cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-g...
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against...
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA ...
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files t...
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted co...
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerab...
GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code.
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker wit...
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into ...
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly co...
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the who...
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespa...
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential i...
Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.
Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a command injection (missing input validation) issue in the NTP server IP address field...
TestLink 1.9.19 has XSS via the error.php message parameter.
Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO.
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code.
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355)...
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluat...
An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::c...
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persisten...
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputD...
webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface.
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript...
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow.
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow.
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) i...
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation bey...
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attac...
pandao Editor.md 1.5.0 allows XSS via the Javascript: string.
An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer...
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_...
A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker co...
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDef...
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify t...
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulat...
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in...
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would ...
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 a...
GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code.
OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow an unauthorized local user to create unique catalog names that could cause a d...
A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found t...
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and wor...
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParse...
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding....
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/...
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a...
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptible to a vulnerability which discloses information to an unauthenticated attacker...
Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose sensitive LDAP account information to unauthenticated remote attackers.
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains a vulnerability that could allow remote attackers to execute arbitrary files by ...
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data...
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or...
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs....
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tik...
GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code.
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sens...
The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated us...
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to...
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintend...
A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific...
A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could ...
An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can le...
A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user ...
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted i...
A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive inform...
A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could res...
A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prio...
Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2...
A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, ...
A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior t...
An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2...
A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitr...
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can res...
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can res...
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2,...
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated ...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be ...
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4...
Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, M...
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is us...
A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4...
An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticate...
An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magent...
An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to ...
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated ...
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated ...
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated ...
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2,...
Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 ...
Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Mag...
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated ...
Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2,...
A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1...
A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an...
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This...
A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditi...
A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3...
A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This...
An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insu...
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated u...
A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user ...
A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1...
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2,...
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2,...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to...
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2,...
A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, M...
A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2,...
A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated ...
A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior t...
A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior ...
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerc...
An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticat...
An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service...
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an atta...
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element.
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unv...
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the serv...
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensi...
Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code.
Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code.
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS, and IBM MQ V9.1 CD are vulnerable to a denial of service attack caused by spec...
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, whi...
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injecti...
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-york...
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can byp...
Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the...
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --cl...
Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML vi...
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.
A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to e...
Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitiv...
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious pay...
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the...
An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail....
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the...
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. A...
Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code.
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or add...
eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use session IDs for authentication but lack authorization checks. An attacker can obt...
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted pa...
Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due to the lack of filtration of user-supplied data in the transaction description fi...
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the transaction description field. The JavaScr...
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is...
Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is ex...
Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, s...
Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the liability name field. The JavaScript code ...
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).
AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp.
AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp.
AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp.
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability woul...
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library...
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file wi...
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/...
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name...
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole ...
eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but lack authorization checks. Consequently, a valid guest level or user level account...
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become...
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware ...
Missing authorization vulnerability exists in EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version ...
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware ...
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware ...
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware ...
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware ...
Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer ov...
NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authen...
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not prope...
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has a...
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of ...
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of ...
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which t...
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a...
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buff...
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can exploit OS Command Injection in the filenam...
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. There is disclosure of the existence of arbitrary files via...
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker can trigger read operations on an arbitrary fil...
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. SQL injection vulnerabilities exist in 13 forms that are re...
A CSRF issue was discovered in webparam?user&action=set¶m=add in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 to create...
An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character...
An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be use...
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization...
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The firmware update process is insecure, leading to remote ...
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote c...
A cleartext password storage issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. The file in question is /usr/loca...
An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text...
AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.
AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp.
AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to u...
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote atta...
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to per...
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID.
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are d...
Jura E8 devices lack Bluetooth connection security.
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassi...
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the ver...
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi dr...
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expect...
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsC...
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorI...
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially ...
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to ...
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users ...
A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline descri...
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other f...
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain th...
A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScr...
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenk...
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewe...
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins mast...
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able ...
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users...
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows user...
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/R...
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins ...
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP...
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious ...
In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which all...
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This re...
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possi...
A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php db_name parameter and then making a config.p...
DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This incl...
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored du...
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. ...
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionalit...
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sani...
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute ...
eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start...
A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an u...
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Ci...
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att...
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
A vulnerability in the implementation of Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco ...
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att...
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att...
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att...
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att...
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an att...
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacke...
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to ...
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to ...
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administ...
In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when...
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or comma...
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote a...
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a ...
A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic ...
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read a...
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a pass...
A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redir...
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an ...
A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-s...
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, re...
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-s...
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files ...
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files ...
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the u...
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol inspection engine of Cisco Firepower Threat Defense (FTD) So...
A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a...
A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid admini...
A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to c...
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead...
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoi...
Open-School 3.0, and Community Edition 2.3, allows SQL Injection via the index.php?r=students/students/document id parameter.
verdaccio before 3.12.0 allows XSS.
An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affec...
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the ...
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric c...
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), ...
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful expl...
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have a code execution vulnerability. Successful expl...
Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versions before 9.0.1.70 (China) have an information leak vulnerability. Successful e...
Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E161R2P2) have an information leak vulnerability. An attacker may trick a user int...
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache...
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a paramet...
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL.
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attack...
On Trezor One devices before 1.8.2, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle dep...
The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.
core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 for WordPress allows wp-admin/admin.php?page=arplite_import_export CSRF.
The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php C...
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.
The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF...
admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&pos...
The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variati...
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
Cognitoys Dino devices allow XSS via the SSID.
Cognitoys Dino devices allow profiles_add.html CSRF.
The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys.
Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31.
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31.
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
Nespresso Prodigio devices lack Bluetooth connection security.
On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung I...
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demon...
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, k...
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote a...
The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_...
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea...
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id ...
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax...
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS.
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.p...
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.
studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing.
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
Recommender before 2018-07-18 allows XSS.
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspec...
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker...
A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of...
Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP...
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
A remote gain authorized access vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5....
A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
A remote authorization bypass vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
A remote session reuse vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
A remote information disclosure vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that ar...
OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user.
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser con...
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS v...
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Point...
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGM...
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user end...
Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could e...
Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exp...
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing author...
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XS...
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below...
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below...
Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contai...
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An...
Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that lead...
Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malfor...
Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer ...
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urge...
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.p...
On Ledger Nano S and Nano X devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle de...
On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends ...
On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on ...
An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but ...
Bagisto 0.1.5 allows CSRF under /admin URIs.
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failu...
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control ac...
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.
In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input.
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via...
The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions.
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
The wp-database-backup plugin before 4.3.1 for WordPress has XSS.
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues.
The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.
The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
The wp-database-backup plugin before 5.1.2 for WordPress has XSS.
The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page.
The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
The simple-membership plugin before 3.5.7 for WordPress has XSS.
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.
The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS.
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
The twitter-plugin plugin before 2.55 for WordPress has XSS.
The ultimate-member plugin before 2.0.4 for WordPress has XSS.
The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature.
The ultimate-member plugin before 2.0.54 for WordPress has XSS.
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks ...
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability.
An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service N...
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for ...
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on...
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker...
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an atta...
In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buff...
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions.
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in...
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is rea...
Search Guard versions before 23.1 had an issue that for aggregations clear text values of anonymised fields were leaked.
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be...
The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via a...
The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.
The contact-form-plugin plugin before 3.52 for WordPress has XSS.
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
The contact-form-plugin plugin before 3.96 for WordPress has XSS.
The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.
The events-manager plugin before 5.6 for WordPress has XSS.
The events-manager plugin before 5.6 for WordPress has code injection.
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.
The liveforms plugin before 3.2.0 for WordPress has SQL injection.
The simple-fields plugin before 1.4.11 for WordPress has XSS.
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pa...
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.
The google-language-translator plugin before 5.0.06 for WordPress has XSS.
The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page.
The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS.
The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.
The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.
The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.
The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.
The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS.
The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.
The liveforms plugin before 3.4.0 for WordPress has XSS.
The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search.
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS.
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF.
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.
The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, Virtual...
A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-2...
A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an a...
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All ver...
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch fami...
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS va...
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are ...
Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local clu...
UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a b...
Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted...
ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overw...
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to th...
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, ...
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to th...
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains...
An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows...
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. Thi...
PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mod...
The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification ...
Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induc...
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of serv...
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2...
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request stream...
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and se...
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS fr...
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a...
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the...
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of fram...
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior...
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missi...
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary com...
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sens...
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the sea...
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the att...
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicio...
Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker t...
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inp...
During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not properly set, ...
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnera...
The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the ap...
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject c...
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to exe...
A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30,...
Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure ...
SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the...
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Becaus...
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id...
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.2...
The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, ak...
Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead t...
Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead t...
Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbitr...
Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to arbi...
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
The google-document-embedder plugin before 2.6.1 for WordPress has XSS.
The google-document-embedder plugin before 2.6.2 for WordPress has XSS.
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF.
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF.
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. U...
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the function AP4_BitReader::SkipBits at Core/Ap4Utils.cpp.
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer overflow in the AP4_RtpAtom class at Core/Ap4RtpAtom.cpp.
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_Dec3Atom class at Core/Ap4Dec3Atom.cpp.
An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in the AP4_AvccAtom class at Core/Ap4AvccAtom.cpp.
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to...
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response a...
The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism vi...
Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage th...
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with el...
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjack...
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker fro...
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is re...
Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsol...
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect...
eQ-3 Homematic CCU2 outdated base software packages allows Denial of Service. CCU2 affected versions: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2.45.6, 2.45.7,...
eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected ver...
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use...
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use...
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability c...
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use...
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use...
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticat...
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use...
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker w...
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu...
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulner...
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection...
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process...
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-cust...
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dy...
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authen...
stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Servic...
An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successful...
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully expl...
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully ...
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The...
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability co...
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The...
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The...
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The...
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who success...
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who succes...
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who succes...
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully e...
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully e...
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who suc...
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who succes...
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who succes...
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who succes...
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who succes...
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who suc...
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who success...
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully e...
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully e...
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully e...
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who success...
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploi...
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnera...
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successf...
A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability cou...
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploi...
An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with ...
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker ...
An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who success...
An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability...
An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker w...
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully explo...
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully explo...
An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vu...
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerab...
An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vul...
An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the v...
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the ...
An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vu...
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne...
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne...
This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed...
An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully...
An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vu...
An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vu...
A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited th...
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who ...
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploi...
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Micro...
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a ...
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability co...
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The...
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The...
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The...
An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevate...
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who succes...
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who success...
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successful...
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exp...
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an af...
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the f...
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successful...
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server...
An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully ex...
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully ex...
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An atta...
A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could ...
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne...
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially...
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successful...
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successful...
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker conne...
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited th...
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited th...
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a cu...
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches token...
eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting ...
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.***Metadata related operations, resu...
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript ...
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files set...
The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.
The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task ...
The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveVal...
The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows guests to obtain the email subscription list in CSV format via the wp-adm...
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Produ...
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation che...
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation,...
A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability woul...
Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with...
The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition.
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal w...
The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter.
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory ...
CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields.
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
Prospecta Master Data Online (MDO) 2.0 has Stored XSS.
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of se...
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing th...
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this...
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbit...
Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted O...
A NULL pointer dereference in the get_window function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a cr...
Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or...
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute ...
An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or...
A reachable assertion in the lookup1_values function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a cra...
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable ...
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used ...
An issue was discovered in 3S-Smart CODESYS V3 products. The application may utilize non-TLS based encryption, which results in user credentials being...
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cro...
ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbi...
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerabilit...
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS Gateway does not correctly verify the ownership of a communication channel. All v...
An issue was discovered in 3S-Smart CODESYS V3 products. A crafted communication request may cause uncontrolled memory allocations in the affected COD...
Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arb...
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened ...
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file ...
Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited inform...
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds r...
In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnera...
OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive information.
In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has...
Nessus 8.5.2 and earlier on Windows platforms were found to contain an issue where certain system files could be overwritten arbitrarily, potentially ...
The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private m...
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registe...
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered use...
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing re...
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained w...
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained w...
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-...
Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate ...
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-b...
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descri...
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descri...
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various progr...
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via ...
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration...
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on th...
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13...
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature ...
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
The visitors-online plugin before 0.4 for WordPress has SQL injection.
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
The olimometer plugin before 2.57 for WordPress has SQL injection.
The note-press plugin before 0.1.2 for WordPress has SQL injection.
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a l...
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Proc...
Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of se...
Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead...
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitatio...
Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code executio...
Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation c...
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
The xo-security plugin before 1.5.3 for WordPress has XSS.
The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
The js-jobs plugin before 1.0.7 for WordPress has CSRF.
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverSh...
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/ca...
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of...
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height fi...
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network pac...
The handshake protocol in Object Management Group (OMG) DDS Security 1.1 sends cleartext information about all of the capabilities of a participant (i...
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead...
The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings (instead of the permission expres...
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo ...
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's prof...
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (appli...
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have ...
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-bas...
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup i...
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rl...
In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due t...
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image ...
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.
GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in demo/GPMF_mp4reader.c.
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by anot...
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex...
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between...
An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt.
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because...
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because...
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_...
An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_l...
An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callba...
The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service (resource consumption) via an X...
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x p...
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user o...
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Manag...
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended su...
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical acc...
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through th...
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disc...
Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial ...
Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation o...
Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of p...
Improper file verification in Intel® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of p...
Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable e...
Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an ...
Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may all...
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4...
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c dri...
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/...
An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain ...
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cp...
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/mis...
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/us...
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/us...
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc...
An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/inter...
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6...
An issue was discovered in the Linux kernel before 5.2.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper...
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/...
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Vers...
In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. A remote atta...
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnera...
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator in...
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in suc...
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other ma...
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier l...
An unauthenticated privilege escalation exists in SailPoint Desktop Password Reset 7.2. A user with local access to only the Windows logon screen can ...
Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.
OX App Suite 7.10.1 allows Content Spoofing.
OX App Suite 7.10.0 to 7.10.2 allows XSS.
OX App Suite 7.10.1 and earlier has Insecure Permissions.
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned...
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned...
The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS.
The Live:Text Box macro in the Old Street Live Input Macros app before 2.11 for Confluence has XSS, leading to theft of the Administrator Session Cook...
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_pro...
The user-access-manager plugin before 1.2 for WordPress has CSRF.
The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall URI.
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.
The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
The my-wp-translate plugin before 1.0.4 for WordPress has XSS.
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field.
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.
The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues.
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.
The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.
The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.
The moreads-se plugin before 1.4.7 for WordPress has XSS.
The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.
The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.
The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.
The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.
The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.
The realty plugin before 1.1.0 for WordPress has multiple XSS issues.
The rimons-twitter-widget plugin before 1.3 for WordPress has XSS.
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory (XOM) implementation p...
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition cont...
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execu...
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute a...
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to exec...
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execu...
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download ...
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges throug...
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges throug...
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges throug...
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges throug...
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges throug...
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code w...
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code w...
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149...
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or ...
Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vu...
In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creatin...
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the under...
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized acti...
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root acce...
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, ...
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 coul...
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force ...
IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X...
IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A rem...
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in furt...
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inser...
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (X...
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a...
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker ...
IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker ...
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 gene...
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 gene...
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site M...
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Man...
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in me...
Multiple buffer overflow issues have been identified in Alpha5 Smart Loader: All versions prior to 4.2. An attacker could use specially crafted projec...
In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could ...
In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of priv...
In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the Wind...
In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privil...
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote cod...
In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to ...
In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege...
In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to rem...
In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privi...
An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional...
It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution pri...
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalat...
In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local ...
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local informat...
In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information...
In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local de...
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web...
IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted...
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced b...
IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A re...
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack w...
IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID:...
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the class...
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a pa...
An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A ...
An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based ...
An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially craft...
An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor ve...
Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vuln...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015...
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of s...
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set o...
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A special...
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/app...
An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x0...
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer over...
The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.
The seo-redirection plugin before 4.3 for WordPress has stored XSS.
The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.
The total-security plugin before 3.4.1 for WordPress has XSS.
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.
The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters.
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.
The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes.
The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.
The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes.
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
The uji-countdown plugin before 2.0.7 for WordPress has XSS.
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS.
The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection.
The ad-buttons plugin before 2.3.2 for WordPress has XSS.
The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event.
The booking-sms plugin before 1.1.0 for WordPress has XSS.
The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.
The content-audit plugin before 1.9.2 for WordPress has XSS.
The updater plugin before 1.35 for WordPress has multiple XSS issues.
The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS.
The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.
The wp-slimstat plugin before 4.8.1 for WordPress has XSS.
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS ...
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19....
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "b...
Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "b...
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.
The profile-builder plugin before 2.2.5 for WordPress has XSS.
The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
The universal-analytics plugin before 1.3.1 for WordPress has XSS.
The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.
The sender plugin before 1.2.1 for WordPress has multiple XSS issues.
In Code42 Enterprise and Crashplan for Small Business through Client version 6.9.1, an attacker can craft a restore request to restore a file through ...
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT ...
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability i...
A vulnerability in Cisco RoomOS Software could allow an authenticated, local attacker to write files to the underlying filesystem with root privileges...
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an au...
An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 ve...
An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS fi...
An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file...
An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A spec...
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.
The duplicate-post plugin before 2.6 for WordPress has XSS.
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.
The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.
The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
The megamenu plugin before 2.4 for WordPress has XSS.
The smokesignal plugin before 1.2.7 for WordPress has XSS.
The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.
The embed-comment-images plugin before 0.6 for WordPress has XSS.
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.
The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page.
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote...
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attac...
A vulnerability in the application policy configuration of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote at...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Di...
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the ro...
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing resp...
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) fro...
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any ...
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZE...
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbit...
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, ...
A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of ...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote at...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote at...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote at...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote at...
A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote att...
A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-o...
A vulnerability in the Redfish protocol of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject and ex...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to...
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to cause the web ser...
A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive confi...
A vulnerability in the Intelligent Platform Management Interface (IPMI) implementation of Cisco Integrated Management Controller (IMC) could allow an ...
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allo...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Di...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Di...
A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated...
A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive dat...
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Di...
A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker wit...
Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are...
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an ...
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software...
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allow...
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outs...
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the em...
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a...
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone T...
Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current ver...
Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted us...
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an exi...
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standar...
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
The cforms2 plugin before 14.6.10 for WordPress has SQL injection.
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-231...
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE...
The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
The cforms2 plugin before 14.13 for WordPress has SQL injection in the tracking DB GUI via Delete Entries or Download Entries.
The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.
The gnucommerce plugin before 1.4.2 for WordPress has XSS.
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.
The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering.
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests.
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens...
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a fire...
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?...
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.
The tubepress plugin before 1.6.5 for WordPress has XSS.
The reflex-gallery plugin before 1.4.3 for WordPress has XSS.
The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.
The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.
The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
The ebook-download plugin before 1.2 for WordPress has directory traversal.
The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.
The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.
The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.
The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.
The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote code execution via a filter in a meta, post, or user shortcode.
The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.
The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues.
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.
The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.
The ad-inserter plugin before 2.4.20 for WordPress has path traversal.
The ad-inserter plugin before 2.4.22 for WordPress has remote code execution.
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The appl...
An insecure storage of sensitive information vulnerability is present in Hickory Smart for iOS mobile devices from Belwith Products, LLC. The applicat...
An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Co...
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data ...
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-...
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.h...
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the f...
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download() method of AutoUpdateService in SMServer.exe, leading to Directory Traversal....
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SM...
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload file...
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK ...
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with ...
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these...
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can contr...
In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS.
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.
The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.
The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.
The cforms2 plugin before 10.2 for WordPress has XSS.
The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.
The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files.
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class...
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code i...
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted paylo...
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.
The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection.
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.
The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.
The cforms2 plugin before 10.5 for WordPress has XSS.
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.
The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and ...
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.
The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.
The corner-ad plugin before 1.0.8 for WordPress has XSS.
The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain ...
In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might ...
The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal.
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF.
cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument...
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: UR...
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usb...
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be re...
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters ...
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables c...
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 an...
Former before 4.2.1 has XSS via a checkbox value.
Jooby before 1.6.4 has XSS via the default error handler.
Domoticz 4.10717 has XSS via item.Name.
Kimai v2 before 1.1 has XSS via a timesheet description.
selectize-plugin-a11y before 1.1.0 has XSS via the msg field.
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log.
Bolt before 3.6.10 has XSS via an image's alt or title field.
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php.
django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline.
DfE School Experience before v16333-GA has XSS via a teacher training URL.
Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test.
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21.
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21.
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21.
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21.
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, beca...
The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site script...
The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows re...
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 al...
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 befo...
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 bef...
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3...
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the...
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious ...
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserve...
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0...
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML...
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time ...
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation ch...
The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request for...
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or mo...
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying propert...
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of...
All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supp...
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool impl...
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged h...
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) vi...
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) vi...
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) vi...
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) vi...
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) vi...
GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenti...
Tasking Manager before 3.4.0 allows SQL Injection via custom SQL.
The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injection via delete_records.
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote,...
A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access ...
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by ...
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabili...
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine versio...
Use of Hard-coded Credentials vulnerability in FortiRecorder all versions below 2.7.4 may allow an unauthenticated attacker with knowledge of the afor...
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF ...
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF ...
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, A...
An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as ver...
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool...
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, f...
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may ...
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant ...
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on acco...
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overf...
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verificati...
Status Board 1.1.81 has reflected XSS via logic.ts.
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unau...
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.
Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update.
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and read...
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verifi...
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over c...
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishand...
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization.
An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mis...
Lierda Grill Temperature Monitor V1.00_50006 has a default password of admin for the admin account, which allows an attacker to cause a Denial of Serv...
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote c...
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL...
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via ...
Status Board 1.1.81 has reflected XSS via dashboard.ts.
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free.
An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.
An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corr...
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execut...
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allo...
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service o...
An issue was discovered in the simd-json crate before 0.1.15 for Rust. There is an out-of-bounds read and an incorrect crossing of a page boundary.
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.
An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.
An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.
An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current ...
Observational Health Data Sciences and Informatics (OHDSI) WebAPI before 2.7.2 allows SQL injection in FeatureExtractionService.java.
The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection in models/partner_compassion.py.
The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature.
idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform IDseq allows SQL injection via tax_levels.
HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows SQL injection, related to SearchQueryFactoryOperation.java and SortDirection.java.
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.
Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in shop.php.
Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php.
Gesior-AAC before 2019-05-01 allows serviceID SQL injection in accountmanagement.php.
IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password was changed away fro...
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary wh...
IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are s...
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML dat...
DianoxDragon Hawn before 2019-07-10 allows SQL injection.
The Reviews Module before 2019-06-14 for OpenSource Table allows SQL injection in database/index.js.
An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length fi...
FredReinink Wellness-app before 2019-06-19 allows SQL injection, related to dietTrack.php, exerciseGenerator.php, fitnessTrack.php, and server.php.
XM^online 2 User Account and Authentication server 1.0.0 allows SQL injection via a tenant key.
XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, related to Constants.java, DropSchemaResolver.java, and SchemaChangeResolver.java.
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This ...
Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image.
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder...
An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic.
An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic.
An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishan...
An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory cor...
Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information dis...
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially ...
cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an ...
Discourse 2.3.2 sends the CSRF token in the query string.
XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php.
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.
An issue was discovered in the slice-deque crate before 0.2.0 for Rust. There is memory corruption in certain allocation cases.
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.
An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments ar...
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functio...
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to ar...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitr...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbit...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitr...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to ar...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitr...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitr...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to m...
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to ...
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every in...
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possi...
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/c...
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary file...
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remo...
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishan...
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of ...
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
The wp-rollback plugin before 1.2.3 for WordPress has XSS.
The wp-rollback plugin before 1.2.3 for WordPress has CSRF.
The link-log plugin before 2.1 for WordPress has SQL injection.
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting.
The cp-polls plugin before 1.0.5 for WordPress has XSS.
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
The check-email plugin before 0.5.2 for WordPress has XSS.
The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.
The anycomment plugin before 0.0.33 for WordPress has XSS.
The js-support-ticket plugin before 2.0.6 for WordPress has CSRF.
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
The bbp-move-topics plugin before 1.1.6 for WordPress has code injection.
The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF.
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resource...
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.
The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF.
The rsvpmaker plugin before 6.2 for WordPress has SQL injection.
The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.
The insert-or-embed-articulate-content-into-wordpress plugin before 4.29991 for WordPress has insufficient restrictions on deleting or renaming by a S...
The insert-or-embed-articulate-content-into-wordpress plugin before 4.2999 for WordPress has insufficient restrictions on file upload.
The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969.
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs.
The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.
The feed-them-social plugin before 1.7.0 for WordPress has possible shortcode execution in the Facebook Feeds load more button.
The wp-polls plugin before 2.72 for WordPress has SQL injection.
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattende...
The wp-members plugin before 3.2.8 for WordPress has CSRF.
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-ad...
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability ...
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device....
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET requ...
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c.
In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c.
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknow...
In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c.
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter t...
In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c.
In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values...
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device....
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device....
D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device....
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are establishe...
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are establishe...
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are establishe...
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device....
Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device....
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "c...
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the curre...
In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-servic...
The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562.
The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562.
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491.
The sharebar plugin before 1.2.2 for WordPress has SQL injection.
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
The gigpress plugin before 2.3.11 for WordPress has XSS.
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460.
The akismet plugin before 3.1.5 for WordPress has XSS.
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg().
The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg().
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg().
The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg().
iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor...
The my-calendar plugin before 3.1.10 for WordPress has XSS.
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situ...
Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() and remove_query_arg().
iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg().
iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg().
iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg().
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the perm...
Various Lexmark products have Incorrect Access Control.
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission...
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens ...
A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to...
Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, ...
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which ...
Various Lexmark products have Incorrect Access Control (issue 1 of 2).
Various Lexmark products have Incorrect Access Control (issue 2 of 2).
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the ad...
MyT Project Management 1.5.1 lacks CSRF protection and, for example, allows a user/create CSRF attack. This could lead to an attacker tricking the adm...
CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pre or Post backup action. With only user-level access, a user can modify the back...
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or com...
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass au...
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashe...
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an...
A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart ...
A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH pr...
An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the p...
An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. A...
A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition wh...
An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memor...
An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within t...
An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function Decode...
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in ...
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethern...
Various Lexmark products have CSRF.
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
Various Lexmark products have an Integer Overflow.
Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device.
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leadin...
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at ...
Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code executi...
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet conne...
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a...
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT device...
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the sam...
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration ...
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or ...
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the co...
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. ...
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's heal...
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the co...
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs...
A broken access control vulnerability found in Advan VD-1 firmware version 230 leads to insecure ADB service. An attacker can send a POST request to c...
A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to ...
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi....
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibi...
libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG parser in parser.c.
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode sign...
An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm:...
An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::fi...
In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks.
The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file.
The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc.
libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic.
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The ...
The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS.
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete.
The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF.
Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections.
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket.
Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp.
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs beca...
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a he...
There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to edi...
IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error me...
IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side (with access to client computer) to run a custom script. IBM X-Forc...
IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a system which has been configured with Db2 Mirror for i might have user profiles ...
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulne...
The TeamSpeak client before 3.3.2 allows remote servers to trigger a crash via the 0xe2 0x81 0xa8 0xe2 0x81 0xa7 byte sequence, aka Unicode characters...
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-...
A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a ...
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a ...
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered ...
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface becau...
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface becau...
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a B...
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of...
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a craf...
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 param...
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parame...
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration...
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConso...
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the Serv...
Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image withou...
Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web sc...
Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitr...
Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitr...
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A sto...
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An in...
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows v...
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially craft...
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obta...
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type...
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely ...
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an a...
A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial o...
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to une...
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could...
A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode coul...
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-...
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-...
In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-...
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2...
In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2...
Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. ...
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated use...
The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.
The easy-property-listings plugin before 3.4 for WordPress has XSS.
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or acti...
The nd-restaurant-reservations plugin before 1.5 for WordPress has no requirement for nd_rst_import_settings_php_function authentication.
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.
The wps-child-theme-generator plugin before 1.2 for WordPress has classes/helpers.php directory traversal.
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary ...
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs ship...
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bo...
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019,...
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.
The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS.
The webp-express plugin before 0.14.8 for WordPress has stored XSS.
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.
The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion.
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb...
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS.