CVE-2007-10002
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this is
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this is
Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when mag
A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this v
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers
An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.
Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filte
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockou
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote att
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name valida
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to exec
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers t
A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unk
A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue i
A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affec
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz pa
Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open whic
The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in Tiger
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HT
A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by
A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by t
A vulnerability, which was classified as critical, was found in License to Kill. This affects an unk
A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affect
A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affe
A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unk
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects
A vulnerability classified as critical has been found in tbezman school-store. This affects an unkno
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typc
A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This v
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This a
A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affect
A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog.
A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as criti
A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability
A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some un
A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an
A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerab
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is t
A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue i
A vulnerability was found in gmail-servlet and classified as critical. This issue affects the functi
A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypas
centurystar 7.12 ActiveX Control has a Stack Buffer Overflow
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerab
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the de
BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file
BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPre
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
Déjà Vu Crescendo Sales CRM has remote SQL Injection
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication
Status2k does not remove the install directory allowing credential reset.
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privile
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensiti
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZ
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, an
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified
A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affec
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unk
A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of
A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue
A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vu
A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this
A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnera
A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the f
A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unkn
A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerabil
A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Aff
A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerab
A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability af
A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnera
A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue af
A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by thi
A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors r
A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows
An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exi
An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webse
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue i
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticat
A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problemat
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows
A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by thi
A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vul
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone em
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote esc
rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffe
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, res
Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and lo
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core mod
Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing r
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the 'add repo' com
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI han
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() funct
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrato
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in d
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the 'confi
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code ex
In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due
In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android.
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android.
An information disclosure vulnerability in the Android media framework (aac). Product: Android. Vers
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. V
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. V
An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android.
In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 E
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. Thi
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authent
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the 'cc
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker
A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controll
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Se
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediate
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code
A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a lo
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary
A vulnerability has been found in Red Snapper NView and classified as critical. This vulnerability a
SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arb
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingall
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the loca
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files co
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Poli
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.1
Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers to cause denial-of-service (DoS
INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary c
INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary c
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arb
Apache Karaf provides a features deployer, which allows users to 'hot deploy' a features XML by drop
SQL injection vulnerability in the 'Bazar' page in Yeswiki Cercopitheque 2018-06-19-1 and earlier al
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code b
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XX
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side requ
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to poten
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecifi
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via u
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the dis
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2
PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain th
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1,
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028
Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all versions do not allow authenti
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leve
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitra
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via
An issue was discovered on August Connect devices. Insecure data transfer between the August app and
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS co
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, c
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affe
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. Thi
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unkno
A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. Th
A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by
A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown p
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer scri
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for W
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control
In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS be
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 E
In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Securit
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation.
In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking.
In SwiftNIO before 1.8.0, a buffer overflow was addressed with improved size validation.
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 E
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the p
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote
Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTe
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver
Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attac
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the sessi
In 'index.js' file line 240, the run command executes the git command with a user controlled variabl
In aws-lambda versions prior to version 1.0.5, the 'config.FunctioName' is used to construct the arg
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10,
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify wheth
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulner
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM
An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data w
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-
Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID paramete
Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows
CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Ma
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document beca
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from
A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vuln
inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could sen
An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functiona
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc
includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in
In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Gen
A potential security vulnerability has been identified in the software solution HP Access Control ve
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to esc
In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into a
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
A deserialization vulnerability existed in dubbo 2.7.5 and its earlier versions, which could lead to
A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an att
An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows
In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially a
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.
Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 th
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All
Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had com
Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attack
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker w
Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker w
Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 Pro before 3.8 allows Command I
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in t
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting t
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platfo
Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management Syst
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. Th
clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute ar
The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former mu
The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able
The R programming language’s default package manager CRAN is affected by a path traversal vulnerabil
cscms v4.1 allows for SQL injection via the 'js_del' function.
cscms v4.1 allows for SQL injection via the 'page_del' function.
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbit
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of th
Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A r
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Executi
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by chan
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injectio
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because no
Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to inclu
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticat
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain rel
A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. Thi
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webse
A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerabili
A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affec
A vulnerability, which was classified as critical, was found in square squalor. This affects an unkn
A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for d
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in whic
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profi
The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonst
An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker c
An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggere
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows at
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthentic
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-tran
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arb
In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.
In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.
The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function.
This affects all versions of package ts-process-promises. The injection point is located in line 45
This affects all versions of package buns. The injection point is located in line 678 in index file
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an u
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote at
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had co
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker
User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker w
The BW Database Interface allows an attacker with low privileges to execute any crafted database que
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attac
The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due t
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attac
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to
The 'WP Search Filters' widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerab
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQ
ISPConfig before 3.2.2 allows SQL injection.
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via
An out of bound memory access can occur due to improper validation of number of frames being passed
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apach
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vul
PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this v
There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may
There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may ele
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may aff
Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of th
There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this
There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful e
The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulner
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name
A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vul
A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. Th
A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this v
A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this
A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects so
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerabilit
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection v
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI
containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS,
Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permis
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code e
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can by
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manag
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via S
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so a
Apache kylin checks the legitimacy of the project before executing some commands with the project na
The server-request receiver function of Shockwall system has an improper authentication vulnerabilit
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account T
mruby is vulnerable to Heap-based Buffer Overflow
uppy is vulnerable to Server-Side Request Forgery (SSRF)
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privile
A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL inje
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was fo
Microsoft Exchange Server Remote Code Execution Vulnerability
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Windows Security Center API Remote Code Execution Vulnerability
DirectX Graphics Kernel Remote Code Execution Vulnerability
HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “se
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection.
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones t
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b
Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authentic
All versions of the package wifey are vulnerable to Command Injection via the connect() function due
A vulnerability has been found in SourceCodester Loan Management System and classified as critical.
The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some param
In Boa, there is a possible command injection due to improper input validation. This could lead to r
Memory corruption due to information exposure in Powerline Communication Firmware while sending diff
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. T
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-
aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attac
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated
aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exp
EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access ena
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-c
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame
The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parame
A heap-based buffer overflow vulnerability in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter b
The Wholesale Market WordPress plugin before 2.2.1 does not have authorisation check, as well as doe
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V
The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before
MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker mig
Call Center System developed by Bulutses Information Technologies before version 3.0 has an unauthen
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnera
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allo
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through th
Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consu
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default
Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via th
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best He
Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated
Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/i
The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows
The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execut
uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.
A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the
A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731,
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries.
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access cont
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intellig
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) befor
A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function in
A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the fu
A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Bo
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as
CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3
KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-cod
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassin
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in t
The optional 'LDAP contacts provider' could be abused by privileged users to inject LDAP filter stri
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attack
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemo
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attack
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl paramet
Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort
In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This coul
Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP
A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it use
HCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capabilit
HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web appl
In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandO
CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an in
CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secr
SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code vi
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the l
A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of
A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVid
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the cont
The vulnerability allows a remote attacker to authenticate to the web application with high privileg
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges t
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) att
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevati
An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering
A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading t
An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur be
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installati
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The 'intermediate inst
Root user password is hardcoded into the device and cannot be changed in the user interface.
The router console is accessible without authentication at 'data' field, and while a user needs to b
The authentication mechanism can be bypassed by overflowing the value of the Cookie 'authentication'
Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attacke
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The 'intermediate inst
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '
SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows
HCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow a
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the f
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vm
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ci
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'us
Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'us
An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication by
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interfac
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cr
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_actio
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary c
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to ru
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /
nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for relea
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and exec
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager <
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Pay
Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builde
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authenti
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setI
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getI
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function get
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function form
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function g
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function f
D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function.
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log
TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE)
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vu
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE)
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosys
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.T
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widge
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial o
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a deni
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the abi
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix J
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This i
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for reque
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient f
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file
Google Nest WiFi Pro root code-execution & user-data compromise
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and in
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2
A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This v
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects a
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unkno
A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Af
A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affe
A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical.
A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical.
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical.
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking Syst
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the f
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as criti
A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0.
A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management S
A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Af
A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This
A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulne
A vulnerability, which was classified as critical, has been found in Kashipara Food Management Syste
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Af
A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affecte
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230
A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical.
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critic
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical
A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. It has been rated
A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vul
A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.
A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an
A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.
A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown fu
A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affec
A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerabilit
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Managemen
A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this iss
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been d
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critica
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0.
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affec
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management Syste
A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance Sy
A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This v
A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue
A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected
A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vul
A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Aff
A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This aff
A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This
A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical.
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as c
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as cri
A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critic
A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0.
A vulnerability, which was classified as critical, has been found in code-projects Employee Profile
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified
A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as cr
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classif
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declare
A vulnerability classified as critical has been found in code-projects Dormitory Management System 1
A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. A
A vulnerability, which was classified as critical, has been found in code-projects Dormitory Managem
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Ser
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939
omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to version
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in ot
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several client
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a f
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti
CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnera
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a l
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h vi
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a l
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability
TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability