CVE-1999-0735
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
Netscape Navigator uses weak encryption for storing a user's Netscape mail password.
FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN
ZAK in Appstation mode allows users to bypass the 'Run only allowed apps' policy by starting Explore
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by rep
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many
Network HotSync program in Handspring Visor does not have authentication, which allows remote attack
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-
WebTV email client allows remote attackers to force the client to send email without the user's know
CuteFTP uses weak encryption to store password information in its tree.dat file.
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even i
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedl
Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null v
Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the ser
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service b
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does n
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not p
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not
The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) do
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) do
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) doe
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted J
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the 'Restrict to home d
PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (ser
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site oper
Trend Micro InterScan VirusWall creates an 'Intscan' share to the 'InterScan' directory with permiss
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of servic
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attem
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow rem
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP req
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 a
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitr
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which impro
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recip
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the progr
Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a sym
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows loc
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands v
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration
Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service v
Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service
PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via
RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a
RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a d
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large nu
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a mal
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to r
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no enc
bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB)
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authenti
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to ga
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's me
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox w
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to
The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via
Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read
Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bit
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remo
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell wit
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of
Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary c
The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject
Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service
Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows
gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink atta
FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which all
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remot
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allo
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their s
Unknown 'System Security Vulnerability' in Computer Associates (CA) Unicenter Remote Control (URC) 6
Unknown 'Denial of Service Attack' vulnerability in Computer Associates (CA) Unicenter Remote Contro
Unknown 'potential system security vulnerability' in Computer Associates (CA) Unicenter Remote Contr
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote a
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via
Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is a
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote sa
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP l
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archi
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does n
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a M
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attacke
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow
The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions,
Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, whic
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, a
A 'missing serialization' error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and
Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to
Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier v
mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a
MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whe
MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers
Nortel Networks Contivity VPN Client displays a different error message depending on whether the use
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to
The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a
Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and oth
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a den
Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remot
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial
Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to re
Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows
The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (applicati
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to ca
Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention f
Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial
Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (applica
Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to in
Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to in
Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application cr
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhau
Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote atta
codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via a
Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attacke
The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro fa
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the dat
Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions,
Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attack
Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly
Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via
The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial o
Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbi
Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by maki
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote
Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master
Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbit
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users t
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via ce
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, w
Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache direc
Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .
Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption
Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource li
The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious
The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary fil
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary file
Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote a
PortalApp places user credentials under the web root with insufficient access control, which allows
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-depen
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of ser
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a
Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS
The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filena
Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inj
Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allo
Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrar
Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the netw
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) U
The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to
The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firew
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when 'Allowed HTML tags' is enabled, allow
Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allow
Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, whic
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.
Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows r
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other
Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier al
Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers t
Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition
Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (appli
Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote a
Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with 'Inlin
Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inj
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-op
Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code vi
Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow r
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attacke
TinyPHPForum 3.6 and earlier stores the (1) users/.hash and (2) users/[USERNAME].email files under t
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attacke
Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote a
Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers
Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attacker
Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remo
Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application v
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict a
Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remot
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, al
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attacke
Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to i
Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include ar
rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linu
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows r
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlie
boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1)
Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows re
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote at
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanat
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and
The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows
Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allo
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial o
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows re
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly va
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number o
Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows
Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attacker
Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers
Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrar
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the admi
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOT
Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI
Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrar
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote att
The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large am
Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to injec
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authent
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defi
Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and ea
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in
Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject ar
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote atta
Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject a
Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers t
Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a lon
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/a
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microso
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows rem
Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote
Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Pan
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attacke
lblog stores sensitive information under the web root with insufficient access control, which allows
BattleBlog stores sensitive information under the web root with insufficient access control, which a
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers
Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple exten
Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to in
Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows loc
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD
Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary f
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g
Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthor
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers t
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attacke
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 all
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or no
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server b
Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running
Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote aut
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbit
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject
Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inj
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote a
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and ex
Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infini
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, whe
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, a
Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier,
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2)
Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote
Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attacker
Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 a
Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.con
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of
Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpd
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, u
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) Application
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/con
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attac
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remot
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attacker
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memor
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses
Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for fa
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of se
The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted,
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cau
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote atta
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 al
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earli
slocate 3.1 does not properly manage database entries that specify names of files in protected direc
The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and un
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 befo
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 befo
Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote au
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute
Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid i
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which migh
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a d
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, w
Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow re
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not prop
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GN
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.
Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows rem
Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 all
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers t
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to lis
Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attack
The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manag
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereferenc
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote att
showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metach
Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allo
Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote atta
FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which
Unspecified vulnerability in the StorageFarabDb module in Bitflu before 0.42 allows user-assisted re
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to danger
Cross-site scripting (XSS) vulnerability in dir.php in milliscripts Redirection allows remote attack
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote at
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the
Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, and possibly other versions b
Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote atta
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to ob
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attacke
Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to inde
2z project 0.9.6.1 allows attackers to change the password without supplying the old password.
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitr
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to exe
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the s
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitra
Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attacke
The b_system_comments_show function in htdocs/modules/system/blocks/system_blocks.php in XOOPS befor
The default configuration of Uber Uploader (UU) 5.3.6 and earlier does not block uploads of (1) .htm
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin
Cross-site scripting (XSS) vulnerability in the MailForm plugin before 1.20 for Movable Type allows
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a de
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to
Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State Univ
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 R
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-be
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to exec
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other version
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier a
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows r
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating a
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficie
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct reques
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remo
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote au
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute a
Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inj
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is di
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpin
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15,
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote at
telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (p
Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attack
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote att
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to exe
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attacke
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows r
Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemp
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p p
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote atta
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and po
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in th
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.ph
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values
Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows r
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attack
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math
Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in th
Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and
Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote atta
Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows
Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remot
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set thr
Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows rem
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to exe
The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execu
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 thro
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows rem
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 throu
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to ad
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal functio
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56;
futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 al
Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc
Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote
Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers
An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is
Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and
Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a
Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow
Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for
Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows
Emefa Guestbook 3.0 stores sensitive information under the web root with insufficient access control
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 a
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient acc
Directory traversal vulnerability in scripts/export.php in ClaSS before 0.8.61 allows remote attacke
The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain ad
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote atta
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when
Directory traversal vulnerability in source.php in FreeLyrics 1.0 allows remote attackers to read ar
Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 build 2132 allows remote attac
Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary file
Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call pla
Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, wh
Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earli
Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5
AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a G
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a 'lo
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from th
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to ac
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenS
Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyF
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal func
OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVP_VerifyF
Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly check the return value from the
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify functio
ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function,
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file wi
Unspecified vulnerability in the nfs4rename_persistent_fh function in the NFS 4 (aka NFSv4) client i
Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of servi
Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inj
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.
Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenti
Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 1
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su
Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control
Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to i
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attac
Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitra
Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remo
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Li
Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk
Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control,
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to injec
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote atta
Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (appli
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attacke
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and Agor
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attack
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allow
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allo
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remo
Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrar
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack t
Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Jo
Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for J
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla!
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Jooml
Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inje
UranyumSoft Listing Service stores sensitive information under the web root with insufficient access
Multiple cross-site scripting (XSS) vulnerabilities in index.html in Wowd client before 1.3.1 allow
Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an
Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink
Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engi
The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not place a '\0' character at the
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to e
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers t
Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows
Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x throug
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.2
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remot
Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS befor
CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a
Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Serv
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 1
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, an
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 1
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0,
Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.
Unspecified vulnerability in the Application Express Application Builder component in Oracle Databas
Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Su
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10
Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft
The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connec
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions,
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox bef
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler
SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host com
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the clear
SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows phys
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password
hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspeci
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build
Unrestricted file upload vulnerability in upload.php in BTS-GI Read excel 1.1 allows remote attacker
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic
MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assis
Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to
drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenti
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a de
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysql
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysql
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a den
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a de
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE reque
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through
The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, whic
Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-m
Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2)
Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to caus
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local
Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows l
Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote at
The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux k
The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c
Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles B
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 al
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive in
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows re
Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIB
Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collabo
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attacke
directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allo
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4,
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allo
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in
Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and oth
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows loc
Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with softw
emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) al
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map,
STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devic
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier a
Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection
Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 all
Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attacke
Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remo
The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers t
Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attack
Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attack
MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to in
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 a
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows rem
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebS
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 a
The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP addre
Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HT
Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https sessi
Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitr
Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, whe
SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disab
The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial o
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash)
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway
The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (ho
Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not prope
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as
eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Securit
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and
The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x befo
An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1),
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages vi
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, whi
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does not properly copy fields obta
Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allows remote attackers to cause a
Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ActiveX control in almaxcx.dll
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initiali
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attacke
Pretty-Link WordPress plugin 1.5.2 has XSS
Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allo
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f do
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy comm
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated u
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x before 4.2.5 allows remote at
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form
Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX cont
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor e
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions before 1.0.0,
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1
Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when mu
Koala Framework before 2011-11-21 has XSS via the request_uri parameter.
Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the produ
Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pfSense before 2.0.1 allows remo
Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experience Factory (aka WEF, formerly
MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL poi
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10
Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitr
The Wi-Fi Protected Setup (WPS) protocol, when the 'external registrar' authentication method is use
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environm
MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the abil
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attac
Snare for Linux before 1.7.0 has CSRF in the web interface.
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1
Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by
The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kof
Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject
Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote
Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers
Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR
Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject
Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote
Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject a
Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for Wo
Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attacker
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10
Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress a
Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to in
Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbi
Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attacker
Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject a
templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive informa
Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remot
Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows
Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attac
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote att
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate cha
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST bl
Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20
CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if th
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, all
Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 b
Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M)
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a ho
A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by th
A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This iss
A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as proble
A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problema
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.1989
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinize
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enfor
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-
Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote attackers to spoof the Omnibo
Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigg
A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterpris
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remot
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enter
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based a
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not pro
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remot
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Po
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and
The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circu
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permission
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated us
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically gene
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not prope
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.ph
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.1
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execut
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read a
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x befor
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified A
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (acti
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2)
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.
modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly s
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x thr
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remo
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2
ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, wh
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, an
The X.509 certificate-validation functionality in the https implementation in Opera before 12.10 all
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specificatio
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arb
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arb
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote
Opera before 12.10 follows Internet shortcuts that are referenced by a (1) IMG element or (2) other
Opera before 12.11 allows remote attackers to determine the existence of arbitrary local files via v
Opera before 12.12 allows remote attackers to spoof the address field via a high rate of HTTP reques
Opera before 12.12 on UNIX uses weak permissions for the profile directory, which allows local users
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anyw
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentiall
Unrestricted file upload vulnerability in index.php in Atomymaxsite 2.5 and earlier allows remote at
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier f
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote a
The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attack
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module fo
Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technolog
Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module
Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologi
Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Tec
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain
Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and ear
Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inje
A vulnerability classified as problematic has been found in zerochplus. This affects the function Pr
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attac
Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attacker
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a de
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows contex
The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user
Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Jooml
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attacke
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 1
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause
HMailServer 5.3.x and prior: Memory Corruption which could cause DOS
PQI AirCard has persistent XSS
Transcend WiFiSD 1.8 has persistent XSS
AultWare pwStore 2010.8.30.0 has XSS
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers
Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before
IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Manag
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not valid
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does n
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmw
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System
The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction o
Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordP
Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Fi
Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress all
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attack
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management Sy
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Applicatio
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remot
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to ob
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for Word
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obt
Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote a
Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject a
Open redirect vulnerability in Opsview before 4.4.2 allows remote attackers to redirect users to arb
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to h
Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary
Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data st
The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certa
The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain
The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 doe
The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certai
The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain len
The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certai
The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a ce
The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain len
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 all
Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to caus
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a cer
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aph
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers t
Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users
Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hote
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py scri
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote e
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all application
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS v
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was n
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200
The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce author
Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA)
The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow
Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack
The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allow
Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of cer
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier do
Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) vi
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System
The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary proje
Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP thr
Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and Z
Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3
Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earli
Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free appli
Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5
Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Cli
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPre
A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as cri
A vulnerability was found in kirill2485 TekNet. It has been classified as problematic. Affected is a
A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this
A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability i
A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affecte
A vulnerability, which was classified as problematic, has been found in kkokko NeoXplora. Affected b
A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability i
A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affe
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affe
A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue
A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critic
A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issu
A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affect
A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is
A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is s
A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects so
A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected
A vulnerability has been found in yanheven console and classified as problematic. Affected by this v
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vu
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.2
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with
Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with run
Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper va
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 bef
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symli
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/te
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5
Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo
Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS use
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in t
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server host
Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x befo
AgileBits 1Password through 1.0.9.340 allows security feature bypass
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto N
Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9
flog plugin 0.1 for WordPress has XSS
Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress al
The ultimate-weather plugin 1.0 for WordPress has XSS
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) befo
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6
Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote att
EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injecti
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files v
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arb
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby al
DOMPDF before 0.6.2 allows Information Disclosure.
DOMPDF before 0.6.2 allows denial of service.
Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inj
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink
Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems Kon
The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x and Sterling File Gateway 2.1 a
The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix11, 10.0.0.x before 10.0.0
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of serv
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by pr
TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (
Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a
Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlie
Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libr
Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a deni
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attacke
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sens
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administ
The web framework in Cisco WebEx Meetings Server produces different returned messages for URL reques
The outlookpa component in Cisco WebEx Meetings Server does not properly validate API input, which a
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/con
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly ha
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constr
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) bef
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remot
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly va
Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki b
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item o
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to ex
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 f
Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 al
Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers
Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows
Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows
Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils
Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows rem
Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attacke
Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote
Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.ph
Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 fo
Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allo
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmwar
Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote
Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanc
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-faceboo
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugi
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow r
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infini
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through
A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows mal
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wi
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissect
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 do
Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x be
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wiresha
The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to c
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO)
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across
A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as probl
A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this
A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has
A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affe
A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL.
A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is a
A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerabil
A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affe
A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vu
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects
A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problema
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allow
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL server
An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabil
An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabiliti
ARC 5.21q allows directory traversal via a full pathname in an archive file.
Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
The 'Social Pug - Easy Social Share Buttons' plugin before 1.2.6 for WordPress allows XSS via the wp
A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issu
A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the
A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this
A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as proble
A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Modu
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016
An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.1
An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec
A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Sy
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symant
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identi
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows t
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing at
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate vali
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem whe
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0
MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER
rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect para
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password worksp
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions compon
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore c
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectl
Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote at
Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017),
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access c
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the e
Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the p
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the i
LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog c
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in co
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a '
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile,
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled nod
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name fie
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by in
A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobil
A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Cl
Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear
In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configurati
In iOS before 11.2, an inconsistent user interface issue was addressed through improved state manage
In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version
IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they s
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel befor
IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerabilit
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phish
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially cr
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidH
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to emb
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/adminto
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithm
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithm
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulne
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Seri
The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to m
The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject a
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scrip
IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-sit
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The defaul
Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decrypt
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via th
The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.
The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtai
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a pla
Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a para
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in co
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImag
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in c
Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9
Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in vers
Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear i
Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon
Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in v
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile,
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This is
A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue
A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privil
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allo
Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allo
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it wa
Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers t
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to s
A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert E
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP respon
A specially crafted MPLS packet received or processed by the system, on an interface configured with
A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption
A high rate of VLAN authentication attempts sent from an adjacent host on the local broadcast domain
An unauthenticated root login may allow upon reboot when a commit script is used. A commit script al
On Juniper Networks SRX series devices, firewall rules configured to match custom application UUIDs
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not hav
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote a
A local file inclusion vulnerability in Juniper Networks Junos Space Network Management Platform may
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticat
A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco
A vulnerability in the web-based management interface of Cisco Prime Network Control System could al
A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker
A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and
Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows an attacker with administrato
BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same n
Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same netwo
Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arb
The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allo
The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 160
The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Win
The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an informat
Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Wind
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Win
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an att
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows
ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET C
Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise
Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further comp
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows
Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a u
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in
A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in co
A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in cor
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestOb
A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier i
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildA
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earli
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitCh
A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v2
Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010
Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows us
Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-628
A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authentic
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an u
A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticate
A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauth
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) c
RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote mali
A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potent
A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to pot
A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allo
Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a
A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.
A missing check for popup window handling in Fullscreen in Google Chrome on macOS prior to 69.0.3497
An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacke
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote
A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowe
Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote aut
Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to injec
Improper countermeasure against clickjacking attack in client certificates management screen was dis
Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to i
Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect
The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, wh
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to in
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers t
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the dis
Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3,
Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firm
Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier a
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote au
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arb
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote a
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerabil
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and sim
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with
Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 all
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware be
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to
IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with li
The Portable Document Format (PDF) specification does not provide any information regarding the conc
The Portable Document Format (PDF) specification does not provide any information regarding the conc
Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/Jinja
Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthen
IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scriptin
IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability in the role-based access cont
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allow
Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to in
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long runni
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impers
IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerabil
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80
Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated user
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to in
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated user
A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Na
Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed
Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of ser
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary
An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in ti
An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an a
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (applica
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Pers
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka 'Admi
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrict
Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption
A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send specially crafted SOAP request
A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by thi
A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic.
A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affect
A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7.
SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the a
The 'XML Interface to Messaging, Scheduling, and Signaling' (XIMSS) protocol implementation in Commu
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of th
An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improp
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve
An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve
An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, versi
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, ve
In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This is
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improve
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validat
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validat
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication s
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.
Online Ticket Booking has CSRF via admin/movieedit.php.
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downlo
The 'Add Link to Facebook' plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parame
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/
Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remot
In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_
The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modul
In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bi
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Cat
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for
In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUIn
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection fun
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have CSRF resu
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStr
In the 'Media from FTP' plugin before 9.85 for WordPress, Directory Traversal exists via the searchd
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options paramete
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post
The 'SagePay Server Gateway for WooCommerce' plugin before 1.0.9 for WordPress has XSS via the inclu
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was ad
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed i
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[page] parameter to wp-admin/
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[en] or wpglobus_option[enabl
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[redirect_by_language] parame
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[show_selector] parameter to
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option parameter to wp-admin/option
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post] parameter to wp-admin/
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/opt
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete a
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_mat
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profi
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via t
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists v
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-a
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-ad
Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google
Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacke
A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.335
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0
readAsText() can indefinitely read the file picked by the user, rather than only once at the time th
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote atta
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359
Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.
Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allo
Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to
A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potent
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62
Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome pr
CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cros
Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to pe
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a
JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacke
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 all
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chr
There is an information leak vulnerability in some Huawei HG products. An attacker may obtain inform
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, a
By using a form with a data URI it was possible to gain access to the privileged JSONView object tha
If two same-origin documents set document.domain differently to become cross-origin, it was possible
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly
A compromised content process could send a message to the parent process that would cause the 'Click
Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote a
Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to
On Ricoh SP C250DN 1.06 devices, a debug port can be used.
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.c
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the conte
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, i
XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cro
The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a ma
A vulnerability in the SOAP API of Cisco Data Center Network Manager (DCNM) could allow an authentic
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could all
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 ma
DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF docum
SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket.
SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parameter of a ticket.
SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file with a crafted Location Name fiel
Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a modified Report Name in a New
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execu
If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged an
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incor
When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to imp
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet,
During the initialization of a new content process, a race condition occurs that can allow a content
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, res
This vulnerability allows remote attackers redirect users to an external resource on affected instal
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing
A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT U
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).
Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 2 of 2).
GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect
GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorrect Access Control.
GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorrect Access Control.
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control
GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorrect Access Control.
GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an Insecure Direct Object Referenc
GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control
GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecure Permissions.
GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure Permissions.
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS
GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorrect Access Control.
GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Information Disclosure.
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields.
GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project change
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the
HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1P11) have an information leak
The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils
The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtil
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4.
The TablePress plugin 1.9.2 for WordPress allows tablepress CSV injection by Editor users. Note: The
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers t
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCr
dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow.
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.ph
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XS
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in t
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that u
MyBB before 1.8.22 allows an open redirect on login.
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter i
OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without pro
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents.
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.js
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search p
An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Conte
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demon
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attacker
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attacker
TopList before 2019-09-03 allows XSS via a title.
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.
ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid mu
A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on In
A vulnerability, which was classified as problematic, was found in innologi appointments Extension u
A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected by
A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. Th
A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects
In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deau
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutraliza
The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandl
An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function wri
In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fr
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The C
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A
IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The infor
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is a NULL pointer d
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1
YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the
An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability vi
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attac
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enable
bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x befor
Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 2
DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 Jun
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE:
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonst
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbo
In PolicyKit (aka polkit) 0.115, the 'start time' protection mechanism can be bypassed because fork(
Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the src
A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerab
An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versio
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2
In the Titan M handling of cryptographic operations, there is a possible information disclosure due
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System al
: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-che
In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceed
In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of he
In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to un
In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds re
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a perm
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or
OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to over
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 an
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attack
Insufficient data validation in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker
Insufficient data validation in sharing in Google Chrome prior to 87.0.4280.66 allowed a remote atta
Inappropriate implementation in WebUSB in Google Chrome prior to 87.0.4280.66 allowed a remote attac
Inappropriate implementation in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a local attack
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote atta
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker
Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain p
An improper control of parameters allows the spoofing of the from fields of the following screens: A
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to f
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change t
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authent
HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authenticat
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA a
Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an informa
GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaintext.
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/We
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executin
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a ref
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can
OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite
The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to
The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS d
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validati
Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper
A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-mast
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulner
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher t
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, vi
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificat
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie steali
Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulner
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can l
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golan
mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdB
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can
A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which a
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The informa
Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scripting (XSS) vulnerability caused by i
A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially craft
When a malicious application installed on the user's device broadcast an Intent to Firefox for Andro
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the fo
By attempting to connect a website using an unresponsive port, an attacker could have controlled the
Using techniques that built on the slipstream research, a malicious webpage could have exposed both
When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a websit
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabiliti
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 A stored cross-site scripting (X
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001)
A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is a
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provi
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide spe
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is abl
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat thro
A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All
A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCAL
MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioct
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text passwor
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service v
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability
Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote un
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest ca
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions
Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers
Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code
Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly i
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be p
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input f
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacke
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 wh
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE ima
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i
Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in mu
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i
CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code i
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages tha
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrec
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel t
Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup p
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name='timestamp' fields in
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uplo
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the e
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstr
A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic.
A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is
A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This
IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to i
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a de
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a de
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) a
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th
IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. Th
IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obta
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further
IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and
IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross-site scripting. This vulnerab
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflo
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability al
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 transmits sensitive information
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-si
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by imp
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could al
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e
IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privile
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to e
IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due t
IBM Cloud Pak System 2.3 could allow a local privileged attacker to upload arbitrary files. By inter
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to informati
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by im
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset w
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabiliti
In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to se
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manag
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the catego
In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS.
The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to user
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax wi
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenti
BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijackin
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (d
Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decomp
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function g
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function g
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is relat
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address ins
A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator att
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and In
Cross Site Request Forgery vulnerability in McAfee Network Security Management (NSM) prior to 10.1.7
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to t
In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to lo
In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsaf
In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds
In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to lo
In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer ov
In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible b
In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determ
In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to
In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could le
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kerne
NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode lay
NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode lay
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validate
Windows DNS Query Information Disclosure Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Windows Docker Information Disclosure Vulnerability
Windows WLAN Service Elevation of Privilege Vulnerability
TPM Device Driver Information Disclosure Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Azure Active Directory Pod Identity Spoofing Vulnerability
Windows CryptoAPI Denial of Service Vulnerability
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For
Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For
Windows Graphics Component Information Disclosure Vulnerability
Windows (modem.sys) Information Disclosure Vulnerability
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Windows GDI+ Information Disclosure Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
Bot Framework SDK Information Disclosure Vulnerability
Improper handling of resource allocation in virtual machines can lead to information exposure in Sna
ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain und
Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earli
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub se
Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C7
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub se
Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacke
kamadak-exif is an exif parsing library written in pure Rust. In kamadak-exif version 0.5.2, there i
CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to inc
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attac
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application S
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an au
The BW Database Interface does not perform necessary authorization checks for an authenticated user,
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, vers
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can le
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is p
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs ari
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related param
The affected product is vulnerable to an improper access control, which may allow an authenticated u
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLes
MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonst
OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.
OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML
OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.
OX App Suite through 7.10.4 allows XSS via an inline binary file.
OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.
OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.
OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript
OX App Suite through 7.10.4 allows XSS via the subject of a task.
The WP Travel Engine WordPress plugin before 5.3.1 does not escape the Description field in the Trip
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of
The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the qc_res parameter before output
The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parame
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.10.5 does not escape the tab
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_notic
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_delet
The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_creat
The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache d
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache dire
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape
The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does not escape the tab parameter b
The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type par
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter b
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Sc
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attack
Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid mess
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potential
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading
A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key pot
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.
Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV
Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV
Rogue backends can cause DoS of guests via high frequency events T Xen offers the ability to run PV
Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets f
Guest can force Linux netback driver to hog large amounts of kernel memory T Incoming data packets f
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF numb
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrol
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via t
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or com
Improper input validation in TrustZone memory transfer interface can lead to information disclosure
Possible denial of service due to improper handling of debug register trap from user applications in
Improper validation of LLM utility timers availability can lead to denial of service in Snapdragon A
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Re
The Nuxeo Platform is an open source content management platform for building business applications.
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sa
An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO D
An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decodi
A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fal
An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ
Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript co
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) att
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable
The 'first name' and 'last name' fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetyp
ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful ex
There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerabi
The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful e
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful e
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream func
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_strea
openwhyd is vulnerable to Improper Authorization
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the ST
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud.
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulne
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Shar
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in H
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling nu
The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may
Vulnerability of design defects in the security algorithm component. Successful exploitation of this
There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitat
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the M
There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND a
A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc fu
A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box
A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the
A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 vi
A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1
A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via th
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-priv
In wifi driver, there is a possible system crash due to a missing validation check. This could lead
The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to
bookstack is vulnerable to Improper Access Control
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulne
In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism
In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing
Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input
A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by t
A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. T
A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x.
A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Aff
A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue
A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Aff
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for conf
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field duri
Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.
Discourse is an open source platform for community discussion. In affected versions admins users can
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrar
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to a
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re
Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires admi
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 a
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote at
In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Re
In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability al
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or
DMP Roadmap before 3.0.4 allows XSS.
Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitive information (access token or
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory t
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in lo
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in lo
HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/
A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Box via __strlen_avx2, which cau
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which c
A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_m
A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, w
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets fun
A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a De
A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes
A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Deni
GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent
A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which cou
A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.
A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, whi
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::v
A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Managemen
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Managemen
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. A
Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.3
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUri
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormali
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Ca
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is rela
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.
Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive inf
A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local us
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex
A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that ena
An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enable
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
forge is vulnerable to URL Redirection to Untrusted Site
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local a
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
vim is vulnerable to Use After Free
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('C
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-sit
peertube is vulnerable to Improper Access Control
radare2 is vulnerable to Out-of-bounds Read
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
snipe-it is vulnerable to Missing Authorization
Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 al
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypt
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote
A vulnerability classified as problematic has been found in SourceCodester Royale Event Management S
In vow driver, there is a possible memory corruption due to a race condition. This could lead to loc
In vow driver, there is a possible memory corruption due to improper input validation. This could le
In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This c
In vow driver, there is a possible memory corruption due to improper locking. This could lead to loc
In seninf driver, there is a possible information disclosure due to uninitialized data. This could l
In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. Thi
In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This coul
In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the re
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a con
In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_r
A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earl
A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attacker
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier a
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall
Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configurat
Discourse is an open source platform for community discussion. In affected versions when composing a
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template
Convos is an open source multi-user chat that runs in a web browser. Characters starting with 'https
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been dis
WordPress is a free and open-source content management system written in PHP and paired with a Maria
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that
make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control <2021.2
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Win32k Information Disclosure Vulnerability
Storage Spaces Controller Information Disclosure Vulnerability
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Secure Boot Security Feature Bypass Vulnerability
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
Windows Hyper-V Security Feature Bypass Vulnerability
Windows Defender Application Control Security Feature Bypass Vulnerability
Windows GDI+ Information Disclosure Vulnerability
DirectX Graphics Kernel File Denial of Service Vulnerability
Windows Defender Credential Guard Security Feature Bypass Vulnerability
Workstation Service Remote Protocol Security Feature Bypass Vulnerability
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Denial of service while processing fastboot flash command on mmc due to buffer over read
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker t
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker t
In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that
In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS
In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted file upload of .html files in t
In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset fea
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applica
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate a
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allow
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to byp
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isola
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotel
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_T
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive inform
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scr
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 does not invalidate session aft
IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read b
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creatin
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugi
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImageP
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lea
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacke
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving
The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matche
Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between t
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function w
Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed
Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build l
Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlie
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with
Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying w
Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allo
Weave GitOps is a simple open source developer platform for people who want cloud native application
In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure T
Information exposure in DSP services due to improper handling of freeing memory
Denial of service in MODEM due to improper pointer handling
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provide
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an att
In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to
In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead t
In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could l
In isp, there is a possible out of bounds write due to a race condition. This could lead to local es
In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead t
In meta wifi, there is a possible out of bounds write due to a missing bounds check. This could lead
In meta wifi, there is a possible out of bounds read due to a missing bounds check. This could lead
In vow, there is a possible use after free due to a race condition. This could lead to local escalat
In vow, there is a possible information disclosure due to a race condition. This could lead to local
In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to loc
In ccu, there is a possible out of bounds write due to improper input validation. This could lead to
In disp, there is a possible use after free due to a race condition. This could lead to local escala
In jpeg, there is a possible use after free due to a logic error. This could lead to local escalatio
In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escala
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escala
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escala
In mtk-aie, there is a possible use after free due to a logic error. This could lead to local escala
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could
In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could
The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2,
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An
Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame.
Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames.
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and
Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame
Information disclosure due to buffer over-read in WLAN while parsing BTM action frame.
Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.
Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of liba
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scr
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user t
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unw
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7,
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that w
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Serv
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occu
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the page
An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plug
A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch se
An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflecte
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 It is prone to stored Cross-si
The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, w
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker
A vulnerability exists in the Relion update package signature validation. A tampered update package
In contacts service, there is a missing permission check. This could lead to local denial of service
In contacts service, there is a missing permission check. This could lead to local denial of service
In contacts service, there is a missing permission check. This could lead to local denial of service
In contacts service, there is a missing permission check. This could lead to local denial of service
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of t
In network service, there is a missing permission check. This could lead to local escalation of priv
In network service, there is a missing permission check. This could lead to local escalation of priv
In network service, there is a missing permission check. This could lead to local escalation of priv
In network service, there is a missing permission check. This could lead to local escalation of priv
In network service, there is a missing permission check. This could lead to local escalation of priv
In network service, there is a missing permission check. This could lead to local escalation of priv
In network service, there is a missing permission check. This could lead to local escalation of priv
In network service, there is a missing permission check. This could lead to local escalation of priv
In contacts service, there is a missing permission check. This could lead to local denial of service
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability throug
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check w
The Team Members WordPress plugin before 5.2.1 does not sanitize and escapes some of its settings, w
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attack
Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code vi
Information disclosure due to buffer overread in Core
Information disclosure due to buffer overread in Core
The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's export
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remot
PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity section. A user with the RA Adm
The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF check
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users wi
The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 does not sanitise and escape some
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7
An improper neutralization of input during web page generation vulnerability in FortiPortal version
The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filte
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fiel
The WP Social Sharing WordPress plugin through 2.2 does not sanitise and escape some of its settings
The Login with Cognito WordPress plugin through 1.4.8 does not sanitise and escape some of its setti
NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privil
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitra
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This ma
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerabili
The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which c
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp)
Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.3
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.
The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter befo
The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when loggi
The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a paramete
The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior t
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (ID
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 all
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O
Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise O
Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator wit
A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator c
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an aut
A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an atta
A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local m
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7
The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputti
The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not sanitize and escapes a paramete
The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter bef
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode att
A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its s
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape
The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and es
The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its sett
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly blo
The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check
Avira Security for Windows contains an unquoted service path which allows attackers with local admin
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver t
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver t
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a loc
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe d
In music service, there is a missing permission check. This could lead to local denial of service in
In music service, there is a missing permission check. This could lead to local denial of service in
In music service, there is a missing permission check. This could lead to local denial of service in
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In messaging service, there is a missing permission check. This could lead to local denial of servic
In messaging service, there is a missing permission check. This could lead to local denial of servic
In messaging service, there is a missing permission check. This could lead to local denial of servic
In messaging service, there is a missing permission check. This could lead to local denial of servic
In messaging service, there is a missing permission check. This could lead to local denial of servic
In messaging service, there is a missing permission check. This could lead to local denial of servic
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a
The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode
The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its sho
The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its short
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attri
perfSONAR before 4.4.6, when performing participant discovery, incorrectly uses an HTTP request head
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute c
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute c
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutra
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) v
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows att
An incorrect user management vulnerability in the FortiManager version 6.4.6 and below VDOM creatio
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login pag
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in we
Usage of temporary files with insecure permissions by the Apache James server allows an attacker wit
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perfo
Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum s
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a r
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker
Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user p
Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message conta
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /o
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_iso
GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_b
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student En
An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted ma
A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to exe
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_logi
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, m
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabili
A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versi
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in v
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows at
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursio
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp.
In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles.
A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was foun
The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. A
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventur
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can
A vulnerability has been found in fossology and classified as problematic. This vulnerability affect
A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issu
A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vul
A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of
A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issu
A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected
Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator
A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulner
A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unkno
A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerab
A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web
A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issu
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_Loc
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 75
In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 42
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to naviga
The 'Survey Maker – Best WordPress Survey Plugin' plugin for WordPress is vulnerable to Stored Cross
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prio
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5
The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver
The Swifty Page Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘s
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0.
A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by thi
A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affe
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.541
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.541
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5
Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.7
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote att
The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of i
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.
A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affe
The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘or
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as pr
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socke
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6
Remote Procedure Call Runtime Denial of Service Vulnerability
Event Tracing for Windows Information Disclosure Vulnerability
Windows Cryptographic Information Disclosure Vulnerability
Windows Cryptographic Information Disclosure Vulnerability
Windows Cryptographic Information Disclosure Vulnerability
Windows Boot Manager Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
Microsoft SharePoint Server Security Feature Bypass Vulnerability
Event Tracing for Windows Information Disclosure Vulnerability
Windows Overlay Filter Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Pac
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Net
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthen
An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerab
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks
An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos O
An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS al
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS
A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC
kenny2automate is a Discord bot. In the web interface for server settings, form elements were genera
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch an
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scr
ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to
Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.2
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to vers
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legiti
Flarum is a forum software for building communities. Using the mentions feature provided by the flar
Flarum is a forum software for building communities. Using the notifications feature, one can read r
ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows ap
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and th
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via
The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digi
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a de
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The f
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An att
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation d
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to e
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to e
easyXDM 2.5 allows XSS via the xdm_e parameter.
An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles request
By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause ve
The 'upsell' widget at the portal page could be abused to inject arbitrary script code. Attackers th
Users were able to define disclaimer texts for an upsell shop dialog that would contain script code
An improper input validation vulnerability has been discovered that could allow an adversary to inje
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to cap
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
Kruise provides automated management of large-scale applications on Kubernetes. Starting in version
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker t
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lea
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead t
In battery, there is a possible information disclosure due to a missing bounds check. This could lea
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead t
In battery, there is a possible information disclosure due to a missing bounds check. This could lea
In battery, there is a possible information disclosure due to an integer overflow. This could lead t
In battery, there is a possible memory corruption due to a missing bounds check. This could lead to
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This coul
In display drm, there is a possible memory corruption due to a missing bounds check. This could lead
In bluetooth service, there is a possible out of bounds write due to improper input validation. This
Information disclosure in Core services while processing a Diag command.
Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.
Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.
When a transaction is committed, C Xenstored will first checkthe quota is correct before attempting
Closing of an event channel in the Linux kernel can result in a deadlock.This happens when the clos
AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.Xen supports guests u
AMD CPUs since ~2014 have extensions to normal x86 debugging functionality.Xen supports guests u
The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-
An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcp
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Sc
SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted d
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in
An allocation of resources without limits or throttling vulnerability in FortiPAM 1.0 all versions
IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An
Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows
SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive i
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of acce
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Sa
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An a
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app
A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonom
This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 an
D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This
There is a possible information disclosure due to a missing permission check. This could lead to loc
User-defined script code could be stored for a upsell related shop URL. This code was not correctly
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability
There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input valida
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file
Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be
A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera ex
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and i
The issue was addressed with additional restrictions on the observability of app states. This issue
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14,
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An at
The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi'
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in
An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications
CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in Cub
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the C
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found t
The current setup of the quarantine page tables assumes that thequarantine domain (dom_io) has been
The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (SpeculativeReturn Stack Overflow) are no
juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a
An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path function
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resour
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vu
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash throu
Mattermost fails to properly verify the permissions needed for viewing archived public channels, al
A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers
Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap
An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attacke
An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an in
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, a
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths o
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code i
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system un
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code i
The vulnerability allows an unauthenticated remote attacker to send malicious network requests conta
The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate H
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash throu
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionalit
A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionali
Mattermost fails to scope the WebSocket response around notified users to a each user separately res
An Authorization Bypass Through User-Controlled Key vulnerability affecting PortiPortal version 7.2
Discourse is a platform for community discussion. Under very specific circumstances, secure upload U
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash throu
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker
An XSS attack can be performed by changing the MOTD banner and pointing the victim to the 'terminal_
quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from fu
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of se
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of s
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_s
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand
The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_sto
The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup'
Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of W
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image uploa
An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Pro
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in t
Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials
A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers t
Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio f
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a c
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code v
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation fu
Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s
Mattermost fails to update the permissions of the current session for a user who was just demoted to
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A us
HCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Cer
HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnera
HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to
HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints with
HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application retur
Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version
Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to exec
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user
An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID aft
In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are
An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based re
The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentSe
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mod
PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Pri
Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V1
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used.
Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive i
SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain se
File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a c
In PHPGurukul Art Gallery Management System v1.1, 'Update Artist Image' functionality of 'imageid' p
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Use
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.Thi
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatem
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncan
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any
member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header.
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input fr
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploit
In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing.
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported ver
The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admi
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an
Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Con
The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and e
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating exist
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit un
The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of i
Issue summary: The POLY1305 MAC (message authentication code) implementationcontains a bug that mig
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on i
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected b
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthor
The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before ou
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all version
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Si
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of d
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adm
The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its playe
The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vu
The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all v
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scr
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugi
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Sit
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi
The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to adm
As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing
Lack of 'current' GET parameter validation during the action of changing a language leads to an open
When access to the 'admin' folder is not protected by some external authorization mechanisms e.g. Ap
The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Store
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposur
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scrip
The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a mis
The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to un
The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before ou
The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Sc
The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect mo
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Ob
The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting
The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modifica
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of
The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site S
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_c
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flu
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposur
The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauth
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Si
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a mis
The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Ready Fun
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Sc
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPr
The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and inc
The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder pl
The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for W
The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of da
The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to
The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wid
The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting
The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom fi
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab acces
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versio
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W
The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W
The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents
The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p
The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post m
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl
The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vuln
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress pl
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders
The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to
The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.
A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.
A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This
A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as pro
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as p
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as pro
A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as probl
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problemati
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as p
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as cri
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall elem
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification o
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerab
A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects
A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this i
A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management
A vulnerability, which was classified as critical, was found in Kashipara Food Management System up
A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as criti
A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical.
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as c
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as cri
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critic
A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0.
A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This
A vulnerability, which was classified as critical, has been found in Kashipara Food Management Syste
A vulnerability, which was classified as critical, was found in Kashipara Food Management System up
A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as criti
A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical.
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as p
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as pro
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as proble
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management Sy
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attac
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does
A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Aff
A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System
A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as p
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as pro
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as proble
A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problem
A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. Thi
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker co
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enume
A vulnerability classified as problematic was found in code-projects Employee Profile Management Sys
A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Ma
Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability
Microsoft Message Queuing Information Disclosure Vulnerability
Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability
Windows Message Queuing Client (MSMQC) Information Disclosure
Microsoft Message Queuing Information Disclosure Vulnerability
BitLocker Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Windows Message Queuing Client (MSMQC) Information Disclosure
Windows Nearby Sharing Spoofing Vulnerability
Windows Themes Information Disclosure Vulnerability
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
Windows CoreMessaging Information Disclosure Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi
Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerabi
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 a
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Andro
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacke
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
Microsoft Bluetooth Driver Spoofing Vulnerability
Windows Cryptographic Services Information Disclosure Vulnerability
Windows TCP/IP Information Disclosure Vulnerability
Microsoft Message Queuing Information Disclosure Vulnerability
Windows Server Key Distribution Service Security Feature Bypass
Microsoft Identity Denial of service vulnerability
Windows Themes Spoofing Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper N
An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber manag
A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks
A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine
An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding En
A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulne
An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Netw
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD)
An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks J
PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event a
PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is
Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` f
view_component is a framework for building reusable, testable, and encapsulated view components in R
Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site S
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` rou
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerab
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of
Discourse is a platform for community discussion. For fields that are client editable, limits on siz
ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthori
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management,
pimcore/customer-data-framework is the Customer Management Framework for management of customer data
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before
FlyCms through abbaa5a allows XSS via the permission management feature.
SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user t
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unaut
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and un
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauth
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited
Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a rem
govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnera
httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote a
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachmen
In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Inv
Jinja is an extensible templating engine. Special placeholders in the template allow writing code si
Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load avera
This package provides universal methods to use multiple template engines with the Fiber web framewor
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition dur
In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, whic
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, whic
A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which
An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through
An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.
An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x be
An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39
An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur vi
An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i
An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:Gl
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. T