in Video Background WordPress Plugin Buffer Overflow Vulnerability in ELSYS ERS 1.5 Sound v2.3.8 NFC Data Parser Stored Cross-Site Scripting Vulnerability in Greenshift WordPress Plugin Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/GetParentControlInfo Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via deviceId Parameter at /goform/addWifiMacFilter Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via deviceMac Parameter Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via limitSpeed Parameter at /goform/SetClientState Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via speed_dir Parameter at /goform/SetSpeedWan Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via deviceId Parameter at /goform/SetClientState Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via limitSpeedUp Parameter at /goform/SetClientState Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/WifiBasicSet Security Parameter Command Injection Vulnerability in Tenda F1203 V2.0.1.6 via mac Parameter at /goform/WriteFacMac Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via security_5g Parameter Stored Cross-Site Scripting Vulnerability in Pricing Tables WordPress Plugin Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/addressNat Entry Parameter Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via ssid Parameter Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/addressNat Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via mitInterface Parameter at /goform/addressNat Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via cmdinput Parameter at /goform/exeCommand Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/NatStaticSetting Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/RouteStatic Entry Parameter Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/VirtualSer Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/DhcpListClient Page Parameter Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via deviceId Parameter at /goform/saveParentControlInfo Stored Cross-Site Scripting Vulnerability in Welcart e-Commerce WordPress Plugin Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/saveParentControlInfo URLs Parameter Buffer Overflow Vulnerability in Tenda F1203 V2.0.1.6 via /goform/saveParentControlInfo Time Parameter Remote Command Execution Vulnerability in D-Link DIR-846 Firmware FW100A53DBR Stored Cross-Site Scripting Vulnerability in WP Visitor Statistics Plugin Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers via SetWan2Settings Module Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers via PSK Parameter in SetQuickVPNSettings Module Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers via SetDynamicDNSSettings Module Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers via SetQuickVPNSettings Module Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers via AccountPassword Parameter Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers Stored Cross-Site Scripting Vulnerability in Restaurant Menu WordPress Plugin Stack Overflow Vulnerability in D-Link DIR-882 and DIR-878 Routers via SetWan3Settings Module Stored Cross-Site Scripting Vulnerability in RSSImport WordPress Plugin Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via user_edit_page Parameter in wifi_captive_portal Function Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via cameo.cameo.nslookup_target Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via login_name Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via reboot_type Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via qcawifi.wifi%d_vap%d.maclist Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via REMOTE_USER Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via qcawifi.wifi%d_vap%d.maclist Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via sys_service Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via cameo.cameo.netstat_option Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via cameo.cameo.netstat_rsname Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via reject_url Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via wps_sta_enrollee_pin Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via wps_sta_enrollee_pin Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 Firmware Update Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via del_num Parameter in icp_delete_img Function Command Injection Vulnerability in TRENDnet TEW755AP 1.13B01 via sys_service Parameter Command Injection Vulnerability in TRENDnet TEW755AP 1.13B01 Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via setlogo_num Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via wps_sta_enrollee_pin Parameter Stack Overflow Vulnerability in TRENDnet TEW755AP 1.13B01 via setbg_num Parameter Arbitrary Command Execution Vulnerability in Inkdrop v5.4.1 via Crafted Markdown File Upload Arbitrary Code Execution Vulnerability in Tecrail Responsive FileManager v9.9.5 and Below Code Execution Backdoor in Python3-RESTfulAPI: Exploiting the Request Package Stored Cross-Site Scripting Vulnerability in Widgets for WooCommerce Products on Elementor WordPress Plugin Arbitrary File Upload Vulnerability in 72crm v9 Allows Remote Code Execution Linux Kernel USB Core Subsystem Access Control Vulnerability Cross-Site Scripting (XSS) Vulnerability in Judging Management System v1.0 via Crafted Payload in firstname Parameter SQL Injection Vulnerability in Judging Management System v1.0.0 via Username Parameter Online Graduate Tracer System v1.0.0 XSS Vulnerability: Arbitrary Script Execution via Crafted Payload in Name Parameter WordPress Members Import Plugin CSV Injection Vulnerability Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Critical Security Flaw: Prolink Router PRS1841 Exposes Hardcoded Credentials for Telnet and FTP Services Directory Traversal Vulnerability in Correos Prestashop 1.7.x descarga_etiqueta.php Component Stored Cross-Site Scripting Vulnerability in Logo Slider WordPress Plugin Command Injection Vulnerability in Nanoleaf Desktop App (Versions prior to v1.3.1) Command Injection Vulnerability in D-Link DIR-846 A1_FW100A43 via lan(0)_dhcps_staticlist Parameter Command Injection Vulnerability in D-Link DIR-846 A1_FW100A43 via auto_upgrade_hour Parameter Denial of Service Vulnerability in Intel(R) Smart Campus Android Application Intel Unison Software: Local Access Information Disclosure Vulnerability Log File Information Disclosure Vulnerability in Intel Unison Software Arbitrary Code Execution in ruby-git Prior to v1.13.0 Arbitrary Shell Command Execution Vulnerability in Acemanager Unrestricted File Upload Vulnerability in Ampache Prior to 5.5.6 ACEManager Credential Exposure Vulnerability Unauthorized Access to Sensitive Information in Apache Airflow Connection Edit View Insecure Inherited Permissions in Intel(R) NUC Pro Software Suite: Potential Privilege Escalation Vulnerability Stack-Based Buffer Overflow Vulnerability in [Product Name]: Risk of Denial of Service and Remote Code Execution Stored Cross-Site Scripting Vulnerability in Markup (JSON-LD) Structured Plugin for WordPress File Manipulation Vulnerability Unquoted File Path Vulnerability in Roxio Creator LJB Vulnerability in GNU Less before 609 allows unfiltered ANSI escape sequences with less -R Improper Access Control in Mendix Workflow Commons Stored Cross-Site Scripting Vulnerability in Feedzy WordPress Plugin Unauthenticated Stored Cross-Site Scripting Vulnerability in MicroLogix 1100 and 1400 Controllers Wyse Management Suite Repository 3.8 and Below Information Disclosure Vulnerability Improper Access Control Vulnerability in Wyse Management Suite 3.8 and Below Improper Access Control Vulnerability in Wyse Management Suite 3.8 and Below Improper Access Control Vulnerability in Wyse Management Suite 3.8 and Below Insufficient Resource Pool Vulnerability in Dell PowerScale OneFS Stored Cross-Site Scripting Vulnerability in Easy Appointments WordPress Plugin CWE-319: Cleartext Transmission of Sensitive Information Vulnerability XML External Entity (XXE) Vulnerability in Jenkins Plot Plugin 2.1.11 and Earlier Improper Redirect Validation in Jenkins Google Login Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Checkmarx Plugin 2022.3.3 and Earlier Exposure of Gitea Personal Access Tokens in Jenkins Gitea Plugin 1.4.4 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Custom Build Properties Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Spring Config Plugin CSRF Vulnerability in Jenkins Sonar Gerrit Plugin Allows Unauthorized Access to Gerrit Servers Race Condition Vulnerability Patched in Multiple Apple Operating Systems Stored Cross-Site Scripting Vulnerability in Live Composer WordPress Plugin Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Memory Consumption Vulnerability in Safari 16.2 and other Apple Operating Systems Same Origin Policy Bypass in Safari and Apple Devices Arbitrary Code Execution Vulnerability Fixed in Multiple Apple Platforms Kernel Code Execution Vulnerability in iOS, iPadOS, tvOS, and watchOS URL Spoofing Vulnerability Arbitrary Code Execution Vulnerability in Safari, tvOS, macOS, iOS, iPadOS, and watchOS macOS Ventura 13.1 Patch: Arbitrary Code Execution Vulnerability Information Disclosure Vulnerability in Safari, tvOS, iCloud for Windows, macOS Ventura, iOS, iPadOS, and watchOS Arbitrary Code Execution Vulnerability in Safari, tvOS, macOS, iOS, iPadOS, and watchOS Stored Cross-Site Scripting Vulnerability in PDF.js Viewer WordPress Plugin Arbitrary Code Execution Vulnerability in Safari, tvOS, macOS, iOS, iPadOS, and watchOS Arbitrary Code Execution Vulnerability via Malicious NFS Server Improved Memory Handling in iOS 16.2 and iPadOS 16.2: Fixing Kernel Memory Disclosure Vulnerability Improved Restrictions for Sensitive Location Information Access in iOS and macOS File System Vulnerability in macOS Ventura 13.1, macOS Big Sur 11.7.2, and macOS Monterey 12.6.2 Address Bar Spoofing Vulnerability Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Ventura 13 and iOS 16 Allows Arbitrary Code Execution with Kernel Privileges Stored Cross-Site Scripting Vulnerability in PixCodes WordPress Plugin Location Data Leakage via iCloud Links macOS Ventura 13 Patch: Use After Free Vulnerability Fixed Vulnerability: File System Modification via Race Condition Privacy Preference Bypass Vulnerability in iOS 16.1 and iPadOS 16 Logic Issue in Private Relay Functionality on macOS Ventura 13.1, iOS 16.2, and iPadOS 16.2 Vulnerability: Unauthorized Photo Access on Locked Apple Watch via Accessibility Features Improved Restrictions Address Logic Issue Allowing Unauthorized Access to Sensitive Location Information Stored Cross-Site Scripting Vulnerability in WordPress Simple Shopping Cart Plugin Improved Input Validation Fixes Integer Overflow Vulnerability in iOS, iPadOS, and macOS Improved Memory Handling in macOS Ventura 13 Fixes Arbitrary Code Execution Vulnerability Vulnerability Patched: Logic Issue Allows Unauthorized File System Modification in macOS Ventura 13 Arbitrary File Write Vulnerability in macOS Monterey 12.6.1 and macOS Big Sur 11.7.1 Lock Screen Image Exposure Vulnerability in iOS 16.4 and iPadOS 16.4 Address Bar Spoofing Vulnerability in iOS and iPadOS 16.4 Stored Cross-Site Scripting Vulnerability in Rate my Post WordPress Plugin Command Execution Vulnerability Cross-Site Scripting Vulnerability in Sewio RTLS Studio Backup Services SNMP Command Exploit: Exposing Sensitive Data and Unauthorized Admin Access Stored Cross-Site Scripting Vulnerability in Ibtana WordPress Plugin Denial of Service Vulnerability in HUAWEI WS7100-20 Smart WiFi Router's Wi-Fi Module Critical Out-of-Bounds Read Vulnerability in PaddlePaddle before 2.4 Arbitrary Code Execution Vulnerability in PaddlePaddle 2.4.0-rc0's paddle.audio.functional.get_window Stored Cross-Site Scripting Vulnerability in Mongoose Page Plugin WordPress Plugin Apache Ivy XML External Entity (XXE) Injection Vulnerability Dell BIOS Improper Authorization Vulnerability: Denial of Service Exploitation Improper Access Control Vulnerability in Wyse Management Suite 3.8 and Below Improper Access Control Vulnerability in Wyse Management Suite 3.8 and Below Dell VxRail Container Escape Vulnerability Stored Cross-Site Scripting Vulnerability in OSM WordPress Plugin App Icon Hiding Vulnerability Memory Management Logic Bypass Vulnerability: A Threat to Data Confidentiality SQL Injection Vulnerability in TrueConf Server 5.2.0.10225 Remote Code Execution via SQL Injection in TrueConf Server 5.2.0.10225 Arbitrary File Read Vulnerability in Zabbix Web Service Report Generation Reflected Cross-Site Scripting (XSS) Vulnerability in Sling App CMS <= 1.1.2 Stored Cross-Site Scripting Vulnerability in Leaflet Maps Marker WordPress Plugin Denial of Service Vulnerability in Qubes Mirage Firewall Cross-Site Scripting (XSS) Vulnerability in IBM UrbanCode Deploy Client-side validation bypass for credential pools in IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 Incorrect Default Permissions Vulnerability in IBM Manage Application 8.8.0 and 8.9.0 Stored Cross-Site Scripting Vulnerability in TemplatesNext ToolKit WordPress Plugin Improper GPU Memory Processing Vulnerability in Arm Mali GPU Kernel Driver Remote Code Execution Vulnerability in Stormshield SSL VPN Client Address Book Information Leakage in Stormshield SSL VPN Client Open Redirection Vulnerability in SquaredUp Dashboard Server SCOM Edition Cross-Site Scripting (XSS) Vulnerability in SquaredUp Dashboard Server SCOM Edition Cross-Site Scripting (XSS) Vulnerability in SquaredUp Dashboard Server SCOM Edition Stored Cross-Site Scripting Vulnerability in Wufoo Shortcode WordPress Plugin Row-level authorization vulnerability in Hasura GraphQL Engine CSRF Vulnerability in AdTribes.Io Product Feed PRO for WooCommerce Plugin CSRF Vulnerability in WooCommerce Weight Based Shipping Plugin CSRF Vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce Plugin Allows Unauthorized Settings Change CSRF Vulnerability in HasThemes ShopLentor Plugin Allows Unauthorized Settings Change Unauthenticated Reflected XSS Vulnerability in Easy Testimonial Slider and Form Plugin PHP Object Injection Vulnerability in Revive Old Posts WordPress Plugin CSRF Vulnerability in LiteSpeed Cache Plugin <= 5.3 CSV Injection Vulnerability in Paul Ryley Site Reviews CSV Injection vulnerability in WebToffee Product Reviews Import Export for WooCommerce CSV Injection vulnerability in Noptin Newsletter Plugin CSV Injection vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct CSRF Vulnerability in WP Trio Conditional Shipping for WooCommerce Plugin CSRF Vulnerability in VillaTheme Cart All In One For WooCommerce Plugin Allows Unauthorized Cart Modification SQL Injection vulnerability in ARMember armember-membership CSV Injection vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce SQL Injection Vulnerability in Hide My WP WordPress Plugin CSRF Vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin CSRF Vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin CSRF Vulnerability in Younes JFR Advanced Database Cleaner Plugin CSRF Vulnerability in Pierre Lebedel Kodex Posts Likes Plugin <= 2.4.3 CSRF Vulnerability in WP Trio Conditional Shipping for WooCommerce Plugin CSRF Vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Flyzoo Flyzoo Chat Plugin <= 2.3.3 SQL Injection vulnerability in Gopi Ramasamy Email posts to subscribers Stored XSS Vulnerability in Gopi Ramasamy Continuous Announcement Scroller Plugin <= 13.0 Stored Cross-Site Scripting Vulnerability in Lightbox Gallery WordPress Plugin CSRF Vulnerability in WPJoli Joli Table Of Contents Plugin <= 1.3.9 CSV Injection Vulnerability in Jackmail & Sarbacane Emails & Newsletters Unauthenticated Reflected XSS Vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin <= 2.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Mendix SAML Buffer Overflow Vulnerability in JetBrains IntelliJ IDEA fsnotifier Daemon on macOS Information Leakage in JetBrains IntelliJ IDEA's Built-in Web Server Path Traversal Vulnerability in JetBrains IntelliJ IDEA's Built-in Web Server XXE Attack and SSRF Vulnerability in JetBrains IntelliJ IDEA Custom Plugin Repositories macOS DYLIB Injection Vulnerability in JetBrains IntelliJ IDEA (Before 2022.3) Unauthenticated Client Connection Vulnerability in JetBrains Gateway Insecure Handling of Sensitive Cookies in GitHub Repository usememos/memos prior to 0.9.0 Custom STS Endpoint in JetBrains TeamCity (2022.10 - 2022.10.1) Enables Internal Port Scanning Privilege Escalation Vulnerability in JetBrains TeamCity (2022.10 - 2022.10.1) Allows Unauthorized Access to AWS Resources Vulnerability: Weak Cipher Suite Usage in SICK RFU62x Firmware Vulnerability: Weak Cipher Suite Usage in SICK RFU63x Firmware Vulnerability: Weak Cipher Suite Usage in SICK RFU65x Firmware Arbitrary File Access Vulnerability in IdentityIQ PHP Code Injection in Tribe29's Checkmk <= 2.1.0p10, <= 2.0.0p27, and <= 1.6.0p29: Remote Code Execution Unrestricted File Upload Vulnerability in JS Help Desk Plugin GitHub Repository Access Control Vulnerability CSRF Vulnerability in Soflyy Oxygen Builder Plugin <= 4.4 CSRF Vulnerability in JS Help Desk Plugin <= 2.7.1 Unauthenticated Reflected XSS Vulnerability in Le Van Toan Woocommerce Vietnam Checkout Plugin Stored Cross-Site Scripting (XSS) Vulnerability in PixelGrade PixFields Plugin <= 0.7.0 Stored Cross-Site Scripting (XSS) Vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress Plugin <= 3.9.1 SQL Injection Vulnerability in Weblizar Coming Soon Page Plugin Arbitrary File Deletion Vulnerability in Nabil Lemsieh Easy Media Replace Plugin CSRF Vulnerability in Brainstorm Force Starter Templates Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WP Table Builder Plugin <= 1.4.6 CSRF Vulnerability in RadiusTheme The Post Grid Plugin <= 5.0.4 CSRF Vulnerability in Obox Themes Launchpad Plugin Stored Cross-Site Scripting (XSS) Vulnerability in WP Darko Responsive Pricing Table Plugin <= 5.1.6 CSRF Vulnerability in ORION Woocommerce Products Designer Plugin CSRF Vulnerability in SiteAlert Plugin <= 1.9.7 Unauthenticated Reflected XSS Vulnerability in Amin A.Rezapour Product Specifications for Woocommerce Plugin <= 0.6.0 SQL Injection vulnerability in Spiffy Calendar plugin (versions n/a through 4.9.1) allows for unauthorized database access. GitHub Repository Authorization Bypass Vulnerability in usememos/memos prior to 0.9.0 SQL Injection Vulnerability in KaizenCoders Short URL Stored XSS Vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress Plugin <= 6.2 CSRF Vulnerability in ExpressTech Quiz And Survey Master Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Fullworks Quick Event Manager Plugin <= 9.6.4 Unauthenticated Reflected XSS Vulnerability in Woocommerce Custom Checkout Fields Editor Plugin CSRF Vulnerability in Marty Thornley Bulk Resize Media Plugin CSRF Vulnerability in Marty Thornley Import External Images Plugin CSRF Vulnerability in Chasil Universal Star Rating Plugin <= 2.1.0 Improper Soft Link Handling Vulnerability in Acronis Cyber Protect Home Office (Windows) Improper Soft Link Handling Vulnerability in Acronis Cyber Protect Home Office (Windows) Installation Privilege Escalation Vulnerability in GitHub Repository usememos/memos prior to 0.9.0 Cross-site Scripting (XSS) Vulnerability in Apache Zeppelin Allows Arbitrary JavaScript Execution Critical Vulnerability in Firefox: Exploitable Out-of-Date libusrsctp Library Clipboard-related IPC vulnerability in Thunderbird for Linux Missing Implementation of unsafe-hashes CSP Directive in Firefox < 108 Allows Script Injection File Extension Truncation Vulnerability Unauthenticated Command Execution Vulnerability in Firefox and Thunderbird Delay or Suppression of Fullscreen Notification in Firefox < 108 Memory Corruption Vulnerabilities in Thunderbird 102.5 Memory Corruption Vulnerabilities in Firefox 107 GitHub Repository Unauthorized Access Vulnerability Use-after-free vulnerability in Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6 due to missing check related to tex units WebGL Optimization Vulnerability: Memory Corruption and Exploitable Crash WebGL Extensions Use-After-Free Vulnerability Memory Corruption Vulnerabilities in Firefox 106 Use-After-Free Vulnerability in SVG Images with Refresh Driver Destruction Timing Memory Corruption Vulnerabilities in Firefox 105 Open Redirect Vulnerability in ServiceNow Response List Update Functionality Multiple SQL Injection Vulnerabilities in NexusPHP Multiple Reflective Cross-Site Scripting (XSS) Vulnerabilities in NexusPHP before 1.7.33 Persistent XSS Vulnerability in NexusPHP Allows Remote Code Injection via /subtitles.php GitHub Repository Access Control Vulnerability Insecure Access Control in NexusPHP before 1.7.33 Allows Unauthorized Post Editing Use-after-free vulnerability in Arm Mali GPU Kernel Driver Improper Access Controls in Ampere AltraMax and Ampere Altra: Reinitialization of Disabled Root Complex Path Traversal Vulnerability in Vocera Report Server and Voice Server Arbitrary File Upload Vulnerability in Vocera Report Server and Voice Server 5.x through 5.8 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.0 Path Traversal Vulnerability in Vocera Report Server and Voice Server Unauthenticated Access Control Violation in Vocera Report Server and Voice Server Path Traversal Vulnerability in Vocera Report Server and Voice Server Stored XSS Vulnerability in WebSoft HCM 2021.2.3.327 WebSoft HCM 2021.2.3.327 - Insufficient User Input Processing Vulnerability Reflected XSS vulnerability in WebSoft HCM 2021.2.3.327 allows arbitrary HTML tag injection Reflected XSS vulnerability in WebSoft HCM 2021.2.3.327 allows injection of arbitrary HTML tags. XSS Vulnerability in Apache JSPWiki Plugins Allows for Remote Code Execution SQLite UDF Function Execution Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.0 Firmware Update Vulnerability in TP-Link TL-WA901ND and TL-WA901N Devices Firmware Update Vulnerability in TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and Earlier Firmware Update Vulnerability in TP-LINK TL-WA801N / TL-WA801ND V1 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.0 User Verification WordPress Plugin Auth Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in kkFileView v4.1.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.0 Arbitrary File Read Vulnerability in Nagvis Before 1.9.34 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 SQL Injection Vulnerability in Helmet Store Showroom Site v1.0 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.0 SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 SQL Injection Vulnerability in Dynamic Transaction Queuing System v1.0 via id parameter at /admin/manage_user.php Cross Site Scripting (XSS) vulnerability in Sourcecodester.com Online Graduate Tracer System V 1.0.0 Directory Traversal Vulnerability in Sonic v1.0.4's /admin/backups/work-dir Component Use-after-free vulnerability in Linux kernel through io_uring and IORING_OP_SPLICE operation SQL Injection Vulnerability in PrestaShop Module totadministrativemandate SQL Injection Vulnerability in Revenue Collection System v1.0 at step1.php Unauthenticated Access Control Vulnerability in Revenue Collection System v1.0 Stored XSS Vulnerability in Revenue Collection System v1.0 Allows Arbitrary Code Execution via Crafted Payload in Sent Messages Stored Cross-Site Scripting Vulnerability in ProfilePress Plugin for WordPress Server-Side Request Forgery (SSRF) Vulnerability in Report v0.9.8.6 Stored Cross-Site Scripting Vulnerability in ProfilePress WordPress Plugin Stored Cross-Site Scripting Vulnerability in MediaElement.js WordPress Plugin vSphere_selfuse Commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 Code Execution Backdoor Vulnerability Code Execution Backdoor in Passhunt Commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 via Request Package Server-Side Request Forgery (SSRF) Vulnerability in taocms v3.0.2 SQL Injection Vulnerability in Tuzicms v2.0.6 via UserController.class.php Insufficient Access Control in Royal Elementor Addons Plugin for WordPress Authentication Bypass Vulnerability in Masa CMS v7.2, 7.3, and 7.4-beta Remember Me Function Authentication Bypass Vulnerability in Mura CMS Remember Me Function Memory Leak Vulnerability in Binutils 2.34-2.38: stab_demangle_v3_arg Function Denial of Service Memory Leak Vulnerability in Binutils 2.34 - 2.38 Insufficient Access Control in Royal Elementor Addons Plugin for WordPress Memory Leak Vulnerability in Binutils 2.34 - 2.38 Memory Leak Vulnerability in Binutils 2.34-2.38: parse_stab_struct_fields in stabs.c Uninitialized Variable Vulnerability in GNS3 Dynamips 0.2.21: gen_eth_recv Function Null Pointer Dereference Vulnerability in MariaDB Server Insufficient Access Control in Royal Elementor Addons Plugin Allows Unauthorized Plugin Deactivation and Theme Switching Null Pointer Dereference Vulnerability in xiph opusfile 0.9-0.12 Denial of Service Vulnerability in Open-MPI hwloc 2.1.0 via glibc-cpuset in topology-linux.c Null Pointer Dereference Vulnerability in Vim 8.1.2269 through 9.0.0339 Dictionary Traversal Vulnerability in Timmystudios Fast Typing Keyboard v1.275.1.162 Allows Unauthorized File Overwrite and Code Execution Arbitrary Data Injection Vulnerability in Action Launcher for Android v50.5 Privilege Escalation Vulnerability in Action Launcher v50.5 via Intent String Modification Insufficient Access Control in Royal Elementor Addons Plugin for WordPress Allows Unauthorized Data Reset Type Juggling Vulnerability in PlaySMS v1.4.5 and Earlier: Authentication Bypass in /auth/fn.php Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below: Arbitrary Code Execution via GetConfig Method CVE-2022-47036 CVE-2022-47037 Insufficient Access Control in Royal Elementor Addons Plugin for WordPress Privilege Escalation Vulnerability in ASKEY Router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 Arbitrary File Write Vulnerability in MCMS v5.2.10 and Below Insufficient Access Control in Royal Elementor Addons WordPress Plugin (CVE-2022-4704) CRLF Injection Vulnerability in Nighthawk R6220 AC1200 Smart Wi-Fi Router Firmware Versions V1.1.0.112_1.0.1 and V1.1.0.114_1.0.1 Arbitrary Code Execution via Crafted SVG File in DNN Corp DotNetNuke Stored Cross-Site Scripting Vulnerability in Genesis Columns Advanced WordPress Plugin Stack Overflow Vulnerability in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R Firmware 1.01.B01 Heap-buffer-overflow vulnerability in p7zip 16.02 via NArchive::NZip::CInArchive::FindCd(bool) function in ZipIn.cpp Cross-Site Request Forgery vulnerability in Royal Elementor Addons WordPress Plugin (up to version 1.3.59) Double URL Submission Vulnerability in NVS365 V01 Command Execution Vulnerability in NVS365 V01 Background Network Test Function SQL Injection Vulnerability in Enterprise Architect 16.0.1605 32-bit: Arbitrary SQL Command Execution via Find Parameter Cross-Site Scripting (XSS) Vulnerability in Small CRM v3.0 Create Ticket Page Sensitive Information Disclosure in Smart Office Web 20.28 and Earlier Sensitive Information Exposure in Smart Office Web 20.28 and Earlier via DisplayParallelLogData.aspx Insufficient Access Control in Royal Elementor Addons Plugin for WordPress PHP Object Injection Vulnerability in Spitfire CMS 1.0.475 Denial of Service Vulnerability in ostree's print_panic Function Segmentation Violation Vulnerability in GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b Buffer Overflow in gf_vvc_read_pps_bs_internal function of GPAC MP4box 2.1-DEV-rev574-g9d5bb184b Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev574-g9d5bb184b Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev574-g9d5bb184b Insufficient Access Control in Royal Elementor Addons Plugin for WordPress Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev574-g9d5bb184b Integer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev574-g9d5bb184b Heap Use-After-Free Vulnerability in GPAC MP4box 2.1-DEV-rev574-g9d5bb184b via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid Null Pointer Dereference Vulnerability in GPAC MP4box 2.1-DEV-rev574-g9d5bb184b via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev574-g9d5bb184b Reflected Cross-Site Scripting Vulnerability in Royal Elementor Addons WordPress Plugin (Versions up to 1.3.59) Arbitrary Factory Reset Vulnerability in Sengled Smart Bulb 0x0000024 Cross-Site Scripting (XSS) Vulnerability in Student Study Center Management System V 1.0 SQL Injection Vulnerability in Jeecg-boot v3.4.4 via /sys/dict/queryTableData Component Insufficient Access Control in Royal Elementor Addons Plugin for WordPress Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wepauth Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via SYSPS Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via /goform/WifiBasicSet Security Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wepkey1 Parameter at /goform/WifiBasicSet Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via ssid Parameter at /goform/WifiBasicSet Stored Cross-Site Scripting Vulnerability in WP Cerber Security Plugin (Versions up to 9.1) Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via security_5g Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wepkey Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wrlPwd_5g Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wepkey3 Parameter at /goform/WifiBasicSet Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wepkey4 Parameter at /goform/WifiBasicSet Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wrlEn_5g Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wrlEn Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wrlPwd Parameter Stack Overflow Vulnerability in Tenda A15 V15.13.07.13 via wepkey2 Parameter Remote Code Execution (RCE) Vulnerability in PHPOK v6.3 Arbitrary Discount Coupon Creation Vulnerability in Academy LMS Arbitrary Page Creation Vulnerability in Academy LMS before v5.10 Arbitrary Administrator User Addition Vulnerability in Academy LMS before v5.10 CSRF Vulnerability in Bill Erickson Gallery Metabox Plugin <= 1.5 CSRF Vulnerability in Chronoforms Plugin <= 7.0.9 CSRF Vulnerability in Ninja Tables WordPress Plugin (<= 4.3.4) Stored Cross-Site Scripting (XSS) Vulnerability in WPManageNinja LLC Ninja Tables Plugin <= 4.3.4 CSRF Vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT Plugin <= 2.1 CSRF Vulnerability in Damir Calusic WP Basic Elements Plugin Stored Cross-Site Scripting Vulnerability in WP Dark Mode WordPress Plugin Unauthenticated Reflected XSS Vulnerability in ARMember Plugin <= 4.0.1 CSRF Vulnerability in Seerox WP Dynamic Keywords Injector Plugin CSRF Vulnerability in Plugincraft Mediamatic – Media Library Folders Plugin CSRF Vulnerability in Themeisle Multiple Page Generator Plugin CSRF Vulnerability in Plugincraft Mediamatic – Media Library Folders Plugin Blockonomics WordPress Bitcoin Payments Plugin XSS Vulnerability Unauthenticated Reflected XSS Vulnerability in Contempoinc Real Estate 7 WordPress Theme <= 3.3.1 CSRF Vulnerability in Kesz1 Technologies ipBlockList Plugin <= 1.0 CSRF Vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce Plugin <= 3.2.5 CSRF Vulnerability in Pretty Links Plugin <= 3.4.0 Stored Cross-Site Scripting Vulnerability in Structured Content WordPress Plugin CSRF Vulnerability in ClickFunnels Plugin <= 3.1.1 CSRF Vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS for WooCommerce Plugin CSRF Vulnerability in Supsystic Slider Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Don Benjamin WP Custom Fields Search Plugin Pakpobox alfred24 Click & Collect Plugin <= 1.1.7 - Authenticated Stored XSS Vulnerability CSRF Vulnerability in Logaster Logo Generator Plugin Stored Cross-Site Scripting Vulnerability in WP Popups WordPress Plugin Sensitive Information Exposure vulnerability in Wpmet Wp Social Login and Register Social Counter CSRF Vulnerability in WordPress Health Check & Troubleshooting Plugin CSRF Vulnerability in Dannie Herdyawan DH – Anti AdBlocker Plugin CSRF Vulnerability in josh401 WP CSV to Database Plugin CSRF Vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce Plugin CoSchedule Plugin CSRF Vulnerability CSRF Vulnerability in VoidCoders Void Contact Form 7 Widget For Elementor Page Builder Plugin CSRF Vulnerability in Aram Kocharyan Crayon Syntax Highlighter Plugin CSRF Vulnerability in StaxWP Visibility Logic for Elementor Plugin Stored Cross-Site Scripting Vulnerability in Strong Testimonials WordPress Plugin Unlimited Elements For Elementor Plugin <= 1.5.48 - Authenticated Stored XSS Vulnerability Cross-site Scripting Vulnerability in Paul C. Schroeder IP Vault – WP Firewall Plugin <= 1.1 CSRF Vulnerability in HasThemes ShopLentor Plugin <= 2.6.2 Stored XSS Vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin CSRF Vulnerability in WordPress Performance Team Performance Lab Plugin CSRF Vulnerability in P Royal Royal Elementor Addons and Templates Plugin CSRF Vulnerability in WP Easy Pay WP EasyPay – Square for WordPress Plugin <= 4.1 CSRF Vulnerability in Simple Share Buttons Adder Plugin CSRF Vulnerability in Uwe Jacobs OWM Weather Plugin Allows for Post Duplication Stored Cross-Site Scripting Vulnerability in Landing Page Builder WordPress Plugin CSRF Vulnerability in Kopa Theme Kopa Framework Plugin <= 1.3.5 CSRF Vulnerability in Email Templates Customizer and Designer for WordPress and WooCommerce CSRF Vulnerability in StylistWP Extra Block Design Plugin Unauthorized Access to Sensitive Information in Apache Traffic Server Range header input validation vulnerability in Apache Traffic Server Unrestricted File Upload Vulnerability in Generex CS141 (Versions Below 2.06) File Upload XSS Vulnerability in Generex CS141 (Version Below 2.06) Arbitrary File Reading Vulnerability in Generex UPS CS141 (Versions Below 2.06) Firmware File Upload Vulnerability in Generex UPS CS141 (Version Below 2.06) Critical Business Logic Vulnerability in rdiffweb v2.5.5 and Earlier Versions Remote Code Execution Vulnerability in Generex UPS CS141 Firmware Privilege Escalation Vulnerability in Generex UPS CS141 Firmware Remote Code Execution Vulnerability in Generex UPS CS141 (Versions below 2.06) Stored XSS Vulnerability in Ghost Foundation Ghost 5.9.4's Post Creation Functionality Stored XSS Vulnerability in Ghost Foundation Ghost 5.9.4's Post Creation Functionality Stored XSS Vulnerability in Post Creation Functionality of Ghost Foundation Ghost 5.9.4 Stored XSS Vulnerability in Post Creation Functionality of Ghost Foundation Ghost 5.9.4 Open Redirect Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.5 Command Injection Vulnerability in Default “puhttpsniff” Service Default Backdoor Support User Account with Unchangeable Password Special Element Injection Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.5 Arbitrary Command Execution Vulnerability via Telnet Console Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability Exploiting the Microsoft Office Graphics Remote Code Execution Vulnerability GitHub Repository ikus060/rdiffweb Prior to 2.5.5 Authentication Bypass Vulnerability Unrestricted Resource Allocation Vulnerability in GitHub Repository ikus060/rdiffweb prior to 2.5.5 Improper Access Control in GitHub Repository ikus060/rdiffweb (prior to version 2.5.5) Critical Server-Side Request Forgery Vulnerability in AWS SDK 2.59.0 (VDB-216737) Critical SQL Injection Vulnerability in SourceCodester Sanitization Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in OpenMRS Appointment Scheduling Module up to 1.16.x Cross-Site Scripting (XSS) Vulnerability in Graphite Web's Cookie Handler (VDB-216742) Cross-Site Scripting Vulnerability in Graphite Web's Template Name Handler (VDB-216743) Cross-Site Scripting (XSS) Vulnerability in Graphite Web's Absolute Time Range Handler (VDB-216744) Cross-Site Scripting Vulnerability in myapnea up to 29.0.x Authentication Bypass Vulnerability in iBoot Devices Local Code Execution Vulnerability in V-Server v4.0.12.0 and Earlier via Crafted Project File Arbitrary Code Execution in ruby-git Prior to v1.13.0 Unrestricted File Upload Vulnerability in Microweber Prior to 1.3.2 Title: iBoot Device Discovery Protocol Vulnerability Allows Unauthorized Configuration Changes Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Stored Cross-site Scripting (XSS) Vulnerability in openemr/openemr prior to 7.0.0.2 Potential Local Information Disclosure Vulnerability in WLAN Driver Race Condition Vulnerability in WLAN Driver: Local Denial of Service Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Local Information Disclosure Vulnerability in WLAN Driver Phasecheck Server Vulnerability: Local Denial of Service with System Execution Privileges Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Critical Vulnerability: Missing Permission Check in Media Service Enables Local Denial of Service Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check OS Command Injection Vulnerability in CMD Services Allows Local Privilege Escalation Sensitive Information Exposure in GitHub Repository usememos/memos prior to 0.9.1 Out of Bounds Write Vulnerability in h265 Codec Firmware: Local Denial of Service Missing Permission Check in Engineermode Services: Local Privilege Escalation Vulnerability Missing Permission Check in Engineermode Services: Local Denial of Service Vulnerability Missing Permission Check in Engineermode Services: Local Denial of Service Vulnerability Missing Permission Check in Engineermode Services: Local Denial of Service Vulnerability Missing Permission Check in Engineermode Services: Local Denial of Service Vulnerability Missing Permission Check in Engineermode Services: Local Denial of Service Vulnerability Missing Permission Check in Engineermode Services: Local Denial of Service Vulnerability Missing Permission Check in Engineermode Services: Local Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in asrashley dash-live Camera Driver Vulnerability: Out of Bounds Read Leading to Local Denial of Service Camera Driver Vulnerability: Out of Bounds Read Leading to Local Denial of Service Camera Driver Vulnerability: Out of Bounds Read Leading to Local Denial of Service Local Denial of Service Vulnerability in vdsp Device Missing Permission Check in Log Service: Local Denial of Service Vulnerability Missing Permission Check in Log Service: Local Denial of Service Vulnerability Missing Permission Check in Log Service: Local Denial of Service Vulnerability Missing Permission Check in Log Service: Local Denial of Service Vulnerability Missing Permission Check in Log Service: Local Denial of Service Vulnerability Missing Permission Check in Log Service: Local Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Venganzas del Pasado (VDB-216770) Missing Permission Check in Log Service: Local Denial of Service Vulnerability Missing Permission Check in Firewall Service: Local Privilege Escalation Vulnerability Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Out of Bounds Read Vulnerability in WLAN Driver: Local Denial of Service Risk Out of Bounds Write Vulnerability in WLAN Driver: Local Denial of Service Risk Out of Bounds Write Vulnerability in WLAN Driver: Local Denial of Service Risk Out of Bounds Write Vulnerability in WLAN Driver: Local Denial of Service Risk Bluetooth Driver Vulnerability: Local Information Disclosure without Execution Privileges Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Critical SQL Injection Vulnerability in SourceCodester Blood Bank Management System 1.0 (VDB-216773) Potential Denial of Service Vulnerability in WLAN Driver Thread Competition Vulnerability in bt Driver: Local Denial of Service in Kernel Stored Cross-Site Scripting Vulnerability in Pandora FMS Console v766 and Lower Reflected Cross Site Scripting in Search Functionality of Pandora FMS Console v766 and lower Denial of Service Vulnerability in SIMATIC and SINAMICS Devices Buffer Overflow Vulnerability in SIMATIC PC-Station Plus and S7-400 CPUs Recoverable Password Vulnerability in Alaris Infusion Central Software Password Recovery Vulnerability in SICK SIM2000ST Partnumber 2086502 Firmware <1.13.4 Improper Input Validation Vulnerability in Multiple CODESYS Products Out-of-Bounds Write Vulnerability in Multiple CODESYS Products: Remote Code Execution and Denial-of-Service Risk Cross-Site Scripting (XSS) Vulnerability in SourceCodester Blood Bank Management System 1.0 Stack-based Out-of-Bounds Write Vulnerability in Multiple CODESYS Products Stack-Based Out-of-Bounds Write Vulnerability in Multiple CODESYS Products Stack-Based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Stack-based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Stack-Based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Stack-based Out-of-Bounds Write Vulnerability in CmpAppForce Component of CODESYS Products Stack-based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Stack-Based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Stack-based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Stack-based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Critical SQL Injection Vulnerability in SourceCodester School Dormitory Management System 1.0 Stack-based Out-of-Bounds Write Vulnerability in CmpTraceMgr Component of CODESYS Products Improper Input Validation Vulnerability in Multiple CODESYS Products Leading to Denial of Service Improper Input Validation Vulnerability in CODESYS CmpApp/CmpAppBP/CmpAppForce Components Title: CODESYS Multiple Products Denial-of-Service Vulnerability Cross-Site Request Forgery Vulnerability in Sewio RTLS Studio Cross-Site Scripting (XSS) Vulnerability in kkFileView's setWatermarkAttribute Function Session Revocation Failure in TYPO3 fe_change_pwd Extension User Quiz Hijacking Vulnerability CAPTCHA Bypass Vulnerability in fp_newsletter Extension for TYPO3 Unauthenticated Mass Unsubscription Vulnerability in fp_newsletter Extension for TYPO3 Uncontrolled Memory Allocation Vulnerability in docconv up to 1.2.0 (VDB-216779) Information Disclosure Vulnerability in fp_newsletter Extension for TYPO3 Information Disclosure Vulnerability in fp_newsletter Extension for TYPO3 Stored Cross-Site Scripting (XSS) Vulnerability in ONLYOFFICE Workspace DMS OpenKM DMS Vulnerable to Stored XSS Vulnerability Stored XSS Vulnerability in OpenKM's Document Note Functionality Stored Cross-Site Scripting (XSS) Vulnerability in LogicalDOC Messaging System Stored Cross-Site Scripting (XSS) Vulnerability in LogicalDOC Enterprise's In-App Chat System Stored Cross-Site Scripting (XSS) Vulnerability in LogicalDOC Enterprise and Community Edition (CE) Stored Cross-Site Scripting (XSS) Vulnerability in LogicalDOC Document Version Comments Mayan EDMS DMS Tagging System XSS Vulnerability Critical Prototype Pollution Vulnerability in json-pointer (VDB-216794) SQL Injection Vulnerability in Online ADA Accessibility Suite by Online ADA Stored Cross-Site Scripting (XSS) Vulnerability in Repute InfoSystems ARMember Plugins CSRF Vulnerability in HM Plugin Accept Stripe Donation – AidWP Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Ulf Benjaminsson WP-dTree Plugin <= 4.4.5 SQL Injection Vulnerability in Neshan Maps Platform CSRF Vulnerability in Joseph C Dolson My Calendar Plugin <= 3.3.24.1 SQL Injection Vulnerability in WpDevArt Booking Calendar and Appointment Booking System Memory Leak Vulnerability in SDL2's GLES_CreateTexture() Function SQL Injection Vulnerability in Weblizar The School Management – Education & Learning Management Reflected Cross-Site Scripting (XSS) Vulnerability in Tussendoor Internet & Marketing Open RDW Kenteken Voertuiginformatie Plugin <= 2.0.14 SQL Injection vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB Unauthenticated Reflected Cross-Site Scripting Vulnerability in Daniel Powney Multi Rating Plugin (<= 5.0.5) Stored Cross-Site Scripting (XSS) Vulnerability in PB SEO Friendly Images Plugin <= 4.0.5 Stored Cross-Site Scripting (XSS) Vulnerability in Olive Design WP-OliveCart Plugin <= 1.1.3 Stored Cross-site Scripting (XSS) Vulnerability in MantraBrain Yatra Stored Cross-Site Scripting (XSS) Vulnerability in Branko Borilovic WSB Brands Plugin <= 1.1.8 Stored Cross-Site Scripting (XSS) Vulnerability in WpDevArt Booking Calendar, Appointment Booking System Plugin <= 3.2.3 Unauthenticated Reflected XSS Vulnerability in Rocket Apps Open Graphite Plugin (<= 1.6.0) Double-Free Vulnerability in Linux Kernel's TUN/TAP Device Driver CSRF Vulnerability in Joseph C Dolson My Tickets Plugin Unauthenticated Reflected XSS Vulnerability in Charitable Donations & Fundraising Team Donation Forms Plugin CSV Injection vulnerability in UsersWP CSRF Vulnerability in Daniel Powney Multi Rating Plugin <= 5.0.5 Unauthenticated Reflected XSS Vulnerability in ProfilePress Plugin SQL Injection Vulnerability in Be POPIA Compliant: from n/a through 1.2.0 CSRF Vulnerability in Viadat Creations Store Locator Plugin for WordPress CSRF Vulnerability in Mathieu Chartier WordPress WP-Advanced-Search Plugin CSRF Vulnerability in dev.Xiligroup.Com - MS Plugin <= 1.12.03 Unauthenticated Reflected XSS Vulnerability in RexTheme Cart Lift Plugin Lack of CSRF Checks in WP Customer Area Plugin Allows Arbitrary File Manipulation Potential Local Information Disclosure Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Out of Bounds Write Vulnerability in GNSS Driver: Local Denial of Service in WLAN Services Possible Local Denial of Service Vulnerability in WCN Service Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver Potential Denial of Service Vulnerability in WLAN Driver FluentAuth WordPress Plugin IP Bypass Vulnerability GPU Device Memory Corruption Vulnerability: Local Denial of Service in Kernel Local Privilege Escalation Vulnerability in Telephone Service Local Privilege Escalation Vulnerability in Telephone Service Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Missing Permission Check in vdsp Service: Local Denial of Service Vulnerability Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Local Denial of Service Vulnerability in Telecom Service due to Missing Permission Check Out of Bounds Read Vulnerability in ext4fsfilter Driver Stored Cross-Site Scripting Vulnerability in Post Category Image With Grid and Slider WordPress Plugin Out of Bounds Read Vulnerability in ext4fsfilter Driver Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure via Missing Permission Check Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Critical Path Traversal Vulnerability in FlatPress (VDB-216861) Local Denial of Service Vulnerability in Telephony Service Local Denial of Service Vulnerability in Telephony Service Local Denial of Service Vulnerability in Telephony Service Local Denial of Service Vulnerability in Telephony Service Local Denial of Service Vulnerability in Telephony Service Out of Bounds Write Vulnerability in Modem Control Device: Local Denial of Service Exploit Out of Bounds Read Vulnerability in ext4fsfilter Driver Thermal Service Out of Bounds Write Vulnerability Out of Bounds Write Vulnerability in spipe drive Allows Local Denial of Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Stored Cross-Site Scripting Vulnerability in Posts List Designer by Category WordPress Plugin Possible Local Denial of Service Vulnerability in Soter Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Possible Local Denial of Service Vulnerability in Soter Service Possible Local Denial of Service Vulnerability in Soter Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Out of Bounds Write Vulnerability in Soter Service Allows Local Denial of Service Stored Cross-Site Scripting Vulnerability in WP Responsive Testimonials Slider And Widget WordPress Plugin Apache Helix UI Component Open Redirect Vulnerability Arbitrary File Reading Vulnerability in Apache OFBiz Solr Plugin Unauthenticated Arbitrary Script Execution in Apache OpenOffice SolarWinds Platform Deserialization of Untrusted Data Vulnerability SolarWinds Platform Deserialization of Untrusted Data Vulnerability Local Privilege Escalation Vulnerability in SolarWinds Platform SolarWinds Platform Directory Traversal Vulnerability: Arbitrary Command Execution SolarWinds Platform Deserialization of Untrusted Data Vulnerability Unexpected NTLM Traffic in Kerberos Configurations SolarWinds Platform: HTML Injection via URL Parameters Vulnerability Stored Cross-Site Scripting Vulnerability in Word Balloon WordPress Plugin Plain Text Storage of Sensitive Information in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4 XML External Entity (XXE) Injection Vulnerability in XML-RPC.NET Allows SSRF Attacks Denial of Service Vulnerability in drachtio-server Denial of Service Vulnerability in libsofia-sip Fork in drachtio-server Heap-based Buffer Over-read Vulnerability in libsofia-sip Fork in drachtio-server Heap-based Buffer Overflow in WILC1000 Wireless Driver Out-of-Bounds Write Vulnerability in WILC1000 Wireless Driver Stored Cross-Site Scripting Vulnerability in Opening Hours WordPress Plugin Out-of-Bounds Read Vulnerability in WILC1000 Wireless Driver Heap-based Buffer Overflow in WILC1000 Wireless Driver Vulnerability: MAC Address Spoofing and Security Context Removal in IEEE 802.11 Specifications SQL Injection Vulnerability in Zoho ManageEngine Access Manager Plus, Password Manager Pro, and PAM360 IDN Homograph Attack Vulnerability in F-Secure SAFE Browser for Android Divide-by-Zero Vulnerability in Fox-IT DataDiode 3.4.3 Packet Parser Arbitrary Code Execution via Path Traversal in Fox-IT DataDiode 3.4.3 Vulnerability: Insecure Win32 Memory Objects in RSA NetWitness Platform Endpoint Windows Agents Stored Cross-Site Scripting Vulnerability in Print-O-Matic WordPress Plugin Command Execution Vulnerability in Ericsson Evolved Packet Gateway (EPG) SQL Injection Vulnerability in FileRun 20220519 via dir Parameter Stored Cross-Site Scripting Vulnerability in Easy Social Box / Page Plugin WordPress Plugin Incorrect Access Control in Red Gate SQL Monitor 11.0.14 through 12.1.46: Remote Escalation of Privileges ACL Bypass on Global Objects in Siren Investigate Insufficiently Sandboxed Script Variable Whitelisting Vulnerability GossipSub 1.1 Vulnerability: Persistent Misbehavior without Pruning Electromagnetic Fault Injection Vulnerability in OP-TEE Allows Bypassing Signature Verification Cross-Site Scripting (XSS) Vulnerability in FlatPress Media Manager Plugin Insufficient Read Permission Checks in Apiman Manager REST API Unauthenticated Access to Sensitive Resources in ekorCCP and ekorRCI Unauthenticated Remote Access to Sensitive Information in ekorCCP and ekorRCI Critical Command Injection Vulnerability in ekorCCP and ekorRCI: Remote Code Execution and Privilege Escalation ekorRCI Denial of Service Vulnerability Critical Vulnerability in ekorCCP and ekorRCI Enables Credential Decryption and Unauthorized System Access Default FTP Credentials Vulnerability on Devices ekorCCP and ekorRCI Web Request Vulnerability in ekorCCP and ekorRCI: Exploiting Device Control Gap for Malicious Actions Stored Cross-Site Scripting Vulnerability in My YouTube Channel WordPress Plugin Web Request Control Vulnerability in ekorCCP and ekorRCI Devices Clear Text Storage of Credentials in admin.xml File RCPbind Service Denial of Service Vulnerability Stored Cross-Site Scripting Vulnerability in List Pages Shortcode WordPress Plugin Bypassing USB Restrictions via Virtual Machine in Zoho ManageEngine Device Control Plus Bypassing USB Restrictions via Safe Mode in Zoho ManageEngine Device Control Plus Stored Cross-Site Scripting Vulnerability in 10WebMapBuilder WordPress Plugin LDAP v1 Bind Request Vulnerability in Isode M-Vault 16.0v0 through 17.x before 17.0v24 Mintty Terminal Character Injection Vulnerability Unauthenticated SQL Injection Vulnerability in Themefic Ultimate Addons for Contact Form 7 Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Cornel Raiu WP Search Analytics Plugin <= 1.4.5 SQL Injection vulnerability in Simple Photo Gallery Stored Cross-Site Scripting (XSS) Vulnerability in CTT Expresso para WooCommerce Plugin <= 3.2.11 Stored Cross-Site Scripting Vulnerability in GigPress WordPress Plugin Unauthenticated Reflected XSS Vulnerability in Fugu Maintenance Switch Plugin <= 1.5.2 Reflected Cross-Site Scripting (XSS) Vulnerability in Mickael Austoni Map Multi Marker Plugin Vulnerability: Reflected Cross-Site Scripting (XSS) in Dmytriy.Cooperman MagicForm Plugin RapidLoad Power-Up for Autoptimize Plugin <= 1.6.35 - Authenticated SQL Injection Vulnerability Path Traversal Vulnerability in WP Go Maps Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jeffrey-WP Media Library Categories Plugin <= 1.9.9 Sensitive Information Exposure Vulnerability in Popup Maker Stored Cross-Site Scripting (XSS) Vulnerability in WP Super Popup Plugin Deserialization of Untrusted Data vulnerability in File Manager Plugin for WordPress Stored Cross-Site Scripting Vulnerability in OneClick Chat to Order WordPress Plugin Unauthenticated Reflected XSS Vulnerability in I Thirteen Web Solution Mass Email To Users Plugin Stored Cross-Site Scripting (XSS) Vulnerability in JoomUnited WP Table Manager Plugin <= 3.5.2 Unauthenticated Reflected XSS Vulnerability in wpdevart Gallery Plugin <= 2.0.1 Authentication SQL Injection Vulnerability in Kunal Nagar Custom 404 Pro Plugin <= 3.7.0 Stored Cross-Site Scripting (XSS) Vulnerability in Tim Stephenson WP-CORS Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Usersnap Plugin <= 4.16 Stored XSS Vulnerability in Fullworks Quick Contact Form Plugin <= 8.0.3.1 CSRF Vulnerability in Nicearma DNUI Plugin <= 2.8.1 Stored Cross-Site Scripting Vulnerability in Post Views Count WordPress Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Mr Digital Simple Image Popup Plugin <= 1.3.6 CSRF Vulnerability in Julian Weinert // cs&m Hover Image Plugin CSRF Vulnerability in Participants Database Plugin Allows List Column Update QuantumCloud AI ChatBot Plugin <= 4.3.0 - Stored XSS Vulnerability Unauthenticated SQL Injection Vulnerability in InspireUI MStore API Plugin (<= 3.9.7) Critical Local File Inclusion Vulnerability in LearnPress WordPress LMS Plugin Command Injection Vulnerability in Hitron CODA-5310: Remote Code Execution and Service Disruption Hard-coded Encryption/Decryption Keys in Hitron CODA-5310: Remote Administrator Access Vulnerability Hard-coded Administrator Credentials in Merit LILIN AH55B04 & AH55B08 DVR Stored Cross-Site Scripting Vulnerability in Materialis Companion WordPress Plugin Integer Overflow Vulnerability in Libksba CRL Signature Parser Stored Cross-Site Scripting Vulnerability in Icon Widget WordPress Plugin Out-of-Bounds Read Vulnerability in Trusted Firmware-A X.509 Parser Razer Synapse Privilege Escalation Vulnerability Razer Synapse Privilege Escalation Vulnerability Image Signature Validation Bypass Vulnerability in Kyverno 1.8.3 and 1.8.4 M-Link Archive Server Unauthorized Access Vulnerability Server-side Request Forgery (SSRF) Vulnerability in Wildix WMS OutSystems Service Studio 11 DLL Hijacking Vulnerability Local Privilege Escalation Vulnerability in XAMPP Installer Stored Cross-Site Scripting Vulnerability in Simple File Downloader WordPress Plugin Unauthenticated Access to Control Panel in B420 Module Stored Cross-Site Scripting Vulnerability in Portfolio for Elementor WordPress Plugin Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev593-g007bf61a0's eac3_update_channels function Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev593-g007bf61a0 Buffer Overflow Vulnerability in Libde265 1.0.9: put_qpel_fallback<unsigned short> Function Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev617-g85ce76efd Buffer Overflow Vulnerability in GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67: hevc_parse_vps_extension Function in av_parsers.c:7662 Buffer Overflow Vulnerability in GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 Cross-Site Request Forgery Vulnerability in dolibarr_project_timesheet up to 4.5.5 Integer Overflow Vulnerability in GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 Buffer Overflow Vulnerability in GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 via gf_media_nalu_add_emulation_bytes Infinite Recursion Vulnerability in GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 Buffer Overflow Vulnerability in GPAC MP4box 2.1-DEV-rev649-ga8f438d20: h263dmx_process filters/reframe_h263.c:609 Buffer Overflow Vulnerability in Libde265 1.0.9: ff_hevc_put_hevc_qpel_pixels_8_sse Heap Buffer Overflow Vulnerability in Libde265 1.0.9's de265_image::set_SliceAddrRS(int, int, int) Critical Denial of Service Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Out-of-Bound Read Vulnerability in Binutils addr2line Critical Remote Code Injection Vulnerability in Dropbox Merou (VDB-216906) File Path Disclosure Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Denial of Service Vulnerability in Binutils objdump (CVE-2021-xxxx) Denial of Service Vulnerability in Binutils objdump's compare_symbols Function Account Takeover Vulnerability in COMFAST CF-WR623N Router Firmware V2.3.0.1 and Earlier Cross Site Scripting (XSS) Vulnerability in COMFAST CF-WR623N Router Firmware V2.3.0.1 Incorrect Access Control Vulnerability in COMFAST CF-WR623N Router Firmware V2.3.0.1 SQL Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Incorrect Access Control in COMFAST CF-WR623N Router Firmware V2.3.0.1 and Earlier Cross Site Scripting (XSS) Vulnerability in COMFAST CF-WR623N Router Firmware V2.3.0.1 Password Disclosure Vulnerability in TIANJIE CPE906-3 (Software Version WEB5.0_LCD_20200513) Session Variable Injection Vulnerability in Hitachi Vantara Pentaho Business Analytics Server HSTS Header Enforcement Vulnerability in Last Yard 22.09.8-1 Cookie Theft via Unencrypted Traffic in Last Yard 22.09.8-1 CORS Vulnerability in Last Yard 22.09.8-1 Critical Path Traversal Vulnerability in Widoco's unZipIt Function (VDB-216914) Path Traversal Vulnerability in Unsupported Version of cloudsync Unauthenticated Backup File Download and Admin Hash Disclosure Vulnerability in Yeastar N412 and N824 Configuration Panel Arbitrary File Upload Vulnerability in Bit Form WordPress Plugin SQL Injection Vulnerability in Seltmann GmbH Content Management System 6 via /index.php SQL Injection Vulnerability in ZenTao 16.4 to 18.0.beta1 via importNotice Function Arbitrary File Read Vulnerability in Kraken <= 0.1.4 via Testfs Component Stored Cross-Site Scripting Vulnerability in GeoDirectory WordPress Plugin Path Traversal Vulnerability in imo.im 2022.11.1051 Allows Arbitrary Code Execution Nanoleaf Firmware Vulnerability: TLS Verification Bypass and DNS Hijacking Attack Stored Cross-Site Scripting Vulnerability in CC Child Pages WordPress Plugin Path Traversal Vulnerability in gin-vue-admin < 2.5.5 Download Module File Upload Vulnerability in PopojiCMS v2.0.1 Backend Plugin Function Critical Backdoor Vulnerability in Solar-Log Gateway Products Allows Remote Super Admin Access Directory Traversal Vulnerability in Serenissima Informatica Fast Checkin 1.0 Arbitrary File Write Vulnerability in Serenissima Informatica Fast Checkin v1.0 Allows Unauthenticated Remote Code Execution Stored Cross-Site Scripting Vulnerability in Bootstrap Shortcodes WordPress Plugin Unauthenticated SQL Injection Vulnerability in Serenissima Informatica Fast Checkin v1.0 Path Traversal Vulnerability in StreamX Applications with StreamView HTML Component Bangresto 1.0 SQL Injection Vulnerability in itemID Parameter Authentication Bypass Vulnerability in StreamX Applications with StreamView HTML Component SQL Injection Vulnerability in Sourcecodester Dynamic Transaction Queuing System v1.0 Hardcoded Credentials in ISOS Firmware Versions 1.81 to 2.00 Stored Cross-Site Scripting Vulnerability in Accordion Shortcodes WordPress Plugin Stored Cross-Site Scripting Vulnerability in ClickFunnels WordPress Plugin Stored Cross-Site Scripting Vulnerability in Youtube Channel Gallery WordPress Plugin Stored Cross-Site Scripting Vulnerability in Hueman Addons WordPress Plugin Remote Information Disclosure Vulnerability in Bezeq Vtech Routers Stored Cross-Site Scripting Vulnerability in Video Sidebar Widgets WordPress Plugin Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Arbitrary File Upload Vulnerability in i-librarian 4.10's ajaxsupplement.php SQL Injection Vulnerability in Lead Management System v1.0 via user_id Parameter in changePassword.php Stored Cross-Site Scripting Vulnerability in Video.js WordPress Plugin SQL Injection Vulnerability in Lead Management System v1.0 via removeProduct.php's id parameter SQL Injection Vulnerability in Lead Management System v1.0 via removeLead.php's id parameter SQL Injection Vulnerability in Lead Management System v1.0 via customer_id parameter in ajax_represent.php SQL Injection Vulnerability in Lead Management System v1.0 via removeCategories.php SQL Injection Vulnerability in Lead Management System v1.0 via removeOrder.php's id parameter SQL Injection Vulnerability in Lead Management System v1.0 via removeBrand.php's id Parameter Stored Cross-Site Scripting Vulnerability in Themify Shortcodes WordPress Plugin Cross Site Scripting (XSS) Vulnerability in Redgate SQL Monitor 12.1.31.893 Web SQL Monitor Login Page Vulnerability Alert: SSRF Exploit in maccms10 2021.1000.2000 Netcad KEOS 1.0 Vulnerability: XML External Entity (XXE) leading to SSRF with XXE (remote) Improper Access Control in Jedox GmbH Jedox 2020.2.5 Allows Unauthorized Access to Database Connections Directory Traversal Vulnerability in Jedox GmbH Jedox 2020.2.5 Allows Remote Code Execution Arbitrary Code Execution Vulnerability in Jedox GmbH Jedox 2020.2.5 Integrator Stored Cross-Site Scripting Vulnerability in Jedox 2020.2.5 Logs Page Arbitrary Code Execution via Default-Storage-Path in Jedox 2020.2.5 Jedox 2020.2.5 Remote Code Execution (RCE) Vulnerability in /be/rpc.php Stored Cross-Site Scripting Vulnerability in Embed PDF WordPress Plugin Information Disclosure Vulnerability in Jedox 2020.2.5: Cleartext Password Disclosure via 'Test Connection' Function Out-of-Bounds Read Vulnerability in Foxit PDF Reader and PDF Editor 11.2.1.53537 and Earlier Stored Cross-Site Scripting Vulnerability in WPZOOM Portfolio WordPress Plugin Vulnerability: Password Reset via Legitimate Recovery Function in NetMan 204 Unauthenticated Remote File Read Vulnerability in NetMan 204 NetMan 204 Firmware Upload Remote Code Execution Vulnerability Remote Code Execution Vulnerability in JetBrains IntelliJ IDEA Code Templates SSTI Vulnerability in JetBrains IntelliJ IDEA Stored Cross-Site Scripting Vulnerability in WP Google My Business Auto Publish WordPress Plugin V-Server v4.0.12.0 Stack-Based Buffer Overflow Vulnerability LQL Injection in Checkmk's AuthUser HTTP Query Header Stored Cross-Site Scripting Vulnerability in Product Slider and Carousel with Category for WooCommerce WordPress Plugin Input Validation Vulnerability in Sewio’s Real-Time Location System (RTLS) Studio Improved Memory Handling in macOS Ventura 13 Fixes Arbitrary Code Execution Vulnerability Arbitrary File Deletion and Denial-of-Service Vulnerability in Sewio RTLS Studio Stored Cross-Site Scripting Vulnerability in News & Blog Designer Pack WordPress Plugin Arbitrary Code Execution and DoS Vulnerability in Secvisogram's csaf-validator-lib (Versions < 0.1.0) Unauthenticated Remote User Can Cause Partial DoS in Secvisogram csaf-validator-service File Deletion Vulnerability in AyaCMS 3.1.2 via /aya/module/admin/fst_del.inc.php Weak Permissions on SQLite Files in MediaWiki Installation XSS Vulnerability in MISP Template File Uploads NULL Pointer Dereference Vulnerability in Linux Kernel Traffic Control Subsystem Stored Cross-Site Scripting Vulnerability in Blog Designer WordPress Plugin Session ID Not Utilized in IO FinNet tss-lib, Allowing Message Replay and Spoofing Hash Collision Vulnerability in IO FinNet tss-lib before 2.0.0 Denial of Service Vulnerability in Brave Browser via Crafted HTML File (CVE-2022-47933 Incomplete Fix) Denial of Service Vulnerability in Brave Browser via Crafted HTML File with IPFS Scheme Denial of Service Vulnerability in Brave Browser (Versions before 1.43.88) via Crafted HTML File with ipfs:// or ipns:// URL Memory Corruption Vulnerability in JT Open, JT Utilities, and Solid Edge (ZDI-CAN-19078) Stack Overflow Vulnerability in JT Open, JT Utilities, and Parasolid Deprecated Apache Sling Commons JSON Bundle Allows Unexpected Error Triggering Out-of-Bounds Read and OOPS Vulnerability in ksmbd's SMB2_TREE_CONNECT Use-after-free and OOPS Vulnerability in ksmbd for SMB2_TREE_DISCONNECT Reflected File Download Vulnerability in AAWP WordPress Plugin Unvalidated Length Vulnerability in ksmbd's smb2_write Memory Leak in ksmbd's smb2_handle_negotiate in Linux Kernel 5.15 through 5.19 before 5.19.2 Heap-based Buffer Overflow in ksmbd's set_ntacl_dacl Function Out-of-Bounds Read and OOPS Vulnerability in ksmbd for Linux Kernel 5.15-5.19 Local File Inclusion Vulnerability in ThinkPHP Framework (CVE-2020-15227) Use-after-free vulnerability in io_sqpoll_wait_sq in Linux Kernel 5.10.x before 5.10.155 Nintendo NetworkBuffer Remote Code Execution Vulnerability Stored Cross-Site Scripting Vulnerability in The Galleries by Angie Makes WordPress Plugin Arbitrary File Read Vulnerability in OpenStack Swift S3 API Unauthorized Access to Sensitive Data via VMDK Flat Image in OpenStack Local File Existence Inference in lxc-user-nic Privilege Escalation Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Improved Memory Handling in macOS Ventura 13 Fixes Arbitrary Code Execution Vulnerability Remote Code Execution Vulnerability in Multiple Zoho ManageEngine On-Premise Products Memory Corruption Vulnerability in Solid Edge (All versions < V2023 MP1) Allows Code Execution Reflected and Stored XSS Vulnerability in Heimdall Application Dashboard Excessive Authentication Attempts Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Bluetooth AVRCP Module Vulnerability: Potential DoS Attacks and Process Restart DUBAI Module Double Free Vulnerability: Impact on System Availability Imposter Control Connection Vulnerability in DMSDP Module of Distributed Hardware Memory Corruption Vulnerability in JT Open and JT Utilities GitHub Repository Authorization Bypass Vulnerability in usememos/memos prior to 0.9.1 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 SQL Injection Vulnerability in IBM InfoSphere Information Server 11.7 Arbitrary Code Execution Vulnerability in IBM Aspera Faspex 4.4.2 Patch Level 1 and Earlier GitHub Repository Authorization Bypass Vulnerability in usememos/memos prior to 0.9.1 Buffer Overflow Vulnerability in X11 on IBM AIX and VIOS Systems GitHub Repository usememos/memos Prior to 0.9.1 - Improper Verification of Communication Channel Source Vulnerability Arbitrary File Upload Vulnerability in TaoCMS v3.0.2 Stored XSS Vulnerability in Piwigo v13.4.0 identification.php Allows Arbitrary Code Execution via User-Agent Injection Arbitrary File Upload Vulnerability in LimeSurvey Plugin Manager Access Control Bypass in GitHub repository usememos/memos prior to 0.9.1 Stored Cross-Site Scripting (XSS) Vulnerability in LimeSurvey v5.4.15 SQL Injection Vulnerability in Opencats v0.9.7 via importID Parameter Reflected XSS Vulnerability in Opencats v0.9.7 via /opencats/index.php?m=settings&a=ajax_tags_upd Stored Cross-Site Scripting (XSS) Vulnerability in Opencats v0.9.7 Calendar Component Privilege Escalation Vulnerability in Another Eden (Versions before v3.0.20 and v2.14.200) GitHub Repository Authorization Bypass Vulnerability in usememos/memos prior to 0.9.1 Reflected Cross-Site Scripting (XSS) Vulnerability in Vinteo VCC v2.36.4 Arbitrary Code Execution and Privilege Escalation Vulnerability in Zammad v5.3.0 Unauthorized Ticket Access Vulnerability in Zammad v5.3.0 Insufficient Privilege Verification Allows Unauthorized Modification of Ticket Tags in Zammad v5.3.0 GitHub Repository Authorization Bypass Vulnerability in usememos/memos prior to 0.9.1 GitHub Repository Unauthorized Access Vulnerability Privilege Escalation Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 GitHub Repository Authorization Bypass Vulnerability in usememos/memos prior to 0.9.1 Excessive Memory Consumption Vulnerability in GNU Binutils: DNS Attack via load_separate_debug_files Excessive Memory Consumption Vulnerability in GNU Binutils: Potential DNS Attack via Crafted ELF File Memory Leak Vulnerability in GNU Binutils' find_abstract_instance Function Authentication Bypass Vulnerability in Totolink A830R V4.1.2cu.5182 Root Password Disclosure Vulnerability in Totolink A830R V4.1.2cu.5182 Command Injection Vulnerability in Totolink A830R V4.1.2cu.5182 via QUERY_STRING Parameter GitHub Repository Access Control Vulnerability Command Injection Vulnerability in Phicomm K2 v22.6.534.263 via autoUpTime Parameter Critical Vulnerability: Phicomm K2 v22.6.534.263 Stores Root and Admin Passwords in Plaintext Command Injection Vulnerability in Phicomm K2G v22.6.3.20 via autoUpTime Parameter Plaintext Storage of Root and Admin Passwords in Phicomm K2G v22.6.3.20 Arbitrary Command Execution Vulnerability in NoMachine before v8.2.3 DLL Hijacking Vulnerability in Genymotion Desktop v3.3.2 Allows Privilege Escalation and Arbitrary Code Execution Stack Overflow Vulnerability in pycdc Commit 44a730f3a889503014fec94ae6e62d8401cb75e5 Arbitrary Code Execution Vulnerability in Monnai aaPanel Host System v1.5 Privilege Escalation in GitHub repository usememos/memos prior to 0.9.1. SQL Injection Vulnerability in Easyone CRM v5.50.02 via /Services/Misc.asmx/SearchTag Endpoint HTML Injection Vulnerability in Softr v2.0 via Work Space Name Parameter GitHub Repository Access Control Vulnerability SQL Injection Vulnerability in Tramyardg Hotel Management System Version 2022.4 Tramyardg Hotel Management System 2022.4 - Cross Site Scripting (XSS) Vulnerability in process_update_profile.php Seacms v12.7 Remote Code Execution (RCE) Vulnerability via admin_ip.php Arbitrary File Read Vulnerability in LMXCMS v1.41 via TemplateAction.class.php GitHub Repository Access Control Vulnerability Command Injection Vulnerability in D-Link DIR-878_FW1.30B08: Privilege Escalation via /setnetworksettings/IPAddress Component Command Injection Vulnerability in D-Link DIR-878_FW1.30B08 via /SetNetworkSettings/SubnetMask Component User-Controlled Key Authorization Bypass in usememos/memos Cross-Site Scripting (XSS) Vulnerability in CKEditor 5 35.4.0 Full Featured Widget Cross-Site Scripting (XSS) Vulnerability in SIPE s.r.l WI400 (Versions 8-11) Allows Arbitrary Code Execution Unauthenticated Telnet Access and Root Login Vulnerability in TOTOLINK N200RE_v5 Firmware V9.3.5u.6139 SQL Injection Vulnerability in RuoYi v4.7.5 via /tool/gen/createTable Component XSS Vulnerability in Dropdown Menu of jspreadsheet (before v4.6.0) Remote Code Execution (RCE) Vulnerability in AyaCMS v3.1.2 via /admin/tpl_edit.inc.php Cross-Site Scripting (XSS) Vulnerability in Jorani v1.0 via Acronym Parameter GitHub Repository Authorization Bypass Vulnerability in usememos/memos prior to 0.9.1 Arbitrary Command Execution via SQL Injection in kishan0725 Hospital Management System Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Command Injection Vulnerability in TOTOlink A7100RU V7.4cu.2313_B20191024 Access Control Bypass in GitHub repository usememos/memos prior to 0.9.1 Multiple Stack Overflows in Tenda W20E v15.11.0.6's formSetStaticRoute Function GitHub Repository Access Control Vulnerability Cross-Site Scripting (XSS) Vulnerability in DedeCMS v5.7.97's /file_manage_view.php?fmdo=edit&filename Component SQL Injection Vulnerability in Online Student Admission System Unrestricted JSON Deserialization Vulnerability in Hitachi Vantara Pentaho Business Analytics Server Cross-Site Scripting (XSS) Vulnerability in Shopware v5.5.10 via recovery/install/ URI RemoteClinic 2.0 SQL Injection Vulnerability in medicines/profile.php Local Denial-of-Service Vulnerability in Lenovo Safecenter Arbitrary File Download Vulnerability in Easy Images v2.0 via /application/down.php Unauthenticated Access Control Vulnerability in Wavlink WL-WN533A8 M33A8.V5030.190716 Unauthenticated Access Control Vulnerability in Wavlink WL-WN530H4 M30H4.V5030.210121 Unauthenticated Access Control Vulnerability in Wavlink WL-WN530HG4 M30HG4.V5030.201217 Insecure Temporary File Manipulation Vulnerability in Centic9 JGit-Cookbook (VDB-216988) Stack Overflow Vulnerability in ash.c:6030 in BusyBox (Before 1.35) Enables Arbitrary Code Execution in Internet of Vehicles Environment Rukovoditel v3.2.1 Remote Code Execution (RCE) Vulnerability in /rukovoditel/index.php?module=dashboard/ajax_request Pre-Authentication Stack Overflow Vulnerability in Netgear Routers Reflected Cross-Site Scripting (XSS) Vulnerability in X2CRM Open Source Sales CRM 6.6 and 6.9 Stored Cross-Site Scripting (XSS) Vulnerability in X2CRM Open Source Sales CRM 6.6 and 6.9 XML External Entity (XXE) Reference Vulnerability in Talend Open Studio for MDM ThinkPad BIOS ErrorMessage Driver Stack-Based Buffer Overflow Vulnerability BIOS Tamper Detection Bypass Vulnerability in ThinkPad T14s Gen 3 and X13 Gen3 BIOS Tamper Detection Bypass Vulnerability in ThinkPad T14s Gen 3 and X13 Gen3 Certificate Validation Vulnerability in Baiying Android Application SecureBootDXE BIOS Driver Buffer Overflow Vulnerability in Lenovo Desktop and ThinkStation Models ThinkPad BIOS SMM Driver Input Validation Vulnerability Cross-Site Scripting (XSS) Vulnerability in HotCRP (VDB-216998) Privilege Escalation Vulnerability in Trend Micro Maximum Security 2022 (17.7) Softing smartLink SW-HT before 1.30 Cross-Site Scripting Vulnerability Insecure SSL Ciphers Enabled in Softing smartLink SW-HT before 1.30 Inadequate Signature Check in TP-Link TL-WR902AC Firmware Update Allows Remote Code Execution and DoS Insufficient Randomness in SCRAM-based SASL Authentication Buffer Overflow Vulnerability in Certain NETGEAR Devices Reflected Cross-Site Scripting (XSS) in YUI2 TreeView ROS ntpd_driver Component Remote Code Execution Vulnerability Arbitrary Binary Execution Vulnerability in SoftPerfect NetWorx 7.1.1 Cross-Site Scripting (XSS) Vulnerability in FlatPress Admin Area (CVE-2021-216999) Cross-Site Scripting (XSS) Vulnerability in FlatPress XML File Handler/MD File Handler Uniswap Universal Router 1.1.0 and Earlier: Reentrancy Vulnerability Enables Fund Theft Vulnerability in tf_remapper_node component allows unauthorized behavior modification HP Desktop PC Vulnerability: Intrusion Detection Bypass via TamperLock Feature Cross-Site Scripting Vulnerability in FlatPress Setup (VDB-217001) HP Desktop PC Vulnerability: Intrusion Detection Bypass via TamperLock Feature Race Condition and OpLock Manipulation Vulnerability in Acuant AcuFill SDK Elevation of Privileges via Acuant AcuFill SDK Installation DLL Hijacking Vulnerability in Acuant AcuFill SDK Insecure Permissions in Acuant AcuFill SDK Allows Arbitrary Code Execution DLL Hijacking Vulnerability in Acuant AcuFill SDK Elevated Code Execution Vulnerability in Acuant AcuFill SDK Elevation of Privileges Vulnerability in Acuant AsureID Sentinel Root Directory Log File Vulnerability in Acuant AsureID Sentinel Observable Timing Discrepancy in InSTEDD Nuntium (VDB-217002) Misinterpretation of Input Vulnerability in BiSheng-WNM FW 3.0.0.325 Leading to DoS Possible Local Denial of Service Vulnerability in Soter Service Possible Local Denial of Service Vulnerability in FM Service Possible Local Denial of Service Vulnerability in FM Service Possible Local Denial of Service Vulnerability in FM Service Out of Bounds Write Vulnerability in MP3 Encoder Allows Local Denial of Service MP3 Encoder Out of Bounds Read Vulnerability Out of Bounds Write Vulnerability in Image Filter: Local Denial of Service Exploit Out of Bounds Write Vulnerability in Image Filter: Local Denial of Service Exploit Camera Driver Vulnerability: Out of Bounds Write Leading to Local Denial of Service Stored Cross-Site Scripting Vulnerability in WP Blog and Widgets WordPress Plugin Camera Driver Vulnerability: Out of Bounds Write Leading to Local Denial of Service Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service Telephony Service Vulnerability: Local Information Disclosure without Execution Privileges Local Privilege Escalation Vulnerability in Audio Service Local Privilege Escalation Vulnerability in Audio Service Local Privilege Escalation Vulnerability in Audio Service Local Privilege Escalation Vulnerability in Audio Service Local Privilege Escalation Vulnerability in Audio Service Local Privilege Escalation Vulnerability in Audio Service Local Privilege Escalation Vulnerability in Audio Service Stored Cross-Site Scripting Vulnerability in WP-ShowHide WordPress Plugin Local Privilege Escalation Vulnerability in Audio Service Vulnerability in AES Instructions on ARMv8 Platform: Lack of Intrinsic Resistance to Side-Channel Attacks Pi.Alert Fork (before 22.12.20) Vulnerability: Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection Arbitrary Command Execution Vulnerability in Nostromo nhttpd Leia-B29 2.0.0.49(M03) Lock Screen Bypass Vulnerability Title: Remote Code Execution Vulnerability in BiSheng-WNM FW 3.0.0.325 Technitium DNS Server CNAME Loop Denial-of-Service Vulnerability Predictable Logfile Names in Eternal Terminal 6.2.1 World-readable logfiles in Eternal Terminal 6.2.1 pose a security vulnerability. BiSheng-WNM FW 3.0.0.325 System Command Injection Vulnerability Stored Cross-Site Scripting Vulnerability in Simple Tooltips WordPress Plugin Buffer Overflow Vulnerability in BiSheng-WNM FW 3.0.0.325: Potential Device Service Exceptions BiSheng-WNM FW 3.0.0.325 Misinterpretation of Input Vulnerability Stored Cross-Site Scripting Vulnerability in WP Tiles WordPress Plugin HTTP Multipart Request Parsing Bypass Vulnerability in ModSecurity Stored Cross-Site Scripting Vulnerability in Bold Timeline Lite WordPress Plugin Heap-based Buffer Overflow in processCropSelections in LibTIFF through 4.5.0 Arbitrary Code Execution Vulnerability in MongoDB .NET/C# Driver (Versions <= v2.18.0) Unrestricted Access Vulnerability in Huawei Whole-Home Intelligence Software Unrestricted Access Vulnerability in Huawei Whole-Home Intelligence Software Directory Traversal Vulnerability in JSZip before 3.8.0 Privilege Escalation Vulnerability in Multi-Screen Collaboration Module: Implications for Data Confidentiality HwContacts Module Logic Bypass Vulnerability Unauthenticated Access to Bundle Management APIs Allows for Data Confidentiality Breach Unauthenticated Access to Bundle Management APIs Allows for Data Confidentiality Breach Stored Cross-Site Scripting Vulnerability in Show-Hide / Collapse-Expand WordPress Plugin Logic Bypass Vulnerability in Phone-PC Collaboration Module: Threats to Data Confidentiality and Integrity Bluetooth Pairing Authentication Bypass Vulnerability: Confidentiality Impact Bluetooth Module Out-of-Memory (OOM) Vulnerability: Implications for Data Confidentiality Bluetooth Module OOM Vulnerability: Threat to Data Confidentiality Authentication Vulnerability in IHwAttestationService Interface Permission Verification Vulnerability in IHwAntiMalPlugin Interface SystemUI Vulnerability: Malicious App Broadcasts False Alarm Information about External Storage Devices Geofencing Kernel Code Vulnerability: Out-of-Bounds Memory Access Geofencing Kernel Code Length Verification Vulnerability Unauthenticated Access to WMS Module APIs: Data Confidentiality Vulnerability Stored Cross-Site Scripting Vulnerability in Paid Memberships Pro WordPress Plugin Unauthenticated Access to WMS Module APIs: Data Confidentiality Vulnerability Unauthenticated App Restoration Vulnerability in Bundle Management Module Unauthenticated API Access Vulnerability in AMS Module Uninitialized Memory Use in GNU Tar's from_header Function Identity Authentication Bypass Vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274 Certificate Host Mismatch Vulnerability in Palantir Gotham Chat IRC Helper Magritte-ftp TLS Certificate Hostname Verification Bypass Vulnerability Unverified Hostname Vulnerability in sls-logging Allows for Man-in-the-Middle Attacks CSRF Vulnerability in Older Versions of Sophos Connect: Unauthorized Retrieval of Logs and Technical Support Archives Stored Cross-Site Scripting Vulnerability in Custom User Profile Fields for User Registration WordPress Plugin Critical Information Disclosure Vulnerability in Older Versions of Sophos Connect Outdated Firmware XSS Vulnerability in HP Deskjet 2540 Series Printer Out-of-Bounds Read/Write Vulnerability in HwPCAssistant Module Bluetooth Pairing Vulnerability Allows Unauthorized Access and Compromises Confidentiality Bluetooth Pairing Vulnerability Allows Unauthorized Access and Compromises Confidentiality Insecure Termination of Expired Sessions in Tribe29's Checkmk RestAPI Unintended Information Disclosure Vulnerability in Tribe29's Checkmk RestAPI Documentation Host Secret Disclosure in Checkmk Agent Updater Log File Stored Cross-Site Scripting Vulnerability in Store Locator WordPress Plugin Cross-Site Request Forgery (CSRF) Vulnerability in Tribe29's Checkmk Allows Unauthorized Addition of Visual Elements Tribe29's Checkmk <= 2.1.0p11 Limited Server-Side Request Forgery (SSRF) Vulnerability Stack-Based Buffer Overflow Vulnerability in NETGEAR Nighthawk WiFi Mesh Systems and Routers Path Traversal Vulnerability in Sunlogin Sunflower Simplified 1.0.1.43315 Allows Remote Code Execution Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 Improper Handling of ordered_url_params and additional_delimiters in MISP before 2.4.167 Unsanitized Order Parameter Vulnerability in MISP before 2.4.166 Stored Cross-Site Scripting Vulnerability in YourChannel WordPress Plugin Out-of-Bounds Write Vulnerability in Huawei Sound Box FLMG-10 10.0.1.0(H100SP22C00) Widevine Trusted Application (TA) 5.0.0 through 5.1.1 Integer Overflow and Buffer Overflow Vulnerability Widevine Trusted Application (TA) Integer Overflow and Buffer Overflow Vulnerability Widevine Trusted Application (TA) Integer Overflow and Buffer Overflow Vulnerability Widevine Trusted Application (TA) Integer Overflow and Buffer Overflow Vulnerability Widevine Trusted Application (TA) Vulnerability: PRDiagVerifyProvisioning Integer Overflow and Buffer Overflow Widevine Trusted Application (TA) Integer Overflow and Buffer Overflow Vulnerability Command Execution Vulnerability in GNU Emacs through 28.2 via Shell Metacharacters in Source Code File Names Local Command Injection Vulnerability in GNU Emacs Ruby Mode Command Injection Vulnerability in GNU Emacs htmlfontify.el Stored Cross-Site Scripting Vulnerability in CPT Bootstrap Carousel WordPress Plugin Use-after-free vulnerability in Gluster GlusterFS 11.0: dht_setxattr_mds_cbk in dht-common.c Vertical Privilege Escalation in ThingsBoard 3.4.1: Tenant Administrator Gains System Administrator Access Default Enablement of jVMTI in JetBrains TeamCity Agents Prior to 2022.10.2 XSS Vulnerability in JetBrains TeamCity User Creation Process XSS Vulnerability in JetBrains TeamCity Group Creation Process XSS Vulnerability in sanitize-url (aka @braintree/sanitize-url) before 6.0.2 HwContacts Module Logic Bypass Vulnerability: Confidentiality Impact MediaProvider Module Permission Verification Vulnerability: Confidentiality Impact Unauthorized Data Read Vulnerability in MediaProvider Module Control Component Spoofing Vulnerability: Implications for Confidentiality and Availability Stored Cross-Site Scripting Vulnerability in Social Sharing Toolkit WordPress Plugin Unauthorized File Access Vulnerability in HUAWEI Messaging App Configuration Defects in Secure OS Module: A Potential Threat to Availability Data Initialization Vulnerability in Smartphones: Potential System Panic Exploitation Kernel Privilege Escalation Vulnerability in Smartphones: Causing System Service Exceptions Bluetooth Heap Out-of-Bounds Write Vulnerability Bluetooth Heap Out-of-Bounds Read Vulnerability Vulnerability in Facial Recognition Module's Input Parameter Verification Leads to Failed Recognition Double Fetch Vulnerability: Exploiting Kernel for Denial of Service Attacks BatteryHealthActivity Redirection Vulnerability Arbitrary Disk Modification Vulnerability in Recovery Mode for Updates Stored Cross-Site Scripting Vulnerability in Breadcrumb WordPress Plugin File Permission Control Vulnerability in Facial Recognition Module: Implications for Confidentiality Path Traversal Vulnerability in Always On Display (AOD) Theme Files Arbitrary Code Execution via Directory Traversal in Zoho ManageEngine Desktop Central Vulnerability: Assertion Failure in libmpdclient due to Mishandling of Drain Call in PipeWire Output Plugin Moderator Identity Disclosure in Mastodon 3.5.x Excessive Privileges Vulnerability in eZ Platform Ibexa Kernel Timing Attack Vulnerability in eZ Platform Ibexa Kernel Access Control Bypass in eZ Publish Ibexa Kernel Local Privilege Escalation Vulnerability in Audio Service Local Privilege Escalation Vulnerability in Audio Service Stored Cross-Site Scripting Vulnerability in CPO Companion WordPress Plugin Local Information Disclosure Vulnerability in Dialer Service Local Information Disclosure Vulnerability in Dialer Service Out of Bounds Write Vulnerability in bootcp Service: Local Denial of Service with System Execution Privileges Out of Bounds Write Vulnerability in Tee Service: Local Denial of Service Exploit Out of Bounds Write Vulnerability in Tee Service: Local Denial of Service Exploit Missing Permission Check in Contacts Service: Potential Local Denial of Service Vulnerability Local Denial of Service Vulnerability in Dialer Service Local Denial of Service Vulnerability in Dialer Service Possible Local Denial of Service Vulnerability in Engineermode Service Local Denial of Service Vulnerability in Dialer Service Stored Cross-Site Scripting Vulnerability in Clean Login WordPress Plugin Out of Bounds Write Vulnerability in Modem Control Device: Local Denial of Service Exploit Out of Bounds Write Vulnerability in Modem Control Device: Local Denial of Service Exploit Log Service Out of Bounds Write Vulnerability Missing Permission Check in srtd Service Allows for Local Privilege Escalation Possible Local Privilege Escalation Vulnerability in srtd Service Out of Bounds Write Vulnerability in cp_dump Driver Local Denial of Service Vulnerability in apipe Driver: Use After Free Logic Error Local Denial of Service Vulnerability in apipe Driver: Out of Bounds Write PowerEx Service Vulnerability: Local Escalation of Privilege Out of Bounds Write Vulnerability in Modem Control Device: Local Denial of Service Exploit Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Telephony Service Vulnerability: Local Escalation of Privilege via Missing Permission Check Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service Local Privilege Escalation Vulnerability in Dialer Service Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Linux Kernel NTFS3 Driver NULL Pointer Dereference Vulnerability Local Privilege Escalation in ONLYOFFICE Docs through 7.3 on Linux Distributions Out-of-Bounds Write Vulnerability in Linux Kernel's ntfs3 File System Unvalidated Attribute Name Offset in Linux Kernel Leads to Unhandled Page Fault Invalid kfree vulnerability in Linux kernel through 6.2.7 allows for unauthorized replaying of logs in fs/ntfs3/inode.c Stored XSS Vulnerability in JetBrains TeamCity Perforce Connection Settings Stored XSS Vulnerability in JetBrains TeamCity: Exploiting Pending Changes and Changes Tabs Stored XSS Vulnerability on JetBrains TeamCity SSH Keys Page Reflected XSS Vulnerability in JetBrains Hub Dashboards NULL Pointer Dereference Vulnerability in radareorg/radare2 (prior to 5.8.2) External Stylesheet Path Disclosure Vulnerability in JetBrains IntelliJ IDEA Unauthenticated Project Import Vulnerability in JetBrains IntelliJ IDEA Unsandboxed Bundled Chromium in JetBrains IntelliJ IDEA before 2023.1 NTLM Hash Leakage Vulnerability in JetBrains IntelliJ IDEA Use-after-free vulnerability in libavcodec/pthread_frame.c in FFmpeg before 5.1.2 Local Logging Vulnerability in JetBrains PhpStorm before 2023.1 Incorrect Error Reporting in x509_verify_ctx_add_chain Out of Bounds Write Vulnerability in cp_dump Driver Out of Bounds Write Vulnerability in cp_dump Driver CSRF Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Local Denial of Service Vulnerability in Dialer Service Local Denial of Service Vulnerability in Dialer Service Local Denial of Service Vulnerability in Dialer Service Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service Telephony Service Vulnerability: Missing Permission Check Leading to Local Denial of Service CSRF Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Bluetooth Service Vulnerability: Local Denial of Service with System Execution Privileges Race Condition Vulnerability in Bluetooth Service Allows for Local Denial of Service with System Execution Privileges Potential Local Denial of Service Vulnerability in IFAA Service with Missing Permission Check Camera Driver Vulnerability: Out of Bounds Write Leading to Local Denial of Service WiFi Service Vulnerability: Out of Bounds Write Leading to Local Denial of Service WiFi Service Vulnerability: Out of Bounds Write Leading to Local Denial of Service Camera Driver Vulnerability: Out of Bounds Write Exploit for Local Denial of Service TeleService Vulnerability: Local Denial of Service via Improper Input Validation TeleService Vulnerability: Local Denial of Service via Improper Input Validation TeleService Vulnerability: Local Denial of Service via Improper Input Validation CSRF Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Local Denial of Service Vulnerability in Setting Service: Incorrect Error Handling Leads to Undefined Behavior Out of Bounds Write Vulnerability in Sensor Driver: Local Denial of Service Exploit WiFi Service Vulnerability: Out of Bounds Write Leading to Local Denial of Service WiFi Service Vulnerability: Out of Bounds Write Leading to Local Denial of Service WiFi Service Vulnerability: Out of Bounds Write Leading to Local Denial of Service Unsigned Integer Overflow in parse_required_member in Protobuf-C Traffic Hijacking Vulnerability in Huawei Routers: Exploiting Packet Hijacking Potential Improper Destination Specification in GitHub Repository Communication Channel Abnormal Printer Service Vulnerability in Huawei Printer Title: Remote Code Execution Vulnerability in Huawei Printer (BiSheng-WNM) Abnormal Printer Service Vulnerability in Huawei Printer Denial of Service Vulnerability in Control de Ciber 1.650 Version Buffer Overflow Vulnerability in Control de Ciber Version 1.650: Exploiting the Printing Function Path Traversal Vulnerability in JetBrains Ktor resolveResource Method Critical SSRF Vulnerability in JetBrains Hub Auth Module Integration Memory Length Verification Vulnerability in Facial Recognition TA Out-of-Bounds Memory Read Vulnerability in Facial Recognition TA GitHub Repository usememos/memos Prior to 0.9.1 - Improper Verification of Communication Channel Source Vulnerability Critical Integer Overflow Vulnerability in Phones: Threat to Service Confidentiality macOS DYLIB Injection Vulnerability in JetBrains Toolbox App Unauthenticated Remote File Read Vulnerability in 3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows Unauthenticated Remote File Read Vulnerability in 3CX before 18 Hotfix 1 build 18.0.3.461 on Windows Availability Impact: Configuration Defects in Secure OS Module Availability Impact: Configuration Defects in Secure OS Module Desktop Security Bypass Vulnerability: Unauthorized Modifications Availability Impact: Configuration Defects in Secure OS Module CSRF Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Availability Impact: Configuration Defects in Secure OS Module Title: Critical Vulnerability in HUAWEI Phones Allows Unauthorized Ads and Pop-ups Availability Impact: Configuration Defects in Secure OS Module Availability Impact: Configuration Defects in Secure OS Module Pre-Authorization Vulnerability: Lax App Identity Verification Foreground App Information Unauthorized Access Vulnerability Pre-Authorization Vulnerability: Lax App Identity Verification Availability Impact: Configuration Defects in Secure OS Module Availability Impact: Configuration Defects in Secure OS Module Availability Impact: Configuration Defects in Secure OS Module CSRF Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Availability Impact: Configuration Defects in Secure OS Module Availability Impact: Configuration Defects in Secure OS Module Out-of-Bounds Read Vulnerability in ntfs3 Subsystem Arbitrary Code Execution Vulnerability in Apple Devices Improved Cache Handling in macOS Ventura 13: Resolving User-Sensitive Data Access Vulnerability Vulnerability: Unauthorized Modification of Protected File System in macOS Ventura 13 Vulnerability: Ballot Deanonymization through Flawed Pseudorandom Number Generator in Dominion Voting Systems Identity Verification Bypass Vulnerability in Storage Module: A Threat to Service Confidentiality Critical Authorization Vulnerability in System Apps: Threat to Service Integrity Race Condition Vulnerability in Huawei Share: Abnormal Program Termination GitHub Repository usememos/memos Prior to 0.9.1: Improper Handling of Values Vulnerability AMS Module Input Verification Vulnerability: Unauthorized Operations Exploitation Audio PCM Driver Module UAF Vulnerability: Abnormal Audio Feature Behavior Vdecoderservice UAF Vulnerability: Abnormal Image Decoding Exploitation Identity Verification Bypass Vulnerability in Gallery Module: Potential Out-of-Bounds Access Sepolicy Module Netlink Permission Control Vulnerability Nearby App Vulnerability: Inadequate Permission Control Jeopardizes Service Confidentiality Confidentiality Breach: Unique Value Extraction Vulnerability in DSoftBus Module DSoftBus Module Unauthorized Service Access Vulnerability: A Threat to Availability Delayed Signature Verification Vulnerability in iAware System SystemUI Unauthorized Access Vulnerability: Confidentiality at Risk SystemUI Unauthorized Access Vulnerability: Confidentiality at Risk OpenDKIM Ordinal Number Tracking Vulnerability Stack-based Crash Vulnerability in Perl 5.34.0: Remote Code Execution and Local Privilege Escalation Authentication Bypass Vulnerability in Cacti 1.2.19 Denial of Service Vulnerability in ImageMagick 7.0.10-45 and 6.9.11-22 via identify -help Command Denial of Service Vulnerability in xpdf 4.02 due to Infinite Recursion in Catalog::findDestInTree Reflected Cross-Site Scripting (XSS) Vulnerability in Cacti 0.8.7g and Earlier Critical SQL Injection Vulnerability in SourceCodester Lead Management System 1.0 (VDB-217020) Stack-based buffer over-read vulnerability in file_copystr in File before 5.43 Critical Buffer Overflow Vulnerability in Modbus Tools Modbus Slave (CVE-2021-217021) Use-After-Free Vulnerability in Python's heapq Module Potential Denial of Service (DoS) Vulnerability in read_ints function of plistlib.py XML External Entity (XXE) Vulnerability in Python's plistlib Module Constant-time-defeating optimisations in hmac.compare_digest vulnerability Critical Remote Buffer Overflow Vulnerability in Modbus Tools Modbus Poll (VDB-217022) Timing Side Channel Vulnerability in Crypto++ ECDSA Signature Generation Denial of Service Vulnerability in memcached 1.6.7 via UDP Multi-Packet Uploads Improved Access Restrictions in macOS Ventura 13: Mitigating App Access to User-Sensitive Data UnRAR Symlink Chain Vulnerability Log File Information Disclosure Vulnerability in M-Files Server before 22.10.11846.0 Command Injection Vulnerability in ScienceLogic SL1 ARP Ping Device Tool Command Injection Vulnerability in ScienceLogic SL1's dash export Feature Command Injection Vulnerability in ScienceLogic SL1 Ticket Report Generation Command Injection Vulnerability in ScienceLogic SL1 Dashboard Scheduler Command Injection Vulnerability in ScienceLogic SL1's Download and Convert Report Feature SQL Injection Vulnerability in ScienceLogic SL1 Admin Brand Portal SQL Injection Vulnerability in ScienceLogic SL1's json walker Feature SQL Injection Vulnerability in ScienceLogic SL1 Schedule Editor SQL Injection Vulnerability in ScienceLogic SL1 Schedule Editor Decoupled Feature SQL Injection Vulnerability in ScienceLogic SL1 Reporting Job Editor Cross-Site Scripting (XSS) Vulnerability in Joget up to 7.0.33 SQL Injection Vulnerability in ScienceLogic SL1's Admin Dynamic App MIB Errors Feature SQL Injection Vulnerability in ScienceLogic SL1 Vendor Print Report Feature SQL Injection Vulnerability in ScienceLogic SL1 Vendor Print Report Feature SQL Injection Vulnerability in ScienceLogic SL1 Topology Data Service SQL Injection Vulnerability in ScienceLogic SL1 Ticket Watchers Email Feature SQL Injection Vulnerability in ScienceLogic SL1 Ticket Template Watchers Feature SQL Injection Vulnerability in ScienceLogic SL1 Ticket Queue Watchers Feature SQL Injection Vulnerability in ScienceLogic SL1 Ticket Event Report Feature SQL Injection Vulnerability in ScienceLogic SL1's Reporter Events Type Date Feature SQL Injection Vulnerability in ScienceLogic SL1's Reporter Events Type Feature Critical SQL Injection Vulnerability in KBase Metrics (VDB-217059) SQL Injection Vulnerability in ScienceLogic SL1's Notes View Feature SQL Injection Vulnerability in ScienceLogic SL1 Network Print Report Feature SQL Injection Vulnerability in ScienceLogic SL1 Message Viewer Print Feature SQL Injection Vulnerability in ScienceLogic SL1's Message Viewer Iframe Feature SQL Injection Vulnerability in ScienceLogic SL1 Logging Export Feature Fingerprint Module Input Verification Vulnerability: A Threat to Confidentiality, Integrity, and Availability Binder Background Management Vulnerability: Threat to System Stability and Availability Authentication Protocol Vulnerability in M-Files Client Allows Privileged User to Obtain Other Users' Tokens ClassLink OneClick Extension: Universal Cross Site Scripting (UXSS) Vulnerability Kernel Module Race Condition Vulnerability: Bypassing Condition Evaluation and Reading Variable Values Reflected XSS Vulnerability in Special:Ask in Semantic MediaWiki before 4.0.2 Huawei Datacom Product: Improper Access Control Vulnerability Command Injection Vulnerability in Huawei Data Communication Product Allows Privilege Escalation Pointer Authentication Bypass Vulnerability in Apple Operating Systems Denial of Service Vulnerability in Linux Kernel's input_set_capability HTML Rendering Vulnerability in M-Files Web Allows for User Information Theft Buffer Overflow Vulnerability in uev (libuev) Prior to 2.4.1 with Large maxevents Critical Wi-Fi Module Vulnerability: Missing Authentication for Key Functions Heap Memory Corruption in GNOME GdkPixbuf ANI Decoder Out-of-Bounds Access Vulnerability in Cpanel::JSON::XS Package Missing shell_quote calls in close_altfile function in filename.c in less before version 606 allows for LESSCLOSE vulnerability. Vulnerability: Risk of Decryption by Adversary in Yealink Config Encrypt Tool (RSA Key Pair) CVE-2022-48626 CVE-2022-48627 CVE-2022-48628 CVE-2022-48629 Insufficient Permissions or Privileges Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 CVE-2022-48630 GitHub Repository Argument Injection Vulnerability in froxlor/froxlor prior to 2.0.0-beta1 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 Stored Cross-site Scripting (XSS) Vulnerability in GitHub Repository usememos/memos prior to 0.9.1 CSRF Vulnerability in froxlor/froxlor Prior to 2.0.0-beta1 GitHub Repository Authorization Vulnerability Information Disclosure Vulnerability in Evolution Events Artaxerxes Network Details Disclosure Vulnerability in Octopus Deploy SQL Injection Vulnerability in NFLPick-em.com Unauthenticated Arbitrary Option Modification in Chained Products WordPress Plugin Stack-Based Buffer Overflow Vulnerability in Netcomm Router Models NF20MESH, NF20, and NL1902 Authentication Bypass Vulnerability in Netcomm Router Models NF20MESH, NF20, and NL1902 Cross-Site Scripting (XSS) Vulnerability in Fossology (VDB-217426) Cross-Site Scripting (XSS) Vulnerability in Kaltura mwEmbed up to 2.96.rc1 Cross Site Scripting (XSS) Vulnerability in snoyberg keter up to 1.8.1 Critical Path Traversal Vulnerability in JATOS ZIP Handler (VDB-217548) Critical Vulnerability in Forged Alliance Forever (up to 3746) Vote Handler Component Allows Improper Authorization Critical Path Traversal Vulnerability in stakira OpenUtau (VDB-217617) Cross Site Scripting (XSS) Vulnerability in CapsAdmin PAC3 Cross-Site Scripting (XSS) Vulnerability in Kaltura mwEmbed up to 2.91 Vulnerability in libXpm allows for arbitrary program execution via manipulated PATH environment variable Arbitrary File Write Vulnerability in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 Critical Path Traversal Vulnerability in sviehb jefferson up to 0.3 (VDB-218020) Bypassing `path` Sanitization in Ingress-nginx with `log_format` Directive Multiple WordPress Plugins Vulnerable to Cross-Site Request Forgery (CSRF) Attacks Critical SQL Injection Vulnerability in visegripped Stracker (VDB-218377) Critical Remote Code Execution Vulnerability in abhilash1985 PredictApp Inefficient Regular Expression Complexity Vulnerability in Sisimai up to 4.25.14p11 Cross-Site Scripting (XSS) Vulnerability in MyCMS Visitors Module (VDB-218895) Uncontrolled Search Path Element Vulnerability in HP and Samsung Printer Software Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer on Linux Denial of Service Vulnerability in Cyber Control 1.650 Reflected Cross-Site Scripting in BackupBuddy WordPress Plugin Vulnerability: Cross-Site Scripting (XSS) in Octopus Server's Help Sidebar Buffer Overrun Vulnerability in zstd v1.4.10 Command Line Tool Heap Buffer Overflow Vulnerability in PHP due to Large Value in PHP_CLI_SERVER_WORKERS Multiple Stored XSS Vulnerabilities in Sophos Connect Versions Older than 2.2.90: Exploiting Malicious VPN Configurations for Local UI Code Execution Cross-Site Scripting (XSS) Vulnerability in eXo Chat Application's Mention Handler Component (VDB-220212) Implicit Intent Vulnerability in CodenameOne 7.0.70 (VDB-220470) Stack Overflow Vulnerability in c-ares Package: Arbitrary Length Input String in ares_set_sortlist Function Cross-Site Scripting (XSS) Vulnerability in UDX Stateless Media Plugin 3.1.1 on WordPress Arbitrary Read/Write Vulnerability in Google Chrome (CVE-2022-12345) Uninitialized Use Vulnerability in FFmpeg in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome iFrame Sandbox XML Insecure Implementation in Google Chrome: ASLR Bypass Vulnerability Remote Code Execution Vulnerability in Autofill in Google Chrome Bypassing Content Security Policy via Insufficient Data Validation in Google Chrome DevTools Type Confusion Vulnerability in MathML in Google Chrome Extension Storage Spoofing Vulnerability in Google Chrome Heap Buffer Overflow in PrintPreview in Google Chrome Domain Spoofing Vulnerability in Google Chrome Remote Code Execution Vulnerability in Google Chrome's Media Component Obscuring Full Screen Notifications in Google Chrome on Android UI Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome Base Internals (CVE-2021-37975) Remote Code Execution via Heap Buffer Overflow in Google Chrome Use After Free Vulnerability in Google Chrome Accessibility UI Spoofing Vulnerability in Google Chrome (CVE-2022-12345) Man-in-the-Middle Attack Vulnerability in Omnibox in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome Prior to 97.0.4692.71 Header Splitting Vulnerability in QUIC in Google Chrome (CVE-2021-30563) Bypassing Same Origin Policy in Intents in Google Chrome on Android Remote Code Execution Vulnerability in ualbertalib NEOSDiscovery 1.0.70 Cross-Site Scripting (XSS) Vulnerability in icplayer up to 0.819 Cross-Site Scripting Vulnerability in icplayer up to 0.818 (VDB-222290) Cross-Site Scripting (XSS) Vulnerability in nuxsmin sysPass up to 3.2.4 Information Disclosure Vulnerability in BackupWordPress Plugin Information Disclosure Vulnerability in Total Upkeep WordPress Plugin Critical SQL Injection Vulnerability in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6 (VDB-223382) Arbitrary Code Execution Vulnerability in Sophos Web Appliance Exception Wizard Unauthenticated Access and Data Modification Vulnerability in WCFM Marketplace Plugin for WordPress WCFM Marketplace Plugin for WordPress: Cross-Site Request Forgery Vulnerability Unrestricted Data Modification and Access Vulnerability in WCFM Frontend Manager Plugin for WordPress WCFM Frontend Manager Plugin for WordPress: Cross-Site Request Forgery Vulnerability Privilege Escalation in WCFM Membership Plugin for WordPress Unauthenticated Access and Modification Vulnerability in WCFM Membership Plugin for WordPress WCFM Membership Plugin for WordPress: Cross-Site Request Forgery Vulnerability Cross-Site Scripting (XSS) Vulnerability in mportuga eslint-detailed-reporter up to 0.9.0 Authorization Bypass Vulnerability in miniOrange's Google Authenticator Plugin for WordPress Cross-Site Request Forgery Vulnerability in kalcaddle KodExplorer up to 4.49 Plain Text Storage of Dataprobe Cloud Usernames and Passwords Arbitrary Domain Redirect Vulnerability in Frontend Post WordPress Plugin Authorization Bypass Vulnerability in FlyingPress WordPress Plugin Allows Unauthorized CDN Configuration Arbitrary File Upload Vulnerability in AdSanity WordPress Plugin (Versions up to 1.8.1) Vulnerability: Arbitrary Plugin Installation and Activation in Cool Plugins WordPress Plugins Resource Consumption Vulnerability in OmniSharp csharp-language-server-protocol (CVE-2021-234238) Unfiltered URL Loading Vulnerability in Elementor Website Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in The Waiting: One-click countdowns plugin for WordPress DevTools Inadequate File Access Restriction Vulnerability Critical Uncontrolled Search Path Vulnerability in Caphyon Advanced Installer 19.7 Cross-Site Scripting (XSS) Vulnerability in librespeed speedtest up to 5.2.4 Cross Site Scripting (XSS) Vulnerability in qkmc-rk redbbs 1.0 via Post Handler's title Argument Cross Site Scripting (XSS) Vulnerability in qkmc-rk redbbs 1.0's Nickname Handler Cross-Site Scripting (XSS) Vulnerability in cloudfavorites favorites-web 1.3.0 Critical SQL Injection Vulnerability in Weitong Mall 1.0.0 (VDB-250243) Improper Authorization Vulnerability in Apollo Configuration Center (Apollo 2.0.0/2.0.1) CVE-2022-4963 Unrestricted Microphone Access in Ubuntu's pipewire-pulse Snap