Skip to main content

748 docs tagged with "CRITICAL_Vulnerabilities"

View all tags

CVE-2007-10002

A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this is

CVE-2009-4581

Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when mag

CVE-2010-10003

A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this v

CVE-2011-4372

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers

CVE-2011-4373

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers

CVE-2011-5020

An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.

CVE-2011-5266

Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filte

CVE-2012-10001

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockou

CVE-2012-1259

Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer

CVE-2012-2226

Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote att

CVE-2012-2714

The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to

CVE-2012-3807

Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.

CVE-2012-4284

A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name valida

CVE-2012-5878

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to exec

CVE-2013-0625

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers t

CVE-2013-10008

A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unk

CVE-2013-10009

A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue i

CVE-2013-10011

A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affec

CVE-2013-3941

Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz pa

CVE-2013-5122

Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open whic

CVE-2013-7380

The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability

CVE-2014-0011

Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in Tiger

CVE-2014-0048

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HT

CVE-2014-125030

A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by

CVE-2014-125032

A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by t

CVE-2014-125037

A vulnerability, which was classified as critical, was found in License to Kill. This affects an unk

CVE-2014-125038

A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affect

CVE-2014-125040

A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affe

CVE-2014-125041

A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unk

CVE-2014-125044

A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects

CVE-2014-125047

A vulnerability classified as critical has been found in tbezman school-store. This affects an unkno

CVE-2014-125049

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typc

CVE-2014-125053

A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This v

CVE-2014-125057

A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This a

CVE-2014-125058

A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affect

CVE-2014-125059

A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog.

CVE-2014-125060

A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the

CVE-2014-125061

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as criti

CVE-2014-125062

A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability

CVE-2014-125063

A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some un

CVE-2014-125065

A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an

CVE-2014-125067

A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerab

CVE-2014-125071

A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is t

CVE-2014-125073

A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue i

CVE-2014-125075

A vulnerability was found in gmail-servlet and classified as critical. This issue affects the functi

CVE-2014-125076

A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an

CVE-2014-1409

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypas

CVE-2014-1598

centurystar 7.12 ActiveX Control has a Stack Buffer Overflow

CVE-2014-1860

Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities

CVE-2014-2072

Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks

CVE-2014-2650

Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerab

CVE-2014-2651

Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the de

CVE-2014-3448

BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file

CVE-2014-3449

BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability

CVE-2014-4972

Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPre

CVE-2014-4982

LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.

CVE-2014-4984

Déjà Vu Crescendo Sales CRM has remote SQL Injection

CVE-2014-5071

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote

CVE-2014-5081

sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication

CVE-2014-5093

Status2k does not remove the install directory allowing credential reset.

CVE-2014-5334

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privile

CVE-2014-6436

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows

CVE-2014-6437

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensiti

CVE-2014-7862

The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90

CVE-2014-8337

Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZ

CVE-2014-8516

Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to

CVE-2014-8673

Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, an

CVE-2015-10008

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified

CVE-2015-10009

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affec

CVE-2015-10011

A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unk

CVE-2015-10014

A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of

CVE-2015-10015

A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue

CVE-2015-10017

A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vu

CVE-2015-10018

A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this

CVE-2015-10022

A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnera

CVE-2015-10023

A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the f

CVE-2015-10024

A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unkn

CVE-2015-10026

A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerabil

CVE-2015-10027

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Aff

CVE-2015-10029

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerab

CVE-2015-10031

A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability af

CVE-2015-10034

A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnera

CVE-2015-10035

A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue af

CVE-2015-10036

A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by thi

CVE-2015-10037

A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown

CVE-2015-2320

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors r

CVE-2015-5951

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows

CVE-2015-9246

An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exi

CVE-2015-9249

An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webse

CVE-2016-0332

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue i

CVE-2016-11017

The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticat

CVE-2016-15007

A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problemat

CVE-2016-15012

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows

CVE-2016-15013

A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by thi

CVE-2016-15016

A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as

CVE-2016-15017

A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vul

CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone em

CVE-2017-1000421

Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting

CVE-2017-1000423

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote esc

CVE-2017-1000430

rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffe

CVE-2017-1000437

Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, res

CVE-2017-1000444

Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and lo

CVE-2017-1000453

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core mod

CVE-2017-1000458

Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing r

CVE-2017-1000469

Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the 'add repo' com

CVE-2017-1000471

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI han

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() funct

CVE-2017-1000486

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process

CVE-2017-1000493

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrato

CVE-2017-1000497

Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in d

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the 'confi

CVE-2017-1002157

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading

CVE-2017-11079

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-13177

In several functions of libhevc, NEON registers are not preserved. This could lead to remote code ex

CVE-2017-13178

In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due

CVE-2017-13179

In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-

CVE-2017-13185

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android.

CVE-2017-13187

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android.

CVE-2017-13188

An information disclosure vulnerability in the Android media framework (aac). Product: Android. Vers

CVE-2017-13203

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. V

CVE-2017-13204

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. V

CVE-2017-13205

An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android.

CVE-2017-13208

In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing

CVE-2017-13889

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 E

CVE-2017-15402

Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the

CVE-2017-15714

The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. Thi

CVE-2017-15883

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authent

CVE-2017-16263

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16264

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16265

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16266

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16267

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16268

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16269

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16270

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16271

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16272

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16273

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16274

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16275

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16276

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16277

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16278

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16279

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16280

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16281

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16282

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16283

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16284

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16285

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16286

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16287

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16288

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16289

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16290

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16291

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16292

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16293

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16294

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16295

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16296

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16297

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16298

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16299

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16300

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16301

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16302

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16303

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16304

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16305

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16306

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16307

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16308

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16309

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16310

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16311

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16312

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16313

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16314

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16315

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16316

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16317

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16318

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16319

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16320

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16321

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16322

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16323

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16324

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16325

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16326

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16327

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16328

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16329

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16330

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16331

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16332

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16333

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16334

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16335

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-16336

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc

CVE-2017-1670

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker

CVE-2017-16740

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controll

CVE-2017-16743

An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Se

CVE-2017-16885

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for

CVE-2017-16887

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services

CVE-2017-17097

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediate

CVE-2017-17098

The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code

CVE-2017-17946

A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a lo

CVE-2017-17970

Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL

CVE-2017-18017

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and

CVE-2017-18025

cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary

CVE-2017-20163

A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability a

CVE-2017-5971

SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.

CVE-2017-7997

Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arb

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingall

CVE-2018-0001

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect

CVE-2018-0007

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the loca

CVE-2018-0104

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files co

CVE-2018-0181

A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Poli

CVE-2018-0651

Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.1

CVE-2018-0668

Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers to cause denial-of-service (DoS

CVE-2018-0669

INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary c

CVE-2018-0670

INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary c

CVE-2018-0705

Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arb

CVE-2018-11788

Apache Karaf provides a features deployer, which allows users to 'hot deploy' a features XML by drop

CVE-2018-13045

SQL injection vulnerability in the 'Bazar' page in Yeswiki Cercopitheque 2018-06-19-1 and earlier al

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b

CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XX

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side requ

CVE-2018-16068

Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to poten

CVE-2018-16167

LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecifi

CVE-2018-16168

LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via u

CVE-2018-16184

RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the dis

CVE-2018-16188

SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2

CVE-2018-16203

PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain th

CVE-2018-16803

In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.

CVE-2018-16879

Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure

CVE-2018-17161

In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1,

CVE-2018-17172

The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028

CVE-2018-18995

Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authenti

CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve

CVE-2018-19361

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve

CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve

CVE-2018-19415

Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitra

CVE-2018-19601

Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.

CVE-2018-19861

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via

CVE-2018-19862

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via

CVE-2018-20100

An issue was discovered on August Connect devices. Insecure data transfer between the August app and

CVE-2018-20114

On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS co

CVE-2018-20512

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, c

CVE-2018-20664

Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.

CVE-2018-25066

A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affe

CVE-2018-25068

A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. Thi

CVE-2018-25069

A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unkno

CVE-2018-25070

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. Th

CVE-2018-25071

A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by

CVE-2018-25072

A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown p

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer scri

CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for W

CVE-2018-3811

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress

CVE-2018-3813

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control

CVE-2018-4147

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS be

CVE-2018-4169

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 E

CVE-2018-4189

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Securit

CVE-2018-4254

In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was

CVE-2018-4257

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.

CVE-2018-4258

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.

CVE-2018-4281

In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.

CVE-2018-4298

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 E

CVE-2018-5206

When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL

CVE-2018-5208

In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow

CVE-2018-5211

PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the p

CVE-2018-5262

A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote

CVE-2018-5267

Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct

CVE-2018-5315

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter

CVE-2018-5347

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTe

CVE-2018-5377

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver

CVE-2018-6127

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attac

CVE-2019-10158

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the sessi

CVE-2019-10776

In 'index.js' file line 240, the run command executes the git command with a user controlled variabl

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the 'config.FunctioName' is used to construct the arg

CVE-2019-10778

devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command

CVE-2019-11994

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10,

CVE-2019-14837

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup

CVE-2019-14859

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify wheth

CVE-2019-14906

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulner

CVE-2019-15975

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM

CVE-2019-15976

Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM

CVE-2019-17076

An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data w

CVE-2019-17146

This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID paramete

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded

CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by

CVE-2019-19088

Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.

CVE-2019-19495

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows

CVE-2019-19518

CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication

CVE-2019-19628

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Ma

CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document beca

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed

CVE-2019-20367

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from

CVE-2019-25100

A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vuln

CVE-2019-3576

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure

CVE-2019-3577

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows

CVE-2019-3905

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-4651

IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could sen

CVE-2019-5082

An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functiona

CVE-2019-5312

An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc

CVE-2019-5720

includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in

CVE-2019-5748

In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.

CVE-2019-5882

Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.

CVE-2019-5886

An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there

CVE-2019-5893

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.

CVE-2019-6246

An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Gen

CVE-2019-6330

A potential security vulnerability has been identified in the software solution HP Access Control ve

CVE-2019-9812

Given a compromised sandboxed content process due to a separate vulnerability, it is possible to esc

CVE-2020-0471

In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into a

CVE-2020-10655

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a

CVE-2020-10656

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a

CVE-2020-10658

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a

CVE-2020-11995

A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to

CVE-2020-13450

A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an att

CVE-2020-13451

An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows

CVE-2020-13452

In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially a

CVE-2020-13878

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.

CVE-2020-13879

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.

CVE-2020-13880

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.

CVE-2020-14275

Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 th

CVE-2020-15800

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All

CVE-2020-16014

Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had com

CVE-2020-16016

Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attack

CVE-2020-16017

Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker w

CVE-2020-16018

Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had

CVE-2020-16024

Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had

CVE-2020-16025

Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker w

CVE-2020-17500

Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command I

CVE-2020-24027

In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in t

CVE-2020-25226

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting t

CVE-2020-26085

Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platfo

CVE-2020-26292

Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management Syst

CVE-2020-26712

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. Th

CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute ar

CVE-2020-26972

The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former mu

CVE-2020-27285

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able

CVE-2020-27637

The R programming language’s default package manager CRAN is affected by a path traversal vulnerabil

CVE-2020-28102

cscms v4.1 allows for SQL injection via the 'js_del' function.

CVE-2020-28103

cscms v4.1 allows for SQL injection via the 'page_del' function.

CVE-2020-28464

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbit

CVE-2020-28468

This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of th

CVE-2020-29492

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A r

CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Executi

CVE-2020-35205

Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2

CVE-2020-35219

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by chan

CVE-2020-35458

An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injectio

CVE-2020-35717

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because no

CVE-2020-36052

Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to inclu

CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based

CVE-2020-36155

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat

CVE-2020-36157

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat

CVE-2020-36177

RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain rel

CVE-2020-36639

A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. Thi

CVE-2020-36640

A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webse

CVE-2020-36641

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerabili

CVE-2020-36642

A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affec

CVE-2020-36645

A vulnerability, which was classified as critical, was found in square squalor. This affects an unkn

CVE-2020-36648

A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an

CVE-2020-4899

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for d

CVE-2020-5307

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by

CVE-2020-5311

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

CVE-2020-5312

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

CVE-2020-5499

Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in whic

CVE-2020-5510

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profi

CVE-2020-5519

The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonst

CVE-2020-5841

An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker c

CVE-2020-6162

An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggere

CVE-2020-6170

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows at

CVE-2020-6756

languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthentic

CVE-2020-6835

An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-tran

CVE-2020-6836

grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arb

CVE-2020-6838

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c

CVE-2020-6839

In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.

CVE-2020-6840

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.

CVE-2020-7771

The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.

CVE-2020-7784

This affects all versions of package ts-process-promises. The injection point is located in line 45

CVE-2020-7794

This affects all versions of package buns. The injection point is located in line 678 in index file

CVE-2020-8584

Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an u

CVE-2021-0316

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing

CVE-2021-21106

Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had

CVE-2021-21107

Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote at

CVE-2021-21108

Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had co

CVE-2021-21109

Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had

CVE-2021-21110

Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to

CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker

CVE-2021-21115

User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker w

CVE-2021-21465

The BW Database Interface allows an attacker with low privileges to execute any crafted database que

CVE-2021-23543

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attac

CVE-2021-23568

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due t

CVE-2021-23594

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attac

CVE-2021-24042

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to

CVE-2021-24949

The 'WP Search Filters' widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress

CVE-2021-25981

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerab

CVE-2021-3018

ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQ

CVE-2021-3029

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via

CVE-2021-30351

An out of bound memory access can occur due to improper validation of number of frames being passed

CVE-2021-3118

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login

CVE-2021-3129

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker

CVE-2021-31522

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apach

CVE-2021-32824

Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vul

CVE-2021-37116

PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this v

CVE-2021-37120

There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may

CVE-2021-37121

There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may ele

CVE-2021-37128

HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may

CVE-2021-3966

usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.

CVE-2021-39979

HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may aff

CVE-2021-39982

Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation

CVE-2021-39990

The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of th

CVE-2021-39993

There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this

CVE-2021-39996

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful e

CVE-2021-40010

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability

CVE-2021-40525

Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulner

CVE-2021-41842

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name

CVE-2021-4297

A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vul

CVE-2021-4298

A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. Th

CVE-2021-4300

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this v

CVE-2021-4304

A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this

CVE-2021-4308

A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects so

CVE-2021-4311

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerabilit

CVE-2021-43297

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which

CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection v

CVE-2021-43779

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI

CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS,

CVE-2021-43832

Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permis

CVE-2021-44458

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The

CVE-2021-45003

Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code e

CVE-2021-45334

Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can by

CVE-2021-45389

A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manag

CVE-2021-45411

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via S

CVE-2021-45428

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so a

CVE-2021-45456

Apache kylin checks the legitimacy of the project before executing some commands with the project na

CVE-2021-45917

The server-request receiver function of Shockwall system has an improper authentication vulnerabilit

CVE-2021-46067

In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account T

CVE-2022-0086

uppy is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2022-0668

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privile

CVE-2022-1101

A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as

CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL inje

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was fo

CVE-2022-21846

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2022-21849

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

CVE-2022-21855

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2022-21874

Windows Security Center API Remote Code Execution Vulnerability

CVE-2022-21898

DirectX Graphics Kernel Remote Code Execution Vulnerability

CVE-2022-21969

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2022-22114

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “se

CVE-2022-22115

In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name

CVE-2022-22338

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection.

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones t

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22845

QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b

CVE-2022-22847

Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authentic

CVE-2022-25890

All versions of the package wifey are vulnerable to Command Injection via the connect() function due

CVE-2022-2666

A vulnerability has been found in SourceCodester Loan Management System and classified as critical.

CVE-2022-3241

The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some param

CVE-2022-32665

In Boa, there is a possible command injection due to improper input validation. This could lead to r

CVE-2022-33265

Memory corruption due to information exposure in Powerline Communication Firmware while sending diff

CVE-2022-34322

Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker

CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T

CVE-2022-3792

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2022-38627

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-

CVE-2022-39039

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attac

CVE-2022-39041

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exp

CVE-2022-39184

EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access ena

CVE-2022-39185

EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-c

CVE-2022-4049

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us

CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame

CVE-2022-4099

The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parame

CVE-2022-42475

A heap-based buffer overflow vulnerability  in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter b

CVE-2022-4298

The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as doe

CVE-2022-4337

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

CVE-2022-4338

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

CVE-2022-43389

A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V

CVE-2022-4357

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-43931

Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before

CVE-2022-43974

MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker mig

CVE-2022-4422

Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthen

CVE-2022-45092

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate

CVE-2022-45995

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnera

CVE-2022-46025

Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allo

CVE-2022-4616

The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through th

CVE-2022-46471

Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consu

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default

CVE-2022-46502

Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via th

CVE-2022-46839

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best He

CVE-2022-47618

Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated

CVE-2022-47790

Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/i

CVE-2022-48198

The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows

CVE-2022-48252

The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.

CVE-2022-48253

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execut

CVE-2022-48620

uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.

CVE-2022-4880

A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the

CVE-2022-4961

A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731,

CVE-2023-0016

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries.

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access cont

CVE-2023-0018

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intellig

CVE-2023-0077

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) befor

CVE-2023-0243

A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function in

CVE-2023-0244

A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the fu

CVE-2023-0245

A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Bo

CVE-2023-0256

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified

CVE-2023-0257

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as

CVE-2023-22457

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3

CVE-2023-22463

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-cod

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassin

CVE-2023-26999

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and

CVE-2023-28897

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in t

CVE-2023-29050

The optional 'LDAP contacts provider' could be abused by privileged users to inject LDAP filter stri

CVE-2023-30014

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to

CVE-2023-30015

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to

CVE-2023-30016

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to

CVE-2023-31024

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attack

CVE-2023-31029

NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemo

CVE-2023-31030

NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attack

CVE-2023-31446

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl paramet

CVE-2023-31488

Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort

CVE-2023-32874

In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This coul

CVE-2023-33025

Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.

CVE-2023-37117

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP

CVE-2023-39655

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20

CVE-2023-40414

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS

CVE-2023-4280

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK

CVE-2023-45722

HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it use

CVE-2023-45723

HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capabilit

CVE-2023-45724

HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web appl

CVE-2023-46308

In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandO

CVE-2023-46740

CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an in

CVE-2023-46741

CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior

CVE-2023-46943

An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secr

CVE-2023-46953

SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code vi

CVE-2023-47458

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the l

CVE-2023-47861

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of

CVE-2023-47862

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVid

CVE-2023-48245

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the cont

CVE-2023-48250

The vulnerability allows a remote attacker to authenticate to the web application with high privileg

CVE-2023-48251

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges t

CVE-2023-48262

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att

CVE-2023-48263

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att

CVE-2023-48264

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att

CVE-2023-48265

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att

CVE-2023-48266

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att

CVE-2023-48419

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevati

CVE-2023-49235

An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering

CVE-2023-49236

A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading t

CVE-2023-49237

An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur be

CVE-2023-49238

In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installati

CVE-2023-49251

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The 'intermediate inst

CVE-2023-49253

Root user password is hardcoded into the device and cannot be changed in the user interface.

CVE-2023-49255

The router console is accessible without authentication at 'data' field, and while a user needs to b

CVE-2023-49262

The authentication mechanism can be bypassed by overflowing the value of the Cookie 'authentication'

CVE-2023-49442

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attacke

CVE-2023-49569

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability

CVE-2023-49599

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev

CVE-2023-49621

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The 'intermediate inst

CVE-2023-49622

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49624

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49625

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49633

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49639

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49658

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49665

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49666

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-50027

SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.

CVE-2023-50090

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows

CVE-2023-50351

HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow a

CVE-2023-50585

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the f

CVE-2023-50643

An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code

CVE-2023-50711

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vm

CVE-2023-50743

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit

CVE-2023-50752

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit

CVE-2023-50753

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit

CVE-2023-50862

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho

CVE-2023-50863

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho

CVE-2023-50864

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho

CVE-2023-50865

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ci

CVE-2023-50866

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'us

CVE-2023-50867

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'us

CVE-2023-50919

An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication by

CVE-2023-50921

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interfac

CVE-2023-50948

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cr

CVE-2023-50982

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_actio

CVE-2023-51123

An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary c

CVE-2023-51126

Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to ru

CVE-2023-51154

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /

CVE-2023-51277

nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for relea

CVE-2023-51350

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and exec

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager <

CVE-2023-51502

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Pay

CVE-2023-51673

Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builde

CVE-2023-51717

Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authenti

CVE-2023-51784

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue

CVE-2023-51812

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the

CVE-2023-51961

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi

CVE-2023-51962

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setI

CVE-2023-51966

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi

CVE-2023-51967

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getI

CVE-2023-51968

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi

CVE-2023-51969

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function get

CVE-2023-51970

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function form

CVE-2023-51971

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function g

CVE-2023-51972

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function f

CVE-2023-51984

D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function.

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log

CVE-2023-51989

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log

CVE-2023-52026

TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE)

CVE-2023-52027

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu

CVE-2023-52028

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu

CVE-2023-52029

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu

CVE-2023-52030

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu

CVE-2023-52031

TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu

CVE-2023-52032

TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE)

CVE-2023-52064

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter

CVE-2023-52200

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosys

CVE-2023-52215

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-52218

Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.T

CVE-2023-52225

Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widge

CVE-2023-52304

Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial o

CVE-2023-52307

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a deni

CVE-2023-52309

Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to

CVE-2023-52310

PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the

CVE-2023-52311

PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to

CVE-2023-52314

PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the abi

CVE-2023-5347

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix J

CVE-2023-5376

An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This i

CVE-2023-5877

The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for reque

CVE-2023-6220

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient f

CVE-2023-6316

The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file

CVE-2023-6339

Google Nest WiFi Pro root code-execution & user-data compromise

CVE-2023-6436

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-6634

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and in

CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data

CVE-2023-7028

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2

CVE-2023-7208

A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This v

CVE-2023-7210

A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects a

CVE-2023-7212

A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unkno

CVE-2023-7219

A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Af

CVE-2023-7220

A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affe

CVE-2023-7221

A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical.

CVE-2023-7222

A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical.

CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

CVE-2024-0182

A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical.

CVE-2024-0194

A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking Syst

CVE-2024-0195

A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the f

CVE-2024-0247

A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This

CVE-2024-0264

A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as criti

CVE-2024-0267

A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0.

CVE-2024-0268

A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management S

CVE-2024-0287

A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Af

CVE-2024-0288

A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This

CVE-2024-0289

A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulne

CVE-2024-0290

A vulnerability, which was classified as critical, has been found in Kashipara Food Management Syste

CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Af

CVE-2024-0293

A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affecte

CVE-2024-0294

A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B

CVE-2024-0295

A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230

CVE-2024-0296

A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical.

CVE-2024-0297

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This

CVE-2024-0298

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critic

CVE-2024-0299

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical

CVE-2024-0300

A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. It has been rated

CVE-2024-0301

A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vul

CVE-2024-0302

A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.

CVE-2024-0303

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an

CVE-2024-0304

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this

CVE-2024-0321

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2024-0322

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

CVE-2024-0342

A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown fu

CVE-2024-0344

A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affec

CVE-2024-0352

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerabilit

CVE-2024-0355

A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Managemen

CVE-2024-0357

A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this iss

CVE-2024-0359

A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been d

CVE-2024-0360

A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critica

CVE-2024-0361

A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0.

CVE-2024-0362

A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affec

CVE-2024-0363

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management

CVE-2024-0364

A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management Syste

CVE-2024-0389

A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance Sy

CVE-2024-0412

A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This v

CVE-2024-0413

A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue

CVE-2024-0414

A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected

CVE-2024-0415

A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vul

CVE-2024-0416

A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Aff

CVE-2024-0417

A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This aff

CVE-2024-0426

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This

CVE-2024-0460

A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical.

CVE-2024-0461

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as c

CVE-2024-0462

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as cri

CVE-2024-0463

A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critic

CVE-2024-0464

A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0.

CVE-2024-0466

A vulnerability, which was classified as critical, has been found in code-projects Employee Profile

CVE-2024-0468

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified

CVE-2024-0469

A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as cr

CVE-2024-0470

A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classif

CVE-2024-0471

A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declare

CVE-2024-0473

A vulnerability classified as critical has been found in code-projects Dormitory Management System 1

CVE-2024-0474

A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. A

CVE-2024-0475

A vulnerability, which was classified as critical, has been found in code-projects Dormitory Managem

CVE-2024-21591

An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Ser

CVE-2024-21623

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939

CVE-2024-21632

omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to version

CVE-2024-21638

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform

CVE-2024-21639

CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in ot

CVE-2024-21646

Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several client

CVE-2024-21650

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of

CVE-2024-21654

Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would

CVE-2024-21737

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a f

CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti

CVE-2024-22051

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnera

CVE-2024-22086

handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a l

CVE-2024-22087

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow

CVE-2024-22088

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h vi

CVE-2024-22206

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a l

CVE-2024-22216

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers

CVE-2024-22942

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-23057

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-23058

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-23059

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-23060

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability

CVE-2024-23061

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability